Is not about you…is about me

--Originally published at The shield of the world

So when we talk about Computer Security there is a topic that some of us really think about. How to ensure the ethical and legal responsibilities, why this? Because when someone has the knowledge about this topic is easy to go from white to black hat in a matter of seconds.

2001

There are some other professionals whose jobs duties affect others’ lives and they receive a formal training, to address ethical issues and how to deal with them. In the case of the IT security personnel they have access to confidential data and knowledge about individuals’ and companies’ networks and systems that give them a great deal of power. That power can be abused, either deliberately or inadvertently. But there are no standardized training requirements for hanging out your shingle as an IT pros are beginning to address the ethical side of the job, but again, there is no requirement for IT security personnel to belong to those organizations.

200

This is something related to what happened to Tec de Monterrey, when the institution was growing and becoming important in the country as a quality education institution, their mission was to deliver a god tier prepared technicians to the professional world. And they did, but they all lack of ethical values and were some of the critics that the institution received as feedback from the enterprises that hire the graduates from Tec.

Nowadays the institution has more courses related to ethical challenges and how to deal with them, debating about the best solution with a global perspective of the affected ones. As a technical related career we, with the help of the professors are developing an ethical guidelines. Is something when everybody should be related to.

So the main responsibility is to respect the privacy of the information an IT or

2002
Continue reading "Is not about you…is about me"

Working after dark!

--Originally published at The shield of the world

So…I have a business but, how do I protect it? This is where the Security policy play his game. A security policy is a document that states in writing how a company plans to protect the company’s physical and information technology assets. It defines the goals and elements of an organization’s computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. The policies can be categorized into the 3 security principles.

Internet security

A security policy is often considered a “living document”, meaning that the document is never finishes, but is continuously  updated as technology and employee requirements change. A company security policy may include a description of how the company plans to educate its employees about protecting the company’s assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the policy to ensure the necessary corrections will be made.

The National Research Council has specifications that every company policy should address:

  • Objectives
  • Scope
  • Specific goals
  • Responsibilities for compliance and actions to be taken in the event of noncompliance.

giphy (2)

For every IT security policy are sections dedicated to the adherence to regulations that govern the organization’s industry. An organization’s security policy will play a large role in its decisions and direction, but it should not alter its strategy or mission. Therefore, it is important to write a policy that is drawn from the organization’s existing cultural and structural framework. The policy should not be generic should be personalized to let the company achieve its mission and goals.

The policies may include:

YOU ARE THE 1 MILLION VISITOR!

--Originally published at The shield of the world

Hello again, today the topic is something more common or at least something everyone has lived.

As a gamer I use to play PS1, PS2. And when I make the change to the MMORPG games and some others MMO Games I use to think f*ck this game when I cannot login because I was the player 109290321890431904139804123 (yep, random number) and when I grow up I actually start to looking for an answer to this kind of stuff. In that point in my life was when I meet the Denial of Service and the Distributed Denial of Service.

giphy2

So a Denial of Service(DoS) attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Some examples are…

  • Attempts to “flood” a network, like I said been the number 3409340934903409 to enter is a pain in the neck.
  • Attempts to disrupt connections between two machines, thereby preventing the access to a service. Here my example is when I used to play Dofus, Tibia and LoL. You were in a quest, hunting or just playing and the whole squad got disconnected.
  • Attempts to prevent an specific user from accessing a service. In Tibia when a player (don’t remember the name) was about to got to a really high level and was a competition between 2-3 other players, there are rumors that people actually attack that player to avoid him from entering the game.
  • Attempts to disrupt service to a specific system or person.

Sometimes a DoS attack may be part of a larger attack.

Also Illegitimate use of resources may result in a DoS. For example, an intruder that uses your anonymous ftp area as a place to store illegal copies of commercial software, consuming disk space and generating traffic.

Damage

DoS attacks

giphy3
giphy4
Continue reading "YOU ARE THE 1 MILLION VISITOR!"

My penguin has no armor?

--Originally published at The shield of the world

So let’s start with this…

What is security in OS?

Is when you have issues external to OS and you would ask, why external? Because is the authentication of you, the user, validation of messages, malicious or accidental introduction of flaws, etc. So is not really about the OS.

200w

And what is Protection in OS?

Mechanisms and policies to keep programs and users from accessing or changing stuff they should not do. AND is internal to OS. The OS has to provide this.

So…Protection and Security

An Operating System (OS) is an interface between a computer user and computer hardware. An operating system is a software which performs all the basic tasks like file management, memory management, process management, handling input and output, and controlling peripheral devices such as disk drives and printers. We will call this objects.

And each object has a unique name and can be accesses through a well-defined set of operations.

Protection and security ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so.
giphy

OS designers faces challenge of creating a protection scheme that cannot be bypasses by any software that may be created in the future.

Networking adds to the problem as it allows access to a computer and its resources without being in the same physical location.

captura

This is the correct way to access and use Resources.

OS have goals like:

  • Data confidentiality
  • Data integrity
  • System availability

And each of this has a threat:

  • Exposure of data
  • Tampering with data
  • Denial of service

One of the solutions is user authentication…you know when you type “password” to actually enter your PC and if you don’t type anything and just has all his information without any little layer of protection should use at least a

security-protection-in-operating-system-22-1024
zvybh28
uac-prompt
giphy1
Continue reading "My penguin has no armor?"