Is not my fault!

--Originally published at The shield of the world

So we all know that friend who have been so closed to kill his PC, without even knowing. And this is the topic for today, unintentional security issues. This is so common that you probably have already thought about some examples of yourself.

This is one of the most common causes of lost of information in enterprises so we are going to talk about how to prevent them.

  1. Control applications.- If we control the applications that the users can download and use in the working laptop, we are reducing the probability of an unintentional issue by a really big amount. But is not that easy, because the web browsers and email clients, are the most common points of entry for malware. A good solution for that software that is dangerous is to run it un isolated virtual machines. If the app is malicious, any infections would occur only in the VM and there is no harm to the host operative system.200w
  2. Filtering content.- Another solution and kinda related to what Adblock can offer, is filtering bad content. Strategically blocking only a small subset of harmful activity can have positive impact on minimizing the damage from an adversary.
  3. Limit executable content.- Blocking all files of a certain type, while effective, is not always feasible if the files are needed by the user. Effective technology exists that can take an attachment, perform analysis of the content, and even run it in a sandbox to examine the behavior; if it is malicious, it would be blocked, and if it is legitimate, it is allowed through. This gives a lot of flexibility, but limits the impact of stopping normal activities.giphy-1
  4. Control executable.- Compromising an accidental insider is usually done by tricking the user into running an executable that they believe
    giphy
    Continue reading "Is not my fault!"

User is no joke! User is important!

--Originally published at The shield of the world

So imagine your connection to your bank is not assured… I will be pretty mad and you? Hope you too, but there are some things web pages could do to help us trust in their web site. You may hear the phrase “Is like taking a candy from a baby” or something like that… I know the phrase in Spanish. But we are the baby in this big world called Internet. And we need some protection dude!

So, how is the Internet helping us to keep the candy and not help others to rob us? One of the measures that are being implemented are the HTTPS connections to the web pages. When you enter Facebook and your bank page, you will see a green lock aside from the address. This mean the page is secure and that your connection is private. You can even see the certificate that proves that the page is secure.

captura

And also, you can check the valid dates of the certificate and who emitted it.

Captura1.PNG

So, this is a good start for looking for our own security. Another good way to protect ourselves is with a publicity blocker. Like Adblock, some curious users may clic every link they see. This is one of the first reason why they are full of Malware and with a slow equipment.

When people think about web security, all of us think about how to protect a website. But is important to remember ourselves, how do we protect ourselves in this cold cold world. Using protected WiFi networks is another good example of how an User can improve his own security.

2001

Most of the advice we have already talked about them in another posts, you may be careful about the links you clic, about the emails you open, about where do

Continue reading "User is no joke! User is important!"

Let me in! I´m nice dressed

--Originally published at The shield of the world

So in one of the first post we talked about WiFi and the magic sensation when the WiFi is open! And I hope you remember we said that was one of the more easiest way to lose your information. Well, technically you exchange your data for free WiFi.

Here we are going to talk about the importance of the security in Wireless networks. Wireless security is about prevent unauthorized access to the computers using wireless networks. Let´s talk about WEP (Wired equivalent privacy) and WPA (WiFi protected access). WEP is a weak security standard and nobody should be using it in this moment. The password it uses can often be cracked in a few minutes with a basic laptop and available software tools. You probably have done this when you use the “WiFi Hacker” App from the Android store. Was outdated in 2003 by WPA, which was a quick alternative to improve security over WEP.

The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP.

200

The hackers (black hat) have found the wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks. As as result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources. Wireless intrusion prevention systems and wireless intrusion detection systems are commonly used to enforce wireless security.

So a good way for enterprises to actually protect themselves even with WPA2 is to use the Enterprise version of WPA, which requires a RADIUS server, that can be a local server of can be on the internet, I used IronWifi for my final project of “Wireless

giphy-1
Continue reading "Let me in! I´m nice dressed"

Feedback del curso TC2027

--Originally published at CRACK THE NETWORK

La clase se salió de lo ordinario, fue entretenida tuvimos la oportunidad de aprender y realizar nuestros a la medida que quisimos aproveche para aprender y aplicar conceptos de seguridad de los tópicos que más me gustan.

Una de las cosas que no me gustaron es que no soy fan y tampoco me gusta escribir posts, estoy de acuerdo que es la forma de evidenciar nuestro trabajo como lo es también los exámenes en materias tradicionales, así que me hubiera gustado que en la clase hubiera otra forma de entregar nuestro trabajo como que no fuera escribir posts.

Fuera de esto la clase fue distinta lo cual me gusto ya que no me gusta la monotonía ni llevar una rutina diaria, lo que me gusta es la espontaneidad y eso me agrado que en aproximadamente cada 2 semanas una persona fuera de la clase con vastos conocimientos de la seguridad informática nos vino a platicar de temas de su expertise así como darnos cuenta como suceden las cosas en la vida real.

Video del feedback del curso:


Because on the network, no one can hear you scream

--Originally published at (Not so) Random talk

The network can be a Universe of its own. Vast, full of things that are or can be unknown. And just like in Sci-Fi movies, it is plagued with dangers. Hackers, malware, etc. Everything is there. As like in some movies, you need to learn to protect yourself.  If not, you might be just like those victims, getting eaten by that unknown thing.

I’ve already mentioned the basics some, if not many times, in the past, but here they come again, plus some new tips in order to browse safely, dearly from me to you:

Update your browser

Everyday thing: Have an antivirus or antimalware and keep it updated too, obviously.

Basic protection:  Use firewall if you are not on an expertise level please do not lower firewall. Your computer comes with firewall by default and it helps you filter bad stuff from the web (want to learn more about it read my past post).

Not everything clickable should be clicked: really, just don’t. If something popups, mostly common in not very safe sites, don’t click on it, close it immediately. Those can be gateways for the alien to filter into your spaceship.

24685000

Public doesn´t equal good: Don’t go into public open networks without some sort of security, or even better, don’t get on them at all. By doing so, you are probably literally leaving your info in the air for someone to grab it.

Buy smart, buy safe: Just do online shopping from trusted and well recognized sites, preferably using platforms like Paypal.

 

Free software can come with a price: not all software out there is good, that’s why you should only download / install certified software.

If your browser recommends you against it, don’t insist: Don’t play with fire. If your browser is already doubting on

Resultado de imagen para password 8 characters long meme
Resultado de imagen para goodbye gif
Continue reading "Because on the network, no one can hear you scream"

Fix it Felix Jr.! Security network edition!

--Originally published at (Not so) Random talk

Wrecking stuff have always been Ralph’s thing. Ever since his tree stump was moved to the dumpster, he had dedicated himself to wreck the building that was built in his old place. But, whenever Wrack starts wrecking, Felix Jr. has always been there to fix things, thankfully. With his useful hammer, he always fixes the windows and reconstructs the zones Ralph has broken with his big fists. And time and time again, our hero manages to fix everything, get a golden medal, and leave the villain in the mud.

Resultado de imagen para fix it felix!

However, times change. And just when Ralph was resigning himself, some interesting trash got into the dumpster. It was lot of information about networking that the Highlanders decided wasn’t important when setting their new networks. And with it, Ralph also learned how to attack this new thing called network. Yes, Wreck it Ralph is now Wrecking the Network! Now in a hurry, Felix had to learn about security networks and dive into the practice of protecting the usability and integrity of your network and data of the Highlanders. Set into this new adventure with Felix, and fix all the things that Ralph has damaged as well as setting up the new multiple layers of defenses on the network.

Imagen relacionada

The way of playing in this game is somewhat different that in the other installment. In each level, you must ensure or do activities that conform network security. Earn a certain number of points to advance to the next level. These activities are:

Wireless Security: set up the wireless security for the Highlanders network, which they used to have on default and Its probably one of the ways in which Ralph accessed the network. To do so in a basic level, change the passwords on the modems of the Highlanders.

Network isolation: divide

Resultado de imagen para honeypot
Imagen relacionada
Continue reading "Fix it Felix Jr.! Security network edition!"

Fashion Security Runway: Architecture Models

--Originally published at (Not so) Random talk

sardonyx.gif

Today, coming down our runway are the security architectures, showing us their models. Show your enthusiasm and let’s begin!

*cue sassy music in*

 

The first model is State Machine. It is using states to verify the security of a system, capturing all the current permissions and instances of subjects accessing objects. Getting the job done, it is dealing with each subject’s association with objects. If the subjects can only access objects by means that are concurrent with the security policy, the system is secure. To alter a state, a transition (activity) must happen, though if all activities do not comprise the system and put It into an insecure state, then the system executes a secure state machine model. If a secure state fails, safety measures like a reboot or system freeze must happen in order to protect the system, itself, and data.  As you can see, this is a very basic attire.

state-machine

 

And just as we were saying this, the next Bell-LaPadula model indeed takes the prior basic attire and modifies it into its own style. It is a multilevel security style, with users of different clearences using the system and the system process data with different classifications, and it is an implementation of its predecessor that enforces confidentiality aspects in access control. Its’ goal? Enforce secrets and prevent data leakage.  A matrix and security levels are used to determine if subjects can access different objects. The subject’s clearance is compared to the object’s classification; if the clearance is higher or equal to the object’s classification, the subject can access the object without violating the security policy. If properly implemented and enforced, this model has been mathematically proven to prevent data from a higher security level from flowing to a lower security level. It is an information flow

Resultado de imagen para biba model
Continue reading "Fashion Security Runway: Architecture Models"

Encríptalo ahora no dejes pasar mas tiempo

--Originally published at CRACK THE NETWORK

El espionaje informático y el robo de datos corporativos son una realidad alarmante para cualquier negocio moderno. Las computadoras portátiles son robadas, las cuentas de almacenamiento en la nube se ponen en peligro, los empleados disgustados roban archivos vitales. Y con dispositivos modernos capaces de almacenar una gran cantidad de datos de misión crítica, la pérdida de una computadora portátil o teléfono puede tener implicaciones muy graves para cualquier negocio, perder secretos comerciales vitales como los diseños de un próximo producto, el código de una actualización de la aplicación.

Las directivas de contraseñas, el correo electrónico cifrado y firmado y los lugares de trabajo seguros son un buen comienzo para mantener seguros sus datos, pero para planear realmente en el peor de los casos, proceda con la idea de que perderá el dispositivo o incluso las contraseñas de una cuenta de almacenamiento. La mejor manera de hacer frente a esta eventualidad es implementar el cifrado en todos los dispositivos que utilice, desde cualquier PC de escritorio Windows XP que utilice hasta el nuevo Windows 8.1 Ultrabook al que está migrando su negocio, e incluso a los iPhones y Nexus 7.

La mayoría de los sistemas operativos modernos de telefonía y escritorio vienen con soporte incorporado para el cifrado por lo que es obligatorio encriptar todos los dispositivos de almacenamiento.

Recursos adicionales:

http://lifehacker.com/a-beginners-guide-to-encryption-what-it-is-and-how-to-1508196946

https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/

 


Vulnerabilidad de evaluación de código remoto

--Originally published at CRACK THE NETWORK

 

La evaluación de código remoto es una vulnerabilidad que puede explotarse si el input del usuario se inyecta en un archivo o una cadena y se ejecuta mediante el parser del lenguaje de programación. Por lo general, este comportamiento no está previsto por el desarrollador de la aplicación web. Una Evaluación de Código Remoto puede llevar a un compromiso completo de la aplicación web vulnerable y también del servidor web. Es importante señalar que casi todos los lenguajes de programación tienen funciones de evaluación de código.

Una evaluación de código puede ocurrir si permite el input del usuario dentro de las funciones que están evaluando el código en el lenguaje de programación respectivo. Esto puede ser implementado a propósito, por ejemplo, para acceder a funciones matemáticas del lenguaje de programación para crear una calculadora, o accidentalmente porque no se espera la entrada controlada por el usuario del desarrollador dentro de esas funciones. Generalmente no se recomienda hacerlo. De hecho, se considera una mala práctica usar la evaluación de código.

Un atacante que es capaz de ejecutar tal falla suele ser capaz de ejecutar comandos con los privilegios del lenguaje de programación o el servidor web. En muchos lenguajes puede emitir comandos del sistema, escribir, borrar o leer archivos o conectarse a bases de datos.

Como regla general, debe evitar usar el input del usuario dentro del código evaluado. La mejor opción sería no utilizar funciones como eval en absoluto. Se considera que es una mala práctica y con frecuencia puede evitarse completamente. Tampoco debe permitir que un usuario modifique el contenido de los archivos que puedan ser analizados por los respectivos lenguajes. Eso incluye no permitir que un usuario decida el nombre y las extensiones de los archivos que él o ella podría cargar o crear en la aplicación

Continue reading "Vulnerabilidad de evaluación de código remoto"

DDoS viejo pero eficiente

--Originally published at CRACK THE NETWORK

La historia con respecto al ataque DDoS contra Dyn DNS sin duda me llamó la mucho la atención. Dyn DNS proporciona servicios gestionados por DNS para sus clientes. Nombres familiares como Twitter, Github, Airbnb y Reddit parecían haber sido afectados. Se podría llegar a la conclusión de que eran clientes de Dyn DNS.

DDoS no es una nueva forma de ataque en sí mismo. Pero los métodos y estrategias alrededor de DDoS continúan evolucionando en la forma de ataques más grandes y orquestados. A menudo, la medida del nivel de sofisticación de un ataque DDoS viene en forma de rendimiento medido. Los detalles del ataque aún no se conocen en este ataque en particular.

Lo que me hace detenerme y reflexionar más en lo que respecta a este ataque y otros similares, es que Dyn DNS es un proveedor de DNS SaaS. Su trabajo principal es alojar y administrar servicios DNS para sus clientes. El impacto y el daño tiene atribuido a los diversos servicios de clientes Dyn. A medida que los atacantes evalúan sus objetivos, y las organizaciones corren hacia la proverbial nube por varias razones, introduce objetivos interesantes para los hackers.

Entonces, ¿qué puede hacerse? En el caso de este ataque y DNS, tener un servicio DNS secundario operando al mismo tiempo puede haber mitigado el impacto, incluso cuando el proveedor principal se cae.

Recursos adicionales:

https://www.incapsula.com/ddos/ddos-attacks/denial-of-service.html

http://ddos.inforisktoday.com/ddos-attacks-c-350