This is (not) Farewell

--Originally published at Computer Security

I’ve always been interested in how things work in computing and in the world in general, so I got the chance to take a Compute Security course in my last semester of my bachelor’s degree. Truth be told, as I’m about to graduate , my courses where light and I got lazy so I didn’t get involved with the class as much as it was needed, no excuses here. The thing is, I just expected the course to be an introduction to something I want to learn in the near future but it was so much more than that, for real.

Professor Ken has a “disruptive” idea for education called flipped classroom, I had read about it before but never implemented it, as some of my classmates I couldn’t completely adapt to it and ended up doing almost nothing, but even if I didn’t perform class activities still learned from those around me. In flipped classrooms you study at home and reinforce that knowledge by doing activities in class, it is disruptive because it’s not the traditional way and for the same reason it’s really difficult to implement in an environment like Tec, even though Tec has changed a lot its teaching methodologies; it is an awesome effort from Ken, I realized some professors are really looking into the future and preparing accordingly, I hope ITESM don’t let these kind of things slip away.

About the class in general, I think is too soon to implement flipped classroom as it is (it wasn’t the case), we are too accustomed to the traditional way of learning. Class discussions were excellent, I think it was my favorite thing but some people didn’t get involved never, I was to blame sometimes because I didn’t participate enough. I think the class was too theoretical but

farewell
Continue reading "This is (not) Farewell"

HOW TO DETECT THOSE RISKY RISKS IN THIS RISKY WORLD!

--Originally published at Mr. Robot's Imaginary Friend

In the Internet nowadays there are a lot of risk and it is important to know them and what they’re capable of doing to your computer and some things you can do to avoid them.

Check out my collaborative blog with Gabriel about this subjects:

https://lazynesstothemax.wordpress.com/2016/11/24/how-to-detect-those-risky-risks-in-this-risky-world/

 


How can you wire when you are wireless?!? Security wise, obviously.

--Originally published at lazynesstothemax

So. Wireless Security is very important, you get me. Everything is wireless and we cannot everything if everything is not secure. You feel me. So…. how can we wireless secure? You may ask me.. then…

CHECK OUT THIS POST YOU DAMN FOOL AND GET EDUCATED!

https://rodolfopadro.wordpress.com/2016/11/24/wireless-security-for-newbies/

I collabed with Rodolfo Padró and created that beauty above.


You have activated my Trap card!

--Originally published at lazynesstothemax

A very important part of our education in Information Security for us up and coming security experts is to learn about security countermeasures. A countermeasure is an action, process, device or system that can prevent or mitigate the effects of threats to our systems.

Countermeasures can take form of hardware, software or procedures. In these sense lets just list some possible countermeasures one can take against those meany mean threats out there in the world:

In the software department we can see countermeasure as:

  • personal firewalls
  • application firewalls
  • anti-virus software
  • aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhh
  • aiuda esto se va a descontrolar
  • pop-up blockers
  • spyware detection/removal programs

In the hardware department, apart from preventing the IP address of all users visible in the internet, we can also do:

  • biometrics authentication systems
  • physical restriction of access to computers and peripherals
  • intrusion detectors
  • alarms

And finally procedures we can take countermeasures as.

  • frequent deletion of stored cookies and temporary files from Web browsers
  • regular scanning for viruses and other malware
  • regular installation of updates and patches for operating systems
  • refusing to click on links that appear within e-mail message
  • refraining from opening e-mail messages
  • staying away from questionable web sites
  • regularly baking up data on external media.

 

There are also many particular scenarios that need special treatment, some of them are:

  • Encrypting data that is not used and is just resting in our databases for future use.
  • Administrate access management with different powers in different accounts as in manager and employee and such.
  • We can encrypt the network layer in order to prevent unwanted queries of our information
  • We have to frequently patch our existing programs in order to fix flaws in our systems

 

There are also many things that we may have missed, but for that we need to keep studying and researching the ever

Continue reading "You have activated my Trap card!"

SecureOS

--Originally published at Fer secure

Resultado de imagen para secure linux

Siempre que compramos una nueva computadora ya tenemos un ritual para cómo sentirnos seguros, esto quiere decir de cómo es que preparamos nuestro sistema operativo para que se encuentre listo en cuanto alguna amenaza lo ataque o alguna persona lo tenga en la mira para futuros problemas, es por eso que en este post hablaremos de cómo tener un sistema operativo seguro y no tener que preocuparnos tanto por el mundo exterior.

Ten un firewall:

Por defecto todos los sistemas operativos ya traen un firewall pre-instalado, la recomendación es que lo tengas así mientras no tengas ningún antivirus, el objetivo de estos es que no permita entrar ninguna conexión la cual ya tienen predefinida en su lista y aparte las que ellos mismos consideran peligrosas para el usuario.

Ten un antivirus:

La recomendación principal es que tengas un antivirus instalado, vale mejor gastar un poco de dinero para comprar uno a tener que pagar mucho más cuando tu información se encuentre comprometida o simplemente tu computadora completamente no funcione debido a la saturación de archivos que esta tiene, debido a los diferentes tipos de malware que hay hoy en día.

Actualiza todos los parches:

Normalmente cuando tu sistema operativo está en constante batalla contra ataques, siempre que se encuentra un error, tratan de sacar lo más pronto posible una solución, es por eso que siempre que muestre un actualización de seguridad para tu sistema, lo mejor es descargarla para así evitar los peligros más actuales y que tu como usuario te encuentres seguro.

Renueva tu sistema:

Siempre que salga una nueva versión de tu sistema operativo actualízalo, lo recomendable no es inmediato pero si en unos cuantos meses, esto para agregar nuevas funcionalidades que tiene tanto gráficas como los nuevos parches, ya que hay veces donde las empresas dejan de

Continue reading "SecureOS"

Wireless Security for newbies

--Originally published at Mr. Robot's Imaginary Friend

Various wireless security protocols were developed to protect home wireless network. These wireless security protocols include WEP, WPA and WPA2, each with their own strengths and weaknesses. In addition to preventing uninvited guest from connecting to your wireless network, wireless security protocols encrypt your private data as it is being transmitted over the airwaves.

Wireless networks are inherently insecure. In the early days of wireless networking, manufacturers tried to make it as easy as possible for end users. The out-of-the-box configuration for most wireless networking equipment provided easy (but insecure) access to a wireless network.

Although many of these issues have since been addressed, wireless networks are generally not as secure as wired networks. Wired networks, at their most basic level, send data between two points, A and B, which are connected by a network cable. Wireless network, on the other hand, broadcast data in every direction to every device that happens to be listening within a limited range.

The most common protocols for wireless security are:

  • Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken.
  • Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11 wireless security standard was being developed. Most current WPA implementations use a preshared key, commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol for encryption. WPA uses an authentication server to generate keys or certificates.
  • Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard
    wireless-security2
    Continue reading "Wireless Security for newbies"

#TC2027 #TBT

--Originally published at Don't Trust Humans, Trust Computers

The semester has come to an end, and with it, it comes to answer the ecoas and make public reviews about your classes during the semester…ok, I am just making a review about one class: “Seguridad Informática” aka #TC2027. This class was imparted by Ken Bauer and this is class is the reason way I made this blog. For me this class had its pros and cons, like many other classes (but most of my cons I think it was me instead of the class, but I am going to talk about that in a little bit).

giphy-9

So this class was a little different from other classes, because it involved a flipped learning methodology (which flipped many of my classmates and I include myself in this one) and an abolish grading policy kind of situation. So the good thing about this class was that Ken tried to take us out of our comfort zone of learning, which is both, good and bad depending of how you see it. At first, I was very disconcerted about this situation, because I am not very into writing blogs (or any kind of writing), so this was kind of a challenge for me. Then the abolish grading policy, I saw it as a good thing, because it either proves own well you know yourself or how well you trick yourself; and besides it was a new policy we never had before so there’s that.

For me the hardest part of this course was writing the blog post, because as I mentioned I am not use to write this type of things. So I was stress, because I didn’t wanted to make a blog that was very “school alike” and I wanted a blog that was more “”me””. At the end, the process of making

giphy (10).gif
Continue reading "#TC2027 #TBT"

Señor, si señor

--Originally published at El Machetero Blog´s

Como ya he mencionado anteriormente, trabajar con personas puede ser algo realmente complicado y aún más si no existen reglas, es por esto que las compañías crean sus propias reglas, específicamente para la parte de seguridad las nombran políticas de seguridad, que son documentos en los cuales se especifican los requerimientos que se deben de seguir con el fin de minimizar riesgos. Existen varias políticas de seguridad, dependiendo del área y la razón por la cual se creará.

rules.jpg

Las políticas de seguridad deben definir:

  1. A quien aplica
  2. Quien aplica las acciones definidas
  3. Cuando se deben de aplicar las acciones mencionadas
  4. Donde o en que equipos aplica
  5. A que parte de la organización aplica
  6. Quien hace que se cumpla
  7. Cuales son las consecuencias en caso de no cumplir con lo establecido

Uno de los objetivos que se buscan al hacer políticas de seguridad es preservar los principios del triangulo CIA. Así que hazle un favor a tu jefe y a ti mismo y sigue las reglas.