--Originally published at CRACK THE NETWORK

Cuando comenzamos a trabajar a una empresa nos traemos los conocimientos de la escuela y nos damos cuenta que aún nos hace falta bastante por aprender y mucho más si queremos hacernos expertos en algo como en la seguridad informática

Y para ello tenemos que encontrar el entrenamiento perfecto de seguridad, así como certificaciones lo cual resulta bastante difícil debido a que:

1. Los cursos de calidad para principiantes son raros

No hay suficientes cursos de seguridad cibernética para principiantes por ahí. Cuando quieres aprender de una manera muy organizada necesitas más que los artículos y la información superficial.

2. La jerga técnica es difícil de asimilar sin contexto.

Si no podemos hablar de “cybersec”, pasaremos momentos duros para aprender lo que estamos aprendiendo.

3. Entregar información sin actuar en ella es inútil

Si el curso no está diseñado para hacer que actúe sobre él, sólo navegar a través de la información y ser dejado cerca de nada al final.

Algunos de los cursos interesante que encontré son:

Cyber Security for Beginners

https://cybersecuritycourse.co/

Introduction to cyber security

https://www.futurelearn.com/courses/introduction-to-cyber-security

Cyber Criminals Want Your Information: Stop Them Cold

https://www.udemy.com/not-another-password/?dtcode=iSJj2G02UiZM

--Originally published at Computer and Information Security

This class was different in every single way compared to every class I have taken since I started college, even fundaments of programming which also made use of the flipped learning methodology.

I believe flipped learning is a two edge sword. On one hand it allows students and teachers to use different learning methods that could help students that are not comfortable with the classic way of teaching with lectures and exams. I like this since I have never liked being lectured for hours.

On the other hand, flipped learning can diminish the knowledge a student acquires because:

• Not all students are proficient on self teaching.
• The amount of knowledge acquired is proportional to the interest of the student.
• Most of the time humans will try to do the least possible work.

In general I enjoyed the class, I just wished we would have made more practical things that did count instead of writing blog posts.

--Originally published at The Hitchhiker's Guide to information security… according to me!

Cryptography, the thing we all want to learn how to do and crack because it sounds cool, doesn’t it? As cool as it sounds, cryptography means the study of techniques to secure communication. Please don’t confuse with encryption which is the actual process of coding the message so only the authorized party could read it.

Truth is, cryptography is a very important process in the communication between users, systems, applications, etc. We don’t want everyone knowing about our credit card number, our passwords, our client’s information, at what time there’s nobody in our house, our dirty conversations, the location of the secret place where we store our chocolate cookies, etc. If it wasn’t for cryptography we wouldn’t be able to trust any communication device (we shouldn’t, but this will be more obvious) and we would be bind to only to transmit a message or a piece of information in person, and that wouldn’t be practical would it.

Since ancient times people have been studying ways of exchanging communication without a fear of a third party finding out. One example of ancient practices of cryptography is the Caesar Cipher encryption method, which shifts the letter of the alphabet by a certain number. For example if you wanted to write an A, then shifting it 3 spaces you would write a D, and so on with the other letters. So if I were to write “I am cool” with a shift of 3 it would read as following:

Plaintext: I am cool

Cybertext: L dp frro

Nowadays there exist more complicated ways of encryption that can guarantee the safe exchange of information. Some encryption algorithms use in modern days are the following:

• DES
• RSA
• HASH
• MD5
• AES
• SHA-1
• HMAC

Also there exist two fields of study and types of encryption which are

Continue reading "S3cR3t5" →

--Originally published at The Hitchhiker's Guide to information security… according to me!

--Originally published at Computer and Information Security

It is the end of the semester and I am still not sure what I think about the course. I am not against the methodology used, but I have some doubts about it.

I think flip learning is a great method for learning, though I think this time it was taken too far. I say this because there was no a specific order to review the topics, each student could learn the topic he or she wanted to. Though it is not a bad idea, I believe it made it too much more difficult to discuss the topics with other students or even with the professor.

Despite that, I did enjoy the course.

--Originally published at Computer and Information Security

 

Risk is the probability or threat of damage that is caused by external or internal vulnerabilities. Risk management is done to assess risk and take action to reduce it to an acceptable level. It is important to recognize that computers can’t be fully secured, there is always risk. That is the reason risk management is important. Risk management is made up of two components: risk assessment and risk mitigation.

In this post we will focus on risk assessment methodologies. Risk assessment is the process of analyzing and interpreting risk. It consists of three main activities:

• Determining the scope and methodology.
• Collecting and analyzing data.
• Interpreting the results.

The first activity of risk assessment includes selecting the methodology that will be used. These methodologies are:

1. Asset Audit: Consists of looking at the assets of the organization and determine if there are being protected adequately.
2. Pipeline Model: Risks are assessed on a pipeline, which is responsible for processing a certain type of transaction. Each pipeline is reviewed to determine if the security requirements are met.
3. Attack Trees: Describes the security of systems based on who, when, how, why and with what probability an attack could happen. The root node represents the goal of the attacker and the branches and leaf nodes show the ways of attaining the goal.

We need to realize that no single method is best for all users and environments. How the scope and methodology are defined impact the amount of effort spent on risk management and how useful the assessment is.

Made in collaboration with Salvador.

Picture by:  Lindley White https://thenounproject.com/term/warning/8148/

 

--Originally published at Computer and Information Security

Right now a trending topic in the technology world is IoT which stands for Internet of things. This trend basically consists of making “dumb”, everyday object smarter by allowing them to access to our information and connection to the internet.

This, however, is a huge security risk since we will be basically surveilled by all this object in our daily life. Security has been a concerning topic since most of this devices have little or no security which has allowed the creation of huge botnets using IoT devices capable of making massive DDoS attacks.

This week, the US Department of Homeland Security and National Institute of Standards and Technology has released guidelines in order to improve the security of this Iot devices, some of which are:

• Building security into products at the design phase
• Promoting transparency
• Building on recognized security practice
• Being mindful of whether continuous connectivity is needed or not.

Hopefully this guidelines will help avoid the use of IoT devices to create botnets capable of taking down sites as big as Twitter and Spotify.

Made in collaboration with Marysol.

Flickr photo by Marcus Brown https://www.flickr.com/photos/marcusjhbrown/14939374947/ under a Creative Commons (BY) license.

--Originally published at Computer and Information Security

An operating system is a program that manages the resources and other programs in the computer, it also allows the user to interact with the computer either through a command line or a graphical user interface.

One of the many responsibilities of the operating system is to protect the resources and the user from threats. To do this there are several methods that operating systems use:

Authentication

Operating systems authenticate using the following ways:

• Username & password.
• User card/key where the user must inter a key generated by a key generator or punch a card in a card slot.
• User fingerprint/eye retina/signature.

One time password

In this method a unique password is required every time a user tries to login, after the password has been used it is rendered useless and a new password is required. One time passwords can be implemented by:

• Random numbers.
• Key generators.
• Network password: where a one time password is sent to a mobile or email to registered users.

Made in collaboration with Marysol.

Flickr photo by quapan https://www.flickr.com/photos/hinkelstone/7050697671 shared under a Creative Commons (BY) license.