--Originally published at Barros Creations LLC

Working on a blog post on how a school should grade its students is very complicated primarily because I’m a student and one desire is to get 100’s in all my classes. But to think of it once as a graduating candidate you realize grades are not everything but more of the experience obtained in my classes. One doesn’t remember a number one remembers experience.

TC2027 or better yet Informatic Security is a course that will stay with me for all my computer systems engineering career. To think of all the vulnerabilities and lack of security there is in all systems gets me very worried that as systems evolve so does its problems. This is both a concern but also an opportunity of mine since one can easily prevail in this topic on a business level. Security is very well paid.

Back on the topic I think it’s great to have a moral/independent compass in which as a student we not obligated as a student to learn. We are free to learn as much as we can and to research as much as we can. To think about it, at a school were each class costs about $600, well at least for me that’s enough motivation to work my butt off each class. Not to mention the great opportunities given to me in such an independent class.

Every programmer knows and has its methodologies and its imperative that this continues because as any artist we can have two that do the same, we need diversity. In our programming community we are taught equally and expected that each and every one of us give the same results when that is impossible. Every programmer must be given the opportunity to do something different this way our community will grow and create job opportunities

--Originally published at Barros Creations LLC

This document is based on the book 97 Things Every Software Architect Should Know which is available at O’Reilly Media and Amazon.com. This work is licensed under a Creative Commons Attribution 3.

As a computer system engineer its crucial to know how to work in a development team. 97 Things Every Software Architect Should Know is a very good book that through testimonials and experience help us understand how we can avoid pitfalls and build talented teams. In my personal experience as a director of a start-up is very important to be organized and to check on my development team every so often. Though approaching my development isn’t easy and thanks to this book I came across different methods to approach my development team. Some examples are

1. Communication Is King; Clarity and Leadership, It’s Humble Servants.

Software architects shouldn’t lead in a throne of an ivory tower they need to be able to communicate directly with its development team in a very clear and effective way.

2. Stand Up!

Communication needs to be clear and it’s our job to keep that way. Standing up automatically communicates authority and self-confidence. You command the room. People will interrupt you less and they will take your recommendations seriously.

Another important point is that Everything Will Ultimately Fail. Hardware is a fallible, so we add redundancy. Humans make mistakes and every mechanism created by a human will downgrade and have a lifespan. It is important to prepare before these machines fail. Many companies don’t see that ahead of time and often commit mistakes of not evolving, when this occurs problems occur as well. It’s important to remember that if there is more software there are more opportunities for failure.

Design is a beautiful thing. A systematic, detailed presentation and review of a problem space

--Originally published at Barros Creations LLC

Mapped Network Drives are targeted and often caught on within the malware-generating community. That is why as a responsible business owner it’s important to look after the security of your workspace, one misdemeanour can lead to serious backlash.

These are some few but important ways you can protect your workspace.

1. Encrypt your drive or folders.
2. Turn off file sharing and discovery.
3. Use a private VPN.
4. Hide your files.
5. Enable or setup a guest network.
6. Lock down your network.
7. Maintain good internet hygiene.

--Originally published at Barros Creations LLC

Worst Possible Network

1. Default username and password.
2. No password management.
3. Open ports.
4. Not specifying an admin.
5. Not controlling personal devices at an enterprise.
6. Using one password for everything!
7. Not updating firmware.
8. Downloading piracy.
9. Using old software/outed technology.
10. Storing plain-text files.
11. Not isolating different networks/users
12. Leaving bluetooth on.
13. Depend on users and not admin to install updates.
14. Installing everything.
15. Users connect to honey pots.
16. Not using VPN.

--Originally published at Barros Creations LLC

What are unintentional security/human erros?

• Poor System management and configuration.
• Poor patch management.
• Default password and usernames.
• Easy passwords.
• Lost devices.
• Double clicking on unsafe URLs or attachments.
• Sharing passwords.
• Not logging out your accounts.
• Using personal devices at an organization’s network.

How to correct unitentional security/human erros.

1. Using cryptography (automated safeguards).
2. Password management.
3. Identity and access management.
4. Follow access rules and standby locks.
5. Internal control.
6. Breach detection solutions.
7. System monitoring and surveillance.

It’s human to make errors but thankfully these errors can be 100% prevented. A mixture of strategies may help to prevent human errors from turning into security incidents.

References;

How to Reduce Human Error in Information Security Incidents. (2016, September 13). Retrieved October 16, 2017, from https://securityintelligence.com/how-to-reduce-human-error-in-information-security-incidents/

--Originally published at Barros Creations LLC

“That’s the beauty of the Internet is that we’re no longer tied to our communities by physical connections.”

Edward Snowden

Before the Internet, criminals had to use guns, physical violence or physically interact with physical personal information. Now that all of this information is available online, criminals also use the Internet to steal people’s identities, hack into their accounts, trick them into revealing the information, or infect their devices with malware.

Who are “Cyber” Criminals?

Most cyber crimes are committed by individuals or small groups. However, large organized crime groups also take advantage of the internet. These “professional” criminals find new ways to commit old crimes, treating cyber crime like a business and forming global criminal communities.

Criminal communities share strategies and tools and can combine forces to launch coordinated attacks. They even have an underground marketplace where cyber criminals can buy and sell stolen information and identities.

It’s very difficult to crack down on cyber criminals because the Internet makes it easiero for people to do things anonymously and from any location on the globe. Many computers used in cyber attacks have actually been hacked and are being controlled by someone far away. Crime laws are different in every country too, which can make things really complicated when a criminal launches an attack in another country.

Attack Techniques

Zombie Computer: a computer that has been hacked into and is used to launch malicious attacks or to become part of a botnet.

Botnet: a network of software robots, or bots, that automatically spread malware.

Fast Flux: moving data quickly among the computers in a botnet to make it difficult to trace the source of malware or phising websites.

Social Engineering: using lies and manipulation to trick people into revealing their personal information. Phising is a form