--Originally published at tc2027 – Ney González Blog

I’m going to talk a little about my Computer Security course this semester.

The Content

We would get to really good discussions about security tools, news and the like. I learned a lot by just talking with the rest of the class. Also, I think the Security Now podcast was really interesting and I personally started watching it on my own time.

I found that the Tools Challenges were a pretty good guidance of things we should be practicing regarding the course. I found time to do the PGP, Encrypt your Drive and SSH Keys, the other two are still in my backlog.

Quality

I found the quality of the course to be good but with room for improvement like with any  course. I would do more WSQs and probably do some Tools Challenges together. Overall I think the quality of what we discussed during the course was good but I would work out how activities should play a part in the course. Kin Lane’s talk was really good too.

Suggestion

Ken, in this particular course I think that at the cost of removing grading there should be a policy that encourages doing certain activities like completing all WSQs and Challenges for getting the chance to attend a talk or be part of a small after-hours workshop.
I think this goes hand in hand with your idea of having the university reward students for answering the ECOAs.

Thank you

Thanks Ken for taking the time to teach us about security, pedagogy, and lots more about life. After this course I have changed many personal views for the better, I hope this blogging thing finally sticks.

Thank you! See you around the campus.

--Originally published at tc2027 – Ney González Blog

You still receive good old-fashioned mail at your doorstep right? Well imagine that for some reason you start receiving, not one, not two but one million letters at your door and inside your house. At the same time you should be receiving a particular letter you’ve been expecting; maybe it was an acceptance letter, a cheque, or the yearly birthday card from your family at the other side of the country. Now you don’t have the time or energy to even attend to the one that you were expecting.

This is just a fun scenario to think about but I think it gets the point across. In real life a DDoS (Distributed Denial of Service) attack occurs when lots and lots of internet traffic is directed onto a particular site. Imagine the site that is being attacked is your house with a nice clean slit for letters to come through the door. This site also has some sort of “slit”, it controls the traffic into the site so when you and another thousand people hit <Enter> on their keyboard after typing a website’s URL, they’re requesting the site to display itself on the browser.

Okay, the site knows how to handle a few thousand requests but what if you set up a system that manages to send a million requests to one site in particular. Well that “slit” will be clotted with requests and like your family’s birthday letter they would not be able to attend to your request and display the website in your browser. When a DDoS attack occurs the server takes too much load and will most definitely be down for a while, like you ridding your house of the letters on your roof.

--Originally published at tc2027 – Ney González Blog

Many issues arise in computer security and one that gets talked about a lot is ethics. Since way before computers existed there have been exploits in security systems and many of these exploits are done by someone on the inside. For example, the employee that knows the security guard will be asleep or away at a certain time. Or the bookkeeper  that knows a few bucks disappearing at a certain day or time will go unnoticed.

Today we rely so much in computer systems and these systems many times are operated by a lot of people. Now we know these people have or could have, access to our personal information stored in their service. Like the case of the Rogue Twitter Employee that Briefly Shut Down Trump’s Account. Many Americans and Mexicans have been personally affected by Trump’s decisions while president and many of them want to do something about it but the vast majority can’t.  This Twitter employee took matters into their own hands on their last day at the company and I must admit that when I found out I was glad they did it. However, this case brings up some important points.

I heard somewhere that “even if there was a peach tree that gave the most delicious fruit in the world, there will always be someone that hates peaches”. There will always be someone disagreeing with you and that someone may have some sort of leverage. Should they take that to their advantage because they don’t think your opinion is correct or valid at all? No. Yes?

Ethics is a vast subject and brings up many if not infinite questions that must be taken into consideration and there are many ways to look into a particular issue. However, people have come up with different codes of

--Originally published at tc2027 – Ney González Blog

Everything we own has been a product of the time and effort we’ve put into it. Most of what we have right now, be it a house, car, phone, computer, TV, etc., didn’t just fall into our hands. This is the reason why we lock our house, set up the alarm or buy insurance. We protect our belongings because we care about them. That being said, if you really care about all the things you own you should add some things to the list:

• Learn to detect SPAM emails
• Never click on a suspicious link that got to your inbox (even though it’s assuring you they’re the government)
• Stop using the same password for your facebook AND your bank’s web portal, for example.
  • Start using a password manager like 1Password or LastPass.
• Always connect to a secure network
• Enable and configure your Firewall
• Don’t pirate software. Get your programs form trusted and verified developers.
• Always keep your devices and software up to date! (The latest releases have fixes for old exploits)

There is so much more to add to this list. These are just some basic things to keep in mind if we want our private information secure.

We can’t be 100% safe. The only way to achieve complete security online is to just not have anything available on the internet. That’s not the point though. We want to be able enjoy what the internet has to offer and that means taking risks.

We must take calculated risks and make it really difficult for any intruder to get our private data by implementing multiple layers of security.

--Originally published at tc2027 – Ney González Blog

Today we rely too much on our email accounts to maintain our internet activity. Creating an account means getting an email to confirm the email and the account. If you want to change your password on a site you get an email and then click the link to change it in the site.

What if we had something like Apple’s Passbook (now wallet) to manage all our internet activity such as confirming logins, authorizing a password change, etc.

This could be like the authenticator model that displays a random code for two-step authentication but instead display your different internet accounts. You could request a password change, opt-out of email subscriptions, receive important/relevant information about your particular account online.

This is just a thought and I want to develop this idea a lot more. I haven’t looked for any similar solutions but if you, reader, know something about this let me know. I’m sure the internet will evolve and protocols that we used today will become obsolete, so let’s start thinking of solutions for future problems… even if they seem simple.

--Originally published at tc2027 – Ney González Blog

These are the three key elements revolving around computer security. A system can be considered secure if all three of these aspects are working properly. Let’s talk about what the ACI Triad means.

Availability

This aspect of the ACI Triad refers to making sure that your system or network is running and available to all authorized users. For example, as a citizen you expect that when you call 911 for an emergency someone will answer quickly and help you out. The same thing happens to the users of any system, platform or network; they expect it to respond when they need it.

Confidentiality

This term practically speaks for itself. When you send any type of data through your system it should never give out information about its contents, its sender or any other information to any other systems other than the one it’s intended to. You expect your information to stay confidential.

Integrity

The last term is usually a bit trickier than the last. Any system should be designed in such a way that ensures that all data sent to another user, for example, arrives unaltered by anyone or anything. The recipient must receive the message in its entirety and unmodified. Imagine this scenario where a WhatsApp user sends a message to his significant other saying he’ll be at her house “at 7:30pm” but she receives a message saying: “Hey! I’ll be outside your house at 7:30am this Saturday, be ready!”. She won’t be the only one waking up way too early but he will too when she calls him up all angry about it.

These aspects working together can create a perfect impenetrable and always-reliable system. However,  this will most likely never happen since there will always be people capable of penetrating a system’s security and people willing Continue reading "Availability, Confidentiality, and Integrity" →