Security Policies

--Originally published at Computer Security - Arturo Mendoza

Security Policies

Is a document that states in writing how the user or company plans to protect itself information assets. It have to be updated all the time and explain how the company or user will measure that is working that plan.

The objectives of an IT security policy is the preservation of confidentiality, integrity and availability of systems and information used by all the members of the organization.

  • Confidentiality: Involves the protection of assets for unauthorized entities.
  • **Integrity: ** Only the authorized user can modify the information.
  • **Availability: ** The information is accessible when it is required.

**The specifications of any company policy should be: **

  • Objectives
  • Scopes
  • Specifics goals
  • Responsibilities for compliance and actions to be taken in the event of noncompliance.

If you want to know more about fundamentals security policies, check this video.

Security on the Web

--Originally published at Computer Security - Arturo Mendoza

Security on the Web

First if you are not a tech person I want to invite you to answer this questions that will help you understand how much do you know about security on the web.

  1. Do you have the same password for all the sites?
  2. Do you check if the site that you are visiting is secure (https)?
  3. Do you pay with you credit card in public networks (public Wifi)?
  4. Do you download software or programs for not official sites?

If you don't feel good with your answers don't worry, you are in the correct post to know more about it.

Secure Sites

When you are in a web you can see very fast and easy if a website is secure, just look the search bar in your browser.
Security on the Web
You can se the green padlock, that means that this website is from the person that says it is.


The most common error is to have the same password for everything, the problem here is that if someone steal that password, they will can access to all your information and accounts.The best option is to have a bault for passwords, are many tools that can help you with this.

I use LastPass, check it.

Public Networks

Never, and I will repeat it, NEVER use your credit card in a public network or more commons words in a free WiFi, because you don't know if someone are checking the data and information that the users connected are sending.

I hope these simple steps to be more secure on the web help you.


--Originally published at Computer Security - Arturo Mendoza


The firt step is to know what is a Malware?

Malware is any software with malicious intentions, for example.Check your personal information without your approbation, create a backdoor to your computer or steal personal data.

Different types of Malware

We have different forms for Malware, the most important are:

  • Virus: Infect programs and files
  • Spyware: Collects personal information
  • Worm: Replicate itself accross a network
  • Trojan horse: It looks like a legitimate program but it is not.

How does the Malware infection happen?

Are different ways to be infected, is not possible to be 100% secure for that. But you should take all the possible precautions, don't download illegal software, don't use any USB, update all the time your OS and programs.


Taking precautions is better, now that you know the most commons types of Malware you can detected in your computer. If you get infected is important to uninstall illegitimate programs, files that you don't recognize.



--Originally published at Computer Security - Arturo Mendoza


How would you send a message that only the recipient can read and all the others do not?

This is the function of Cryptography, looking to have a secure communication based on protocols that prevents that other persons can understand the message.

Modern cryptography concerns itself with the following four objectives:

  1. Confidentiality: The information and data cannot be understood by anyone whom it was unintended.
  2. Integrity: The information cannot be modificated or altered by another.
  3. Non-repudiation: The owner for the information cannot negate the intention.
  4. Authentication: The sender and receiver have confirm that they are the real person.

Modern Cryptography

In moderns days we have a lot of information traveling around the world thanks technology, where we have to be secure that the information only are receive for the correct person and not are interfered for anyone. We have different tools to ensure this, for example:





Check this awesome video with more examples:


Denial of Service

--Originally published at Computer Security - Arturo Mendoza

Denial of Service

A Denial of Service Attack is when an attacker takes action that prevents legitimate users from accessing targeted networks, computer systems or devices.

DoS (Denial of Service) attacks typically weak servers where the security configuration is not complete or strong and doesn't have a way to predict these attacks and stop it. The Dos start sending a lot of false users to a server, requesting a lot of calls, where the server will break with many petitions.

Here are a great video that explains how works a Denial of Service

How can I protect my devices or server for DoS?

You have to know that it is impossible to prevent, but you can be ready to stop it. Is important that you have a tech person in your IT Department that can help you with this, also is important to follow the basics security practices and get support for different softwares that help you to determined when you are being attacked by Dos.

Wireless Security

--Originally published at Computer Security - Arturo Mendoza

Wireless Security

First is important to mention that the protocol WPA2 was broken.

We have different protocols to ensure that our wireless are secure, in the close history we have: WEP, WPA and WPA2. Each one with their weakness and strengths.

Is important to know a little more about each protocol

Wired Equivalent Privacy (WEP)

It was created to protect at the same level all the wired networks. Now all of us know is very easy to broke and no body wants to use it more.

Wi-Fi Protected Access (WPA)

Introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed.

Wi-Fi Protected Access version 2 (WPA2)

Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard (AES) for encryption.

Your Internet is INSECURE!

--Originally published at Computer Security - Arturo Mendoza

Your Internet is INSECURE!

WPA2 has been broken and here are the steps that you need to follow to be safe.


WPA2 (Wi-Fi Protected Access 2) is a network security technology used on Wi-Fi wireless networks, provide a strongest encryption option and nobody can see the traffic.

What happen?

WPA2 has been cracked with new method called KRACK (for Key Re-installation AttaCK)is now able to break WPA2 encryption, allowing a hacker read your information passing inside the network, it can spy you.

How bad is it?

Is bad, but you can do something to fixed, and is important that everyone do the next 3 points.

  1. You need to be very careful using public networks.
  2. Just connect to secure websites with HTTPS like mine thats mean that the website is using a SSL protocol of encryption. This create a secure connection between the server and your computer, all the information will be encrypted.
  3. Use a VPN, you should already be using one, will continue protect your information no matters WPA2 is compromised.

In the meantime,the best that you can do is calm yourself and your friends, do the steps above and you will be fine until your devices are patched.

** A great video to learn more about this topic**

Why should we study computing security.

--Originally published at Computer Security - Arturo Mendoza

Why should we study computing security.

Let me ask you this simple question, how often do you think about your security in the street at night? Do you know that you can also be victim on Internet or your computer?

Internet is another world, it have itself police, rules, security problems, users,a lot of information and their own currency, crazy right?

Computers also are in this topic, not only Internet, what about servers security problems or applications in end-users computers or smart phones.

Just think about it, you buy on Internet, you send messages all the days with private information, at work you share important documents on your laptop.

Let me say to you that I did a lot of things that are very dangerous, like pay online in a public network, sounds similar?

With this I want to give a simple vision about what happen in this digital world, and that you know that is not a secure world, and that studying this topic you will have a big responsibility to protect us.

Job Job

If you are worry about your economic, let me say to you that this career is one of the most profit, but money is not all, you can work at the industry you love, at this moment all the industries are on Internet and they need someone that help them to stay secure on Internet.

Never stop learning

All the time you have to be learning, security problems are constantly changing and all the days someone discover or break some security encryption like WPA2 ( I will write about this case in other post).

Check this video and then tell me if you want to study this career!

Authentication And Access Control

--Originally published at Computer Security - Arturo Mendoza

Authentication And Access Control

One of the foundational principles of computer security is Access Control and that means that the person or a system is authorized to do different actions in a system.


The system know who is the exactly person that makes changes in the system or have interaction with it.


The paradigm fails when the attacker make a unreal profile for the system, it is very difficult to be sure that the person is who say he is. Some closed system have Unique Identifiers but this required a difficult and slow process to Authentication.


Authentication is the act of establishing that the person is who he or she claims to be.
Authentication And Access Control

Authentication failures

  • False Negatives: A system refuses to authenticate a valid user
  • False Positives: A system authenticate an invalid user


Is an array of characters that only know the user and the system, it would be the perfect solution of Access Control, but...

  • It can lost or forgotten by the user (we are humans) and this needs a recovery system, that is the problem.
  • Common words or a simple password, to avoid the problem above users use an easy password and this mean in the most of the cases a weak password.
  • It can be share, user can use the same password in different sites or systems, if one of them are unsecured we can know the password of everything for that user.

We have Vault Passwords Tools like LastPass or One Password the problem with these is that they required a little of complexity for the user, it is more easy have the same password that configure a Vault of Passwords and change one per one of your passwords.

A correct and secure login

First is important that the communication will be secure and encrypt, with

Authentication And Access Control
Continue reading "Authentication And Access Control"

They are watching you ?

--Originally published at Computer Security - Arturo Mendoza

Computer Security

They are watching you ?

It's all about to protect our information and systems, Computer Security is a must part of the Computer Systems, like Computer Systems Engineers are our responsibility to promote the importance and impact of these, if all of us share a bit of it to our friends and family, we will have a better world.

Involves everyone

Computing Security involves everyone, people, government and companies, but why is so important today, because all the data that you, me and everybody generates on devices, Internet and hardware can be accessible for everyone that know how to find it. Just think about it, you check your bank accounts, you send photos, confidential information at work, your location, things that you do, and a lot of information that maybe you didn't know it. If all these information could be stolen imagine all the information that we can know about you or for a company.

The bad guys

All the information is in a computer, that means that it can be accesible. Outside are bad guys that are trying to access to bank accounts, personal information, etc. No matter if you are a famous person or a normal person, they want your information. It is our duty to protect ourselves.

Why should we study Computer Security

It's not only about hacking, it's also about a protection culture, about made life safe and better for the people. There is still a long way to go, the people think security is bored and it's difficult to implement, and they are right, today still being complicated, we need to change this, and the only way it cab be done, if you help us.