The confidentiality concept of the app is also very important. The user must feel like we are respecting its privacy, he/she has to feel protected and that his/her information will remain on secret for the rest of the world. It is true that you leave a trace when you are on the Internet, deleting your browsing history will not erase the fact that you entered a website. Imagine that your trace is like walking on wet cement, your steps will stay there forever.
But that is way different than keeping Confidentiality. Privacy is helping the user to feel comfortable giving those steps, and that only trust worthy people have access to see them, at the end of the day, we have to walk to make our lives worthy.
We encrypted the footsteps, so if anyone tries to look through them, they will not see human footsteps, they could end up seeing pterodactyl steps or something like that. The kids and the teachers will have access to the app by using their IDs and passwords, and we'll have a back up for the information. saved under key.
I really hope my analogy helped to understand confidentiality a little better.
Ken asked us to take a picture of what open meant to us. I believe that the Internet is the most open door we have. It gives us the opportunity to express ourselves, to research about any topic in the world. The problem with a door being open, is that you can pass through it both ways, let's be careful when entering to it.
We'll start this post by defining what is data integrity. It is the maintenance, assurance of the accuracy and consistency of the entire data life-cycle. It should be considered as a critical point in the design, implementation and usage of any application which uses data (a.k.a. any system).
We made the sign in very kid-friendly. They will be able to sign in by using their names, and a password that will not be posted here ( haha ). As I've written before, all the information is mounted on an Amazon Web Services Server.
I really hope no one tries to attack our software, but if they try to, if won't be easy for them.
Computer security is defined as the protection of a system from damage and theft of their hardware, information and software as well as the wrong usage of the service that one provides. This includes physical security from people such as actual burglars, and protection from cyber attacks, and viruses. The IT team is also in charge of protect the information from accidental leaks.
As of today our project Misión: Marte is all mounted on AWS. We are putting our trust on that provider, so we really don't have much saying on the physical security of our information. We chose this server because we know it is trustworthy.
As for the protection of our software, we decided to encrypt all the information, because we wouldn't like it to be easily accessed by someone without out permissions. We have also created different privilege levels, so not everyone can see all the information, we wouldn't like that a student could see the progress of another student, It wouldn't be useful.
As for protection from malware, we decided to update all our libraries. We are using Phaser JS for the development of our app, and we were using an older version that was very well documented, but we decided that safety came first, so we moved on to the newer one.
We found out that our application can be accessed through mobile as well, so we are taking advantage and covering the risks that this improvised feature might bring us.
I was chosen to become a part of the first Semestre-i of ISC at the Tec de Monterrey Campus Guadalajara, and at the same time, the Security course was proposed to be one of the pillars of the project. Right now we're developing a web application for a primary school, the motive is to help them to reinforce the math course they take with their teacher, by using a computer lab they got at their school.
We reduced our risks of losing the information by having the information on an Amazon Web Services server, encrypted by the library PassportJS and in a MySQL database. And I know it is not likely for our app to be attacked or mined, but we like to take our data to be safe!
We haven't have integrity problems, but I will dedicate a blog entry just for that, so we'll leave that topic for now.
This blog entry is part of a mini series called: What we did on semestre-i on the topic of security.
I know I'm not American, and that this doesn't affect me right now but when it comes to politics and services Mexico likes to copy the practices of the USA.
As far as I understand, right now the Internet is protected by the US government, and when you get a service, no matter which one it is, you will have access to all the sites no matter who is the owner of the site or what content it is displaying, and your service provider cannot interfere with it.
The Net Neutrality War has been fought several times in the past, but now more than ever is looking that it is going to die. I will leave a link to a video where the whole topic is better explained and let's hope this doesn't escalate. It would be a very sad day for the Internet.
Recently Blizzard gave us an animation that inspired the name of this blog entry. The character Mei is an interesting data analyst who hyper-slept for 0 years. I'll leave the link to the video at the end of the post. It is worthy of watching.
So we're gonna talk about authentication. Right now there are only 3 ways for a computer to know that you are IN FACT you. Apple has given us a lovely example of this with their new iPhone X.
The most common way to authenticate is by testing the knowledge of the user. This can be used by asking for a password, just as Facebook, or a NIP, like an ATM. By asking the user for a specific piece of knowledge, the application can trust some rights to the person trying to access it. That's why it is so important for you to NOT share passwords, and to be very unrelated to you.
The next method is a little bit more secure but actually can be more problematic as well. In Walt Disney World, there exist something called a Magic Band. It is a bracelet that every member of a family must have on themselves through all their stay. The parks react to the band, so they can give you a more personalized experience, you can also access to your the parks and hotel room with it. You can even connect your credit card to it and you can pay for food and souvenirs inside the Walt Disney World with it. The system knows who you are, and gives you access to everything you paid within easy reach of your wrist. The big problem about this is that you COULD lose your Magic Band and someone COULD access to your room, park tickets, and credit card Continue reading "Make Your Online Identity Safe Again (4) – Let’s see how you get pass this!"→
We live on a society, and one of the responsabilities we have is to follow a set of rules for the greater good. The Code of Ethics is no different from this rules. In my opinion, this are the most essential baselines we all have to follow just because we are human beings. The code of ethics at Disney World is extremely long a specific, I had a set of rules to follow on almost every single scenario I worked at.
Mission and vision are present in almost every code of ethics I've read. Most of them are looking forward to create a better society. It makes sense for them to be placed there, because those are the goals of the company. If a company knows what and how it wants to reach its goals, it will do great.
As a worker, you have to be completely trustworthy to you client. They have to feel confortable giving you the information you need to develop a project. I think this may be one of the most important values at Disney World, you have to be approachable to children that may be lost or that just want to ask you something about the park.
Most codes of ethics include respect on their pages. There's a popular phrase on my native language that says "A donde fueres, haz lo que vieres". It means that if you are traveling to another country or working with someone that has different values than you, you have to follow that set of rules and conducts. Respect is the key to a better society. PS: I just re-applied to work at Disney World, I'll keep you posted about it.
I had the opportunity to work for Walt Disney World on 2016, and I realize that I keep relating things I learn there with every single topic we've covered on this course, so I might just share them with you as well for you to easily understand them.
Every single thing we do in this world has its risks. Waking up has its risks. You may get off of bed and slip on the floor and get hurt, or you could wake up late because you didn't hear your alarm. When we take this concept to computer science, the moment you turn on your computer for the first time, and connect it to the Internet, you are a target and you are taking the risks of going online.
I am a not interesting target, and surely, our knowlegde as computer science engineers make us more difficult targets because we are aware of lots of the problems we have on a daily basis. But an enterprise is a great target to attack. You could control their finances, the information of their employees and clients and God knows what else they could do with all that data. Luckily, someone tought and registered a way to manage this risks: They created frameworks for risk management.
The U.S. (I'm assuming) Government adopted the NIST Framework: It includes 6 basic steps that can be cycled as many times as needed.
It is common to think on the U.S.A.'s Central Intelligence Agency when we hear the "CIA" name. It even makes more sense when we are talking security, but SURPRISE! There is another CIA!
I still don't know what format will I use for this series, so for this special ocassion I will talk about something that we all students from the Tec de Monterrey have suffered of: "Las Inscripciones" (a.k.a. that period of time where all the students have to make their schedules at the same time)
So, you may be wondering, "What does CIA mean to you?". When we are talking about computer and information security, one of the most important concepts is the CIA Triad, three components to measure how protected your information is. "C" stands for Condifentiality, "I" for Integrity, and "A" for Availability.
So let's talk class registrations. Why are they always a mess? Imagine that the Tec de Monterrey HAS to fulfill the Triad before you create your schedule. The first thing you have to do, is to enter to your account. By doing these, the ITESM can manage that ONLY YOU can see your information. You can manage your payment, insurances and courses to take there, this is an example of what confidentiality is.
By the way, here's a Top 10 list of words that shouldn't be your password:
So, please, if you have one of these on your bank account, make youself a favour and change it!