Information security

--Originally published at TC2027 – Titel der Website

Information security refers to the characteristics of information processing and storage (technical or non-technical) systems that meet the confidentiality, availability and integrity protection goals.

Security meets threats, avoiding economic damage and minimizing risks.

In practice, information security is based on IT security management under the international ISO / IEC 27000 series. In German-speaking countries, a procedure based on IT-Grundschutz is widespread.

In the area of evaluation and certification of IT products and systems, the standard ISO / IEC 15408 (Common Criteria) is frequently used.

Why should we study computing security?

--Originally published at TC2027 – Titel der Website

It has many reasons why we should study computing security!

The IT gets super fast more importans at it also gets bigger and bigger. Programming is the future for a lot of companies. Datas of the normal human being is a new currency. So computing security is not just important for the important things. It is also important for the little information which we have in the internet. Malware and hacker is the keyword why everybody should now more about security in computing.

Nowadays everybody is a potential victim of those two keywords. And to make sure, that you scale down the risk of being a victim it is more than necessary to know more about security in the internet.

Until now, i just learned so much from Ken. I am not one of those IT experts. But even super simple things which i learned just give me a better feeling when i am surfing in the internet.

Formatting of a Windows Computer

--Originally published at TC2027 – Titel der Website

Thats a blog post for two courses of Ken. TC1017 & TC 2027.

The reason why i took this topic is first of all, that Ken talked a lot in this semester about reason why we should Format a computer. Reasons are, that a student clicks a lot of times not serious links or just download a lot of trash to the computer. The result is most of the time a super slow computer. A computer which worked 1000 times slower than the first day of using.

An other reason is a personal reason. I guess i am one of the students, which did a lot of mistakes with clicking links and download trash. So why i post this is, i just Format one time in my life a computer by my own. I just want to do that again. To learn how it works and to rescue my lovely Surface 4

To the operative work:

It is super easy to format a Windows computer nowadays.

The first step is to safe all your Datas, which you not want to lose. But important is, to realize that maybe movies, music or other stuff from strange websites could be the reason why a computer is not running like it should. So think twice if you also want to safe all the trash!

The reason for the first step is, that the computer will be empty after the process for Formatting.

Now the steps

Simultaneously press the [Windows] and [R] keys to open the Run command.
Enter „diskmgmt.msc“ here and confirm with „OK“. Subsequently, the disk management opens.
Select the desired hard disk from the list and click on it with the right mouse button.
Select the option „Format“ and confirm the process via the „OK“ button.
Then the hard

Continue reading "Formatting of a Windows Computer" →

Operating System Security (OS Security)

--Originally published at TC2027 – Titel der Website

What is a Operating System Security?

The Definition of a OS is the process of ensuring OS integrity, confidentiality and availability. It uses special provisions to protect the system against threats, viruses, worms malware etc.

OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised.

Techopedia explains Operating System Security (OS Security)

OS security encompasses many different techniques and methods which ensure safety from threats and attacks. OS security allows different applications and programs to perform required tasks and stop unauthorized interference.

OS security may be approached in many ways, including adherence to the following:

Performing regular OS patch updates

Installing updated antivirus engines and software

Scrutinizing all incoming and outgoing network traffic through a firewall

Creating secure accounts with required privileges only (i.e., user management)

Security on the Web

--Originally published at TC2027 – Titel der Website

I found a german article in the internet about Web-Security. The article was posted from the website http://www.computerbetrug.de.

Here the most important topics about this article.

Nowadays web-security is more important than ever. Every internet user can be in a super short term a victim of internet criminals.

This dangers are waiting for victims:

Trojans, spyware, scareware, phishing – these are real threats to your money, your data and your integrity. When you’re on the Internet, you do not have to know every technical term. But you have to know what dangers lurk where and how to protect yourself from them. We have summarized the currently biggest dangers for you here.

A recommendation is also to protect your reputation in the internet. the talk is about blogs, forums and wikipedia. Nowadays anyone can publish virtually anything on the internet. So it is always important to think twice about the stuff you may post. Otherwise you can be victim of Cyber-Mobbing.

Anyone surfing the internet in Germany or running their own website has to follow hundreds of laws and regulations – and must count on a false step or a wrong decision with warnings, fines or even criminal consequences.

You do not have to be an IT professional to be reasonably safe from data thieves, scammers and rip-offs moving through the Internet. It is important that they protect themselves against the greatest risks and protect themselves where necessary.

Network & Wireless Security

--Originally published at TC2027 – Titel der Website

What is Network Security?

Network security is not a single established term, but includes all measures for planning, execution and monitoring of security in networks. These measures are by no means only of a technical nature, but also relate to the organization the operation (how can I apply network security in practice, without interrupting the operation at the same time?) and finally the law (which measures may be used?).

Wireless Security

The right wireless encryption for your router

WLAN name – SSID: This abbreviation stands for „Service Set Identifier“ and means the name of your WLAN. By default, this is usually the name of the DSL wireless router, such as Fritzbox 7270th These and all the following settings can be seen in the configuration interface of the router, which you can reach through your browser. The matching address is in the manual. Often it is something like this: 192.168.0.1, 192.168.178.1, fritz.box or speedport.ip.

https://www.pcwelt.de/tipps/Die_richtige_WLAN-Verschluesselung_fuer_Ihren_Router-WLAN-Einstellungen-7567027.html

A recommendation is to assign a new, neutral name for the SSID. But don´t use the option to hide the name. It may happen, that hardware like Computer and Tablets cant connect with your WLAN

Encryption Standards – WEP, WPA, WPA2: The oldest standard has the abbreviation WEP (Wired Equivalent Privacy). Due to systemic vulnerabilities, the process is considered uncertain. The key to this encryption can be cracked in minutes. If your router or WLAN card in the PC only offers this standard, you should think about buying a new one. WPA (Wi-Fi Protected Access) is an evolution of the older WEP standard, but provides additional protection. But he has not yet built the better encryption with AES (Advanced Encryption Standard). This is only possible with the current standard WPA2.

WPA2 is

Continue reading →

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy describes the aspired security claim of an institution for example company or association. The word safety means normally information security. The focus today is in the field of electronic data processing and the associated security requirements. This is based on the assumption or fact that information represents a value or their protection is required by law or regulation.

In the context of information security, the meaning and purpose of a security policy can be comprehensively described with the provision of confidentiality, integrity, availability and authenticity of the information. The security policy is passed by the management of a institution and is adopted and exemplified by the management. It must be noted, understood and followed by all members of the institution.

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

Importance of information security and importance of IT for task goal
Naming the security objectives and describing the security strategy
Description of the organizational structure
Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
Statements on the periodic review of security measures
Responsibilities in the information security process

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

Importance of information security and importance of IT for task goal
Naming the security objectives and describing the security strategy
Description of the organizational structure
Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
Statements on the periodic review of security measures
Responsibilities in the information security process

(Ethical) Hacking

--Originally published at TC2027 – Titel der Website

What is Hacking?

Hacking is a challenge to beat the borders of Softwaresystems i a creative way. The act of engaging in activities in a spirit of playfulness and exploration is called „hacking“. Hackers are motivated by many reasons. Profit, protest, information gathering or to evaluate system weaknesses to defense against potential hackers.

Hacking began in the year 1960 in the Massachusetts Institute of Technology (MIT). Students pranked the whole university to demonstrate their technical aptitude and cleverness. They called them self „Tech Model Railroad Club (TMRC)“.

The most of the people are thinking, that hacking is something really bad. They imagine a hacker is someone who sits all day and every day in his dark room, eat junk food and never see the sun. Obviously he dose crime activity’s in the internet. For example rob virtual money and steal personal data.

But that´s a fallacy! Sure there are this Hackers too. But hackers are segmented in two different Typs. The Security Hacker and the Cyber-crime Hacker.

The Certified Ethical Hacker (CEH)

The certified Ethical Hacker is a skilled professional hacker. His main work is to finde weaknesses i a target system. He uses the same knowledge and tools like the Cyber-Crime Hacker. With this tools and his knowledge he assess in a legitimate way in the target system. His job is, to play the hacker.

The purpose of the CEH credential is to:

Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
Inform the public that credentialed individuals meet or exceed the minimum standards.
Reinforce ethical hacking as a unique and self-regulating profession.

„https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/“

Security Models

--Originally published at TC2027 – Titel der Website

Hello Guys,

in this post i am going to Blog about some Security Models.

Commonly Security models are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. The Models are a way to formalize security policy.

Security models of control are typically implemented by enforcing integrity, confidentiality, or other controls.

Figure 5.5

How security models are used in the design of an OS.

(The first three models discussed are considered lower-level models.)

State Machine Model

The state machine model is based on a finite state model.

(Finite state model)

What is it used for?

model complex systems
deal with acceprors
deal with recognizers
deal with state variabels
transaction functions

The state machine defines the behavior of a finite number of states, the transitions between the states and actions which can occur.

Information Flow Model

The Information flow Model is like the state machine concept. But a extension.

The Information Flow Model serves as the basis of design for both. The BIBA and the Bell-LaPadula model. Objects are part of the Information Flow Model. Also transitions and lattice states.

The goal of the Information Flow Model is, that unauthorized and insecure information flow not happen.

Bell-LaPadula

The Bell-LaPadula state Machine Model enforces confidentiality. It uses mandatory access control to enforce the DoD multilevel security policy.

To access an information the User has to exceed the informations classification level.

Properties of The Bell-LaPadula:

Simple security property (ss property)—This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. This is sometimes referred to as “no read up.”
Star * security property—This property states that a subject at one level of confidentiality is

Continue reading "Security Models" →