(Ethical) Hacking

--Originally published at TC2027 – Titel der Website

What is Hacking?

Hacking is a challenge to beat the borders of Softwaresystems i a creative way. The act of engaging in activities in a spirit of playfulness and exploration is called „hacking“. Hackers are motivated by many reasons. Profit, protest, information gathering or to evaluate system weaknesses to defense against potential hackers.

Hacking began in the year 1960 in the Massachusetts Institute of Technology (MIT). Students pranked the whole university to demonstrate their technical aptitude and cleverness. They called them self „Tech Model Railroad Club (TMRC)“.

The most of the people are thinking, that hacking is something really bad. They imagine a hacker is someone who sits all day and every day in his dark room, eat junk food and never see the sun. Obviously he dose crime activity’s in the internet. For example rob virtual money and steal personal data.

But that´s a fallacy! Sure there are this Hackers too. But hackers are segmented in two different Typs. The Security Hacker and the Cyber-crime Hacker.

The Certified Ethical Hacker (CEH)

The certified Ethical Hacker is a skilled professional hacker. His main work is to finde weaknesses i a target system. He uses the same knowledge and tools like the Cyber-Crime Hacker. With this tools and his knowledge he assess in a legitimate way in the target system. His job is, to play the hacker.

The purpose of the CEH credential is to:

Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
Inform the public that credentialed individuals meet or exceed the minimum standards.
Reinforce ethical hacking as a unique and self-regulating profession.

„https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/“

Why use httpS

--Originally published at Computer and Information Security

Just because it is secure we should always use https, actually right now as developers we have many options to use this protocol for free (GCP, Let's Encrypt).

But, what it is http?

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.

Benefits

Customer information, like credit card numbers, is encrypted and cannot be intercepted
Visitors can verify you are a registered business and that you own the domain
Customers are more likely to trust and complete purchases from sites that use HTTPS

Best Practices for DDoS

--Originally published at Computer and Information Security

I found this document from Google that explains the best practices to this cases.

GCP load balancing solution has DDoS mitigations built-in lowering the attack surface:
- configure ingress firewall rules (like iptables)
- network load balancing has port filtering. Any port that is not loadbalanced is dropped by GCP highly scaling frontend infrastructure
- HTTP/HTTPS loadbalancing can absorb and protect from IP spoofing and large SYN flood attacks.
- it has also fair-share allocation built-in

And

Google Cloud Platform provides a number of features to defend against DDoS attacks. You can use these in conjunction with the above mentioned best practices and other measures tailored to your requirements to make your GCP deployment resilient to DDoS attacks.

Security Models

--Originally published at TC2027 – Titel der Website

Hello Guys,

in this post i am going to Blog about some Security Models.

Commonly Security models are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. The Models are a way to formalize security policy.

Security models of control are typically implemented by enforcing integrity, confidentiality, or other controls.

Figure 5.5

How security models are used in the design of an OS.

(The first three models discussed are considered lower-level models.)

State Machine Model

The state machine model is based on a finite state model.

(Finite state model)

What is it used for?

model complex systems
deal with acceprors
deal with recognizers
deal with state variabels
transaction functions

The state machine defines the behavior of a finite number of states, the transitions between the states and actions which can occur.

Information Flow Model

The Information flow Model is like the state machine concept. But a extension.

The Information Flow Model serves as the basis of design for both. The BIBA and the Bell-LaPadula model. Objects are part of the Information Flow Model. Also transitions and lattice states.

The goal of the Information Flow Model is, that unauthorized and insecure information flow not happen.

Bell-LaPadula

The Bell-LaPadula state Machine Model enforces confidentiality. It uses mandatory access control to enforce the DoD multilevel security policy.

To access an information the User has to exceed the informations classification level.

Properties of The Bell-LaPadula:

Simple security property (ss property)—This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. This is sometimes referred to as “no read up.”
Star * security property—This property states that a subject at one level of confidentiality is

Continue reading "Security Models" →

Cryptography – Goals and Methods

--Originally published at TC2027 – Titel der Website

Cryptography is a word from the oldgreek language. „κρυπτός kryptós“ means hidden or secret and „γράφεινgráphein“ means writing.

Cryptography is originally the science of encryption of information. In simple we can say that cryptography is the encryption of data or messages of any kind.

Goals

Modern cryptography has four main objects for protecting data, messages and / or transmission channels:

Confidentiality: It is to ensure that only the person who receives the message can read and read it.
Integrity: The receiver should be able to determine whether the data or the message was changed after its creation.
Authenticity: sender or originator of data or messages shall be identifiable or the recipient shall be able to verify who is the author.
Liability: The author shall not be able to deny that he is also the author of the data / message.

It should be noted, that that cryptographic methods do not necessarily always fulfill all four objectives. It always depends on the method, which target is followed. So, you have to estimate which method is implemented.

Methods of Cryptography

Cryptography is divided into classical and modern procedures.

The classical procedures:

As long as no electronic computers were used for cryptography, encryption was always replaced by complete letters or groups of letters. Such procedures are now obsolete and unsafe.

Transposition: The letters of the message are simply arranged differently. Example: Garden fence method or Skytale.
Substitution: The letters of the message are replaced by a different letter or symbol. Monoalphabetic substitution and Polyalphabetic substitution. Examples include Caesar encryption and Vigenère encryption.

The modern procedures:

According to the functioning of computers, modern cryptographic methods no longer work with whole letters, but with the individual bits of the data. This increases greatly

Continue reading "Cryptography – Goals and Methods" →

Malware – what is it and how can you protect yourself against it?

--Originally published at TC2027 – Titel der Website

What is a Malware?

Malware (short form of „Malicious Software“) is any type of malicious or malicious software which is to be accessed secretly or without the knowledge of the user on a device.

Malware is a collection of programs. There are many types of malware – for example, viruses, trojans, rootkits or spyware. All work different and have different tasks. But you have a common goal: to harm you.

How to get capture a malware?

Malware can be everywhere, whether it is surfing the web, opening a download or attaching an e-mail attachment or connecting a USB stick. Only rarely do you ever get infected with your PC – unless your anti-virus software has averted the risk.

Even if threats are everywhere, you do not have to pull the network cable and set the surfing. With the necessary software and a critical view on websites, downloads and e-mails, you do not need to worry.

How to protect against Malware?

Anti-virus software: The protection against viruses is an anti-virus program, which is always updated. You are also protected against the latest viruses. Good and free software is available from Avira, Avast, AVG, Comodo and BitDefender.

Firewall: The firewall is already activated by default in Windows. It controls all incoming and outgoing connections and locks them in case of problems.

Updates: To keep your system and your programs safe, you should always install the latest updates for Windows and use only the latest versions of your programs.

What Typs of Malware are there?

Virus: A virus consists of only one file containing a malicious code. The infects the virus into a program, makes it mostly useless and then attempts to spread further.

Trojans: The Trojan is also known as a trojan horse, because the

Continue reading →