Tag: security

Network & Wireless Security

--Originally published at TC2027 – Titel der Website

What is Network Security?

Network security is not a single established term, but includes all measures for planning, execution and monitoring of security in networks. These measures are by no means only of a technical nature, but also relate to the organization the operation (how can I apply network security in practice, without interrupting the operation at the same time?) and finally the law (which measures may be used?).

 

Wireless Security

The right wireless encryption for your router

WLAN name – SSID: This abbreviation stands for „Service Set Identifier“ and means the name of your WLAN. By default, this is usually the name of the DSL wireless router, such as Fritzbox 7270th These and all the following settings can be seen in the configuration interface of the router, which you can reach through your browser. The matching address is in the manual. Often it is something like this: 192.168.0.1, 192.168.178.1, fritz.box or speedport.ip.

https://www.pcwelt.de/tipps/Die_richtige_WLAN-Verschluesselung_fuer_Ihren_Router-WLAN-Einstellungen-7567027.html

A recommendation is to assign a new, neutral name for the SSID. But don´t use the option to hide the name. It may happen, that hardware like Computer and Tablets cant connect with your WLAN

Encryption Standards – WEP, WPA, WPA2: The oldest standard has the abbreviation WEP (Wired Equivalent Privacy). Due to systemic vulnerabilities, the process is considered uncertain. The key to this encryption can be cracked in minutes. If your router or WLAN card in the PC only offers this standard, you should think about buying a new one. WPA (Wi-Fi Protected Access) is an evolution of the older WEP standard, but provides additional protection. But he has not yet built the better encryption with AES (Advanced Encryption Standard). This is only possible with the current standard WPA2.

WPA2 is

Continue reading "Network & Wireless Security"

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy describes the aspired security claim of an institution for example  company or association. The word safety means normally information security. The focus today is in the field of electronic data processing and the associated security requirements. This is based on the assumption or fact that information represents a value or their protection is required by law or regulation.

In the context of information security, the meaning and purpose of a security policy can be comprehensively described with the provision of confidentiality, integrity, availability and authenticity of the information. The security policy is passed by the management of a institution and is adopted and exemplified by the management. It must be noted, understood and followed by all members of the institution.

6298926836_916c4b0bba_o.jpg

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

  • Importance of information security and importance of IT for task goal
  • Naming the security objectives and describing the security strategy
  • Description of the organizational structure
  • Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
  • Statements on the periodic review of security measures
  • Responsibilities in the information security process

Security Policies

--Originally published at TC2027 – Titel der Website

A security policy describes the aspired security claim of an institution for example  company or association. The word safety means normally information security. The focus today is in the field of electronic data processing and the associated security requirements. This is based on the assumption or fact that information represents a value or their protection is required by law or regulation.

In the context of information security, the meaning and purpose of a security policy can be comprehensively described with the provision of confidentiality, integrity, availability and authenticity of the information. The security policy is passed by the management of a institution and is adopted and exemplified by the management. It must be noted, understood and followed by all members of the institution.

6298926836_916c4b0bba_o.jpg

A security policy defines the information security goals chosen by the institution as well as the information security strategy pursued.

The most essential contents are:

  • Importance of information security and importance of IT for task goal
  • Naming the security objectives and describing the security strategy
  • Description of the organizational structure
  • Assurance that the security policy is enforced by the management and that violations are sanctioned wherever possible
  • Statements on the periodic review of security measures
  • Responsibilities in the information security process

Stay safe on the web

--Originally published at TC2027 – Miguel 101

“El que nada debe, nada teme”

“If you have nothing to hide, you have nothing to fear” it’s a very common phrase (my parents use it a lot), and when it comes to our daily lives on the web, it’s used a lot (specially by the government).

We all know about those cases like the dispute between Apple  and the FBI on the San Bernardino attacks. A judge asked Apple to provide “reasonable technical assistance” by helping them unlock the attacker’s iPhone.
At the time, the only way to do this was to write some kind of master key capable of unlocking the device (and every other iPhone too). Obviously, Apple refused because creating such a powerful backdoor into their devices would have easily fired back to they customers (either by hackers finding a way to replicate this master key or straight ahead by being used by the government for surveillance. Looking at you, NSA).

Whenever these kind of news rise up to the mainstream media, again, you get your typical internet user making use of that phrase I started this post.

“Why are iPhone users so against this backdoor the FBI is asking for?
It’s gonna help them get the bad guy! If they have nothing to hide they shouldn’t have nothing to fear!”

But if you stop for a second and think about it, this famous phrase doesn’t even make sense. As Edward Snowden would put it:

“…Privacy isn’t about something to hide. Privacy is about something to protect. That’s who you are. That’s what you believe in. Privacy is the right to a self. Privacy is what gives you the ability to share with the world who you are on your own terms. For them to understand what you’re trying to be and to protect

Continue reading "Stay safe on the web"

But why, tho?

--Originally published at TC2027 – Miguel 101

So my whole semester has been about computing security.
I’ve been listening weekly and very faithfully Security Now’s podcast, learning about all the new risks on security in our today’s world and my mind has been kinda focused on that since I started listening to that podcast.

And at the middle of this security obsession I stumbled upon a very striking question on the mastery topics of my TC2027 course.

Why should we study computing security?

Heck! Why should we even bother in the first place?!

I know you all got that one friend or family member (if not more than one) that when you bring up a good security advice or tell them about a new breakthrough on security tech (as the good cautious geek you are) they’ll call you a tinfoil hat lunatic.
“I gotta do all that?! What a pain in the butt!”. “Are you seriously telling me I cannot repeat my passwords? How do you expect me to remember all of them if I got 100 different ones?!”. “What’s so urgent about updating the firmware of my smartCameras on my home? If it ain’t broken it, don’t fix it. I won’t waste my time doing so.”

Source

And there you got your why. Those kind of people are the reason Security it’s so important. More importantly, the amount of people who think like that it’s what makes Security such a critical field to be studied.

Because people always put commodity over security we need to study and make our security technology almost perfect. This convenience over security is what made The Reaper IoT feasible on the first place! People don’t want to waste time updating the firmware on their IoT devices, cause that’s extra work for them.

But that’s no the worst

Continue reading "But why, tho?"

(Ethical) Hacking

--Originally published at TC2027 – Titel der Website

What is Hacking?

Hacking is a challenge to beat the borders of Softwaresystems i a creative way. The act of engaging in activities in a spirit of playfulness and exploration is called „hacking“. Hackers are motivated by many reasons. Profit, protest, information gathering or to evaluate system weaknesses to defense against potential hackers.

Hacking began in the year 1960 in the Massachusetts Institute of Technology (MIT).  Students pranked the whole university to demonstrate their technical aptitude and cleverness. They called them self „Tech Model Railroad Club (TMRC)“.

The most of the people are thinking, that hacking is something really bad. They imagine a hacker is someone who sits all day and every day in his dark room, eat junk food and never see the sun. Obviously he dose crime activity’s in the internet. For example rob virtual money and steal personal data.

But that´s a fallacy! Sure there are this Hackers too. But hackers are segmented in two different Typs. The Security Hacker and the Cyber-crime Hacker.

 

The Certified Ethical Hacker (CEH)

 

The certified Ethical Hacker is a skilled professional hacker. His main work is to finde weaknesses i a target system. He uses the same knowledge and tools like the Cyber-Crime Hacker. With this tools and his knowledge he assess in a legitimate way in the target system. His job is, to play the hacker.

30822576713_b81a102e4a_m.jpg

The purpose of the CEH credential is to:

Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
Inform the public that credentialed individuals meet or exceed the minimum standards.
Reinforce ethical hacking as a unique and self-regulating profession.

https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/“

 


Hacking adventures (Story 2)

--Originally published at Computer and Information Security

Yo, reader! I’m glad you keep an eye in my blog. Today’s story, is about the new GeForce Now service from Nvidia, which is only available currently for mac users since it is in beta. In this service you can log in to one of their virtual computers on the cloud, to be able to play video games through your steam account.

I tested this new gaming service and I can say that this is a pretty good way to play. Before Nvidia launched this, there was another one called OnLive, the Netflix for gaming, you were able to rent a game for a certain amount of time or even buy it, but it was a copy of the game and it was never yours. It used their self-made interface, it means that I couldn’t see anything but just what they allowed me to see with their own design. Which was identical to the windows tablet or phone theme, like squares or windows. A long time ago I tested this service, I was most of the time logged in and playing games since I couldn’t afford a gaming PC and when they closed it, like around 3 years ago, I got really sad. Anyways, when I heard about Geforce Now I remembered the old times in OnLive, but this time it was different, the gaming process was through your steam account and not by renting or buying the game through a custom menu, it was actually a windows 10 virtual machine. As you know, I’m a pretty curious person, therefore I decided to click anywhere to check if I could get into the desktop menu, but as you already know, everything was locked up. But I never gave up, actually I managed to install chrome, through the internet explorer

Continue reading "Hacking adventures (Story 2)"

Risk Management Framework

--Originally published at Blog | Cesar Arturo Gonzalez

Risk Management Framework provides an structured process that integrates information security and risk management activities into the system development steps.   Categorize: The information system and the information already processed or stored by the system needs to be categorized based on the impact analysis. Select: We need to choose security controls for the data and information based on the categorization …

Continue reading "Risk Management Framework"

Security Architecture and Policies

--Originally published at Blog | Cesar Arturo Gonzalez

Security Architecture In order to have good secure bases for our system the first thing we need to do in the planning process is defining a security architecture. To define this you need to think about the potential risks that the system may have establishing the different scenarios from the beginning of the planning stages. …

Continue reading "Security Architecture and Policies"

Cryptography and Network Security

--Originally published at Blog | Cesar Arturo Gonzalez

What is Cryptography? Crypto == “hidden or secret” Graphy == “study of writing” So with this breakdown of words we can conclude that cryptography is the study of writing something hidden or secret. Cryptography has been around for centuries with the creation of the Caesars cipher created by Julius Caesar. Before modern times cryptography was used …

Continue reading "Cryptography and Network Security"