Authentication

--Originally published at Computer and Information Security

Each day, we log into many different webpages, they ask for authentication. We need to prove that we are us, but why is it so important? Also, how does it works? Authentication is needed to access to personal information, social media, at work, unlocking the phone, anywhere. It is almost a requisite to join every webpage to access to certain content. Regarding security, it is the way to block your information for the resto of the world. There are many different ways to prove that you are really you. Commonly, sites ask for a password, but they aren’t the only option. The next video uses interesting examples to explain the importance of authentication.

Knowledge factors: sometimes, the service that is asking for authentication can ask for names, specific questions, PIN numbers, or the password itself. Those are known as knowledge factors.
Possession factors: these are the ones that the user has in possession, such as ID cards, one-time password tokens, specific codes, or any artifact that can prove your authentication.
Inherence factors: this authentication factor covers the biometrics of the user, such as fingerprint scans, facial recognition, voice recognition, retina scans, iris scans, between others.

A modern way to authenticate the user is its location depending on the cellphone. This also has to do within its device activity and many other complex factors. Nowadays, it is recommended to use at least two factor authentications at the time per each account. For example, it is possible to activate an account with password and with a pin provided by the service company via cellphone.

There are may authentication tools in the market. It is important to be secure and also to protect your personal information. It can be annoying to unlock the accounts with more than 1-factor-authentication, but sometimes it is necessary Continue reading "Authentication" →

CIA triad

--Originally published at Computer and Information Security

Confidentiality, integrity and availability is also known as the CIA triad. CIA triad is a model that establishes some principles for information security, it can be seen as an organizer. These three principles are considered as the most importan principles for security. They aren’t the only ones, but they can be seen as the three pillars of security. The following video explains very well these three principles:

Confidentiality

Confidentiality can be defined as a series of rules that are responsible for preventing information from reaching the wrong hands. That is, confidentiality is in charge of the access. This access must be restricted for those that don’t have the authorization to see the information. One way to prevent a leakage is to create levels. Most of the time, information is categorized depending on the impact it would have if the specific information was stolen.

Integrity

Integrity is an important pillar to security, it is in charge of the accuracy, consistency and trustworthiness of the information all the time. It is crucial the security of the data. Information can’t be corrupted or edited by a third-party without the autorizaron. Also, while sending data, it must be delivered and received without any modification in between. Software can be involved in order to check the integrity of data that is traveling from one place to another.

Availability

Availability is mainly in charge of the hardware. If there are complications between services or any damage, there must be a resource in charge of fixing it. Also, it needs to be updated all the time and there has to be one that establishes de communication between the different services. There must be an adaptive recovery if it is necessary. It is important to have a way out of problems, even without a person in charge for it.

In Continue reading "CIA triad" →

Denial-of-service attacks

--Originally published at Computer and Information Security

Have you ever feel that a webpage is loading too slow compared to other times, a poor network performance while trying to retrieve s file from a cloud server, an increasing amount of time in order to reach an specific service from the internet? It’s obvious that there are many factors that can influence the weak performance from the network, but it is important to take into account that it could be a denial-of-service attack. It’s not that easy to spot the problem, but first, what is a denial-of-service attack?

We can define a a DoS attack as a planned attack to a server in order to disrupt an organization’s network to complicate the entry of their user to their services. The attack can limit the access to the network or even to deny the access. The main point is to prevent any online activity through the servers that are being attacked.

There is also a Distributed Denial-of-Service attack, where the attacker also infects the computers that get connected to the infected servers and now these new computers are used to infect more users. These new infected computers are known as zombies. Zombies are the computers that are controlled by the attacker. With the control of all of the computers, the attacker can use their power to overload the services, such as mail, internet, and network services.

Also, there are three specific categories in which the hackers focus their attacks:

Networks
Systems
Applications

Mainly, all of them create requests to overload the servers until there is no response or until they create an error on the system. One of the main goals is to consume as much bandwidth as possible in order to create slowdowns in networks. Hackers also focus on hardware, such as routers and devices that need network Continue reading "Denial-of-service attacks" →

Redes domésticas

--Originally published at Computer and Information Security

Es muy útil saber cómo modificar los ajustes de un módem. Cambiarle la contraseña a la red de la casa o incluso cambiarle el nombre puede llegar a ser muy sencillo y puede a llegar a incrementar un poco la seguridad de la red. Sin embargo, hay más opciones en los ajustes de un módem y éstas pueden llegar a ser implementadas de una manera muy sencilla. Una de las ventajas de acceder a los ajustes de éste es que puedes crear redes locales dentro de la casa o la oficia. La división de la red puede llegar a ser útil para conectar ciertos dispositivos a una de ellas y los otros a la otra, se puede crear una red para invitados, o incluso redes privadas para intentar mantener más segura cierta información que se comparte cuando alguien se encuentra en la misma red. A continuación, se mostrará un pequeño tutorial para crear una nueva red doméstica.

1 – Entrar a la página web del módem

Normalmente, para poder acceder a la configuración del router se tiene que ingresar a la dirección 192.168.X.X. En este caso para ingresar a la configuración del módem de Telmex, se ingresa a 192.168.1.254. El usuario puede variar (TELMEX en este caso) y la contraseña es la clave que viene en el modem.

2 – Ir a Red

Al entrar a la configuración del módem, una ventana parecida aparecerá en la pantalla. Hay que seleccionar la opción de “Red” que se encuentra en la columna izquierda.

3 – Inalámbrico (2.4GHz o 5GHz)

Una vez adentro de la opción de Red, se selecciona el tipo de red inalámbrica que se desea crear el la columna izquierda. En este caso, se seleccionará la red 5GHz.

4 – Seleccionar SSID

Continue reading →

Privacy? Yes, please

--Originally published at Computer and Information Security

With all the attention that Facebook ir receiving, what are you doing to protect your information? Not just your Facebook’s personal info, but also your internet traffic is somewhere in a server, without even your consent. Facebook isn’t just the only one that retrieves your traffic information, also Google and many other companies, even with a VPN. Nowadays, it is difficult to hide your information from these companies, but there is always a solution, or at least to protect a little more your information.

Personally, I do think that ads are necessary when the content is free because it’s work that it given for free. The problem is when the pages that are publishing those ads are also giving your personal info and internet traffic to a third-party company without even saying it to you and that’s the point that isn’t fair or correct. With all of the privacy movement, I just decide to look for an AdBlocker to my MacBook Pro. Not just to hide those invasive ads, but also to protect a little more my information. While making a little research through Reddit, I found a thread asking for some AdBlockers (link: https://www.reddit.com/r/apple/comments/7o7zw9/your_favorite_adblocker_for_safari_macos_with/). Thanks to the comments, I opted for AdGuard. My experience was incredible.

AdGuard isn’t my first ad blocker, but it was completely different from the others. Starting with its interface, it is really easy to use. It has interesting options, a menu appears when a page has ads and it gives you options for the page, such as: Block Element, Add Exception, or do not block the page for 30 seconds. For experience, some ad blockers doesn’t work with some pages becase devs are implementing a way to find out when you have an ad blocker, but the cases with AdGuard were

Screen Shot 2018-04-30 at 11.08.12 AM.png

Screen Shot 2018-04-30 at 12.04.19 PM.png

Screen Shot 2018-04-30 at 11.17.13 AM.png

Continue reading →

Cryptography

--Originally published at Computer and Information Security

The concept of cryptography can be easy to understand, but not as easy to implement. Cryptography has been around a while now. Today, we hear that word and we imagine a secure program to protect passwords, but it was mainly used for war. First of all, we can define cryptography as an activity to convert an intelligible text into an unintelligible one or all the way around. This method is used to protect information and its main goal is to send and receive this plain text decoded in order to decode it. It is also used for authentication.

The first implementations of cryptography were different compared with the modern ones. Today, cryptography is based on pure complex mathematical approaches. The main goals of it are discussed all over the internet, but the most controversial ones, at least for me, are following ones:

Confidentiality: confidentiality means that no one can understand the encrypted message but the receiver and only using the tools to decode the message.
Integrity: it is crucial that no one can be able to alter or modify the integrity of the encrypted message.
Non-reoudiation: this means the the one that is sending the message cannot deny the content of the message at a later stage. There can’t be differences between what is send and what is received.
Authentication: authentication can be used to confirm the connection between the one that sends the message and the one who receives it.

There are a lot of advantages regarding cryptography. Banks, computer passwords, and e-commerce transactions use it to protect their information from getting leaked. It is important to say that an encrypted text doesn’t mean that it isn’t crackable, but there a re different ways to measure the effectiveness of an encryption. Normally, they are measured with the amount of Continue reading "Cryptography" →

What is Malware?

--Originally published at Computer and Information Security

I have heard more frequently the word malware, but the question is “what is malware?”. I didn’t even know what that word mean until I made some research. According to the definition, malware is the abbreviation of “malicious software”, and it is considered as a malicious program that harms the functionality of a computer. Also, malware is composed by many other tools that harm the computer, such as viruses, Trojan horses, and worms. People often create these malware to steal information from the user, to modify it, or even to delete important data from the computer. These activities are made by the malicious programs without any permission.

it is possible to divide the kinds of malware depending on their characteristics and the way of how each one acts.

Virus: this one is the most common one. It has the name virus because it acts as in health, it spreads in the computer and spreads very quickly with malicious software. Virus infects other programs.
Worms: it is a type of malware that multiplies without any command or a specific action. Worms can be activated without any human interaction and it affects the performance of the computer.
Trojan horses: its name comes as in history. It appears to be a legit program until it is executed. While it is executed, malware is installed in the computer and can use malware’s functions.
Spyware: this last one is the one that steals information from the user without any knowledge from him or her. It also watches the movements from the user to learn from him or her.

The following video explains the types of malware. I’ll recommend you to watch it.

It is known that the first tope of malware was a virus, it was called the Creeper virus and it happened in Continue reading "What is Malware?" →

Wireless security

--Originally published at Computer and Information Security

Wireless networks

Since the last few years, wireless networks have become very important in the market. We can see wireless networks everywhere, such as in the coffee shops, some malls, on the streets, airports, hotels, home, school, etc. The problem is that there are a lot of security problems with them. It is important to take into consideration that nowadays, wireless networks carry important information and it is crucial to have a secured wireless network.

Although it is easier to get connected to a wireless network rather than a wired one, it has become more vulnerable because of the facility to get connected to a wireless one. Each day, people are being connected to the internet and its easier to be in risk because of that. But leaving aside those risks, wireless networks have a lot of advantages. Before the explanation of them, i’ll recommend you to watch the next video regarding wireless security:

Wireless Security protocols

In order to protect wireless networks, WSP (wireless security protocols) were invented. These WSP are mainly targeted to protect local networks, such as the ones that are in home or offices. These WSP have their own strengths and weaknesses, but they offer wireless security in most of the cases, sending encrypted data through the airwaves.

The problem with the wireless networks is that the information is send to every device that is listening to the signals, obviously, it has a limited range. One of the benefits of the wired networks is that it has only one connection, between device A to device B. Protocols were created to protect these airwaves signals. We have three protocols: WEP, WPA, and WPA2.

WEP (Wired Equivalent Privacy)

The WEP was the first protocol to secure the wireless networks. The main point of the protocol is to Continue reading "Wireless security" →

What does VPN means?

--Originally published at Computer and Information Security

Before we start, I’ll recommend you to see the following video regarding Virtual Private networks:

So what is a VPN?

A VPN is a connection between the computer and a server. The server is operated by the VPN service and it creates a secure connection between both of them by a tunnel. This connection makes the user to be part of the company’s network, as if the computer was on it. The tunnel hides the traffic until it leaves the tunnel. One of the main goals is to hide the IP address of the computer.

There are a lot of advantages while using a VPN, its important to notice that the number of functions of a VPN is interesting. I’ll mention three of them.

Advantages

It prevents anyone that is on the same network access point from intercepting your web traffic in a man-in-the-middle attack.
It makes harder for advertisers, or spies, or hackers to track you online.
Avoid censorship, but it could be against the law.

I think that one of the most remarkable ones is the first one. Using a VPN to avoid or prevent a interception from another person is a very useful took. It is important to mention that the VPN doesn’t protect your information entirely, but it can make it harder for people to track your online information. As an example, we can see this useful feature as a shield that protects your information from a man-in-the-middle attack.

Avoiding censorship might be illegal in some countries, maybe in most of them, but it can be very practical. We can see this as a tool for a journalist. A journalist needs to find information for his or her research, but maybe the country blocks this information for many reasons. In this case, a journalist

Screen Shot 2018-02-08 at 3.37.34 PM.png

Continue reading →