Author: sararuiz

Wireless Security

--Originally published at Seguridad Informática

Wireless network security primarily protects a wireless network from unauthorized and malicious access attempts. Typically, wireless network security is delivered through wireless devices (usually a wireless router/switch) that encrypts and secures all wireless communication by default. Even if the wireless network security is compromised, the hacker is not able to view the content of the traffic/packet in transit. Moreover, wireless intrusion detection and prevention systems also enable protection of a wireless network by alerting the wireless network administrator in case of a security breach.

Wireless networks are inherently insecure. The out-of-the-box configuration for most wireless networking equipment provided easy (but insecure) access to a wireless network.

We need to understand that wireless networks are generally not as secure as wired networks. Wired networks send data between two points which are connected by a network cable. And wireless networks broadcast data in every direction to every device that happens to be listening, within a limited range.

The following wireless security protocols were developed to protect home wireless networks:

  • Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken.
  • Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11i wireless security standard was being developed. Most current WPA implementations use a preshared key (PSK), commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol (TKIP, pronounced tee-kip) for encryption. WPA Enterprise uses an authentication server to generate keys or certificates.
  • Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption
    wirelesssec_chart
    Continue reading "Wireless Security"

Network Security

--Originally published at Seguridad Informática

Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Types of network security

  • Access control

Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block noncompliant endpoint devices or give them only limited access (NAC).

  • Antivirus and antimalware software

Sometimes malware will infect a network but lie dormant for days or even weeks. The best antimalware programs not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.

  • Application security

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.

  • Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

  • Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.

  • Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering Continue reading "Network Security"

Malware

--Originally published at Seguridad Informática

Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner.

Various factors can make computers more vulnerable to malware attacks. Some examples are:

  • Defects in the operating system design.
  • Having all of the computers on a network run the same OS.
  • Giving users to much permissions or just using the Windows OS (due to its popularity, it gets the most malware written for it).

The only way to really stay protected or remove an infection is by using anti-malware software, more commonly called an antivirus.

There are various types of malware including the following:

  • Virus: viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. They usually appear as an executable file.
  • Trojans: this kind of malware disguises itself as legitimate software, or is included in legitimate software that has been tampered with. It tends to act discretely and create backdoors in your security to let other malware in.
  • Spyware: spyware is malware designed to spy on you. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits and more.
  • Worms: they infect entire networks of devices, either local or across the internet, by using network interfaces. It uses each consecutive infected machine to infect more.
  • Ransomware: this kind of malware can lock down your computer and threaten to erase everything unless a ransom is paid to its owner.
  • Adware: aggressive advertising software that can undermine your security just to serve you ads which can give a lot of other malware a way in.
  • Botnets: are networks of infected computers that are made to work Continue reading "Malware"

Cryptography

--Originally published at Seguridad Informática

 

Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication.

The only things that should be “secret” when it comes to a secure cryptosystem are the keys themselves. Be sure to take appropriate steps to protect any keys that your systems use. Never store encryption keys in clear text along with the data that they protect. This is akin to locking your front door and placing the key under the doormat. It is the first place an attacker will look.

Three common methods for protecting keys:

  • Store keys in a filesystem and protect them with strong access control lists (ACLs). Remember to adhere to the principal of least privilege.
  • Encrypt your data encryption keys (DEKs) with a second key encrypting key (KEK). The KEK should be generated using password-based encryption (PBE). A password known to a minimal number of administrators can be used to generate a key using an algorithm such as bcrypt, scrypt, or PBKDF2 and used to bootstrap the cryptosystem. This removes the need to ever store the key unencrypted anywhere.
  • A hardware security module (HSM) is a tamper-resistant hardware appliance that can be used to store keys securely. Code can make API calls to an HSM to provide keys when needed or to perform decryption of data on the HSM itself.

Modern cryptography concerns itself with the following four objectives:

  1. Confidentiality (the information cannot be understood by anyone for whom it was unintended).
  2. Integrity (the information cannot be altered in storage or transit between sender and Continue reading "Cryptography"

Classic Security Architecture Models

--Originally published at Seguridad Informática

Security models are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. They are a way to formalize security policy.

A security model is a specification of a security policy:

  • It describes the entities governed by the policy.
  • It states the rules that constitute the policy.

A security policy is a document that expresses clearly and concisely what the protection mechanisms are to achieve. It’s a statement of the security we expect the system to enforce.

There are various types of security models:

  • Models can capture policies for confidentiality (Bell-LaPadula) or for integrity (Biba, Clark-Wilson).
  • Some models apply to environments with static policies (Bell-LaPadula), others consider dynamic changes of access rights (Chinese Wall).
  • Security models can be informal (Clark-Wilson), semi-formal, or formal (Bell-LaPadula, Harrison-Ruzzo-Ullman).

 

Lattice Models

A lattice is a mathematical construct that is built upon the notion of a group.

A lattice is a mathematical construction with:

  • A set of elements
  • A partial ordering relation
  • The property that any two elements must have unique least upper bound and greatest lower bound

A security lattice model combines multilevel and multilateral security. Lattice elements are security labels that consist of a security level and set of categories

State Machine Models

In state machine model, the state of a machine is captured in order to verify the security of a system.

The model is used to describe the behavior of a system to different inputs. It provides mathematical constructs that represents sets (subjects, objects) and sequences. When an object accepts an input, this modifies a state variable thus transiting to a different state.

Implementation tips:

IT Risk Management Frameworks

--Originally published at Seguridad Informática

Risk IT

Risk IT provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management. In business today, risk plays a critical role. Almost every business decision requires executives and managers to balance risk and reward.

Risk IT is a framework based on a set of guiding principles for effective management of IT risk. The framework complements COBIT, a comprehensive framework for the governance and control of business-driven, IT-based solutions and services.

While COBIT provides a set of controls to mitigate IT risk, Risk IT provides a framework for enterprises to identify, govern and manage IT risk. Enterprises who have adopted COBIT as their IT governance framework can use Risk IT to enhance risk management.

COBIT provides the means of risk management and Risk IT provides the ends.

 

COBIT Control Objectives for Information and Related Technology.

It is a framework that it is meant to be a supportive tool for managers and allows bridging the crucial gap between technical issues, business risks and control requirements.

Today, COBIT is used globally by all managers who are responsible for the IT business processes. COBIT ensures quality, control and reliability of information systems in organization, which is also the most important aspect of every modern business.

Some of the components of COBIT include:

  • Framework: IT helps organizing the objectives of IT governance and bringing in the best practices in IT processes and domains, while linking business requirements.
  • Process Descriptions: It is a reference model and also acts as a common language for every individual of the organization.
  • Control Objectives: This provides a complete list of requirements that has been considered by the management for effective IT business control.
  • Maturity Models: Accesses the maturity and the capability of every process while addressing Continue reading "IT Risk Management Frameworks"

Ethical hacking

--Originally published at Seguridad Informática

 

Every weak we see hacking on the news, it seems like the bad guys are always causing problems. From the annoying spam to the destructive cyber-attacks that steal personal data. But we need to know that there are good guys with the same skills, the ethical hackers.

An ethical hacker is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various system. Ethical hackers and malicious hackers use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.

What is the difference between ethical hackers and malicious hackers?

An ethical hacker’s break into systems legally and ethically.

 

An ethical hacker might use some of these strategies to penetrate a system:

  • Scanning ports and seeking vulnerabilities: An ethical hacker uses port scanning tools like Nmap or Nessus to scan one’s own systems and find open ports.
  • An ethical hacker will examine patch installations and make sure that they cannot be exploited.
  • The ethical hacker may engage in social engineering concepts like dumpster diving rummaging through trash bins for passwords, charts, sticky notes, or anything with crucial information that can be used to generate an attack.
  • An ethical hacker may also employ other social engineering techniques like shoulder surfing to gain access to crucial information or play the kindness card to trick employees to part with their passwords.
  • An ethical hacker will attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots, and firewalls.
  • Sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications.
  • Ethical hackers may also handle issues related to laptop theft and employee fraud.

 

One can not just

logo_ceh
Continue reading "Ethical hacking"

Certifications in Computing Security

--Originally published at Seguridad Informática

Data breaches are growing in number, size and criticality, the cybersecurity talent gap is widening, and the security unemployment rate is at zero. Now a day’s cyber security and InfoSec skills are in remarkably high demand and are a good place to start for anyone looking to begin or advance a successful IT career path.

CISSP – Certified Information Systems Security Professional

Is an exam that will certify you have mastered the knowledge required to handle data and network security for companies.

The exam is 250 questions long, and it takes about six hours to complete. It is designed for professionals with a minimum of three to five years of experience

You will be challenged in a number of cyber security domains including:

  • Security management practices
  • Access control
  • Cryptography
  • Security models and architecture
  • Telecommunications
  • Networking

The average annual pay for CISSP certificate holders in $109,000.

cissp-certification-training-exam-pass-guarantee-st-louis

CISA – Certified Information Systems Auditor

It is focused on info systems control and monitoring skills. CISA applicants must have a minimum of five years professional experience and score above 450 on the 200-800 point test in order to be approved for this certification.

The topics of the exam will be focused on:

  • Information systems disciplines
  • Your skills in IT management and governance and the protection of information assets.

The annual salary of CISA certificate holders is $110,000.

cisa-logo

CISM – Certified Information Security Manager

Is centered on information security management. Applicants must pass a 200-question exam.

Will weigh their abilities in:

  • Developing and managing information security programs
  • Being able to quarterback the response to information security incidents.

Applicants must have a verified five-year experience before registering for the exam.

You can expect your CISM certificate to rake in an average of $115,000 annually.

CISMLogo

GSEC – GIAC Security Essentials Certification

GSEC is for people with hands-on information security experience

gsec-gold
crisc-grande
cisa-logo
ecsa
gpen-scaled1000
Security_plus
SSCP-logo-2-lines
Continue reading "Certifications in Computing Security"

Three goals: Integrity, Availability and Confidentiality

--Originally published at Seguridad Informática

All information security measures try to address these three goals:

  • Protect the confidentiality of data
  • Preserve the integrity of data
  • Promote the availability of data for authorized use

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. CIA triad, is a model designed to guide policies for information security within an organization. Information security professionals who create policies and procedures must consider each goal when creating a plan to protect a computer system.

02fig01

Confidentiality

Protecting the information from disclosure to unauthorized parties.

Information has value, especially in today’s world. Everyone has information they wish to keep a secret.

With encryption we can protect our information confidentiality. Encryption ensures that only the right people (people who knows the key) can read the information.

Other ways to ensure information confidentiality include enforcing file permissions and access control list to restrict access to sensitive information.

Integrity

Protecting information from being modified by unauthorized parties. Information only has value if it is correct. As with data confidentiality, cryptography plays a very major role in ensuring data integrity.

Commonly used methods to protect data integrity includes

  • Hashing the data you receive and comparing it with the hash of the original message.
  • Use existing schemes such as GPG to digitally sign the data.

 

Availability

Ensuring that authorized parties are able to access the information when needed. Information only has value if the right people can access it at the right times. There are some factors that might deny access to our information.

Factors that could lead to lack of availability to important information:

  • DDoS attacks is to deny users of the website access to the resources of the website.
  • Accidents such as power outages or natural disasters such as floods.

How does one ensure data availability?

Backup is key. Continue reading "Three goals: Integrity, Availability and Confidentiality"

Why should we study computing security

--Originally published at Seguridad Informática

Usually, we don’t think about computer security until something bad happen. But at this point, a breach in security can cause huge and potentially harmful problems to your business and/or your customers. You can secure the information held in your computers and network by setting up a security plan.

¿Why is computer security important?

Computer security is important, because it keeps your information protected. It’s also important for your computer’s overall health, helping to prevent viruses and malware and helping programs run more smoothly.

There are two basic steps you need to follow in order to secure your information held in your compute and network:

First Step: protect from potential outside problems.

Cyber criminals, hackers, and identity thieves present real and dangerous threats to any online system. You can protect from outside problems by doing the following:

  • You should always have adequate firewalls, antivirus software, virtual private networks, and intrusion prevention.
  • You want to make sure that all your security components are communicating with each other, making you aware of any potential gaps or breaches in your security systems.
  • All your employees need to be aware of the dangers of opening attachments or web links that are sent by unknown parties. These emails can be a dangerous activity with hackers trying to access or steal passwords and other private information.

Second Step: inner security.

Depending of the business you run, it can be helpful to set up different levels of access throughout your computer systems.

¿Why are these access levels important?

These access levels ensure that important or sensitive information is only available to those who have the right level of clearance. Make sure that your employees know how to pick strong passwords, which will help keep their individual accounts secure.

Despite these two steps, it is always possible that

secure
notsecure
Continue reading "Why should we study computing security"