--Originally published at Information Security A01229898

 

Finally, this is the last part of CAN protocol an IoT topic, as you already know, on the first part we talk a little bit about CAN protocol, on the second part we talk about IoT and its dangers and on this last part I will talk about how CAN protocol and IoT are related, what I personally thing about and more, So let’s start.

 

When I started all these posts about CAN protocol and IoT I used to think that all the security problem are caused by CAN, but after we talked about this on class, I saw that we can’t blame for everything to CAN, it’s true that is just a BUS and when you are inside of the bus, technically you can do whatever you want inside, so we can blame CAN, there should be more security on the ports that are connected to the bus, that’s what I think.

 

Now, I’m freaking out that with the IoT, cars would be connected to the network, think about it, currently,cars aren’t that connected to the network and they can be Hacked, I have some videos with examples at the end.

 

So to finish, I think that if we want cars connected to the network with IoT in the future, a lot of improvement need to be made on security.

 

 

--Originally published at Seguridad Informática

Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Types of network security

• Access control

Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block noncompliant endpoint devices or give them only limited access (NAC).

• Antivirus and antimalware software

Sometimes malware will infect a network but lie dormant for days or even weeks. The best antimalware programs not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.

• Application security

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.

• Behavioral analytics

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

• Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.

• Email security

Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering Continue reading "Network Security" →

--Originally published at Information Security A01229898

Hi everyone, I will talk about the part 2 of this CAN protocol and IoT posts, on this one, I will talk a little about IoT, so let’s start this.

 

The Internet of Things hasn’t been around for very long, but, there have been visions of this idea since the early 1800’s, one of the first examples of IoT is from the earlies 1980’s, and it was a Coca Cola machine on the Carnegie Melon University. Some students would connect by Internet to the refrigerated appliance, and check to see if there was a drink available and if it was cold, before making the trip.

But Internet of Things as a concept wasn’t officially named until 1999, by Kevin Ashton, the Executive Director of Auto-ID Labs at MIT, while making a presentation for Procter & Gambler, at that time, Kevin Ashton believed that Radio Frecuency Identification (RFID) was a prerequisite for the Internet of Things, He concluded if all devices were “tagged”, computer could manage, track, track and inventory them.

 

So…. What is Internet of Things????????

What I understand as Internet of Things is, all the devices that have an On, off option, can be connected to the net and can give information on real-time, is sounds good, but is too risky, having a lot of devices connected to the net demmands too much security and maybe does devices don’t have it, so they have to implement it.

 

On this video is explained what is IoT:

--Originally published at Seguridad Informática

Malware is an abbreviated term meaning “malicious software.” This is software that is specifically designed to gain access or damage a computer without the knowledge of the owner.

Various factors can make computers more vulnerable to malware attacks. Some examples are:

• Defects in the operating system design.
• Having all of the computers on a network run the same OS.
• Giving users to much permissions or just using the Windows OS (due to its popularity, it gets the most malware written for it).

The only way to really stay protected or remove an infection is by using anti-malware software, more commonly called an antivirus.

There are various types of malware including the following:

• Virus: viruses attach themselves to clean files and infect other clean files. They can spread uncontrollably, damaging a system’s core functionality and deleting or corrupting files. They usually appear as an executable file.
• Trojans: this kind of malware disguises itself as legitimate software, or is included in legitimate software that has been tampered with. It tends to act discretely and create backdoors in your security to let other malware in.
• Spyware: spyware is malware designed to spy on you. It hides in the background and takes notes on what you do online, including your passwords, credit card numbers, surfing habits and more.
• Worms: they infect entire networks of devices, either local or across the internet, by using network interfaces. It uses each consecutive infected machine to infect more.
• Ransomware: this kind of malware can lock down your computer and threaten to erase everything unless a ransom is paid to its owner.
• Adware: aggressive advertising software that can undermine your security just to serve you ads which can give a lot of other malware a way in.
• Botnets: are networks of infected computers that are made to work Continue reading "Malware" →

--Originally published at Seguridad Informática

 

Cryptography is associated with the process of converting ordinary plain text into unintelligible text and vice-versa. It is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. Cryptography not only protects data from theft or alteration, but can also be used for user authentication.

The only things that should be “secret” when it comes to a secure cryptosystem are the keys themselves. Be sure to take appropriate steps to protect any keys that your systems use. Never store encryption keys in clear text along with the data that they protect. This is akin to locking your front door and placing the key under the doormat. It is the first place an attacker will look.

Three common methods for protecting keys:

• Store keys in a filesystem and protect them with strong access control lists (ACLs). Remember to adhere to the principal of least privilege.
• Encrypt your data encryption keys (DEKs) with a second key encrypting key (KEK). The KEK should be generated using password-based encryption (PBE). A password known to a minimal number of administrators can be used to generate a key using an algorithm such as bcrypt, scrypt, or PBKDF2 and used to bootstrap the cryptosystem. This removes the need to ever store the key unencrypted anywhere.
• A hardware security module (HSM) is a tamper-resistant hardware appliance that can be used to store keys securely. Code can make API calls to an HSM to provide keys when needed or to perform decryption of data on the HSM itself.

Modern cryptography concerns itself with the following four objectives:

1. Confidentiality (the information cannot be understood by anyone for whom it was unintended).
2. Integrity (the information cannot be altered in storage or transit between sender and Continue reading "Cryptography" →

--Originally published at Seguridad Informática

Security models are used to determine how security will be implemented, what subjects can access the system, and what objects they will have access to. They are a way to formalize security policy.

A security model is a specification of a security policy:

• It describes the entities governed by the policy.
• It states the rules that constitute the policy.

A security policy is a document that expresses clearly and concisely what the protection mechanisms are to achieve. It’s a statement of the security we expect the system to enforce.

There are various types of security models:

• Models can capture policies for confidentiality (Bell-LaPadula) or for integrity (Biba, Clark-Wilson).
• Some models apply to environments with static policies (Bell-LaPadula), others consider dynamic changes of access rights (Chinese Wall).
• Security models can be informal (Clark-Wilson), semi-formal, or formal (Bell-LaPadula, Harrison-Ruzzo-Ullman).

 

Lattice Models

A lattice is a mathematical construct that is built upon the notion of a group.

A lattice is a mathematical construction with:

• A set of elements
• A partial ordering relation
• The property that any two elements must have unique least upper bound and greatest lower bound

A security lattice model combines multilevel and multilateral security. Lattice elements are security labels that consist of a security level and set of categories

State Machine Models

In state machine model, the state of a machine is captured in order to verify the security of a system.

The model is used to describe the behavior of a system to different inputs. It provides mathematical constructs that represents sets (subjects, objects) and sequences. When an object accepts an input, this modifies a state variable thus transiting to a different state.

Implementation tips:

• The developer must define what and where the state variables are.
• The developer must define a secure state for each state variable.
• Define Continue reading "Classic Security Architecture Models" →