Refelction

--Originally published at Software engineering

Pues comparando mis pensamientos iniciales creo que el semestre-i es lo que masomenos me esperaba, faltó mucha organización con algunas materias pero otras estuvieron excelente. La idea de que todas las materias se junten para un proyecto es buena, con mas organización saldría algo excelente. Lo que mas nos costó trabajo fue la parte de web, pero las materias de tanto arquitectura como Seguridad los pudimos ver y aplicar lo mejor que pudimos, creo que en nuestro proyecto agregamos buenas opciones de seguridad, la que más me agradó tener fue la 2FA.

También estuvo muy bien la parte de seguridad de wizeline, aprendí más de lo que me esperaba.

Por mejorar en la parte de seguridad queda mucho en el proyecto, para el tiempo que teniamos creo quedó muy bien con lo que alcanzamos a implementar, pero si me hubiera gustado añadir una buena encriptacion a la base de datos y un algoritmo mejor para generar el codigo unico.

En conclusión salió decente el semestre i, y las clases que siento que mas aproveché fue seguridad y arquitectura.

Security Standards and Certifications

--Originally published at Software engineering

In today’s connected economy, more and more systems are controlled by software-based systems. These systems provide functions ranging from basic to highly sophisticated, from applications such as basic servo actuation in a public water delivery system to crash avoidance systems in the latest generation of automobiles to robotic surgery systems.

Given these increased needs, demands, and their associated safety and security requirements, many industry vertical applications have created development best practices, guidelines, and certification processes. Today, several secure coding standards have been adopted by various industries, including the following: DO-178B/C (Aerospace), IEC 61508 and IEC 62443 (Industry / Energy), ISO 26262 (Automotive), and IEC 62304 (Medical).

Central to each of these secure coding standards is the security, risk, and safety of software. The risk is a function of frequency (or likelihood) of the hazardous event and the event consequence severity. The risk is reduced to a tolerable level by applying secure coding best practices, the elimination of defects/warnings that can increase likelihood, and safety functions which may consist of E/E/PES and/or other technologies.probability-of-exposure.png

 

Network and Wireless Security

--Originally published at Software engineering

Security is one of the most important issues when talking about wireless networks. Since the birth of these, has tried to have protocols to ensure communications, but have suffered little success. For this reason, it is convenient to carefully follow a series of steps that allow us to have the maximum degree of security that we are capable of ensuring.

There are many techniques to protect a wireless network being the first of them to provide a method of authentication to the network.

Authentication and encryption
WEP only provides a weak form of authentication and does not encrypt traffic on the wireless network. Then there are other stronger methods of authentication and, in addition, provide encryption for the exchanged packets. We can mention in this section two technologies: WPA and WPA2.

Another one is to use a VPN:

VPN is an acronym for Virtual Private Network. The purpose of a VPN is to provide you with security and privacy as you communicate over the internet.

Here’s the problem with the internet: It’s inherently insecure. When the internet was first designed, the priority was to be able to send packets (chunks of data) as reliably as possible. Networking across the country and the world was relatively new, and nodes often went down. Most of the internet’s core protocols (methods of communicating) were designed to route around failure, rather than secure data.

In fact, the applications you’re accustomed to using, whether email, web, messaging, Facebook, etc., are all built on top of that Internet Protocol (IP) core. While some standards have developed, not all internet apps are secure. Many still send their information without any security or privacy protection whatsoever.

This leaves any internet user vulnerable to criminals who might steal your banking or credit card information, governments who might Continue reading "Network and Wireless Security"