Mr. Robot's Imaginary Friend

YOU HAVE ACTIVATED MY TRAP CARD!

Posted on 24 November, 2016 by rodopadro

Go check out the collaborative blog post that we have done about security countermeasures! It is a really interesting subject!

https://lazynesstothemax.wordpress.com/2016/11/24/you-have-activated-my-trap-card/

HOW TO DETECT THOSE RISKY RISKS IN THIS RISKY WORLD!

Posted on 24 November, 201624 November, 2016 by rodopadro

In the Internet nowadays there are a lot of risk and it is important to know them and what they’re capable of doing to your computer and some things you can do to avoid them.

Check out my collaborative blog with Gabriel about this subjects:

https://lazynesstothemax.wordpress.com/2016/11/24/how-to-detect-those-risky-risks-in-this-risky-world/

Wireless Security for newbies

Posted on 24 November, 201624 November, 2016 by rodopadro

Various wireless security protocols were developed to protect home wireless network. These wireless security protocols include WEP, WPA and WPA2, each with their own strengths and weaknesses. In addition to preventing uninvited guest from connecting to your wireless network, wireless security protocols encrypt your private data as it is being transmitted over the airwaves.

Wireless networks are inherently insecure. In the early days of wireless networking, manufacturers tried to make it as easy as possible for end users. The out-of-the-box configuration for most wireless networking equipment provided easy (but insecure) access to a wireless network.

Although many of these issues have since been addressed, wireless networks are generally not as secure as wired networks. Wired networks, at their most basic level, send data between two points, A and B, which are connected by a network cable. Wireless network, on the other hand, broadcast data in every direction to every device that happens to be listening within a limited range.

The most common protocols for wireless security are:

Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken.
Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11 wireless security standard was being developed. Most current WPA implementations use a preshared key, commonly referred to as WPA Personal, and the Temporal Key Integrity Protocol for encryption. WPA uses an authentication server to generate keys or certificates.
Wi-Fi Protected Access version 2 (WPA2): Based on the 802.11i wireless security standard, which was finalized in 2004. The most significant enhancement to WPA2 over WPA is the use of the Advanced Encryption Standard for encryption. The security provided by AES is sufficient for use by the U.S. government to encrypt information classified as top secret.

wireless-security2

Collaborative work with Gabriel Avilés Robles

Making network security great again

Posted on 24 November, 201624 November, 2016 by rodopadro

A network has been defined as any set of interlinks lines resembling a net, a network of roads an interconnected system, a network of alliances. A computer network is simply a system of interconnected computers.

Network Security is an organization’s strategy and provisions for ensuring the security of its assets and of all network traffic. Network security is manifested in an implementation of security hardware and software. There are three things that defines:

Policy
Enforcement
Auditing

The policy is the principal document for network security. Its goal is to outline the rules for ensuring the security of organizational assets. Employees today utilize tools and applications to routines and focuses on the safe enablement of those tools to its employees. The enforcement and auditing procedures for any regulatory compliance an organization is required to meet must be mapped out in the policy as well.

Most definitions of network security are narrowed to the enforcement mechanism. Enforcement concerns analyzing all the network traffic flows and should aim to preserve the confidentiality, integrity and availability of all systems and information on the network. These three principles compose the CIA triad that I talked about in previous post.

Strong enforcement strives to provide CIA to network traffic flows. This begins with a classification of traffic flows by application, user, content. All applications must be first identified by the firewall regardless of port, protocol, evasive tactic or SSL. Proper application identification allows for full visibility of the content it carries. Policy management can be simplified by identifying and mapping their use to a user identity while inspecting the content at all times.

The concept of defense in depth is observed as a best practice in network security, prescribing for the network to be secured in layers. These layers apply an assortment of security controls to sift out threats trying to enter the network:

Access control
Identification
Authentication
Malware detection
Encryption
File type filtering
URL filtering
Content filtering

These layers are built through the deployment of firewalls, intrusion prevention systems and antivirus components. Among the components for enforcement, the firewall is foundation of network security.

The auditing process of network security requires checking back on enforcement measures to determine how well they have aligned with the security policy. Auditing encourages continuous improvement by requiring organizations to reflect on the implementation of their policy on a consistent basis. This gives organizations the opportunity the opportunity to adjust their policy and enforcement strategy in areas of evolving.

network-security_mcg

Collaborative work with Gabriel Avilés Robles

Let me in, I swear it’s me!

Posted on 10 November, 201624 November, 2016 by rodopadro

I have talk a lot in previous post about the importance of the information that it’s on the internet and who have access to this information, this is why the authentication and access control is really important.

Modern computer systems provide services to multiple users and require the ability to accurately identify the user making the user making request. In traditional systems, the user’s identity is verified by checking a password typed during the login, the system record the identity and use it to determine what operations may be performed.

The process of verifying the user’s identity is called authentication. Password-based authentication is not suitable for use on computer networks. Passwords send across the networks can be intercepted and subsequently used by someone else to impersonate the user. In addition to the security concern, password based authentication is inconvenient, user doesn’t want to enter password each time they access the network service, this lead to use of even weaker authentication.

An authentication factor is a category of credential used for identity verficatiion. The three most common categories are often described as something you know, something you have and something you are.

Knowledge factors: Category of authentication credentials consisting of information that user possesses, such as personal identification number, a username, a password or the answer to a secret question
Possession factors: Category of credentials based on items that the user has with them, typically a hardware device such as a security token or a mobile phone used in conjunction with software token.
Inherence factors: Category of user authentication credentials consisting of elements that are integral to individuals in question, in the form of biometric data.

Strong authentication is a commonly used term that is largely without a standardized definition, for general purposes, any method of verifying the identity of a user or device that is intrinsically stringent enough to ensure the security of the system it protects can be considered strong authentication.

The term strong authentication is often used to refer to two factor authentication or multi factor authentication. That usage probably came about because MFA is a widely-applied approach to strengthen authentication. In cryptography, strong authentication is defined as a system involving multiple challenge/ response answers. Because such a system involves multiple instances from a single factor (the knowledge factor), it is an example of single-factor authentication , regardless of its strength.

a3f3730eb1e5f574ce3d11f459af6823

Now I will talk about access control, the purpose of access control is to limit the actions or operations that a legitimate user of a computer system can perform. Access control constrains what a user can do directly, as well as what programs execution on behalf of users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security.

Access control relies on and coexists with other security services in a computer system and is concerned with limiting the activity of legitimate users. It is enforced by a reference monitor which mediates every attempted access by a user to objects in the systems. The reference monitor consults an authorization database in order to determine if the user attempting to do an operation is actually authorized to perform that operation. Authorization in this database are administered and maintained by a security administrator, who sets these on the basis of the security policy of the organization.

Collaborative work with Gabriel Avilés Robles

Now… Let’s talk about the other kind of hackers…

Posted on 10 November, 201624 November, 2016 by rodopadro

Anyone can become a hacker, you may just be someone who spends too much time with computers and suddenly you find yourself submerged in the world of cyber-security. There are three types of hackers that I will be talking about, the first one is the black hat that.

bh-wh

Black hat hackers have become the most known image of all hackers around the world. The world hacker for most of the computer users has become a synonym for social misfits and criminals. This is just an injustice created by our own interpretation of the mass media, so it is important for us to learn what a hacker is and what a black hat does.

Black hat is a term used to describe a hacker who breaks into a computer system or network with malicious intentions and uses his skills with criminal intent, for example cracking bank accounts, stealing information to be sold in the black market or attacking computer networks of an organization for money.

Some famous cases of black hat hacking include Kevin Mitnick who used his skills to enter the computer of organizations such as Nokia, Fujitsu, Motorola and Sun Microsystems, Kevin Poulsen, who took control of all the phone lines in Los Angeles in order to win a radio contest for a Porsche.

There are professionals that have knowledge about security and vulnerabilities in many platforms and applications, and their goal is to identify and fix their potential threats on their system, those are the ethical hackers or white hat hackers. An ethical hacker attempts to bypass system security and search for weak points that could be exploited by black hat hackers, then this information is used by the organization to improve their system security trying to minimize or eliminate any potential attacks.

For hacking to be deemed ethical, the hacker must obey the following rules:

Expressed permission to probe the network and attempt to identify potential security risks.
Respect the individual’s or company’s privacy
Don’t leave anything open for you or someone else to exploit at a later time
Notify the software developer or hardware manufacturer about vulnerabilities you locate in their system.

The term “ethical hacking” is criticized by people who say that there is no such thing as an ethical hacker. Hacking is hacking no matter how you look at it and those who do the hacking are commonly referred to as cyber criminals. However, this helps organizations to improve their system security and it is shown to be very effective and successful.

A grey hat hacker is someone who is between these two concepts. He may use his skills for legal or illegal acts, but not for personal gain, they use their skill in order to prove themselves that they can accomplish a determined feat, but never do it in order to make money out of it. The moment that they cross that boundary, they become black hat hackers.

Ethical hacking course

Collaboration post with Gabriel Avilés Robles

Certifications in Computing Security

Posted on 9 November, 201624 November, 2016 by rodopadro

Credentialing is the process of establishing the qualifications of licensed professionals, organizational members or organizations, and assessing their background and legitimacy.

In the Computer security or Information security fields, there are a number of tracks a professional can take to demonstrate qualifications. Four sources categorizing these, and many other credentials, licenses and certifications, are:

Schools and Universities
“Vendor” sponsored credentials (e.g. Microsoft, Cisco)
Association and Organization sponsored credentials
Governmental (or quasi governmental) body sponsored licenses, certifications and credentials.

Quality and acceptance vary worldwide for IT security credentials, from well-known and high quality examples like a master’s degree in the field from an accredited school, CISSP, and Microsoft certification, to a controversial list of many dozens of lesser known credentials and organizations.

In addition to certification obtained by taking courses and/or passing exams (and in the case of CCSP , demonstrating experience and/or being recommended or given a reference from an existing credential holder), award certificates also are given for winning government, university or industry sponsored competitions, including team competitions and contests. isc2-ccsp

Hey wait, that was supposed to be private

Posted on 9 November, 201624 November, 2016 by rodopadro

The ethics are a really important factor when it comes to the computer security because they often have access to confidential and knowledge about users and companies’ networks and systems, so obviously that power can be abused even unintentionally , would you like all your information or the informations from your bank account spread all over the internet?

It is amazing that most of the jobs from this area of IT don’t really need a training, in fact most of them don’t even realize that their job involves ethical issues, and the training they get is only focus on technical knowledge.

There are known histories about “black hat” hackers, this is a term used to refer the hackers who use their skills to break into systems and access data without permission of the owner, I will talk about this subject in another blog, who got jobs in big companies by showing them how does they attack them and where their security is failing, this in my opinion comes in a little of a gray area.

When do we establish the line? What’s wrong? What’s right?

By this time, we all know about the big scandal about NSA having access to all our information, conversations, emails, etc, that we have online or we at some point send, this obviously with purpose of trying to keep the citizens save, but this is really the way? I mean they have so much information at their disposal that is almost impossible to actually go through all that data.

giphy

Another type of ethical problem that the persons in charge of the computer security have to deal with is the budget, what would you do if your boss tells you to cut off some of the security measures that you recommended and this will cause that some of the client’s sensitive information will be at risk, what would you do in this situation?

The ethics behind this is not as other professions that have been established for so much more time, security professionals deal with ethical issues that have not been codified into law nor is there a standar mandatory oversight body or some institution that has established a detailed code of ethics. However this is changing in this last years with some of the first laws to regulate this.

The Triad of Cybersecurity

Posted on 15 September, 2016 by rodopadro

In this post I will be exploring about one of the fundamental concepts of security that should be familiar with most security professionals or students, that is common known as the CIA triad.

In this context CIA is not referring to Central Intelligence Agency. CIA means Confidentiality, Integrity and Availability, many security measures are designed to protect one or more of these.

cia-new

Confidentiality

If you talk about confidentiality of information, you are talking about protecting the information from been access by someone unauthorized.

As I have said before in other post information is one of the most valuable things nowadays, because bank account, personal information, government documents are things that you don’t want to be public or have no security. That’s why protecting information is a very important part of information security.

One of the simplest ways to keep something confidential is to DON’T HAVE IT ONLINE! If you really need to have this information on the Internet or your computer then the best way to protect this kind of information is encrypting, I won’t talk about this subject deeply because it’s going to be a subject for another post, when this post is publish I will add the link to it here.

darth-vader_-i-find_-your_-lack_-of_-cyber_-security-disturbing-meme_1

Integrity

This refers to protecting information from being modified by someone without authorization.

The modification of information could be something really bad for you, if the information that is modified is your bank account, where you supposed to have $1000, but actually you “transferred” all of your money to someone’s account, prove this was a mistake will be really annoying for you.

A way to prevent this is to use GPG to digitally sign your data, files, etc. You could potentially hash all your information, but that will be a pain because to dehash it, you would need to have the original hash from a secure way. This is a good GPG tool if you want to try it out. Keybase

Availability

Availability of information refers to ensuring that authorized parties are able to access the information needed.

The denying of access to information has become a very common attack nowadays. If you start searching you could find almost every week a news from a big company being attacked or websites being taken down by DDoS attacks. The result of a DDoS attack is to deny access to the website.

Best way to ensure your information availability is to have backups. I will talk about the importance of information backups for personal use in another post, but for now I will just say that a way to minimize the damage of one of this kinds of attacks.