Computer and Information Security Blog at the moment..

My experience with this course was a good one. I learned more theory about security and privacy than hands on learning, which  isn't a bad thing but i would've preferred some practice sessions with the Wizeline team on topics that could've helped us during the development of our project. My team and i had to really do some research on how to do 2FA with the technologies that we were using, we didn't have a guide line to get ourselves started. But as usual we managed to get it done. I think that including the Wizeline Security team really gave the course a plus. Taking this course really opened my eyes towards the Security aspect of software, because being a good programmer is so much more than just writing good code. It's about allowing yourself to explore every different angle of programming. The goal is to become a professional a multidimensional programmer and that's also my goal.  I believe that the goal of this course was to comprehend the impo

Some of the top security certifications: CEH: Certified Ethical Hacker CISM: Certified Information Security Manager CompTIA Security+ CISSP: Certified Information Systems Security Professional GSEC: SANS GIAC Security Essentials References: Tittel, E. (2018). Best Information Security Certifications 2018. Business News Daily Contributing Writers. Retrieved from: https://www.businessnewsdaily.com/10708-information-security-certifications.html

"Wireless networks are inherently insecure" (Lawrence, 2018). "Wireless network security primarily protects a wireless network from unauthorized and malicious access attempts". (Technopedia, 2018) There are 3 indispensable wireless security protocols: WEP, WPA, and WPA2, each with their own strengths, and weaknesses. In addition to preventing uninvited guests from connecting to your wireless network, wireless security protocols encrypt your private data as it is being transmitted over the airwaves. To further understand these protocols we need to define each one of them: Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken. Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11i wire

" Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or by exploiting a system or software flaw" (PCcare, 2018). What happens during a DoS attack , is that a single attacker directs an attack against a single target, sending packets directly to the target. It basically targets the network bandwidth or connectivity. There are many common forms of DoS attacks , for example: Smurf Fraggle Ping flood Ping-of-death Syn Flood Land Teardrop DNS poisoning Banana Attack Negative Acknowledgement (NACK) Deuthentication (Deauth) One of the most knowledgeable and used is Spam . It consists of sending unwanted e-mail messages to users. It's considered a from of DoS because: It consumes bandwidth that is used by legitimate traffic.  It can fill a mailbox or hard disk and result in legitimate e-mail being rejected.  Spam is often distributed by hijacking misconfigured

There're a great deal of accidental security issues but i'm focusing on how the human factor intercedes with data security and integrity. Up to 28% of Enterprise Data Security Incidents Come from Inside While hackers are growing more and more sophisticated, much of the threat of organizations actually comes from inside. That isn’t to say that any of the employees has malicious intent, though it’s possible, but they may be poorly trained, or the enterprise data security policies may be poorly enforced. All of these leading to Unintentional Security Issues. 32% of companies surveyed said that insider events were “more costly or damaging” than similar attacks coming from the outside. But in order to toughen up your security stance and protect yourself from the enemy within, it’s important to know how your employees may be compromising your digital security. 2014 was a rough year for enterprise data security, if the high profile breaches of Sony, JPMorgan an

The process of ensuring OS integrity, confidentiality and availability "OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised" (Technopedia, 2018) Why is is Linux is the most secure operating system? Linux has the potential to be the most secure OS if the users is experienced or acquainted with security protocols, terms and technology. Even though Linux is open source people might think that it's the least secure OS, but in fact it's an important reason why Linux is so secure because Anyone can review code and make sure there are no bugs or back doors. Linux is reviewed by the tech community, which lends itself to security: "By having that much oversight, there are fewer vulnerabilities, bugs a

Data integrity has become a serious issue over the past few years and therefore is a core focus of many enterprises. What is Data Integrity? "Data integrity refers to the fact that data must be reliable and accurate over its entire lifecycle " (Finestone, 2018), meaning that the data lifecycle provides a high level overview of the stages involved in successful management and preservation of data for use and reuse. Data integrity and data security go hand in hand, even though they’re separate concepts. Uncorrupted data (integrity) is considered to be whole and then stay unchanged relative to that complete state. Maintaining or keeping data consistent throughout its lifecycle is a matter of protecting it (security) so that it’s reliable. And data that’s reliable is simply able to meet certain standards, with which compliance is necessary. Data is expected to be (Finestone, 2018): Attributable - Data should clearly demonstrate who observed and recorded it, wh

Authentication, Access Control and Security Policies , these three concepts define modern-day protection in the world of technology. But first let's define each one of them. What is Authentication ? "The process of determining whether someone or something is, in fact, who or what it declares itself to be" (Rosencrance, 2018). How authentication is used: Authentication technology provides access control for systems by checking to see if a user's credentials match the credentials in a database of authorized users or in a data authentication server. Generally, a user has to choose a username or user ID and provide a valid password to begin using a system. User authentication authorizes human-to-machine interactions in operating systems and applications, as well as both wired and wireless networks to enable access to networked and internet-connected systems, applications and resources. Authentication factors: Knowledge factor: "Something you kno

"Legal ethics is a term used to describe a code of conduct governing proper professional behavior, which establishes the nature of obligations owed to individuals and to society" (FindLaw, 2018).  The fact that people or institutions have a right to do something doesn't imply that they should do it. The law sets out what people are free to do, regardless of the effect that those actions have on others. For example, in Mexico The Federal Civil Code establishes 14 years of age as the minimum age for girls to marry and 16 years of age for boys. It is legally posible for mature adults to marry young girls but ethically it's not right because these are harmful practices that not only do they seriously affect the life, health, education and integrity of girls, but also violate the human rights of every little girl who has the misfortune of being a victim of this awful practice. Having the legal right to do something is not the same as fulfilling one's ethical

The fact is there's no such thing as a perfectly, 100& secure computer system. There will always be bugs and security experts know that. So that were System Architects employ a strategy called defense in depth, which uses many layers of varying security mechanisms to frustrate attackers. A common reference to this is looking back at medieval times where you have a to keep safe the King of a land and it's castle. Attackers or enemies need to beat or dodge various obstacles in order to gain access to the castle and conquer it, but int this context we're talking about the most common forms of computer security called   Cryptography. Whats is Cryptography? The word comes from the roots 'crypto' + 'graphy' which roughly translates to  = Secret Writing. In order to make information secret you use Cipher, an algorithm that converts plain text into CipherText. Whats is Encryption? The process of ma

Private data and civil liberties are at risk nowadays there isn't enough transparency so that people are aware of how their data is being shaped and circulated. Most users don't have technical expertise and leveraging internet power requires those set of skills and people with those with enough abilities always stay ahead of institutional power or controls. That is why cyber crimes are still present, even as the government power gets better. This is why whistleblowers can cause so much damage. Institutional controls let companies use data but they put very strict conditions to prove that they are not misusing that data. Privacy is about consumer trust, it's about online user trust.   In the digital age, we typically apply the concept of data privacy to critical personal information, also known as personally identifiable information (PII) and personal health information (PHI). But why is privacy important? Privacy is a limit on government power, as wel

Setting up the Blog for Computer and Information Security Course