Entradas

Reflection about Security and Privacy course

My experience with this course was a good one. I learned more theory about security and privacy than hands on learning, which  isn't a bad thing but i would've preferred some practice sessions with the Wizeline team on topics that could've helped us during the development of our project. My team and i had to really do some research on how to do 2FA with the technologies that we were using, we didn't have a guide line to get ourselves started. But as usual we managed to get it done. I think that including the Wizeline Security team really gave the course a plus. Taking this course really opened my eyes towards the Security aspect of software, because being a good programmer is so much more than just writing good code. It's about allowing yourself to explore every different angle of programming. The goal is to become a professional a multidimensional programmer and that's also my goal.  I believe that the goal of this course was to comprehend the impo

Security Standards and Certifications

Some of the top security certifications: CEH: Certified Ethical Hacker CISM: Certified Information Security Manager CompTIA Security+ CISSP: Certified Information Systems Security Professional GSEC: SANS GIAC Security Essentials References: Tittel, E. (2018). Best Information Security Certifications 2018. Business News Daily Contributing Writers. Retrieved from: https://www.businessnewsdaily.com/10708-information-security-certifications.html

Network and Wireless Security

"Wireless networks are inherently insecure" (Lawrence, 2018). "Wireless network security primarily protects a wireless network from unauthorized and malicious access attempts". (Technopedia, 2018) There are 3 indispensable wireless security protocols: WEP, WPA, and WPA2, each with their own strengths, and weaknesses. In addition to preventing uninvited guests from connecting to your wireless network, wireless security protocols encrypt your private data as it is being transmitted over the airwaves. To further understand these protocols we need to define each one of them: Wired Equivalent Privacy (WEP): The original encryption protocol developed for wireless networks. As its name implies, WEP was designed to provide the same level of security as wired networks. However, WEP has many well-known security flaws, is difficult to configure, and is easily broken. Wi-Fi Protected Access (WPA): Introduced as an interim security enhancement over WEP while the 802.11i wire

Security Countermeasures and Denial of Service

" Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks impact system availability by flooding the target system with traffic or requests or by exploiting a system or software flaw" (PCcare, 2018). What happens during a DoS attack , is that a single attacker directs an attack against a single target, sending packets directly to the target. It basically targets the network bandwidth or connectivity. There are many common forms of DoS attacks , for example: Smurf Fraggle Ping flood Ping-of-death Syn Flood Land Teardrop DNS poisoning Banana Attack Negative Acknowledgement (NACK) Deuthentication (Deauth) One of the most knowledgeable and used is Spam . It consists of sending unwanted e-mail messages to users. It's considered a from of DoS because: It consumes bandwidth that is used by legitimate traffic.  It can fill a mailbox or hard disk and result in legitimate e-mail being rejected.  Spam is often distributed by hijacking misconfigured

Unintentional Security Issues and Malware

There're a great deal of accidental security issues but i'm focusing on how the human factor intercedes with data security and integrity. Up to 28% of Enterprise Data Security Incidents Come from Inside While hackers are growing more and more sophisticated, much of the threat of organizations actually comes from inside. That isn’t to say that any of the employees has malicious intent, though it’s possible, but they may be poorly trained, or the enterprise data security policies may be poorly enforced. All of these leading to Unintentional Security Issues. 32% of companies surveyed said that insider events were “more costly or damaging” than similar attacks coming from the outside. But in order to toughen up your security stance and protect yourself from the enemy within, it’s important to know how your employees may be compromising your digital security. 2014 was a rough year for enterprise data security, if the high profile breaches of Sony, JPMorgan an

Operating System Security (Linux Focus)

The process of ensuring OS integrity, confidentiality and availability "OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised" (Technopedia, 2018) Why is is Linux is the most secure operating system? Linux has the potential to be the most secure OS if the users is experienced or acquainted with security protocols, terms and technology. Even though Linux is open source people might think that it's the least secure OS, but in fact it's an important reason why Linux is so secure because Anyone can review code and make sure there are no bugs or back doors. Linux is reviewed by the tech community, which lends itself to security: "By having that much oversight, there are fewer vulnerabilities, bugs a

Data Integrity and Management

Imagen
Data integrity has become a serious issue over the past few years and therefore is a core focus of many enterprises. What is Data Integrity? "Data integrity refers to the fact that data must be reliable and accurate over its entire lifecycle " (Finestone, 2018), meaning that the data lifecycle provides a high level overview of the stages involved in successful management and preservation of data for use and reuse. Data integrity and data security go hand in hand, even though they’re separate concepts. Uncorrupted data (integrity) is considered to be whole and then stay unchanged relative to that complete state. Maintaining or keeping data consistent throughout its lifecycle is a matter of protecting it (security) so that it’s reliable. And data that’s reliable is simply able to meet certain standards, with which compliance is necessary. Data is expected to be (Finestone, 2018): Attributable - Data should clearly demonstrate who observed and recorded it, wh