Posts

Main content Security Threats and Countermeasures

Image
The dependency of our society to computers and networks is increasingly surrounded by a variety of threats. From computer viruses, leakage of personal information, unauthorized access from outside an organization and more. The proper way to reduce security threats is with appropriate use, education in this topics is the principal countermeasure against security threats. The importance of reading the documentation is huge. Other important aspect is Social Engineering, it is the act of manipulating people into performing actions or divulging confidential information. This method of deception is commonly used by individuals attempting to break into a computer system, email phishing is a common example of the social engineering app. Public awareness campaigns can educate the public on the various threats of cyber-crime and the many methods used to combat it. There should be a gubernamental entity or program in charge of educating the public on the various threats of cyber-crime an...

Malware

Image
Malware is short for malicious software, is a term refer to a hostile or intrusive software including worms, computer viruses, trojan horses, ransomware, spyware, adware, scareware and other malicious programs. They are maliciously intended that acts against the requirements of a computer user, it usually takes advantages of deficiencies in the code of a system. These infectious programs started as pranks or tests, today the malware is used by both hackers and government. Today the main malicious purposes are for steal personality, financial or business purpose. Ransomware: the infected computer is unable to be used until a pay is made. For example the CryptoLocker encrypt that only when you pay the ransom, you are able to decrypt them for a large sum of money Virus: a computer program usually hidden within seemingly innocuous program that produces copies of itself and inserts them into other program or files. Trojan horses: a malicious computer program which  misrepresent...

Cryptography

Image
Criptography is a method of storing and transmitting data in a particular form so that only those intended are able to read and process information. It includes techniques such as microdots, merging words with images and many more ways for handling information. Modern cryptography concerns itself with the following four objectives Confidentiality Integrity Non-repudiation Authenticationç In order to use it correctly there are procedures and protocoles that need to be meted, they refer to mathematical procedures and many different computer programs, but you must not forget that it need to include the regulation of a human behaviours in order to be complete random or non-pattern forms.

Authentication and Access Control

Image
Authentication in this days is not only having a password, today in a distributed client server a user might have several client programs running on her desktop which access server programs uses remote computers across a network and in such environment, the server must authenticate the client run on behalf of a legitimate user. Modern computer systems provide services to multiple users and require the ability to accurately identify the user making a request. From services like banks or assurance, is not enough to verify a given password because in a network, its a package that can be intercepted and subsequently used to impersonate a user. Nowadays, servers save the behaviour of the users and can detect an abnormal state in the way a person interacts with the system and can activate a flag that it may be an attacker. Also now the cryptography is an essential tool in the network communication because it can be a intercepted package, but if you dont have the acces key or the security...

What is a security policy

A Security Policy identifies the rules and procedures for all individuals accessing and using assets and resources of an organization. Is a model of organization culture in which rules and procedures that follows the proper use of information and equipment, basically all involving any interaction with any kind of potential hazard to the integrity of the information. The objectives of a security policy is the preservation of confidentiality, integrity and availability of a systems and information user by their members. The three principles are confidentiality: protection against unauthorized entities integrity: ensures the modification of assets is handled in a specified and authorized manner availability: the state of the system hace continuous access The security policy is a document that specifies in various sections from regulations of government to warnings of how to use the equipment you are given in your office. We as a society need to figure out the best ways not o...

PGP Security!

Image
The PGP (Pretty Good Privacy) is a crypto system that combines symmetric and asymmetric techniques of encryption, developed by Phil Zimmermann which goal was to protect the distributed data across the internet with a digital signature or key. PGP offers authentication of messages and verification of it's integrity in case the message has been compromised and to know if the message has been read by the person that is supposed to. This is the tutorial I followed, in this video you can check how to send a encrypted message and how to decrypt. ( http://notes.jerzygangi.com/the-best-pgp-tutorial-for-mac-os-x-ever/ )

Encrypt your device

Image
The software I used to encrypt a usb was Veracript ( https://veracrypt.codeplex.com/ ). This software is a multi-platform fork of Truecrypt and open-source. In this blog we will follow the instructions in the VeraCrypt documentation. Download VeraCrypt Click on the 'Create New Volume' Select the 'Create and encrypted file container' and then click 'Next' Select the 'Standard Installation' in the type of installations  In the 'Volume Location' window, select where you cant to put your encrypted folder and select 'Next' Select an encryption algorithm, in this case we will select AES and for 'Hash Algorithm' we selected SHA-512, then click 'Next' Choose the volume size, then 'Next' Write a password Select a file system, we selected FAT, for cluster 'Default' and unchecked the 'dynamic' option. Then click in the 'Format' button Then, click 'Finish' Finally, click 'Mou...