Authentication

Each day, we log into many different webpages, they ask for authentication. We need to prove that we are us, but why is it so important? Also, how does it works? Authentication is needed to access to personal information, social media, at work, unlocking the phone, anywhere. It is almost a requisite to join every webpage to access to certain content. Regarding security, it is the way to block your information for the resto of the world. There are many different ways to prove that you are really you. Commonly, sites ask for a password, but they aren’t the only option. The next video uses interesting examples to explain the importance of authentication.

  • Knowledge factors: sometimes, the service that is asking for authentication can ask for names, specific questions, PIN numbers, or the password itself. Those are known as knowledge factors.
  • Possession factors: these are the ones that the user has in possession, such as ID cards, one-time password tokens, specific codes, or any artifact that can prove your authentication.
  • Inherence factors: this authentication factor covers the biometrics of the user, such as fingerprint scans, facial recognition, voice recognition, retina scans, iris scans, between others.

mobile-security-laptop-fingerprint-730x442.jpg

A modern way to authenticate the user is its location depending on the cellphone. This also has to do within its device activity and many other complex factors. Nowadays, it is recommended to use at least two factor authentications at the time per each account. For example, it is possible to activate an account with password and with a pin provided by the service company via cellphone.

There are may authentication tools in the market. It is important to be secure and also to protect your personal information. It can be annoying to unlock the accounts with more than 1-factor-authentication, but sometimes it is necessary to improve the security of our accounts. Remember, it’s our personal information that is being protected.

References

What is user authentication? – Definition from WhatIs.com. (2018). Retrieved from https://searchsecurity.techtarget.com/definition/user-authentication

CIA triad

Confidentiality, integrity and availability is also known as the CIA triad. CIA triad is a model that establishes some principles for information security, it can be seen as an organizer. These three principles are considered as the most importan principles for security. They aren’t the only ones, but they can be seen as the three pillars of security. The following video explains very well these three principles:

Confidentiality

Confidentiality can be defined as a series of rules that are responsible for preventing information from reaching the wrong hands. That is, confidentiality is in charge of the access. This access must be restricted for those that don’t have the authorization to see the information. One way to prevent a leakage is to create levels. Most of the time, information is categorized depending on the impact it would have if the specific information was stolen.

Integrity

Integrity is an important pillar to security, it is in charge of the accuracy, consistency and trustworthiness of the information all the time. It is crucial the security of the data. Information can’t be corrupted or edited by a third-party without the autorizaron. Also, while sending data, it must be delivered and received without any modification in between. Software can be involved in order to check the integrity of data that is traveling  from one place to another.

Availability

Availability is mainly in charge of the hardware. If there are complications between services or any damage, there must be a resource in charge of fixing it. Also, it needs to be updated all the time and there has to be one that establishes de communication between the different services. There must be an adaptive recovery if it is necessary. It is important to have a way out of problems, even without a person in charge for it.

CIAtriad-copy1.png

In addition, we can see confidentiality as a way of limiting the access to information by setting some rules. Also, we can see integrity as a way of ensuring that the information that is shown is trustworthy and accurate. And finally, we can see availability as a way to guarantee the access to the information by the correct people or by the ones in charge. These three principles form the triangle of information security.

References

What is confidentiality, integrity, and availability (CIA triad)? – Definition from WhatIs.com. (2018). Retrieved from https://whatis.techtarget.com/definition/Confidentiality-integrity-and-availability-CIA

 

 

Denial-of-service attacks

Have you ever feel that a webpage is loading too slow compared to other times, a poor network performance while trying to retrieve s file from a cloud server, an increasing amount of time in order to reach an specific service from the internet? It’s obvious that there are many factors that can influence the weak performance from the network, but it is important to take into account that it could be a denial-of-service attack. It’s not that easy to spot the problem, but first, what is a denial-of-service attack?

We can define a a DoS attack as a planned attack to a server in order to disrupt an organization’s network to complicate the entry of their user to their services. The attack can limit the access to the network or even to deny the access. The main point is to prevent any online activity through the servers that are being attacked.

There is also a Distributed Denial-of-Service attack, where the attacker also infects the computers that get connected to the infected servers and now these new computers are used to infect more users. These new infected computers are known as zombies. Zombies are the computers that are controlled by the attacker. With the control of all of the computers, the attacker can use their power to overload the services, such as mail, internet, and network services.

Also, there are three specific categories in which the hackers focus their attacks:

  • Networks
  • Systems
  • Applications

Distributed-Denial-of-Service-Attack-Greets-Forked-Bitcoin-Gold-on-First-Day.jpg

Mainly, all of them create requests to overload the servers until there is no response or until they create an error on the system. One of the main goals is to consume as much bandwidth as possible in order to create slowdowns in networks. Hackers also focus on hardware, such as routers and devices that need network to function, such as a wireless printer.

Just as the video mentioned before, it is important to check for security updates in all of our devices. Also, we can check constantly if our machines are infected with any kind of malware. Updates are esencial for security, most of the time they contain security patches. Remember, stay updated.

References

What is a Denial of Service (DoS) Attack? – Definition, Types & Examples – Video & Lesson Transcript | Study.com. (2018). Retrieved from https://study.com/academy/lesson/what-is-a-denial-of-service-dos-attack-definition-types-examples.html

Redes domésticas

Es muy útil saber cómo modificar los ajustes de un módem. Cambiarle la contraseña a la red de la casa o incluso cambiarle el nombre puede llegar a ser muy sencillo y puede a llegar a incrementar un poco la seguridad de la red. Sin embargo, hay más opciones en los ajustes de un módem y éstas pueden llegar a ser implementadas de una manera muy sencilla. Una de las ventajas de acceder a los ajustes de éste es que puedes crear redes locales dentro de la casa o la oficia. La división de la red puede llegar a ser útil para conectar ciertos dispositivos a una de ellas y los otros a la otra, se puede crear una red para invitados, o incluso redes privadas para intentar mantener más segura cierta información que se comparte cuando alguien se encuentra en la misma red. A continuación, se mostrará un pequeño tutorial para crear una nueva red doméstica.

1 – Entrar a la página web del módem

Normalmente, para poder acceder a la configuración del router se tiene que ingresar a la dirección 192.168.X.X. En este caso para ingresar a la configuración del módem de Telmex, se ingresa a 192.168.1.254. El usuario puede variar (TELMEX en este caso) y la contraseña es la clave que viene en el modem.

1.png

2 – Ir a Red

Al entrar a la configuración del módem, una ventana parecida aparecerá en la pantalla. Hay que seleccionar la opción de “Red” que se encuentra en la columna izquierda.

2.png

3 – Inalámbrico (2.4GHz o 5GHz)

Una vez adentro de la opción de Red, se selecciona el tipo de red inalámbrica que se desea crear el la columna izquierda. En este caso, se seleccionará la red 5GHz.

3.png

4 – Seleccionar SSID

En este módem, se permiten hasta 8 redes, 4 por parte de la red 2.4GHz y 4 de la 5GHz. Primero, se cambia de red en “Selección SSID” por la SSID6 en adelante, si es que no se quiere modificar la red 5GHz principal.

4.png

5 – Cambiar de nombre y habilitar

Del mismo modo, se modifica “Nombre SSID” y se habilita la opción “Habilitar SSID” a “Habilitación” para que pueda ser visible a los dispositivos. En este caso, el nombre que se le asignó a la nueva red fue “Seguridad_1”.

5.png

6 – Asignar cifrado y contraseña

Finalmente, se selecciona un cifrado y se asigna una contraseña a la nueva red. Hay 4 opciones en modo cifrado.

6.png

 

Se pueden agregar más restricciones en caso de ser necesarias, tales como el número máximo de usuarios o habilitar WPS. Para finalizar, se guardan los cambios y se espera a que la nueva red aparezca en las opciones de redes. En caso de querer removerla, se vuelve a seleccionar la SSID y en la sección de “Habilitar SSID” se selecciona la opción “Deshabitar”.

Privacy? Yes, please

With all the attention that Facebook ir receiving, what are you doing to protect your information? Not just your Facebook’s personal info, but also your internet traffic is somewhere in a server, without even your consent. Facebook isn’t just the only one that retrieves your traffic information, also Google and many other companies, even with a VPN. Nowadays, it is difficult to hide your information from these companies, but there is always a solution, or at least to protect a little more your information.

Personally, I do think that ads are necessary when the content is free because it’s work that it given for free. The problem is when the pages that are publishing those ads are also giving your personal info and internet traffic to a third-party company without even saying it to you and that’s the point that isn’t fair or correct. With all of the privacy movement, I just decide to look for an AdBlocker to my MacBook Pro. Not just to hide those invasive ads, but also to protect a little more my information. While making a little research through Reddit, I found a thread asking for some AdBlockers (link: https://www.reddit.com/r/apple/comments/7o7zw9/your_favorite_adblocker_for_safari_macos_with/). Thanks to the comments, I opted for AdGuard. My experience was incredible.

Adguard-Mac.png

AdGuard isn’t my first ad blocker, but it was completely different from the others. Starting with its interface, it is really easy to use. It has interesting options, a menu appears when a page has ads and it gives you options for the page, such as: Block Element, Add Exception, or do not block the page for 30 seconds. For experience, some ad blockers doesn’t work with some pages becase devs are implementing a way to find out when you have an ad blocker, but the cases with AdGuard were different. Between my 14 days of trial, I have never experienced a page with this new feature. I even tested a webpage with different ad blockers and the feature appeared in the other ones, but while using AdGuard.

I didn’t browse a lot on those 14 days, but in my first week, the app showed me these numbers:Screen Shot 2018-04-30 at 11.08.12 AM.png

The amount of ads and trackers blocked were a lot. Just imagine when there is no tool to prevent anything at all. At the end of the trial period, my final stats were shown within the following message:

Screen Shot 2018-04-30 at 12.04.19 PM.png

The experience was great, I recommend it without doubt.

Screen Shot 2018-04-30 at 11.17.13 AM.png

AdGuard link:

https://adguard.com/en/welcome.html

Download AdGuard for Mac:

https://adguard.com/en/download.html?os=mac

 

Cryptography

The concept of cryptography can be easy to understand, but not as easy to implement. Cryptography has been around a while now. Today, we hear that word and we imagine a secure program to protect passwords, but it was mainly used for war. First of all, we can define cryptography as an activity to convert an intelligible text into an unintelligible one or all the way around. This method is used to protect information and its main goal is to send and receive this plain text decoded in order to decode it. It is also used for authentication.

cryptography_magnifyingglass_code_l.jpeg

The first implementations of cryptography were different compared with the modern ones. Today, cryptography is based on pure complex mathematical approaches. The main goals of it are discussed all over the internet, but the most controversial ones, at least for me, are following ones:

  • Confidentiality: confidentiality means that no one can understand the encrypted message but the receiver and only using the tools to decode the message.
  • Integrity: it is crucial that no one can be able to alter or modify the integrity of the encrypted message.
  • Non-reoudiation: this means the the one that is sending the message cannot deny the content of the message at a later stage. There can’t be differences between what is send and what is received.
  • Authentication: authentication can be used to confirm the connection between the one that sends the message and the one who receives it.

There are a lot of advantages regarding cryptography. Banks, computer passwords, and e-commerce transactions use it to protect their information from getting leaked. It is important to say that an encrypted text doesn’t mean that it isn’t crackable, but there a re different ways to measure the effectiveness of an encryption. Normally, they are measured with the amount of time that it may take to decrypt a message with an external tool. It is said that if the process of decryption last at least for many thousands of years,  it means that it has a good encryption method.

References

Definition of Cryptography | What is Cryptography ? Cryptography Meaning – The Economic Times. (2018). The Economic Times. Retrieved  from https://economictimes.indiatimes.com/definition/cryptography

What is Malware?

I have heard more frequently the word malware, but the question is “what is malware?”. I didn’t even know what that word mean until I made some research. According to the definition, malware is the abbreviation of “malicious software”, and it is considered as a malicious program that harms the functionality of a computer. Also, malware is composed by many other tools that harm the computer, such as viruses, Trojan horses, and worms. People often create these malware to steal information from the user, to modify it, or even to delete important data from the computer. These activities are made by the malicious programs without any permission.

it is possible to divide the kinds of malware depending on their characteristics and the way of how each one acts.

  • Virus: this one is the most common one. It has the name virus because it acts as in health, it spreads in the computer and spreads very quickly with malicious software. Virus infects other programs.
  • Worms: it is a type of malware that multiplies without any command or a specific action. Worms can be activated without any human interaction and it affects the performance of the computer.
  • Trojan horses: its name comes as in history. It appears to be a legit program until it is executed. While it is executed, malware is installed in the computer and can use malware’s functions.
  •  Spyware: this last one is the one that steals information from the user without any knowledge from him or her. It also watches the movements from the user to learn from him or her.

The following video explains the types of malware. I’ll recommend you to watch it.

 

It is known that the first tope of malware was a virus, it was called the Creeper virus and it happened in 1971. It was a virus that eplicated itself over and over. There are a lot of facts regarding malware. I found a video that shows 25 interesting facts about malware.

Malware isn’t the only one that makes people install stuff in order to get access to the computer. PUP is a another tope of program that makes toe user to think that the program is needed in order to get some features. PUPs are most of the time toolbars and they don’t execute malicious funtions. PUPs can be classified as malware when these installed fetures steal information from the user or when they are used to sky on people.

References

What is malware (malicious software)? – Definition from WhatIs.com. (2018). SearchSecurity. Retrieved from http://searchsecurity.techtarget.com/definition/malware

Wireless security

Wireless networks

Since the last few years, wireless networks have become very important in the market. We can see wireless networks everywhere, such as in the coffee shops, some malls, on the streets, airports, hotels,  home, school, etc. The problem is that there are a lot of security problems with them. It is important to take into consideration that nowadays, wireless networks carry important information and it is crucial to have a secured wireless network.

Although it is easier to get connected to a wireless network rather than a wired one, it has become more vulnerable because of the facility to get connected to a wireless one. Each day, people are being connected to the internet and its easier to be in risk because of that. But leaving aside those risks, wireless networks have a lot of advantages. Before the explanation of them, i’ll recommend you to watch the next video regarding wireless security:

 

Wireless Security protocols

In order to protect wireless networks, WSP (wireless security protocols) were invented. These WSP are mainly targeted to protect local networks, such as the ones that are in home or offices. These WSP have their own strengths and weaknesses, but they offer wireless security in most of the cases, sending encrypted data through the airwaves.

The problem with the wireless networks is that the information is send to every device that is listening to the signals, obviously, it has a limited range. One of the benefits of the wired networks is that it has only one connection, between device A to device B. Protocols were created to protect these airwaves signals. We have three protocols: WEP, WPA, and WPA2.

WEP (Wired Equivalent Privacy)

The WEP was the first protocol to secure the wireless networks. The main point of the protocol is to give the same protection to the wireless one as if it was a wired one. It is well-known that this protocol is easy to broke and very difficult to configure.

WPA (Wifi Protected Access)

The Wifi Protected Access was implemented when the 802.11i wireless security standard was in its development (the one that is explained in the video). This protocol uses a Personal Key and a Temporal Key and both of them are used for encryption. There is a WPA Enterprise that uses an authentication server to give keys and certificates.

WPA2 (Wi-Fi Protected Access version 2)

The WPA2 has different methods of encryption compared to the WPA.WPA2 uses Advanced Encryption Standard (AES) for encryption. This Standard has a certification from the US government and, until today, it’s used to protect the wireless information and is classified as an active and useful protocol.

References

Wireless Security. (2018). YouTube. Retrieved from https://www.youtube.com/watch?v=SOvO3aYp0uw

Wireless Security Protocols: WEP, WPA, and WPA2 – dummies. (2018). dummies. Retrieved from http://www.dummies.com/computers/computer-networking/wireless/wireless-security-protocols-wep-wpa-and-wpa2/

 

 

What does VPN means?

Before we start, I’ll recommend you to see the following video regarding Virtual Private networks:

 

So what is a VPN?

A VPN is a connection between the computer and a server. The server is operated by the VPN service and it creates a secure connection between both of them by a tunnel. This connection makes the user to be part of the company’s network, as if the computer was on it. The tunnel hides the traffic until it leaves the tunnel. One of the main goals is to hide the IP address of the computer.

There are a lot of advantages while using a VPN, its important to notice that the number of functions of a VPN is interesting. I’ll mention three of them.

Advantages

  • It prevents anyone that is on the same network access point from intercepting your web traffic in a man-in-the-middle attack.
  • It makes harder for advertisers, or spies, or hackers to track you online.
  • Avoid censorship, but it could be against the law.

I think that one of the most remarkable ones is the first one. Using a VPN to avoid or prevent a interception from another person is a very useful took. It is important to mention that the VPN doesn’t protect your information entirely, but it can make it harder for people to track your online information. As an example, we can see this useful feature as a shield that protects your information from a man-in-the-middle attack.

Avoiding censorship might be illegal in some countries, maybe in most of them, but it can be very practical. We can see this as a tool for a journalist. A journalist needs to find information for his or her research, but maybe the country blocks this information for many reasons. In this case, a journalist can change his or her location virtually in order to get access to the classified information from another country. The VPN can act as a link between the journalist and the information, and also it prevents a leak from another journalist or by the government.

For me, an interesting question is: How to choose a VPN? This one can be difficult to answer because, each person has different needs. Leaving needs into aside, it is important to take into account the some factors:

  • Reputation
  • Performance
  • Type of encryption used
  • Transparency
  • Ease of use
  • Support
  • Extra features
  • Pricing

While pricing might be an important factor to take into account, I can say that it’s better to focus on the other ones rather than the price of the VPN because we are talking about securing important and personal information.

Which one is the best?
Screen Shot 2018-02-08 at 3.37.34 PM.png

In my opinion, there isn’t a best one, but some of them are more useful than others. I think that it’s better to see our own needs in order to choose the best one for each one. As a recommendation, don’t rely only on VPNs, there are a lot more ways to secure your information. Remember, VPNs don’t hide your information completely.

Reference

            The Best VPN Services of 2018. (2018). PCMAG. Retrieved from https://www.pcmag.com/article2/0,2817,2403388,00.asp