Not available

Have you ever tried to visit a site but were not able to do so. You double check your internet connection to be sure it is not your fault. You even visit other sites but the one you want is down.

Something that can be going on is that the site you are trying to visit is suffering a Denial of Service attack.

The objective of a Denial of Service (DoS) attack is to make a resource unavailable for the purpose it was designed.

Some ways to make a service unavailable for users are:

• Manipulating network packets.
• Taking advantage of programming and resource handling vulnerabilities.

For example, if a server receives a very large number of requests, it may not be able to process legitimate users’ requests. In the same way, a service may stop if a programming vulnerability is exploited.

Flickr photo by George Ellenburg

https://www.flickr.com/photos/gellenburg/3838770375 shared under a Creative Commons (BY) license.

Ciphers

Caesar cipher

Cipher in which each letter in the text is replaced by a letter some fixed number of positions down the alphabet. For example, with a right shift of 5, p would be replaced by u.

My caesar cipher in c.

Vigenère cipher

Cipher in which the ciphertext is obtained by modular addition of a key phrase and an open text.

My vigenère cipher in c.

May I see your passport, sir?

When we access a website we need to be sure it is the authentic site we wanted to visit and not a fake page. Here is where digital certificates come in handy. These are credentials that are used to certify the identities of persons or computers on a network.

Like passports, digital certificates provide identifying information and can be verified because they are issued by official agencies. The certificates contain: (a)the name of the certificate holder,  (b) a serial number, (c) expiration dates, (d) a copy of the certificate holder’s public key and (e) the digital signature of the certificate-issuing authority.

To demonstrate that a certificate is not false, it is signed by a trusted certificate authority. Operating systems and browsers maintain lists of certificate authorities that are trustworthy because they have issue and signed. When a secure website is accessed, a certificate is presented to the browser. Browsers have means to show to the user information regarding the site identity information.

This is how Google Chrome displays this info:

For more details you can visit Chrome’s connection to a site.

 

Was it my fault?

It is now known that there are people out there who violate computer security for personal gain, the black-hat hackers (also known as crackers). Whenever an attack takes place in an system we think about them, an outside person who is breaking into our computers. However, crackers are not the only ones who can damage our systems.

Besides intentional threats there are also unintentional issues, where people don’t cause harm on purpose. These are:

Environmental hazards

Technical Failures

Human Errors

These may include some bad habits people have developed over time.

• Using the same password for every account
• Clicking on unknown links and attachments
• Putting of software updates
• Using public Wi-Fi

Social Engineering

A person becomes an unintentional threat if is tricked by someone else using social skills to provide confidential information.

Schedule

Week 12 – 19 Sept

• Unintentional Security Issues
• Certifications in computing security

Week 19 – 26 Sept

• Classic Security Architecture Models
• Security Policies

Week 26 – 3 Oct

• Ethic and legal responsibilities in computer security
• IT Risk Management Frameworks

Week 3 – 10 Oct

• Risk Assessment Methodologies
• Authentication and Access Control

Week 10 – 17 Oct

• Cryptography
• Security Countermeasures

Week 17 – 24 Oct

• Security on the Web (User Perspective)
• Operating System Security

Week 24 – 31 Oct

• Network Security

Week 31 – 7 Nov

• Denial of Service

Week 7 – 14 Nov

• Wireless Security

Week 14 – 21 Nov

• Potpourri for $500

Malware = BAD

Malware is short for malicious software and it refers to programs that intend to damage or perform atrocious actions on a computer system. There are different types of malware and in order to protect ourselves from them we need to understand how they work.

The types of malware are:

Viruses

There are programs that self-replicate themselves. They also may have another unpleasant function but what distincts a virus is the self-replication and rapid spread. Any virus that spread rapidly can reduce the functionality an responsiveness of a network.

Trojan Horses

These is a term for programs that look benign but actually have a malicious purpose. When you open them they do something else than what you expected them to do. Activities that go from installing harmful software to deleting files.

Adware

These programs’ function is to place advertisement through pop-ups, embedding them in programs, even if you are playing games, writing a document, listening music or anything.

Spyware

Programs classified as spyware send information about the user and the computer, this can range from the addresses from sites you visit and terms you search to the programs you have installed, email address books, logins and passwords and credit card numbers. Spyware usually works with toolbars, it normally integrates to a program that is always running.

Hijackers

These programs attempt to control parts of your web browser such as the home pages, search pages and search bar. They can redirect you to certain sites or prevent you from accessing them, they may also redirect you to their own search engine.

Toolbars

Toolbars plug in into a web browser and provide different functionality such as search forms and pop-up blockers, however some toolbars simulate this functions while in reality they have characteristics of other malware categories.

How can we protect ourselves from malware?

The actions we can perform to protect from malware are:

1. Be careful about the email attachments you open.

2. Stay away from suspicious websites.

3. Install and maintain an updated antivirus program.

Here is a great video regarding how we can protect our computers from malware. I completely recommend checking it out!

 

 

Pick a Hat

Whenever we hear the word hacker one word comes to our minds “CRIMINAL”, but we could be wrong. The definition of hacker is controversial and it could mean either someone who steals information or a skilled developer working for a great company.

There are tree terms to classify the hackers based on their behavior: black-hat, white-hat and gray-hat hackers.

Black-hat hackers are the type of hacker everyone has heard of. The ones who violate computer security for personal gain. The activities these hackers perform go from stealing credit card numbers to collecting personal data for sale to identity thieves. Black hats represent the stereotype that hackers are criminals performing illegal activities and attacking others.

White-hat hackers are the ethical hackers. They are experts in compromising computer security systems but they use their knowledge and abilities for ethical purposes.These hackers may be employed by an organization to attempt to compromise their systems and then report back and inform how the access was gained. Such actions will allow the organization to improve their defenses.

Gray-hat hackers fall between the white hats and the black hats. Gray hats don’t work for their personal gain or to cause damage, but they may technically commit crimes and do unethical things.

Now, lets talk more about ethical hacking.

An ethical hacker is a computer and networking expert who attempts to gain access to a computer system on behalf of its owner. The purpose of this activity is to find vulnerabilities that a malicious hacker could exploit.

Ethical hackers use the same techniques than malicious hackers, but instead of taking advantage of the vulnerabilities, they document them and provide advice on how to fix them. With that done, the organization is able to improve its security.

An important activity for ethical hacking are the penetration tests. During the performance of this activity vulnerabilities are checked and classified. The phases of a penetration test are:

• Reconnaissance: It consists on gathering data on the target in order to better plan the attack.
• Scanning: Requires the application of technical tools to gather further information on the target. This data is about the systems that they have in place.
• Gaining Access: This is taking control of one or more network devices. It can be either to extract data or to use it to launch attacks on other targets.
• Maintaining Access: Consists in being able to be persistently within the target environment. In this phase the attacker must be discreet to not get caught.
• Covering Tracks: It means that the attacker has to remove all the evidence, revert all the changes that were made.

For hacking to be ethical, the hacker must have the express permission from the owner to probe their network and attempt to identify potential security risks.

Why should we study computing security?

Nowadays, almost every aspect of our lives involves a computer. Aspects like school work, online shopping, social life, etcetera. This leads to the fact that a lot of our personal information is stored in computers. Which is great because it makes our life easier but unfortunately there are bad people in this world who want to access that information.

I think we all have heard the word virus and have more or less the idea of what it means. In sake for us having the same understanding of the word I’ll present its definition below.

According to Chuck Easttom, in his book Computer Security Fundamentals, “A computer virus is a program that self-replicates. Generally, a virus will also have some other unpleasant function, but the self-replication and rapid spread are the hallmarks of a virus.”

So, that is the definition of a computer virus. It is not exactly what I had in mind and it is just the tip of the iceberg. There are many threats to our information and that is why we should study computing security.

We should study computing security to: safeguard our information, know what the vulnerabilities of our systems are in order to protect them and learn how to avoid an attack.