Unrefined, Undefined
Wednesday, August 30, 2017
INFOSEC Learning Log - 6
These past couple of weeks we talked about Infrastructure security. Related to this we were made to report our take on how to increase or suggest security features for our building. This would've been hard if we were to address multiple and specific threats while still managing resources to keep it cheap. But here's that catch; "THERE'S NO BUDGET". That's right people, we get to improve a building's security without regards to budget. At first we started throwing out simple ideas like extra cctv's, alarm triggered doors connected to the security, you know, the simple stuff. Then we just went over the top. We had EMP hardening for any electronics; preventing any form of power surge from harming it. A positive pressure system in the elevator; so that any form of chemical hazards that would occur it would always leek outwards and not inwards -which was originally planned for in case someone farted inside-. For those that aren't well informed these are some of the security measures applied in modern tanks. Then we came to the conclusion; Why not just build a bunker? this is what happens when you remove budget limits. But, in my defense though, this was still practical and realistic.
Friday, August 11, 2017
INFOSEC learning log - 5
Cryptography - the art of writing or solving codes.
So apparently not only did we talk about the security, weakness and exploitable points of a network we now learned how to secure it ourselves. Creating your own secret codes is fine and all but, there's a flaw to it. Which would be the stronger security program? One created and used privately or one created and released for public used? It's the one used for public used of course. Sure you made your own security system and so far you haven't been breached but that's only because you were either not worth it or no one has tried yet. A public program on the other hand, anything being used by everyone is always worth being exploited. The fact that it hasn't been breached just show's it's security level.
I'm not discouraging you to try and create your own secret codes. But, there are risks that should be known first before fully trusting the security you've created.
So apparently not only did we talk about the security, weakness and exploitable points of a network we now learned how to secure it ourselves. Creating your own secret codes is fine and all but, there's a flaw to it. Which would be the stronger security program? One created and used privately or one created and released for public used? It's the one used for public used of course. Sure you made your own security system and so far you haven't been breached but that's only because you were either not worth it or no one has tried yet. A public program on the other hand, anything being used by everyone is always worth being exploited. The fact that it hasn't been breached just show's it's security level.
I'm not discouraging you to try and create your own secret codes. But, there are risks that should be known first before fully trusting the security you've created.
Saturday, July 29, 2017
INFOSEC Learning Log - 4
SoCIT-al Engineering
This previous week (July 25, 2017 - July 28, 2017) one of APC's famous (and probably some of the only) week dedicated to the school of Computer science and IT happened. Recently we were discussing much about social engineering techniques that are being used. So, in my free time during that week I've been slowly trying to crack several SHS students by claiming to be one of the org members. With this method I was able to make said students to disclose some personal information about them. The effectiveness of my technique was deemed a success due to me being in a higher level than them (college) which made me look trustworthy, not to mention that I was camouflaged by the org's dynamic atmosphere.
This previous week (July 25, 2017 - July 28, 2017) one of APC's famous (and probably some of the only) week dedicated to the school of Computer science and IT happened. Recently we were discussing much about social engineering techniques that are being used. So, in my free time during that week I've been slowly trying to crack several SHS students by claiming to be one of the org members. With this method I was able to make said students to disclose some personal information about them. The effectiveness of my technique was deemed a success due to me being in a higher level than them (college) which made me look trustworthy, not to mention that I was camouflaged by the org's dynamic atmosphere.
Friday, July 14, 2017
INFOSEC - Learning Log 3
Law's may be compared to a double edge sword:
-It protects you from threats or threatening actions.
-Yet, it can easily be turned against you.
The law concerning privacy is one that is complex, contains several complications and contradictions.
One may choose to draw out the law to protect their own privacy. However, another use their right for information distribution, especially concerning senate level confidentiality.
What I truly learned from such complex law's is that anonymity may be a right in order to protect ones identity but it can also be used as leeway to condemn the same person.
-It protects you from threats or threatening actions.
-Yet, it can easily be turned against you.
The law concerning privacy is one that is complex, contains several complications and contradictions.
One may choose to draw out the law to protect their own privacy. However, another use their right for information distribution, especially concerning senate level confidentiality.
What I truly learned from such complex law's is that anonymity may be a right in order to protect ones identity but it can also be used as leeway to condemn the same person.
Tuesday, July 4, 2017
INFOSEC - Learning Log 2
Social engineering - the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Several social engineering techniques could be done to ask or convince an employee of a company to answer in a way that compromises the company without the employee being aware of it. Manipulating a targeted individual is the same as striking a weak link in a chain. Preventing an SE attack proves to be somewhat difficult as the consistency of the security it provides will vary from person to person as well as the method of attack easy to execute to the point of being predictable. It's like having a chain with each link being worn-out differently, given enough time you'll find one link that breaks the chain entirely.
Several social engineering techniques could be done to ask or convince an employee of a company to answer in a way that compromises the company without the employee being aware of it. Manipulating a targeted individual is the same as striking a weak link in a chain. Preventing an SE attack proves to be somewhat difficult as the consistency of the security it provides will vary from person to person as well as the method of attack easy to execute to the point of being predictable. It's like having a chain with each link being worn-out differently, given enough time you'll find one link that breaks the chain entirely.
Subscribe to:
Posts (Atom)