Month: June 2015

Personal Area Networks (PAN)

/ Miguel Bigueur / Leave a comment

smart_home_communication_protocols

The purpose of this writing is to explore the concepts behind the technology of Personal area Networks (PAN) and discuss their various types of deployments and uses in today’s society. PANs are not a new concept and actually date back to early 1996 when T.G. Zimmerman from the IBM Almaden Research Center published a paper demonstrating detailed concepts of an early network prototype. At that time, it was well known that privacy was a big problem yet the notion of autonomous yet interconnected devices would transform the idea of ubiquitous computing into that of ubiquitous I/O.

Continue reading

“Web Application Security Scanners”

/ Miguel Bigueur / Leave a comment

WEB APPS

I will distinguish the differences between three separate web application security scanners, OWASP Zed, w3af, and Ratproxy. Areas to be explored include, ease of use, accuracy of findings, depth of information in the tool, reporting capability, and effectiveness of any actionable information provided along with any other pertinent criteria. This report will also compare the results, remediation advice, and reliability as observed by the three different software programs.

Continue reading

“BYOD” Bring your own device Policy

/ Miguel Bigueur / Leave a comment

byod

This intent of this policy is to act as a standard for organizations considering implementing or updating their mobile device security procedures. The most obvious observance is that users don’t acknowledge the dangers mobile devices signify to information and data integrity; as a result, users frequently don’t employ similar data security procedures that users should to similar devices like workstations. Secondly, while users utilize their own devices for business reasons frequently they provide more concern to their personal rights on the device rather than providing concern for the employer’s necessity safeguarding its information. This policy provides the structure for safeguarding portable devices and should be an accompaniment to additional policies regarding the company’s security position on information technology and data integrity.

Continue reading

Remediation

/ Miguel Bigueur / Leave a comment

201402NIST-Cybersecurity-Framework-its-future-and-what-it-means-to-you

I will reflect upon the differences observed between three different vulnerability scanners and management tools, Nessus, Nexpose, and OpenVAS. Areas to be reviewed include, ease of use, accuracy of findings, depth of information in the tool and reports, actionability of the information provided and any other relevant criteria believed to be relevant. This report will also compare the results, remediation advice, and reliability as observed by the three different software programs. The test used for this report will be performed on a virtual network constructed entirely inside of a virtual machine on a 2009 Mac Pro using Parallels 10. The free versions of Nessus and Nexpose vulnerability scanners will run against the Metasploitable 2 virtual machine inside of Parallels and OpenVAS, which is a free open source vulnerability scanner, will be referenced from a YouTube video. Each test will be performed under identical network conditions.

Continue reading

Email Headers – A Cybersecurity Perspective!

/ Miguel Bigueur / Leave a comment

email

Spam can be thought of as unsolicited email or emails that are sent to out to users. Many times these spam mails are actually phishing, which is a process used to defraud the recipient by masquerading as a legitimate entity or organization that may be familiar to the recipient. Phishing emails are typically used to gather personal financial information from the victim. Phishers often use social engineering tactics and e-mail schemes to trick their victims into clicking on links that are actually malware.

Continue reading