Cybersecurity

Nexpose, Kali Linux, and Metasploitable: Penetration Testing Case Study

/ Miguel Antonio Bigueur / Leave a comment

5 Minutes

The purpose of this document is to perform a penetration test using two different methodologies to exploit and gain unauthorized access to vulnerable computer systems using a set of penetration testing tools including, Nexpose, Kali Linux, and Metasploitable. These tools are designed to demonstrate common vulnerabilities and subsequently exploit them, which allows security administrators to formulate a plan in regards to remediation and prevention of an actual attack. The purpose of penetration testing is to attempt to access resources without knowing usernames, passwords, and/or any other means of authorized security authentication procedures that may exist for a particular organization or individual. An important thing to consider is the only thing differentiating a penetration tester (White Hat Hacker) from an attacker (Black Hat Hacker) is permission from the attacked to allow it to happen.

Continue reading

Cloud Computing: Benefits, Risks, and Deployment Models

/ Miguel Antonio Bigueur / Leave a comment
Cyber-Security-(2)

20 Minutes

Computer networks are more advanced today than ever. More and more users are demanding greater access to these systems and as a result administrators are tasked with the dilemma of securing these highly complex networks. Many systems at one time had the luxury of relying on basic firewall implementations, which consisted of IP filtering and port blocking. In todays society this is no longer an option.

As today’s computer network systems advance, so do the intruder’s methods who wish to wreak havoc upon them. One such advancement in network security is the implementation of an IDS/IPS (Intrusion Detection System/Intrusion Prevention system). An IDS/IPS is a great addition to any unified threat management system, which can help thwart off an attacker’s advance or slow them down long enough to initiate alternative security measures. This paper will also explore the costs savings of outsourcing computing resources in conjunction with the security benefits and/or security vulnerabilities associated with doing so.

Continue reading

Exploring SHA-1 and MD5 Hashing Algorithms for Text Document Encryption

/ Miguel Antonio Bigueur / Leave a comment
AES 256.png

6 Minutes

We will be taken through the two equivalent hashing processes that simulate a secured text document transmission, one using the SHA-1 hashing algorithm and another using the MD5 hashing algorithm. Hashes are cryptographic algorithms that manipulate data and produce fixed-length digests regardless of the amount of data used to create them. Despite small minor changes of the input data, hashing algorithm’s outputs changes significantly, which is an indication of the complexity of the algorithms mathematical computational formulas.

This paper will study the outputs of encrypted and decrypted text documents against the two various hashing algorithms SHA-1 and MD5. A password will be created during the encryption phase, which essentially functions as a secured key used to unlock the file for the intended recipient. The quality and usefulness of the SHA-1 and MD5 algorithms are widely debated and both arguments will be discussed here.

Continue reading