On Security - John George

This week, I've developed a potential network security plan for a smaller institute of higher education.  I've also learned more about devices to secure a network.  I first started researching VPN technology after the first of the Snowden leaks. I discovered that OpenVPN has stronger encryption than other virtual private networking protocols.  It is available for Windows on the OpenVPN.net website, and the macOS version is called TunnelBlick.  It is also available for other operating systems such as Ubuntu GNU/Linux, DD-WRT and pfSense for routers, etc. since it is free and open-source.  I was already familiar with the concept of De-Milatarized Zones, not just from the history of the Korean Peninsula but from researching the various features of my routers.  They are most useful for servers and sometimes for gaming, particularly on an Xbox or PlayStation, but I have not needed to set one up myself so far.  I haven't had enough upload bandwidth to run lo...

This week I learned more about mobile devices in the workplace.  I was already familiar with the fact that a rogue access points being used by attackers frequently interpose themselves (a man-in-the-middle attack) between a legitimate access point and their targets.  One thing that has changed over time is that many vendors of wireless hardware use different default passwords for wireless networks, although there are still plenty that do not (and need to step up their game).  I also did something that I enjoy doing, which is comparing different networking hardware and daydreaming about how I might set it up.  One device I researched but didn't write about because it doesn't have as many features as I'd want in a router is the mesh system Google Wifi.  It has good performance and security, but has fewer adjustments that can be made.  It doesn't support upload quality of service, for example.  It also can't be set up or configured with a laptop or deskto...

This week I learned more about some of the things that can be done to secure two fairly common browsers, Microsoft Edge and Google Chrome.  Turning on the options to protect against dangerous sites if these options are not already on is a good choice.  I also was reminded about private browsing features, which can come in handy if you don't want to reveal what gifts you just ordered for a family member on a shared computer, for example.  Private browsing prevents history and cookies from being kept permanently on your computer.  If you want to keep your Internet Service Provider (ISP) from knowing which websites you visit (which they can sell to advertisers), you'll have to use a VPN. Using a VPN is especially advisable if AT&T or Verizon is your ISP, since both of them are particularly known for snooping on this information.  HTTPS is very helpful for protecting your data, but your ISP (and DNS provider) can still find out which servers you're getting conte...

Note: The title refers to the chapter listings in the syllabus. This week I have been reminded the importance of strong passwords or passphrases with many characters (8 is a minimum, but more is better), and many different types of characters, such as numbers and exclamation points, ampersands, etc.  I also learned about how to actually use a picture password, which I hadn't used since I did not have a touchscreen or trackpad on any Windows PC I have.  It just consists of drawing some kind of pattern on a picture instead of typing something. Picture passwords are good for touchscreen devices (a variant of them seem to be quite popular on Android), but can be difficult to draw with a mouse.  I already had learned about using PINs as a quick login method if you don't want to type a long password every time you lock the screen of you device, but do want to leave it locked if you're leaving it unattended.  So far I use a PIN on one Windows PC at the moment, since I can...

Encryption can be used at rest (such as an encrypted storage device) as well as for transmitting information (such as SSL/TLS or SSH). Symmetric encryption uses a single key to encrypt and decrypt messages.   Asymmetric encryption uses paired keys: a public key that is shared with message senders, and a private key that is kept secret and is used by the recipient to decrypt their messages received that are encrypted with its matching public key.  This arrangement can also be used to verify that a public message has not been tampered with, by comparing the hashed (encrypted) message generated by the public key with the plaintext.  If the hashed output does not match the original text, the message has been altered in some way, possibly by adding or removing characters, or sometimes just because of using different encoding schemes, such as ANSI, UTF-8, etc.  One downside of asymmetric encryption compared to symmetric encryption is that a message to multiple reci...

This week I learned more about malware.  I was already familiar with the general concept, of computer programs that are used for mal icious purposes, hence the name.   I was not surprised to see it confirmed that C and C++ are common programming languages for malware, as performance and portability are important for malware, as is relative ease of creation, all of which are qualities of C and C++, as I know from my time studying at NIU.  An example of a somewhat famous piece of malware that was not a virus but widely considered a trojan piece of spyware/adware is BonziBuddy. BonziBuddy was a virtual assistant program that ran on Windows, however, it would surreptitiously send some information to servers belonging to the company owned by its creators, and also change your homepage.  ( https://en.wikipedia.org/wiki/BonziBuddy ) The circumstances under which I would consider software to be malware depend upon intent.  For example, a Remote Administration Toolkit ...