The Final Lesson log for this subject(at least thats what I heard.).
These whole week we were doing continuous lessons about physical security and other content about the whole security.
To be totally honest, I don't remember anything except for the physical securities because I like that part.
It was about how physical security is also important for our information security. The structure of the building until the possible materials used for the facility. We had an exercise about that with APC building. And I totally would say, the security of the APC s lacking. Yes because someone was able to hack the internet server, fire happens and stealing is uncountable. Well we could also say that it is also our fault for not consulting about it but in spite of that, the security aint that satisfying. How I wished that the APC could easily be changed just as the exercised, without any money limits.
Other than that We also had our final project. Our project was all about Snort(firewall). We had to port-scan and back-door detect using snort. It was not a big deal finding and implementing snort because inside Pfsense, there is packages, and one of them being snort. Seems that it was our first time presenting an implemented firewall from another firewall and our professor was impressed. What I didn't like about it was the process duration it took for me and Andrey Brian Buzon to install it. Yes, install. It is not even in the part of implementation of rules. It took us about 2 days with multiple reinstalling, searching for error solutions and changing some properties of the pfsense. It was tense, Andrey was almost about to give up when I was able to install the rules for the snort to run. After that was smooth, we were able to implement the port-scan and backdoor using the Linux Kali again. Presentation went fine so I was glad it finished within 30 minutes, because other groups had some issues with their presentation and took more than an hour to finish.
Friday, August 25, 2017
INFOSEC Lesson log 5:
These few weeks we've been assigned for another research(?)/debate. The topic was about Cybersex. Yeah like why do i even have to research about this, it is obvious that most of the people would say "no" to cybersex. That was my first impression about the topic, seems that I was wrong.
The only different thing with this debate was that there was a motion. Which is "Cybersex with consent should be legal." Many thoughts went through my head. Some are logical, and most being regional. So I had to think and research further just because our professor said,"without including regional purposes.".
I've research from site to site, videos to videos. I've focused my concept and content from a research done in USA. There were many information that i could obtain by the research that they did. The debate was done the next week, but unfortunately I was late due to the heavy non moving traffic in Makati-City. I've arrived in the classroom just in the time our professor were asking questions about the 3 content that my group stated. Even though I was late for the debate, I still had in mind what I had to answer and how to defend our content. Everything went well, I was able to answer the question coming from left and right. I wasn't able to say anything for my part of the content, but I rely on my group mates that they got my back. I just hope my grades are not so low.
The only different thing with this debate was that there was a motion. Which is "Cybersex with consent should be legal." Many thoughts went through my head. Some are logical, and most being regional. So I had to think and research further just because our professor said,"without including regional purposes.".
I've research from site to site, videos to videos. I've focused my concept and content from a research done in USA. There were many information that i could obtain by the research that they did. The debate was done the next week, but unfortunately I was late due to the heavy non moving traffic in Makati-City. I've arrived in the classroom just in the time our professor were asking questions about the 3 content that my group stated. Even though I was late for the debate, I still had in mind what I had to answer and how to defend our content. Everything went well, I was able to answer the question coming from left and right. I wasn't able to say anything for my part of the content, but I rely on my group mates that they got my back. I just hope my grades are not so low.
INFOSEC Lesson log 4:
For these weeks we were studying about cryptography and the ethics about hacking back. This week was also a week of SOCIT week. So the professor wanted us to go to the meetings(?) upstairs at the 12th floor auditorium. But I was just busy with Andrey Brian Buzon trying to finish the Midterm projects.
So after(?) the SOCIT week, we presented the Midterm project which was about malware in android devices. We were presenting how are the malwares able to penetrate the mobile cellphones firewalls and anti-malwares. After that we showed how the specific malware"false guide" works. It was quite interesting researching about the concepts that it uses to be able to create a malware inside the devices. But what was more shocking was the fact that the effected numbers of devices that were stated was only just this year 2017. So it is brand new and we don't have full information about the specific parts and authentications that it will do into the device. But for that part, we used the power of hacking OS"Kali" It has a built-in malware creating tools and codes. So what me and Andrey would have to do is just search in what codes we needed to run it.
After we presented I showed our professor the codes and the process of hacking my own device. The malware was able to hack in the call-records, contact-number, text messages and so on. He was amazed. Well even though it was hard to say how to completely protect your device from getting hacked/malwares, we were still able to show some solutions that would lessen the possibilities.
So after(?) the SOCIT week, we presented the Midterm project which was about malware in android devices. We were presenting how are the malwares able to penetrate the mobile cellphones firewalls and anti-malwares. After that we showed how the specific malware"false guide" works. It was quite interesting researching about the concepts that it uses to be able to create a malware inside the devices. But what was more shocking was the fact that the effected numbers of devices that were stated was only just this year 2017. So it is brand new and we don't have full information about the specific parts and authentications that it will do into the device. But for that part, we used the power of hacking OS"Kali" It has a built-in malware creating tools and codes. So what me and Andrey would have to do is just search in what codes we needed to run it.
After we presented I showed our professor the codes and the process of hacking my own device. The malware was able to hack in the call-records, contact-number, text messages and so on. He was amazed. Well even though it was hard to say how to completely protect your device from getting hacked/malwares, we were still able to show some solutions that would lessen the possibilities.
Thursday, July 13, 2017
INFOSEC Lesson log 3:
So these past 2 weeks we have been learning about "Privacy".
Oh yes, something that made me awake for the entire meeting, why? Because you see some videos on Youtube like, "We have the rights!" "Get out of my privacy!" and so on.
Privacy in my understanding is all about the ability of a person or a group's information and rights.
This day we were learning the different kinds of Laws that would be affecting this privacy.
Some examples are like cyber-law, statutory law, administrative law, common law, civil law, criminal law, etc.
After learning the simple known laws and its meanings, our professor gave us an "easy exercise" he says. Our problem was this, we knew what are the laws and rights of the exercise that Sir gave us. But the problem was as a group was that whether he would win or lose about his privacy. The debate went for a few minutes until we settled into a law that would define that the law for the problem would be unacceptable, which made the exercise with our group ending with a conclusion of him losing. It made us brain storm about the problem in how we should use properly the privacy laws and what can be applied.
Other than this, we were also given some time to do our project. Our project was about Mobile Malware and how it works. Took us few days trying to figure out about "FalseGuide" be cause it is a new malware created in the 2017 and is just been detected from the anti-viruses application. Our project was to show how it worked and what it could do. I was focused on the grammar checking and about the conclusion part of it and some example testing of a malware. Was a lot of fun despite the codes and complexity of the project, I learned a lot of things that a single malware about what it is capable of doing. It creates a botnet into the device, also connects to the Firebase cloud which where the malware are stored and installs it into the device with the user not knowing it. We would be showing the things that we learned on Saturday, and i would be showing some simple codes that the malware could do to the android devices once it is connected and installed.
Oh yes, something that made me awake for the entire meeting, why? Because you see some videos on Youtube like, "We have the rights!" "Get out of my privacy!" and so on.
Privacy in my understanding is all about the ability of a person or a group's information and rights.
This day we were learning the different kinds of Laws that would be affecting this privacy.
Some examples are like cyber-law, statutory law, administrative law, common law, civil law, criminal law, etc.
After learning the simple known laws and its meanings, our professor gave us an "easy exercise" he says. Our problem was this, we knew what are the laws and rights of the exercise that Sir gave us. But the problem was as a group was that whether he would win or lose about his privacy. The debate went for a few minutes until we settled into a law that would define that the law for the problem would be unacceptable, which made the exercise with our group ending with a conclusion of him losing. It made us brain storm about the problem in how we should use properly the privacy laws and what can be applied.
Other than this, we were also given some time to do our project. Our project was about Mobile Malware and how it works. Took us few days trying to figure out about "FalseGuide" be cause it is a new malware created in the 2017 and is just been detected from the anti-viruses application. Our project was to show how it worked and what it could do. I was focused on the grammar checking and about the conclusion part of it and some example testing of a malware. Was a lot of fun despite the codes and complexity of the project, I learned a lot of things that a single malware about what it is capable of doing. It creates a botnet into the device, also connects to the Firebase cloud which where the malware are stored and installs it into the device with the user not knowing it. We would be showing the things that we learned on Saturday, and i would be showing some simple codes that the malware could do to the android devices once it is connected and installed.
Friday, June 30, 2017
INFOSEC Lesson log 2:
Despite the fact that i only attended 2 meetings in this 2 past weeks, we learned about some reality of the daily security and some models. To tell the truth i do not remember about the topic and the details. This is because me and my other team mate(Buzon) was focusing on the project that our professor has given us.
We are 4 in a group and we needed to find out how it works and what it does and some resolution for it. Our topic was about the mobile malware. We had to first think of which console we would use(android/apple). After this we decided to choose a malware that is recently been discovered and plus, difficult to solve. We search bunch of malware such as pop-up malwares to data deleting malware to even SMS malwares. We discussed on whether we pick one that is still active in the society or the malware that is giving a big effect to the society. We decided to use "FalseGuide" as our malware to research about. As we were researching we learned that it is a malware that camouflage itself into a game guide and creates malware into the android system device. Now we are searching on how it actually works into the system.
We are 4 in a group and we needed to find out how it works and what it does and some resolution for it. Our topic was about the mobile malware. We had to first think of which console we would use(android/apple). After this we decided to choose a malware that is recently been discovered and plus, difficult to solve. We search bunch of malware such as pop-up malwares to data deleting malware to even SMS malwares. We discussed on whether we pick one that is still active in the society or the malware that is giving a big effect to the society. We decided to use "FalseGuide" as our malware to research about. As we were researching we learned that it is a malware that camouflage itself into a game guide and creates malware into the android system device. Now we are searching on how it actually works into the system.
Thursday, June 15, 2017
INFOSEC Lesson log 1:
This 2 weeks of our Information Security we have learned valuable things that not only would be related to our daily lives but also how to be secure with it and to identify the threats or in other words as our professor likes to say it being smart with the objective.
The 1st thing that this subject told me about was the difference about the information security and the IT security. At a glance some people would say it is totally different. It was difficult for me for IT is literally Information Technology Security and it seems for me to be the same with information Security. But as the professor explained that IT is focused on Hardware and Software technology I figured out that they are a totally different thing.
We also learned about the differences between Information Security, confidentiality, integrity, and availability. The difference of the situations can make a big problem simpler to solve. other than that there were studies of the firewall, security principle, types of privilege, duties, types of access control, and other authentications. Each studies are interesting giving me the knowledge and opportunities that can help me in near future.
What I enjoyed most in this Lesson is always the group project. The professor gives the group a problem and we as a group should think of solutions to solve it. I enjoyed this not because i was easily think of a conclusion by the things that i just learned but the point that sharing your thoughts with the group mates and also seeing things by their perspective of the problem.
Subscribe to:
Posts (Atom)