Academic Megathread

Discussion
Jon Avatar
Jon GB Staff *****

Post by Jon on Apr 13, 2018 13:06:04 GMT -7

This thread is dedicated to a discussion of anything academic related.

Please be as detailed as possible in your postings.

Rules
1. Plagiarism is not okay
2. We're not here to do your homework but to help you understand how to do it
3. Questions should be marked in red and then changed to green once answered
4. General discussion should be marked in blue
6. Answers should be marked in yellow







Topic: WiFi Security

I've made this thread in the past and was unable to find it so I guess it's time to stop being so lazy and rewrite it.


During my time spent as a residential and business IT contractor, I discovered many of my customers were unaware how secure(or unsecured) their WiFi(Wireless Frequency) internet connection really was from the public. I noticed many homes would have easy to crack passwords such as a family member or pet name, in some cases the broadcast was even open. It's easy for us tech-savvy people to think "Are you crazy?", although that's not the case. The majority of people simply don't understand the technology and the way it works in the same sense we do, and in vise-versa, I'm sure they're skilled in other areas that we wouldn't fully understand either. If you're too lazy to read this entire guide, at least take this piece of advice if nothing else: be sure your WiFi is using WPA2 with AES encryption.

On the flip side, you have those who are currently educating themselves with Information Technology and making attempts to secure their connections even further than the 'default' ISP(Internet Service Provider) setup, this can be a good and bad thing, let me explain a few common mistakes.


 Hiding your SSID (Service Set Identifier)

 The SSID is the name you see on your connections list while viewing available WiFi networks. Some people and businesses have decided not to broadcast their SSID believing it may shelter them from potential intruders or "hackers" in the area. Although it may sound like a good idea to hide your SSID from appearing in the connections list of wandering eyes, I believe it may actually have the opposite effect. Devices capable of broadcasting an 802.11 standard WiFi signal also send out what's called 'management beacon packets', these packets are pieces of information that can be read by WiFi capable devices which allow the device to see the available networks around it. If these management beacon packets are missing(turned off), a simple scan of nearby networks would expose the network as hidden since the wireless network name(SSID) would be missing in the management beacon packets.

Conclusion
: Scanning the area for packets would be one of the first steps an intruder would take if your network is hidden it's going to stand out like a sore thumb and cause more curiosity than protection.


Changing your Password (WiFi)

 Many people decide to change their WiFi passwords for convenience. This can be a good, or bad. If you're going to change your WiFi password, I strongly recommend you make a password 10 characters or longer. Include numbers, upper and lowercase letters, and special characters such as [email protected]#$%^, etc. Brute-force is one of the main methods of breaching a WiFi connection, brute force works by using a list of usually millions of passwords to try and figure out which may work with your connection. If your current password provided by your ISP is 12+ characters of numbers, this is usually quite a secure password and for the most part, you should leave it alone.

Conclusion: Don't change your ISP provided password unless you need to, and if you do, make sure it's a very secure password of at least 10 characters with numbers, upper and lowercase, plus special characters.


Using MAC Filtering

 Each device is assigned a MAC(Media Access Control) address from its manufacturer, this is essentially a license plate so the device can be recognized. MAC Filtering is when an access point such as a router only allows devices containing a certain MAC Address to connect. This may sound like a good idea, and it may keep out inexperienced hackers, however, it will only make those who are more skilled in their work more curious as to why you have this filter in place. The problem with MAC addresses is that they're easily spoofed, meaning someone with the right amount of experience is able to fool your access point into thinking it's MAC address is on the white list(allowed MAC list), therefore allowing the connection granted the hacker also has the correct password.

Conclusion: Creating a MAC white-list will only keep out inexperienced network breaches while making the more experienced hackers more curious as to what you're hiding.


Using WiFi Protected Setup (WPS)

 Most people have seen the WPS button their router at one point or another and wondered what it was for. WiFi Protected Setup is a way a device may connect to an access point(router, range-booster, etc.) without using a passphrase and is meant to save time and provide convenience. There are four types of WPS, however, the two methods found below are most common. Uncommon methods would be Near-Field and USB, however, we'll be discussing these:

 PIN - A PIN is provided on by the router on a digital screen or sticker on the device
 Push-Button - A physical or virtual button is pushed on the device and access point within a short time frame
 
These options may provide convenience for the price of a less secure method. The problem with WPS is that most access points or routers on the market today don't actually provide any protection against brute-force attacks. Meaning a potential intruder could try thousands, or even millions of PIN's against the router until the correct PIN is found and allows access. 

Conclusion: WPS may provide convenience at the cost of reduced network security. It's best to just disable this option.


Last edited Apr 21, 2019 11:29:48 GMT -7 by Jon
Jon Avatar
Jon GB Staff *****

Post by Jon on Apr 18, 2018 10:56:42 GMT -7

Topic: Keeping your PC secure


Many people even in today's day and age are still browsing the internet without the proper protection in place, this boggles my mind a little considering most of us use the internet for banking, shopping, and other means of providing the web with private and confidential information like mailing addresses, email addresses, phone numbers, social security numbers, identification, and more. All of this information can easily be used maliciously by someone looking to commit fraud against you or to gain access to your accounts.

There are also things called Botnets or "Zombies", this is where a users computer is being used in malicious attacks against other computers or servers and they have no idea it's even happening. All of this happens while you're using the computer and you may never know anything was wrong. As long as it's turned on and has an active internet connection, you're vulnerable.


Today there are many great free and open source programs to help keep your computer safe, let's have a look at a few of them:






 Malwarebytes is one of the best malware scanners available. Malware is malicious software with the intent to damage or commandeer a computer system. You can read more about Malwarebytes and why it's ahead of the game here.



SPYBOT is another great anti-malware scanner that offers a free and paid version, I've trusted this scanner for over 15 years and I feel you can too.




CCLEANER is used to remove unwanted programs and old file junk from your computer, if you've had your computer for a few years and it's starting to bog down, I highly recommend scanning with this tool.



Bitdefender is one of the top anti-virus scanners on the market today, don't forget malware isn't the only thing you need to protect yourself against.






Alright, now that you have yourself software to clean your PC and protect you from malware and viruses, let's talk a little about what it is you're actually protecting yourself against. I'll try to summarize as best I can and will cover the most common types of malicious software.


 
 Adware

Adware is software intended to display advertisements to unwilling users, this can be in many forms such as pop-ups, videos, images, websites and more. Adware collects and often sells your data for marketing purposes.


 Spyware

Spyware software aims to collect information from a computer or server without the user's consent. Spyware can also be in many forms such as keyloggers which log each key stroke you make.


 Viruses

A virus is a program that replicates itself and aims to corrupt the code of programs on your computer with its own code. Basically taking over and "infecting" the program.


 Ransomware

Ransomware is never pretty, this particular piece of code works by capturing personal information or private business data, encrypting it, then offering to return it only for a cost.


 Trojan Horse

Remember the story of the Ancient Greek and the misleading wooden horse? A Trojan Horse acts as an innocent program and infects your computer, then steals your data once interacted with.






These are all examples of malicious software, other examples would be worms, rootkits, bootkits, scareware, backdoors, logic bombs, and more. Although we haven't covered them all, you now have an idea of why it's important to take proper precautions when it comes to using the web, or being online at all for that matter. However, keeping your Operating System(Windows, Mac, Linux,etc.) up to date is just as important as everything previously mentioned.


Windows
Mac

 

Last edited Sept 12, 2018 11:18:08 GMT -7 by Jon
Nergal Avatar
Nergal GB Staff *****

Post by Nergal on May 15, 2018 18:28:36 GMT -7

Jon Avatar

Using WiFi Protected Setup (WPS)

 Most people have seen the WPS button their router at one point or another, and wondered what it was for. WiFi Protected Setup is a way a device may connect to a access point(router, range-booster, etc.) without using a passphrase and is meant to save time and provide convenience. There are four types of WPS, however the two methods found below are most common. Uncommon methods would be Near-Field and USB, however, we'll be discussing these:

 PIN - A PIN is provided on by the router on a digital screen or sticker on the device
 Push-Button - A physical or virtual button is pushed on the device and access point within a short time frame
 
These options may provide convenience for the price of a less secure method. The problem with WPS is that most access points or routers on the market today don't actually provide any protection against brute-force attacks. Meaning a potential intruder could try thousands, or even millions of PIN's against the router until the correct PIN is found and allows access. 

Conclusion: WPS may provide convenience at the cost of reduced network security. It's best to just disable this option.

Actually many updated WPS routers DO prevent rapid bruteforce attacks, a MAC address could get filtered if it's found to be obviously trying to bruteforce against newer router firmware.
HOWEVER, WPS isn't actually secure anymore and there have been exploits built around how a "master-pin" is permanently burnt into your router. Once someone experienced has that PIN just once they own your router forever.
Look into airgeddon (and pixie-dust) if you are interested in seeing how such an exploit could work.

WPA is meh, WPA-2 is a little better but the KRACK exploit leaves it vulnerable; waiting on WPA-3
Overall router security is just in a bad place right now.
Last edited May 16, 2018 2:28:30 GMT -7 by Jon



Jon Avatar
Jon GB Staff *****

Post by Jon on Jul 6, 2018 9:03:51 GMT -7

Are you interested in Computer Science and Programming? Whether you're a skilled veteran to the science or just starting off, CS50x by Harvard University is sure to take your understanding to the next level. Take a little time out of each day to complete pieces of the course, you'll be glad you did. There's even an option to purchase a certification for a very reasonable price. CS50x will expand your knowledge around computer science in a very comfortable and well evolved learning environment.




CS50's Introduction to Computer Science

An introduction to the intellectual enterprises of computer science and the art of programming.








Vu1canF0rce Avatar
Vu1canF0rce GB Gamer ***

Post by Vu1canF0rce on Sept 3, 2018 11:49:11 GMT -7

Jon Avatar
Are you interested in Computer Science and Programming? Whether you're a skilled veteran to the science or just starting off, CS50x by Harvard University is sure to take your understanding to the next level. Take a little time out of each day to complete pieces of the course, you'll be glad you did. There's even an option to purchase a certification for a very reasonable price. CS50x will expand your knowledge around computer science in a very comfortable and well evolved learning environment.




CS50's Introduction to Computer Science

An introduction to the intellectual enterprises of computer science and the art of programming.











I like edX's ability to allow you to be a student or auditor of a course (get no credit or certificate). The cost isn't too bad if you want the certificate. It's also a nice approach for several large educational institutions to do some sidebar courses like this. Sometimes, for those who don't/didn't do well in a school setting, all they need to excel or grasp that particular or last concept is one little class. For example, the Python course could be that final step for that forward-thinking, next-best-software person out there that everyone clamors over (think Pokemon GO when it came out). 

I chose to opt-out near the last minute on doing the Python course because I wasn't terribly sure I wanted to do Python programming.
Andrew
Nergal Avatar
Nergal GB Staff *****
Last edited May 3, 2019 20:19:48 GMT -7 by Nergal



Vu1canF0rce Avatar
Vu1canF0rce GB Gamer ***

Post by Vu1canF0rce on May 3, 2019 19:39:52 GMT -7

Nergal Avatar
If you do want to learn some basic Python now, try CodeAcademy. They offer free courses for several scripting languages including Python and Python3
Yes, it is worth making tat distinction.


www.codecademy.com/learn/learn-python-3





Thanks for the tip. I love codecademy but i didnt notice the python courses.
Last edited May 3, 2019 20:19:34 GMT -7 by Nergal
Andrew
braindeadgenius Avatar
braindeadgenius GB Newbie *

Post by braindeadgenius on May 23, 2019 14:54:57 GMT -7

Jon Avatar
Are you interested in Computer Science and Programming? Whether you're a skilled veteran to the science or just starting off, CS50x by Harvard University is sure to take your understanding to the next level. Take a little time out of each day to complete pieces of the course, you'll be glad you did. There's even an option to purchase a certification for a very reasonable price. CS50x will expand your knowledge around computer science in a very comfortable and well evolved learning environment. 
Have you seen other, relevant courses that provide decent information?
Lord Tuba Blueba Avatar
Lord Tuba Blueba GB Regular **
Jon Avatar
Jon GB Staff *****

Post by Jon on May 25, 2019 10:05:25 GMT -7

Are you interested in Computer Science and Programming? Whether you're a skilled veteran to the science or just starting off, CS50x by Harvard University is sure to take your understanding to the next level. Take a little time out of each day to complete pieces of the course, you'll be glad you did. There's even an option to purchase a certification for a very reasonable price. CS50x will expand your knowledge around computer science in a very comfortable and well evolved learning environment. 
Have you seen other, relevant courses that provide decent information?


I have a couple of learning sources from my past that I really respect, mainly because they provide great information, free! One being www.professormesser.com/ - Professor Messer offers great learning material from the basics to advanced courses of CompTIA Network, Security and Cisco, there's always something to learn from this man. Lynda.com has some great material as well @ www.lynda.com/IT-training-tutorials/2057-0.html

www.codecademy.com/ is great for anyone looking to learn or touch up on HTML & CSS, Python, JavaScript, Java, SQL, Bash/Shell, Ruby or C++.





Last edited May 25, 2019 10:06:33 GMT -7 by Jon
braindeadgenius Avatar
braindeadgenius GB Newbie *

Post by braindeadgenius on May 25, 2019 10:31:19 GMT -7

With a discussion of places to go to for information, I think it might be helpful to mention places not to go to as well. Codecademy is good for coding, and so is www.freecodecamp.com.

However, one place I recommend staying away from is Purple (purple.com). For starters, the content is outdated, at least as far as NodeJS. I can’t vouch for anything else. Secondly, they don’t care about you. All they care about is taking your money. If you have any sort of question or comment that strays outside of “please help me with the problem I’m having with this code snippet”, you will get immediately banned. I don’t know why, but that’s apparently an issue people are having with this “company”. I tried finding the founder online based on his name and “30 years experience”. Couldn’t find anyone in the country. Seems sketchy at best, and, they’ve moved hosting companies for their eLearning platform a half dozen times. Probably due to too many complaints.

I also recommend staying away from boot camps. Most of they are more expensive than their worth and are not the experience you are needing.