Monthly Archive October 2018

ByJayanthi

Access control

It is a reality that the cyber security landscape is rapidly changing everyday. New threats emerge constantly and what was true 5 years ago might not be true today. In this reality, it is important to re-skill ourselves constantly.

Living in a hyper connected world, we are constantly signing into systems to access different types of information. Unauthorized individuals should never be able to access our resources.  How can this be done? By the very basic and fundamental concept in Information security – ‘access control’. 

What is Access control and what are the different types?

Access control ensures that only authorized individuals can access appropriate resources. Physical access control ensures that physical resources like specific rooms, buildings are accessed by appropriate people.Logical access control ensures that resources like networks, files are accessed by appropriate people. 

We observe the principles of ‘access control’ all around us unknowingly. When we share a post on social media platform, we set the permission to ‘public’ or ‘private’ or ‘Friends’ as the case may be. This makes sure that the post is visible only to necessary people and not all.

The simple example of checking email can also be mentioned here.  The correct combination of username and password authenticates the user to access his resources (email, in this case).

The different stages of access control are:

1.Identification

2. Authentication

3. Authorization

4. Accountability

‘Identification’ is done by providing the user with a unique id number, username or account number. ‘Authentication’ is done by providing the password or personal identification number. This correct combination of username and password reiterates the fact that the user is in fact “who he claims to be”. Once the user has been authenticated, the user next has to be authorized to access the resource. The ‘access control matrix’ is checked to make sure that if the user is the “person” authorized to access the requested resource. This is “authorization”. Finally the user is “accountable” for all the actions taken. To ensure accountability, user’s login information and subsequent actions are noted. 

Now that we have seen what is meant by ‘access control’ – we see the different access control models. There are three main types of access control models and they are discretionary access control, mandatory access control and role based access control. Every organization has different business objectives. The type of access control to be implemented is entirely dependent on its objectives as well the culture of the organization.

Discretionary access control:

Before we discuss the different access controls, we see what is meant by a “subject” and “object”. The “subject” is the one that is making the request for the resource and the “object” is the resource itself. In discretionary access control model, he who creates the information is the “owner”. The “owner” can decide who can access which data. Recall, that this is authorization. This is normally implemented by “access control lists” or ACLs. ACLs are specified by the system administrator and enforced by the operating system. The majority of the operating systems such as Windows, Linux and Macintosh systems are DAC based.

Mandatory Access Control:

The ‘mandatory access control’ is much more structured and organized than the DAC. In this type of access control, the operating system has the final say on who can access which resource. Users have security clearance (secret, top secret, confidential) and data is also classified in a similar way. The clearance and classification are stored as ‘security labels’.  When a user makes a request for a resource, it is dependent on the clearance of the individual, the classification of the data and the security policy of the system. This is enforced by the security officer and implemented by the operating system. This type of access control is used where security is of utmost importance. Normal DAC systems will not be suitable when the need is to classify data of special security clearance. We need MAC systems with special operating systems to enforce the rules.

Role based Access Control:

Role based access control or RBAC is also known as ‘non-discretionary access control’. In Role based access control, access to a particular resource is governed by the “role” an employee is mapped to. This type of access control is tougher to configure as the organizational policies have to be translated to roles. For example, an employee in “HR” does not need access to resources in “payroll”. RBAC is easy to configure when the employee turnover is high. When “Sam” from “Finance” leaves the organization and “Wendy” joins, “Wendy” is just mapped to “Finance” and she takes the same roles and responsibilities as the previous employee. There is no additional configuration needed here.

Access control is the basis of many topics and the RBAC model forms the basis of many identity management solutions.

We saw a very small portion of a fundamental concept in Information security. Join me as I uncover more!

Bibliography

Harris, S. All in one CISSP. In S. Harris.

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByShanthini Rajkumar

Golu

The first memory I have about the story of Goddess Durga was from reading the Amar Chithra Katha comics.They really were a great substitute for when grandmothers were too busy to tell us stories.The vibrant images further enhanced the text.

Even as a child ,the idea of all the goddesses coming together in the creation of an omnipotent Shakti was incredibly appealing.It cemented the thought process that good will always triumph over evil.The picture of Goddess Durga in her full glory with her foot on Mahishasuran thereby putting an end to his tyranny is quite unforgettable.

While the nine days of Navarathri are celebrated with much gaiety in different styles across the country, the festivities commonly signify the power of divine light banishing away darkness and negativity.

The day preceding Navarathri ,a ritual is offered to welcome the Goddess by the arranging of the kalasham. At our uncle’s home, this is usually done by my eldest aunt. The  Goddess is welcomed into the home for nine days of puja and prayer.The blessings derived from these nine days of chanting are shared with visiting friends and family who partake of not just the prasadham (blessed food offering) but all the positive vibes that the home and the hosts have invoked through the rituals.

As we know ,in ancient times, festivals were also a way for families to socialise with one another.So, during the nine days of prayer and song,the women folk ,dressed in finery would display a set of steps ,of any odd number,using wooden planks, line it with cloth and set up their collection of dolls.Now these dolls were traditionally made of wood by talented artisans and were known as marapatchi bommai.These were specially made for the ‘golu’ also referred to as ‘bommai kolu’.

Most families today own dolls that go back several generations.Each year they add a few to their exquisite doll collection.I’ve lost track of the number of stories that I’ve heard over the years while my gaze was either transfixed on a beautiful set of dolls or on a fascinating story that was laid out ,complete with street lights and all.

The top most layer of the step was always for the figurines of gods and goddesses depicting stories from mythology.Time would pass by effortlessly as we sat cross legged and looked at the mighty River Ganga cascading from Lord Shiva’s locks or the story of Gajendra Moksha depicted beautifully…along with countless other stories.

The bottom few steps are just as arresting because they depict scenes from the lives of the common man.From the expressions on the faces of errant children to that of soldiers keeping vigil at our nation’s borders,each detail is the work of master craftsmen.A lot of families also like to stage a different theme each year.All of these makes for delightful kolu visits.

One rarely sits idle in front of a kolu display, children are encouraged to sing familiar devotional songs along with the ladies and it adds a lovely charm to the festivities.The neivediyam (offering of food) is also given a lot of importance.Rice and lentils figure prominently on the menu as do the many traditional desserts like payasam , pongal,laddu etc. Each day rice is flavoured differently using either lemon, coriander,tamarind,curd,coconut etc.No onion or garlic is used during this period as it is believed that the properties brought on by those foods are not beneficial to the body and mind during this period .That’s also a reason why the high protein pulses are cooked daily in the form of delicious sundal.

When children are taught the importance of such festivals and their significance, that’s what paves the way for them to follow suit and also teaches them to embrace their culture rather than to shy away from it as something that is unfamiliar to their thought process.

Even the thamboolam that is gifted to each departing guest  contains items that signify harmony , prosperity and positivity.Betel leaves and areca nut are offered because when the guest leaves with a red stained mouth,it is testimony to being well looked after.Also the betel leaf is synonymous with the Goddess of wealth.Bangles, coconuts ,vermilion ,a new coin all denote that which is revered in our culture. How blessed are we to be a part of such a glorious celebration cloaked in radiance and happiness.

Shanthini Rajkumar

https://www.facebook.com/pltpinklemontree/

ByJayanthi

Night owls vs Early birds

She could never get her eyes open in the morning. Try as she might, once the sun shined, her eyes wanted to keep shut. In her childhood, her mom would wake her up in the morning and she would doze right back to sleep savoring those extra special moments of happiness. Who would really get up so early at 6:00 a.m. was her greatest thought! She could sit all through the night along with her father and they would have great fun watching television together. She was the typical “night owl” who was extra productive at nights too. 

College/work years/marriage:

Years rolled by and she had to change her ways for sometime at least. Obviously, college and work will change any person. And a night owl could not be a “night owl” forever. She soon got married and life was running smoothly.

Amazon Today’s deals!!

After marriage:

Few months into the marriage, she figured that her husband was an “early riser” and was amusedly shocked! 😉 He could get up by 4:00  in the morning and go about his chores happily…:) Going to gym, responding to emails, calls in the morning, anything and everything before the sun was up was his policy. She shuddered at the thought of getting up at 4:00 a.m. or the “middle of the night”, as she called it.

sunrise

Slowly, she felt her nocturnal habits returning and both the husband and wife were working at the opposite sides of a day… A ‘night owl’ vs a ‘early bird’ – they were a match made in heaven!! 🙂

Puzzle:

In all the years that they have been married, there has been one thing that has puzzling her all along though. She really wasn’t sure what exact time, he got up … was it 3:30 a.m. , 4:00 a.m. or 4:30 a.m. Sometimes, he stated a later time to keep her early rising queries at bay(otherwise, she would gasp with “You have got up so early?!!!!! and spread the good news all around to families and friends!!) 

She always thought “I wish an alarm would ring loud and notify me whenever my husband gets up”!! 🙂


This post is a part of Write Over the Weekend, an initiative for Indian Bloggers by BlogAdda.

If you liked this post, rate it! 🙂

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

H4 visa woes

It has been a while since I wrote about my US-India stories, right? 😉 The US is always a dream country for many from India. The ‘H1B’ visa is the highly sought after visa and is one of the most popular work visas to the US. It is primarily used by companies to fill positions by employing skilled foreign labor. 

Every foreign worker(eg. Satya Nadella, Sundar Pichai) in the US would have gone through the H1 visa grind.  Most individuals who come to work in the US, start off with the H1 visa and if all goes well, move onto apply for the Green card or permanent residency. Five years after one has acquired the GC, one can apply for US citizenship.

So, where does H4 visa fit in now? H4 visa is the dependent visa to H1 visa issued by the US immigration service.  The spouse and the children of H1 visa holders are issued H4 visas.

passport

H4 visa:

During my entire stay for 14 years in the US, I have noticed it is mostly the wives who are on the H4 visa. I am sure you are thinking what is the “woe” related to this visa… it is just that individuals on this  visa do not have work privileges and that might be bummer for many…(there is a reason behind it)

While many are excited to just join their husbands on their American journey, the H4 visa women’s career comes to a grinding halt. Most(if not all) are very well educated and highly experienced women who cannot work because of their visa status. The H4 visa wives unfortunately go from active workplace leaders to waiting- to- work professionals. It is a frustrating experience for many as they try and polish their resume with new skills. They also learn to drive on American roadways all along thinking that they will work some day.  

Amazon GREAT INDAN FESTIVAL!!

So, what happens next?

Many like me find work sponsorships. Others, wait till their husbands get their green card(after which both husband and wife can work) which used to be a good 5 years when we were there(but not sure how long it takes now)

Some even seek  US higher education and manage to get a work visa after that. All in all, it is quite a game of visas and waiting for the woman who moves in behind her husband. While many adjust to the waiting game there are others who think their career would have been better in India after all…

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂

ByJayanthi

Single sign on

In the wake of the Facebook data breach that supposedly compromised 50 million accounts and other personal data last week,  it is but imperative to look at yet another aspect of ‘Information security’ – ‘Single sign on’.

What is ‘Single sign on’?

Remember, the time when you discovered a new website or app ? You had to register to get into the site. You were presented with these options:

                ‘Continue with Google’

                 ‘Continue with Facebook’

in addition to a lengthy sign up process. In a hurry to understand what the new craze was, you just signed in with your ‘Facebook’ or Google account information instead of going through the whole signing up rigmarole. This is ‘Single sign on’ wherein by just signing into Facebook or Google, you can access many other apps and sites with ease.

data breach

What is the downside of ‘Single sign on’?

It seems to be such an easy thing to do – just sign in with one account and we can access so many other sites with ease. So, what is exactly the problem? If you have signed into multiple accounts using Facebook or Google, when the main ‘sign on’  site gets hacked, it is quite a possibility that the other apps that use ‘Single sign’ on method of being authenticated would have their data breached too. 

So in essence, you are exposing the data related to all other apps to the hackers too!

How do we ensure the safety of our data in the wake of the breach?

Since there is nothing that is simple and easy in this world, single sign on comes with its own troubles. In case of the Facebook data breach, you would have definitely received appropriate messages and notifications if, your account was indeed hacked. In addition,it is  good to always:

  1. Check ‘Settings’  in ‘Facebook’ and check the devices and locations where you are logged in from. Logout from all of them and re-login with a new password.
  2. It is also good to login to each site/app with a separate login and password henceforth and give your memory a good workout! 🙂 (Seriously though, a password manager might be a good option to consider since it is difficult to remember multiple logins and passwords)
  3. It is better to try two factor authentication to prevent further data loss.

These security tips will hold good for some time before the next breach occurs!

Jayanthi Manikandan has an undergraduate degree in Computer Science from India and a Master’s degree in Information systems with a specialization in Information security from Detroit, MI, USA. She has written blogs for Simplilearn, Whizlabs software, InfoSec institute and Jigsaw academy. She has created e-learning videos for Whizlabs software and Twenty19.

She has been passionate about Information security and has several years of experience writing on various technical topics. Additionally, she loves to pen a few personal thoughts here as well! 🙂