Author Archive Jayanthi

ByJayanthi

GIAC certifications

Reading Time: 2 minutes

‘Information security’ and certifications go hand in hand.  The more certifications you have, the more renowned you are in the InfoSec domain. Information security certifications are offered by many organizations such as (ISC)2 (CISSP and CCSP), EC-Council (CEH – ‘Certified Ethical hacker’), ISACA (CISM, CISA, CRISC) and also by SANS (GIAC certifications) We will see the various GIAC certifications in this post…

 

 

GIAC certifications:

The SANS institute was established in 1989 and it offers various certifications and training programs. SANS offers GIAC (Global Information Assurance Certification ) certifications suited to every InfoSec professional and category. The SANS institute offers classroom trainings, online trainings and mentored trainings. The different certification categories are Cyber defense, pen testing, incident response and forensics, management, audit and legal. 

Here is a partial list of the different certifications:

  1. GSEC – GIAC security essentials
  2. GCIH: GIAC Certified Incident Handler
  3. GCFA: GIAC Certified Forensic Analyst
  4. GPEN: GIAC Penetration Tester
  5. GISF: GIAC Information Security Fundamentals

Notes about GIAC exams:

  1. All GIAC exams are open book which means you can get any number of books and printed material to the exam. However, you cannot access the Internet for any purposes.
  2. All certifications are valid for four years after which it has to be renewed.
  3. All exams must be taken at a proctored testing center.
  4. Each exam will also have different set of questions, time limit and passing grade
  5. GIAC exams can be attempted without formal SANS training. The prices can be found here

What is your preferred certification? Have you got any of the above certifications? How has your experience been?

The post is for alphabet ‘G’ for the #BlogchatterA2Z challenge. The previous post can be found here

ByJayanthi

No one in this world can love a girl as much as her father…

Reading Time: 2 minutes

Lakshmi thought her father was the greatest man. She adored him to bits. The father-daughter bond was created as soon as she was born. From the time she was young, she was struck by his aura. He was the wittiest and greatest father, she thought.

Did you know that it is hard for an adult to come to a child’s level and interact with them? Well, he could do just that… just by magic, he could become a small child and entertain her for hours.

He taught her how to bicycle and how did all the work of running behind her when she was learning to balance on the wheels. That was a lot of work… running behind a school kid on a bicycle who is forever ready to topple and fall – but he did it all the same! He stood by her in all her difficult times. He would attend all the PTMs at school with sincerity. If her grades ever slipped, he never reprimanded her for not getting good grades. Instead, he always taught her how to approach the same problem in a different way and solve it.

School admissions, college admissions, college projects – he would be there to see her through it all! 

 He always taught her life’s most important lessons. As she grew up, he taught her how to dress up well, be smart, study smart, and to be a totally “out-of-the-box” thinker. He always wanted her to be “smart” and “independent”!!

He was a terrific orator. He could keep her and all her friends spellbound with his talks and witty anecdotes. 

Are you nodding your head and thinking the same thing(or similar things) about your father too? 🙂

No wonder there is a saying “No one can love a girl as much as her father”!! Fathers are great – whether they are fathers of daughters or sons -aren’t they? 🙂

What is your father story? How was this quote about fathers?

This post is for alphabet ‘F’ of #BlogchatterA2Z. The previous post can be found here

ByJayanthi

Everyday ‘security’!

Reading Time: 2 minutes

This is one of the interesting and common questions  that I have encountered on Quora – “How do we implement security in everyday life?(without any technical background)”

1.We do not have to share our location all the time. Agreed, it is fun to share every once in a while, but sharing regularly, definitely might put you on a malicious person’s radar. So, it is good not to share location on social media. It is also good to turn off ‘location’ on your phone except when using ride-sharing services or food ordering services(or similar to those options)

          LOCATION SHARING SHOULD BE TURNED OFF UNLESS NEEDED!!

2. It is also wise not to share personal pics on social media too frequently. If we have to share, it is imperative to set the option to ‘private’.

           SHARING OF PERSONAL PICS SHOULD BE SET TO ‘PRIVATE’ OR LOWEST LEVEL

3. It is good to put a profile picture that does not reveal too much of your personal life. India runs on Whatsapp groups – but did you know, Whatsapp profile pics can be downloaded to your phone?  In that regard, it is always wise to set Whatsapp profile pic visibility to ‘My contacts’ only.

          SET NEUTRAL PROFILE PICS OR PROFILE PICS THAT DO NOT REVEAL YOUR WHOLE LIFE!

4. It is good to not accept stranger requests on social media. It might be good for business purposes but if you are going to be divulging any personal information avoid it all costs. Cyber-stalking is very easy to do – just following you around on different social media channels can help anybody to create a whole persona of you!!

            DON’T ACCEPT STRANGER REQUESTS ON SOCIAL MEDIA

Other common security information:

5. Please do not share any of your passwords or PINs of your bank accounts or financial accounts to anybody on the phone.

6. Set a screen lock for your smartphone( for both Android or iPhones)

7. Do not click on unknown links in emails(anything that says “You are a millionaire” or “You have won the lottery” is definitely fake and is definitely a trap to part with your personal information)

7. For all types of devices and social media – go to the ‘Security’ configuration and configure it appropriately

8. Do not share credit card information if SSL is not enabled(SSL is the green padlock on the top left side of screen)

These are all the things that I can think of for now… have I missed anything? ‘Everyday security’ is omnipresent, isn’t it? 🙂

This post is for alphabet ‘E’ for  #BlogchatterA2Z. The previous post can be found here.

ByJayanthi

Digital forensics

Reading Time: 2 minutes

Forensics is identifying, investigating and collecting evidence in a scene of crime. The information collected is then used for legal purposes. We extend this to ‘Digital forensics’ which again deals with identifying and investigating information but is now related to digital media. Professionals who are engaged in the ‘digital forensics’ field, recover information collected from digital devices such as pen drives, laptops, mobile phones which can be used to solve various crimes.

Thus,  ‘Digital Forensics’ is the art of identifying, collecting and studying digital and computer evidence which can be used in the court of law. Forensics is related to law and therefore ‘Digital Forensics’ is related to analyzing digital data and presenting them as evidence in legal matters. There are several sub-disciplines within ‘Digital forensics’ namely computer forensics, network forensics, mobile device forensics and more.

‘Digital Forensics’ may be used in cases where there are issues related to copyright infringement, piracy, destruction of information and fraud.  In India – there is always the case of question paper leak before any major exam and it is possible that ‘digital forensics’ can be used to find the source of the paper leak!

Skills required to get into the ‘digital forensics’ domain:

Along with basic communication skills, analytical skills, and a Bachelor’s degree in Computer Science or Information security will always be good starting point. In addition, it would be good to acquire one or more of the following certifications:

  1. GCFA (GIAC Certified Forensic Analyst)
  2. GCFE (GIAC Certified Forensic Examiner)
  3. CHFI (EC-Council Computer Hacking Forensic Investigator

This post is for alphabet ‘D’ of #BlogchatterA2Z. The previous post can be found here.

 

ByJayanthi

Cyber-bullying

Reading Time: 3 minutes

The Internet and social media have a very powerful grip on most of us today. Bill payment, shopping, connecting via social media, chatting, gaming –  more and more things are being done online now. Combine the Internet with the use of mobile devices and we are forever hooked onto those devices! 🙁

Although most users of the Internet are adults who are above the age of 18, there are also several underage social media users since it is easy to get into any social media platform by the mere click of a mouse(with or without parents knowledge/consent! :))

Underage social media users might find the Internet truly mesmerizing. They visit gaming chat rooms, interact with strangers online, give away many of their personal details just by sitting right next to you! (and you might be totally oblivious to it!)  Most social media platforms require you to be at least 18 years of age to begin using their site – but there is no concrete way to enforce this. This in effect brings several young, nubile users to the social media scene.

The young cyber users might be spending more time online and foraying into newer websites and before they know it – they might slowly start getting “picked on” or made to feel bad. They may not even realize that they are getting “cyber-bullied” because unlike, physical bullies – “cyber bullies” are invisible and most of the activities are happening online.

What is “Cyber bullying”?

As with traditional bullying, scrupulous elements resort to malicious ways to make the innocent children feel bad. “Cyber-bullying” is making use of digital means(SMS, chat messages, various social media platforms) to mentally harass a teenager or a young individual. The anonymous nature of the Internet fuels cyber-bullying even more. As an underage child/teenager sits glued to the electronic devices, they are harassed and tortured mentally and might not be aware of it too. These are some ways that cyber bullying can happen:

  1. Posting distasteful pictures(without the person’s consent)
  2. Posting rude or untrue comments 
  3. Online threats
  4. Faking an online identity
  5. Harassing a person online(“Do this for me or I will shame in front of your friends”)
  6. Driving a person to suicide(example, “Blue Whale challenge”)

What are some signs that a child is being “cyber bullied”?

  1. Keeping to themselves
  2. Withdrawal from social activities
  3. Mood changes
  4. Acting different

How do we help a child who is being cyber bullied?

  1. Detection and acknowledgement is always the first cure. It is essential for parents to have all communication channels open with their children.
  2. Children should be given adequate knowledge about the pros and cons of the Internet and “cyber bullying”.
  3. Parents should also be keep up with the latest technological trends and stay in the digital “loop”(you have to keep tabs on them without being excessively “nosey”!! :))
  4. Once it is detected that a teenager is being bullied online, good to “block” the person on different social media channels
  5. Everything should be reported ASAP to parents or an appropriate person (if anything happens)
  6. If necessary, the matter should be reported to the appropriate social media providers
  7. In extreme cases, law enforcement may also have to be involved.

This post is the alphabet ‘C’ of the #BlogchatterA2Z challenge. The previous post can be found here

 

ByJayanthi

Better late than ever!

Reading Time: 1 minute

Lakshmi had just been married. She loved studying and wanted to pursue higher education. There were good universities at the place where she stayed too. But things just did not work out for her to study then. There were other obstacles along the way too. Then, they moved from location to another to another. There were 2 more little characters in the story too! This new world kept her absorbed in its grasp. Thoughts of studying were delegated to the most distant corner of her brain. She did not know whether they existed at all!

And one fine day, when her younger one was 2, she heard an advertisement on the radio for higher education and then applied for the Master’s program. She knew she had to study then or it would be never!

There were many thoughts on why she would want to study after 2 kids from different people…

But better late than never, right? 🙂 And she “had” to do it…

Incidentally, she did complete her Master’s program through God’s grace and was finally happy that she accomplished the goal that she was chasing for almost 12 years!

What about you – have you been thinking of doing something and did you finally get to do it? Hurray for you!! 🙂 And always ‘BETTER LATE THAN EVER’, know?!! 🙂

This is the second post for the #BlogchatterA2Z. The first post can be found here.

 

 

 

ByJayanthi

Authentication

Reading Time: 2 minutes

The month of April has arrived and #BlogchatterA2Z has begun!! I will be participating again this year and hope to write and write about my favorite topic – Information security and will squeeze some famous proverbs too! Shower my blog with love as I sail through April!! Let’s begin….

We all have a life outside Facebook, Whatsapp, and Twitter – but we have forgotten the password for it’! 🙂 goes the latest security quote that shows the importance of passwords and authentication.

We live in a world where we are authenticating ourselves all the time! Did you know? You enter the ‘username’ and ‘password’ and boom! you are inside a particular website. So, now what is authentication exactly? ‘Authentication’ is proving who you are to the system to access the appropriate resources. The most popular way to authenticate yourself is through the classic ‘username and password’ combination. As an example, in order to access any social media site you enter your ‘username’ and ‘password’. The ‘username’ and ‘password’ are compared against an existing database and once they match, the username is allowed to access the resources. This is a simplified process of authentication.

Three factors that influence ‘authentication’:

There are three factors that ‘authentication’ is based on – something that you have(smartphone or laptop or tablet), what you know(password) and what you are(biometrics) 

Strong authentication makes use of two factors . The username-password combination makes use of – something that you have(namely laptop or smartphone) and something that you know(password)

Biometrics:

Since the classic username and password combination might be fraught with different types of difficulties, authentication of a user can also be established by making use of ‘biometrics’. ‘Biometrics’ makes use of the physical features of a person(like fingerprint, retina) to perform authentication.

But it must be noted that ‘biometrics’ alone cannot be used to validate a user – it has to be coupled with another factor of authentication to validate the user.

We saw the concept of ‘authentication’ in this post…stay tuned for alphabet ‘B’ tomorrow…

 

 

ByJayanthi

Theme Reveal – A to Z Challenge 2019!

Reading Time: 1 minute

I had participated in the A to Z challenge hosted by Blogchatter last year and it was awesome! This year around, as the news was buzzing around – I knew I would be participating again… why – because I enjoyed writing and reading!! 🙂 Last year my theme was technical posts along with personal thoughts…

This year, as the day of theme reveal drew near, I was still racking my brains on a theme… there was “this” thought, then there was “that” thought…finally, I think I may have figured what my theme will be…there will be technical posts infused with personal thoughts – but my personal thoughts will border on proverbs that touched me in my life.

 

So, keep me motivated by reading and commenting on my posts! 🙂 

See you on the sunny side of April!! 🙂

Note: ‘A to Z challenge’ is when we write posts for each letter of the English alphabet – as an example , ‘A’ for authentication, ‘B’ for biometrics and so on…

ByJayanthi

Is the Indian education system good enough?

Reading Time: 3 minutes

There are different ways to study – but the the Indian system of studying still relies mostly on memorizing (hopefully with some understanding! :))  Most schools in India have a textbook for each subject(or many textbooks might be prescribed for a single subject too) and there will be a notebook(s). These are some ways to study that is followed in a majority of schools in India even today:

  1. A chapter is completed
  2. Questions given at the back of the chapter will be discussed
  3. The answers will be written in the notebook
  4. In addition, ‘Fill-in-the blanks’, ‘Give reasons’, ‘Make sentences’, ‘meanings’, ‘opposites’ are some sort of exercises that will additionally be done.

Schooling in the US:

Now, contrast this with the US education system which we were a part of, for about 9 years. All my son took to his elementary school was just a simple folder and all he got as homework was just a Math worksheet till 3rd grade…!! 🙂 Now things might have changed after middle school but the US way of studying is fundamentally different from India’s and children are equally smart and intelligent here and there. The US and Western means of education rely predominantly on research and tabulating the findings by means of writing. Research, practical skills and writing skills are an important part of Western education right from a young age. 

Indian system:

Now coming back to the Indian system, there are several ‘naysayers’ and ‘ayesayers’ for the Indian education system which include the two main boards, CBSE and ICSE – while, which board you choose for your child depends on you, it is all but certain that they have to face the board exams at the same time ie. in grade X and grade XII.

With the Indian Xth and XIIth grade board exams currently underway in all of India – we always come to the ultimate  question:

‘How good is the Indian education system’?

Is memorizing way of studying good enough?

Are the students only memorizing or are they understanding and studying as well?

With this type of education system, how do they manage in corporate environments later in life?

The reality as I see it:

Interestingly most of them do well in life and corporate environments later in life. Most of the Indian students adjust very well to Western education system as they migrate to foreign countries for higher degrees too. Since the medium of instruction is English for many of us in India, most do research and write papers with ease. They acclimatize easily and get top grades too.

They also get good job offers from organizations abroad and most of them adapt very well there too…

 Now, our education system is not too bad…is it? 🙂 

Seriously though, learning anything new is hard and memorizing and studying it is even harder. The sheer volume to study by means of memorizing petrifies many students and creates an ugly feeling of learning.

The memorizing way of studying has to be overhauled as it is quite stressful for the children who go through it especially at higher grades.  But change never happens in an instant and is a constant and gradual process.. and I can already see a lot of changes with e-learning industry (like BYJUs) slowly creating its footprint to make the students understand the concepts much more clearly. 

Here’s to better education for India and making learning a much more pleasant experience for the students… 🙂

 

ByJayanthi

Kerberos Authentication protocol

Reading Time: 3 minutes

We have already discussed about Cryptography and Caesar cipher‘. In this post we will explore more about Cryptography by discussing the application of Cryptography – ‘Kerberos authentication protocol’. In today’s insecure online and distributed environment we need stronger authentication mechanism than the classic username/password combination. 

Introduction:

‘Kerberos’ was developed in MIT as part of a project named ‘Athena’. Kerberos is a three headed dog in Greek mythology which was used to guard the underworld. The electronic version of Kerberos or the Kerberos authentication protocol is used to guard user’s online data and keep hackers at bay. The Internet being a place which does not hold the three tenets of Information Security – Confidentiality, Integrity and Availability – needed stronger cryptographic algorithms to ensure user’s online privacy. The Kerberos network authentication protocol was created to uphold the three tenets by making use of symmetric key cryptography. Recall: In Symmetric key cryptography, the same key that is used to encrypt data is used to decrypt data as well. 

The Kerberos authentication protocol is used to prove your identity in a client/server interaction by making use of “tickets”. Kerberos version 4 was created by Steve Miller and Clifford Neuman. Version 5 release 1.16.3 is the latest version  It was created by John Kohl and Clifford Neuman. Kerberos is freely downloadable from the MIT website under copyright permissions. It is also available as a professional product by many vendors. Kerberos is based on the Needham-Schroedar protocol.

 

Necessity of Kerberos:

Kerberos was created to overcome the following threats in an open distributed network environment:

  1. A user may masquerade as another user and access the privileges and rights on the new user’s workstation
  2. A user can change, modify and alter the network address of other workstations
  3. A user can also “snoop” and overhear conversations and gain an entry into servers(Stallings)

Description:

Here is an extremely high level working of the Kerberos authentication protocol ….the important terms to be aware of before we start discussing the working of Kerberos:

KDC – Key distribution center

TGS – Ticket Granting Service

  1. A user logs onto a client machine, enters his credentials and requests some services. Now, the username alone is transmitted to the  KDC server(the password is transformed into the key of a symmetric cipher and kept at the user’s machine) After matching username with the KDC database, the KDC server creates the TGT (Ticket Granting Ticket – which is encrypted by the user’s key)

     2.  The client receives the encrypted TGT.  Recall that Kerberos makes use of symmetric key cryptography. Hence, the encrypted TGT that is received is decrypted using the user’s key(the user’s key is stored in the user’s machine)

      3. The TGT stored on the machine will enable a session with the server for a specified amount of time

      4. In order to communicate with the server and request more services, the client will use the TGT and ask for a specific service from the KDC server

Conclusion:

This is just a simplified version of the Kerberos authentication protocol. It can be inferred from the above description of the Kerberos authentication protocol that the entire functioning is based on “tickets” and encryption and decryption using symmetric key cryptography. No passwords were sent in the entire client/server interaction. It is hoped that stronger authentication standards will be adopted by the industry.

Bibliography:

Kerberos. (n.d.). Retrieved May 7, 2014, from Wikipedia.org: http://en.wikipedia.org/wiki/Kerberos_(protocol)#Further_reading

Cryptography and Network Security. In W. Stallings.

What is kerberos and how does kerberos work, from https://www.slashroot.in/what-is-kerberos-and-how-does-kerberos-work