X-Blogs
Series Part 2: Sibbal Inside Advaiya | Basic Network security concepts & what
they mean to Advaiya.
Characters involved:
Mr. Sibbal: First-year student, XYZ Private Engg. College,
Udaipur, who knows nothing about IT (but pretends as if he is the IT minister
of India). But he is a very curious guy and likes to explore new places and know
new technical things.
Mr. V. Soni: Employee, Advaiya
Mr. A. Matta: Employee, Advaiya
Mr. S. Koduri: Employee, Advaiya
Mr. H. Thakur: Employee, Advaiya
Mr. V. Gupta: Employee, Advaiya
Mr. A. Paliwal: Employee, Advaiya
Mr. A. Mahalik: Employee, Advaiya
Ms. R. Chaudhary: Employee, Advaiya
Mr. S. Joshi: Employee, Advaiya
Mr. V. Saxena: Employee, Advaiya
Mr. X: A suspicious character; people call him a living
encyclopedia of all IT security knowledge.
After the quick round of introductions, Mr. X asks the
members of Anonymous-X team to provide some basic idea about what the team is
doing.
Mr. Soni: Well, here in Advaiya, we are having various
activities and events related to Ethical Hacking. This includes a series of
workshops, knowledge sharing sessions, and a grand Hackathon event. This covers
a good amount of learning and sharing of web & system security and ethical
hacking tools and techniques. This brings
out the hacker inside everyone here, and displays our creativity &
knowledge to others.
Mr. Sibbal: This sounds really interesting.
Mr. X: Yes, it is. And that’s why I knew this is the right
place for you to know more about IT security.
Mr. Soni: Now as our friend Mr. X told us, you are here to
know something about IT security. If you want, we can touch base some of the
basic IT security concepts in very simple terms. So what would you like to know
first?
Mr. Sibbal: Well, maybe we can start with something about network security. (But Mr. Sibbal skips the fact that this is the
assignment he has to submit for his academics).
Mr. Soni: For Network Security, Mr. Matta has done a lot of
research here. So he is the right guy to explain to you about this topic.
Mr. Matta: Network security, in very layman terms, can be
referred to as a strategy for sending and receiving messages across a jargon of
computers or other devices in a safe,
secure, and integrated manner. When we say safe (or authentic), we mean that
the message is delivered to the desired receiver only, and is not lost or
misplaced. For this, we can use simple authentication techniques, where the
receiver of the message must prove his identity. When we say secure (or
secrecy), it means that even if the message goes into the wrong hands, he or she
should not be able to understand it. For this, the message can be sent in some
encrypted form, which only the sender and receiver can decrypt. When we say integrity
(or message integrity), we mean that the message should be not be altered by
any means during the transmission. Mr. James F. Kurose and Keith W. Ross have
explained the same thing in their famous book on computer networks, titled “Computer
Networking: A Top-Down Approach Featuring the Internet”.
Mr. Sibbal: Oh Yes. My college seniors had once told me,
that we have a complete subject on the topic “Computer Networks”, and we will
be referring to this book from Kurose-Ross only.
Mr. Gupta (who has very recently read the book in his
on-going academics): Exactly! You will be reading the detailed concepts of
Network Security, including principles of cryptography, Authentication methods,
Integrity, Key Distribution, and Certification, secure emails, etc.
Mr. Sibbal: Frankly speaking, this sounds boring again.
Mr. Gupta: Then maybe I should tell you about some
interesting part, about a few fictitious characters Alice, Bob, and Trudy. Bob
and Trudy are in love and want to send secret messages to each other. But
Trudy the-vamp does not like this. She always tries to obstruct their
communication in all possible ways. Now Bob and Alice need to device secure
ways to communicate with each other, without letting Trudy know what they are
talking about.
Mr. Sibbal: Hmm…Now, this sounds interesting.
Mr. Matta: In one of the recent events that were organized
during the Hackathon, various teams here had devised/used different encryption
techniques to encrypt messages. The aim was to transmit a message to their
team-mates without letting others know the actual message. And all the
encryption algorithms were really very interesting, and everyone enjoyed it a
lot. To read and know more about the various encryption techniques devised by
all the team, you can visit this
link.
Mr. Sibbal: I got it now. But how exactly this thing relates
to us here?
Mr. Soni: Alright. So let’s look at the practical
applications of Network Security in Advaiya. Here, we work on various
collaterals in different projects for different vendors. For these, clients
often provide us with some confidential information, which they have not even
released to the market yet. This includes new project prototypes/products (like
Klab lab, Locus, etc.), specifications of products that are not even launched
(like Windows 8) or even the complete enterprise architecture models (IO
Model), which they want us to work before they launch into the market. And securing
that information is one big concern for our organization. In order to ensure
this, we are using some security techniques like firewalls, antivirus, user
authentication, role-based access, password protection.
Mr. Koduri: And
although we are not doing currently, if required, we may also adopt the
advanced level concepts, like encryption and password protection of all
documents, so that even if the documents somehow leaks out of the premises, the
information remains safe and secure. We
may also adopt some more secure network devices like crypto-capable routers or
may synchronize the existing biometric system with the Active Directory and
use a fingerprint mechanism for accessing internal portals and files.
Mr. Saxena: We can also try PKI Architectures, SSL
Certificates here. In fact, I have written interesting articles about the PKI
architectures and SSL
Certificates for this event itself. I think you should read that too.
Mr. Thakur: Maybe we should put these ideas in the
suggestion box in the next monthly townhall sync.
Mr. X: This won’t be that easy Mr. Soni. For adopting any
new security system, do need to consider a lot of factors, including the economy. I
have myself explained a few of the members of your event about the concepts like Denial
of Services and Single
Sign-On . Please read the blogs for more details for the same.
Mr. Thakur: Putting suggestions is our responsibility, and
we should be doing this. Taking appropriate actions based on those, I leave it
up to the management. They know well what is best suitable for the company.
Mr. X: Alright, that is absolutely correct. So Mr. Sibbal,
what is the next thing that you would want to know about?
Mr. Sibbal: Hmm. I am using a mobile phone for browsing the internet, but I really don’t know much about securing it. I would like to know
some more about mobile security.
Mr. Mahalik: But before that, I would like to have a small
break. Let’s have some coffee in the cafeteria, and we will discuss more mobile security there only.
Whole Team: Great Idea. We like that. Let’s move.
(Continue to X Blogs - The Series - Part 3 or Read the X Blogs - The Series - Part 1)
(Continue to X Blogs - The Series - Part 3 or Read the X Blogs - The Series - Part 1)
No comments:
Post a Comment