X-Blogs Series Part 2: Sibbal Inside Advaiya | Basic Network security concepts & what they mean to Advaiya.
Mr. Sibbal: First year student, XYZ Private Engg. College, Udaipur, who known nothing about IT (but pretends as if he is the IT minister of India). But he is very curious guy, and likes to explore new places and know new technical things.
Mr. V. Soni: Employee, Advaiya
Mr. A. Matta: Employee, Advaiya
Mr. S. Koduri: Employee, Advaiya
Mr. H. Thakur: Employee, Advaiya
Mr. V. Gupta: Employee, Advaiya
Mr. A. Paliwal: Employee, Advaiya
Mr. A. Mahalik: Employee, Advaiya
Ms. R. Chaudhary: Employee, Advaiya
Mr. S. Joshi: Employee, Advaiya
Mr. V. Saxena: Employee, Advaiya
Mr. X: A suspicious character; people call him a living encyclopedia of all IT security knowledge.
After the quick round of introductions, Mr. X asks the members of Anonymous-X team to provide some basic idea about what the team is doing.
Mr. Soni: Well, here in Advaiya, we are having various activities and events related to Ethical Hacking. This includes series of workshops, knowledge sharing sessions and a grand Hackethon event. This covers a good amount of learning and sharing of web & system security and ethical hacking tools and techniques. This brings out the hacker inside everyone here, and displays our creativity & knowledge to others.
Mr. Sibbal: This sounds really interesting.
Mr. X: Yes, it is. And that’s why I knew this is the right place for you to know more about IT security.
Mr. Soni: Now as our friend Mr. X told us, you are here to know something about IT security. If you want, we can touch base some of the basic IT security concepts in very simple terms. So what would you like to know first?
Mr. Sibbal: Well, maybe we can start with something about the network security. (But Mr. Sibbal skips the fact that this is the assignment he has to submit for his academics).
Mr. Soni: For Network Security, Mr. Matta has done lot of research here. So he is the right guy to explain you about this topic.
Mr. Matta: Network security, in very layman terms, can be referred as strategy for sending and receiving messages across a jargon of computers or other devices in a safe, secure and integrated manner. When we say safe (or authentic), we mean that the message is delivered to the desired receiver only, and is not lost or misplaced. For this, we can use simple authentication techniques, where the receiver of the message must prove his identity. When we say secure (or secrecy), it means that even if the message goes into wrong hands, he or she should not be able to understand it. For this, the message can be sent in some encrypted form, which only the sender and receiver can decrypt. When we say integrity (or message integrity), we mean that the message should be not be altered by any means during the transmission. Mr. James F. Kurose and Keith W. Ross have explained the same thing in their famous book on computer network, titled “Computer Networking: A Top-Down Approach Featuring the Internet”.
Mr. Sibbal: Oh Yes. My college seniors had once told me, that we have a complete subject on the topic “Computer Networks”, and we will be referring this book from Kurose-Ross only.
Mr. Gupta (who has very recently read the book in his on-going academics): Exactly! You will be reading the detailed concepts of Network Security, including principles of cryptography, Authentication methods, Integrity, Key Distribution and Certification, secure emails etc.
Mr. Sibbal: Frankly speaking, this sounds boring again.
Mr. Gupta: Then maybe I should tell you about some interesting part, about few fictitious characters Alice, Bob, and Trudy. Bob and Trudy are in love, and want to send secret messages to each other. But Trudy the-vamp does not like this. She always tries to obstruct their communication in all possible ways. Now Bob and Alice need to device secure ways to communicate with each other, without letting Trudy know what they are talking about.
Mr. Sibbal: Hmm…Now this sounds interesting.
Mr. Matta: In one of the recent events that were organized during Hackethon, various teams here had devised/used different encryption techniques to encrypt messages. The aim was to transmit a message to their team-mates without letting others know the actual message. And all the encryption algorithms were really very interesting, and every one enjoyed it a lot. To read and know more about the various encryption techniques devised by all the team, you can visit this link.
Mr. Sibbal: I got it now. But how exactly this thing relates to us here?
Mr. Soni: Alright. So let’s look at the practical applications of Network Security in Advaiya. Here, we work on various collaterals in different projects for different vendors. For these, clients often provide us with some confidential information, which they have not even released to the market yet. This includes new project prototypes/products (like Klab lab, Locus etc.), specifications of products that are not even launched (like Windows 8) or even the complete enterprise architecture models (IO Model), which they want us to work before they launch into market. And securing that information is one big concern of our organization. In order to ensure this, we are using some security techniques like firewalls, antivirus, user authentication, role based access, password protection.
Mr. Koduri: And although we are not doing currently, but if required, we may also adopt the advanced level concepts, like encryption and password protection of all documents, so that even if the documents somehow leaks out of the premises, the information remains safe and secure. We may also adopt some more secure network devices like crypto-capable routers or may be synchronize the existing bio-metric system with the Active Directory and use fingerprint mechanism for accessing internal portals and files.
Mr. Saxena: We can also try PKI Architectures, SSL Certificates here. In fact, I have written interesting articles about the PKI architectures and SSL Certificates for this event itself. I think you should read that too.
Mr. Thakur: May be we should put these ideas in the suggestion box in the next monthly townhall sync.
Mr. X: This won’t be that easy Mr. Soni. For adopting any new security system, do need to consider a lot of factors, including economy. I have myself explained few of the members of your event about the concepts like Denial of Services and Single Sign-On . Please read the blogs for more details for the same.
Mr. Thakur: Putting suggestions is our responsibility, and we should be doing this. Taking appropriate actions based on those, I leave it up to the management. They know well what is best suitable for the company.
Mr. X: Alright, that is absolutely correct. So Mr. Sibbal, what is the next thing that you would want to know about.
Mr. Sibbal: Hmm. I am using a mobile phone for browsing internet, but I really don’t know much about securing it. I would like to know some more about mobile security.
Mr. Mahalik: But before that, I would like to have a small break. Let’s have some coffee in the cafeteria, and we will discuss more about mobile security there only.