X Blogs - The Series - Part 2

(Story Continues from X Blogs - The Series - Part 1)

X-Blogs Series Part 2: Sibbal Inside Advaiya | Basic Network security concepts & what they mean to Advaiya.

Characters involved:

Mr. Sibbal: First-year student, XYZ Private Engg. College, Udaipur, who knows nothing about IT (but pretends as if he is the IT minister of India). But he is a very curious guy and likes to explore new places and know new technical things.

Mr. V. Soni: Employee, Advaiya

Mr. A. Matta: Employee, Advaiya

Mr. S. Koduri: Employee, Advaiya

Mr. H. Thakur: Employee, Advaiya

Mr. V. Gupta: Employee, Advaiya

Mr. A. Paliwal: Employee, Advaiya

Mr. A. Mahalik: Employee, Advaiya

Ms. R. Chaudhary: Employee, Advaiya

Mr. S. Joshi: Employee, Advaiya

Mr. V. Saxena: Employee, Advaiya

Mr. X: A suspicious character; people call him a living encyclopedia of all IT security knowledge.

After the quick round of introductions, Mr. X asks the members of Anonymous-X team to provide some basic idea about what the team is doing.

Mr. Soni: Well, here in Advaiya, we are having various activities and events related to Ethical Hacking. This includes a series of workshops, knowledge sharing sessions, and a grand Hackathon event. This covers a good amount of learning and sharing of web & system security and ethical hacking tools and techniques.  This brings out the hacker inside everyone here, and displays our creativity & knowledge to others. 

Mr. Sibbal: This sounds really interesting.

Mr. X: Yes, it is. And that’s why I knew this is the right place for you to know more about IT security.

Mr. Soni: Now as our friend Mr. X told us, you are here to know something about IT security. If you want, we can touch base some of the basic IT security concepts in very simple terms. So what would you like to know first?

Mr. Sibbal: Well, maybe we can start with something about network security. (But Mr. Sibbal skips the fact that this is the assignment he has to submit for his academics).

Mr. Soni: For Network Security, Mr. Matta has done a lot of research here. So he is the right guy to explain to you about this topic.

Mr. Matta: Network security, in very layman terms, can be referred to as a strategy for sending and receiving messages across a jargon of computers or other devices in a safe, secure, and integrated manner. When we say safe (or authentic), we mean that the message is delivered to the desired receiver only, and is not lost or misplaced. For this, we can use simple authentication techniques, where the receiver of the message must prove his identity. When we say secure (or secrecy), it means that even if the message goes into the wrong hands, he or she should not be able to understand it. For this, the message can be sent in some encrypted form, which only the sender and receiver can decrypt. When we say integrity (or message integrity), we mean that the message should be not be altered by any means during the transmission. Mr. James F. Kurose and Keith W. Ross have explained the same thing in their famous book on computer networks, titled “Computer Networking: A Top-Down Approach Featuring the Internet”.

Mr. Sibbal: Oh Yes. My college seniors had once told me, that we have a complete subject on the topic “Computer Networks”, and we will be referring to this book from Kurose-Ross only.

Mr. Gupta (who has very recently read the book in his on-going academics): Exactly! You will be reading the detailed concepts of Network Security, including principles of cryptography, Authentication methods, Integrity, Key Distribution, and Certification, secure emails, etc.

Mr. Sibbal: Frankly speaking, this sounds boring again.

Mr. Gupta: Then maybe I should tell you about some interesting part, about a few fictitious characters Alice, Bob, and Trudy. Bob and Trudy are in love and want to send secret messages to each other. But Trudy the-vamp does not like this. She always tries to obstruct their communication in all possible ways. Now Bob and Alice need to device secure ways to communicate with each other, without letting Trudy know what they are talking about.

Mr. Sibbal: Hmm…Now, this sounds interesting.

Mr. Matta: In one of the recent events that were organized during the Hackathon, various teams here had devised/used different encryption techniques to encrypt messages. The aim was to transmit a message to their team-mates without letting others know the actual message. And all the encryption algorithms were really very interesting, and everyone enjoyed it a lot. To read and know more about the various encryption techniques devised by all the team, you can visit this link.

Mr. Sibbal: I got it now. But how exactly this thing relates to us here?

Mr. Soni: Alright. So let’s look at the practical applications of Network Security in Advaiya. Here, we work on various collaterals in different projects for different vendors. For these, clients often provide us with some confidential information, which they have not even released to the market yet. This includes new project prototypes/products (like Klab lab, Locus, etc.), specifications of products that are not even launched (like Windows 8) or even the complete enterprise architecture models (IO Model), which they want us to work before they launch into the market. And securing that information is one big concern for our organization. In order to ensure this, we are using some security techniques like firewalls, antivirus, user authentication, role-based access, password protection.

Mr. Koduri:  And although we are not doing currently, if required, we may also adopt the advanced level concepts, like encryption and password protection of all documents, so that even if the documents somehow leaks out of the premises, the information remains safe and secure.  We may also adopt some more secure network devices like crypto-capable routers or may synchronize the existing biometric system with the Active Directory and use a fingerprint mechanism for accessing internal portals and files. 

Mr. Saxena: We can also try PKI Architectures, SSL Certificates here. In fact, I have written interesting articles about the PKI architectures and SSL Certificates for this event itself. I think you should read that too.

Mr. Thakur: Maybe we should put these ideas in the suggestion box in the next monthly townhall sync.

Mr. X: This won’t be that easy Mr. Soni. For adopting any new security system, do need to consider a lot of factors, including the economy. I have myself explained a few of the members of your event about the concepts like Denial of Services and Single Sign-On . Please read the blogs for more details for the same.

Mr. Thakur: Putting suggestions is our responsibility, and we should be doing this. Taking appropriate actions based on those, I leave it up to the management. They know well what is best suitable for the company.

Mr. X: Alright, that is absolutely correct. So Mr. Sibbal, what is the next thing that you would want to know about?

Mr. Sibbal: Hmm. I am using a mobile phone for browsing the internet, but I really don’t know much about securing it. I would like to know some more about mobile security.

Mr. Mahalik: But before that, I would like to have a small break. Let’s have some coffee in the cafeteria, and we will discuss more mobile security there only.

Whole Team: Great Idea. We like that. Let’s move.
(Continue to X Blogs - The Series - Part 3 or Read the X Blogs - The Series - Part 1)