Information Security,

With the proliferation of automated hacking toolkits and amusement that news channels create when some popular website gets hacked or defaced, every IT guy have heard of "security" at least as many times as it is sufficient to  make it sound boring.  Many researches held at universities across the globe shows good correlation between poor employee engagement with poor interest in efficiently fulfilling their jobs. Similarly there are some researches that emphasize on the phenomenon that effective security depends on employee engagement rather than hard compliance. With all of this taken into consideration it is not that difficult to say that talking about security more than required number of times can make situation worse. The problem that organizations are facing today can become daunting with more and more noise about  security. It is high time for CXOs to maintain a balance and keep providing filtered information about security at right time and amount. No o...

"Loneliness, Fear, Dreams, Goals, Motivation and Inspirations" , these were the array of thoughts that used to wake me up in the mornings when I was striving to be an Engineer. I still remember that how depersonalized I felt, the days were like dreams to me and I felt numb. I was left empty without any emotions and I was not even able to feel my soul. And one day my eyes rolled on some notice at any notice board near my classroom. It was to inform that we would be going to get up to 1 GB of Internet data every day in our hostels. Without wasting a single more minute, I rushed to my room and flipped the flap of my PC and Viola! I was downloading something that I was reading about in previous months. That something was called "Backtrack- Linux"[aka Kali Linux]. From that day till today I am with it and not planning to leave it, because it has made my boring journey to a series of beautiful voyages.

The last P@$$w0rd! that you were bragging about in your mind has a very different reality . Stronger Password Policy that forces users to  use symbols, uppercase , numbers and lowercase characters is losing its very purpose to make it more time consuming for an adversary to crack it. According to a research done in Carnegie Mellon University,  most user choose (!,@,#,$) to comply with so called "stronger password policy" to use a symbol which make it easier for attacker to guess the password  and defeat the very purpose . The point that i want to make is :- Please don't choose a password that first come to your mind !

Approximately every business organization need IT ( Information Technology ) to drive success and growth. Most of those organization follows some business processes. People in those organization know how to set goals, organize their activities and drive quality into delivery of product and services. This is all done to achieve certainty, predictability and reliability to make sound decisions.  When it comes to IT department that support those organizations, very few follow any sort of guidelines to make it certain and reliable. COBIT (Control Objectives for Information and Related Technology) enables organization to manage IT in a similar way as they manage other activities of organization. COBIT provides guidance on how to organize activities that relate to IT within all business activity properly. There are three key cards 1) Process Model 2) Best Practices 3) Management Tools Process Model:-   It helps enterprise to understand the nature of all these activitie...

If you are a movie lover and have watched any of those war movies where the villain is going to launch nuclear attack and he needs multiple secret codes for it and all of a sudden he finds that no single person have access to all of the codes, then you have already witnessed "Access Control" ! What is Access Control?  Access control ensures that resources are only granted to those who are entitled to them. Basically  there are two entities , one is "Subject" and the other  is "Object". In a general scenario a subject wants to access an object and for that purpose different access control mechanism are there to apply. There are different type of access controls:- Technical :- Various Access control mechanism like passwords,smart cards, Biometrics,  etc Physical :- Can be  Preventative like putting a door, a guard dog etc to control the access or it could be detective like installing a camera,motions sensors etc to detect access. Administra...

IT is not illegal to watch adult pornography in India but it is illegal to transmit or publish it. Following is a more precise definition according to Section 67 of the  IT Act :- Whoever  publishes or transmits or cause to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having  regard to all circumstances, to read, see or hear the matter contained or embodied in it, shall be punished . Child Pornography: IT is illegal to create, collects, seeks, browses, downloads, advertises, promotes watch, transmits, material in electronic form which depicts children engaged in sexually explicit actor conduct. What i infer from the IT Act that if you are engaged in child pornography or abuse online directly or indirectly you are committing a crime. I have just given some over view through my understanding of the IT Ac...

Five myths that are popular in India about Information Security:- 1.  Information Security is all about Hacking. Most of the students in India think that studying information security is nothing but learning ethical hacking. This is a very popular myth among youngsters.The reality is quite different,  Information security take care of  technology and compliance both, these includes information security audit of different security standards like PCI-DSS and ISO 27001 etc. It also includes things like Data Protection Act, Sarbanes-Oxley Act , IT Act 2000 etc. Vulnerability assessment and penetration testing is very popular ingredient of information security. To know more visit SANS Institute . 2. Vulnerability assessment and Penetration testing is only about technology. When i was in first year of my engineering schools and got to know about Vulnerability Assessment and Penetration Testing(VAPT) i thought it is just about hacking with technology, but the trut...

What one should learn before practicing Vulnerability Assessment and Penetration Testing. One should have thorough understanding of at least one of the operating system out there in the market. I prefer Linux based operating system but there are others also. Basic understanding includes knowing about, how does an operating system starts, when does kernel gets loaded, what is boot loader, what is 'init' process, when does network services start etc.  Knowledge of computer networks is also indispensable. You should know what is a network, network protocol, TCP/IP suite, what exactly happens when a network interface card is turned up etc. I mean you should be able to know how things work.   Learn about the database systems and get your hands dirty with query languages like  SQL and others. Having a functional knowledge of databases system, will make it easy for you to practice against web applications. One last point that i want to make is that if you have...