Learning Security with Mayur

“****, my system has been attacked by ransomware…” has been one of the most commonly said statements in this year alone… The last 12-18 months have seen ransomware evolve from a relatively small hacker operation into a global IT epidemic, and one of the most dangerous security threats facing enterprise organizations today. There is one good thing about ransomware too. It doesn’t discriminate!!! It will attack your system irrespective of the fact your organization is the leader or the follower… you work for greater good or bad.  Before we move further, a brief about ransomware. Ransomware is a type of crypto-malware used for cyber extortion. Ransomware holds a victim’s computer or their files hostage via encryption while demanding payment in exchange for decrypting the files and releasing access to the user’s device. Ransomware is usually spread through phishing attacks containing a malicious email attachment, infected program, or link to a compromised website. Ransomware attacks

While multiple modes of communication have mushroomed in the past few years, the good old fashioned email remains the top means of communication for the businesses. It also remains the top priority for all social engineers out there who come up with new creative ways to use it to spread malware, enter into the networks or grab a bunch of high profile passwords. The numbers prove it all. Users sent 30 trillion emails in 2018 and around 92% of the malware was delivered through it. If the problem is so severe, why can’t we do something about it? Well, technology can help only to a certain extent. Post that we need to apply common sense which people seem to abandon the moment they step into the virtual world. When I was a kid, I remember, my mother told me not to open doors for strangers if I was alone. This good old fashioned advice seems relevant in the virtual world too. However, we just don’t seem to follow it. Here are 6 best practices/pieces of advice which can help your bu

Bob heaved a sigh of relief after he saw the mail. The payment had been processed and he had immediately received the payment confirmation from the vendor. It was the end of the month and he wanted no non-compliance on the part of his company towards payments of dues. In fact, Bob had looped in the finance department in the emails to ensure payment was processed immediately by the department post validation of invoice. The next day, he receives a call from one of his vendors, IAMVendor, to settle down the dues for this month. Bob tells them that the payment had already been made and in fact, IAMVendor had also sent them the payment confirmation message. In order to avoid any confusion, Bob decides to send them the payment confirmation as well as the invoice sent by them. The next day, Bob receives emails from other vendors too, asking for details as to when the payments will be processed. Bob calls up his finance department and asks them to check with their bank as to why has the

Once upon a time, there were three little pigs. Over time, the little pigs educated themselves. They came back to meet their mother before they went ahead and opened their new companies. Mother told them " Whatever you do, do it the best that you can because that's the way to get along in the world.” For the sake of simplicity, let’s name the three pigs - Harry, Ron and Sean. All three of them had different interests and hence went ahead to open up their companies in different sectors. All of them remembered what their mother told them - “Whatever you do, do it the best.” All three of them had brilliant ideas for their new startups. As they floated new ideas in the market and got a lot of VCs to support them,  but it also turned a lot of bad eyes towards them. One of them was the hacking group, “Bad Wolf” comprising of just 1 bad wolf at the moment. Harry had a new innovative idea of connecting doctors with patients. His mobile app collected the patient’s health info

October is here and that means it’s time to celebrate the cybersecurity awareness month. While the celebrations may last a month, it's important for us to follow basic cyber hygiene practices all the time of the year. Every year, millions of people are affected in some form or the other through cyber frauds, data breaches, cyberstalking, cyberbullying, phishing and much more. While we cannot say no to using the digital means in our day to day lives, we can surely, as the saying goes “look before we leap” or in this case “look before we click.” At mayurpahwa.com too, it’s time to celebrate the cybersecurity awareness and spread the message across the globe. Every individual should have access to the resources to make themselves safe and secure online. With this aim in mind, during the month, I would be putting up : 10 cybersecurity awareness fiction stories focussing on various themes such as social engineering, phishing, cyberbullying, frauds, data breaches etc. Free Info

There's nothing more comforting than indulging in a slice of homemade cake paired with a piping hot cup of coffee or tea. Sounds rejuvenating, right? Take the flour, eggs to beat, powdered sugar and a cup of milk. Follow the recipe and viola the cake is ready to eat... Are you wondering if the focus of this blog has shifted to food recipes rather than security? Well, that’s not the case. However, we can learn a lot from our kitchen friends and apply them to understand quite a few concepts of security. Today we will learn about the various cloud service models and how are they so similar to baking a cake. If you have not heard the term “cloud” , there is nothing to worry about. In the simplest of terms, you can consider cloud as “someone else’s computer - a very big one which has unlimited storage and processing capacity.” The official definition is as follows: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of con

Well , most people started talking about privacy only after GDPR came into existence. However , Samuel Warren and Louis Brandeis published “The Right to Privacy” in 1890 in the Harvard Law Review. They set forth the definition of privacy as “the right to be left alone.” This definition , although written in the context of the physical world can easily be extended to the digital world. Through this blogpost , lets try to understand the definition of privacy and its types. We will also explore the origins of privacy so as to better enable to understand the various laws and resolutions passed in this regard. Section 1 of the California Constitution says , “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring , possessing and protecting property, and pursuing and obtaining safety , happiness and privacy.” Hence , privacy has been defined as the desire of the people to freely choose the circu

Dear Readers, Your love and support are what drives me to move forward and find new ways to make this blog more engaging for you. As a constant endeavor to help you with the preparation of the certifications such as SSCP, CISSP, CompTIA Security +, CCSP, etc. I have now collaborated with Simpliv.  For those who are unaware, Simpliv is a global online learning marketplace similar to  Udemy. Simpliv believes that learning has no boundaries. It brings learning to any person who wants to learn, whether it is management, technology, life sciences or any other subject of interest. A belief which I share with Simpliv that lead me to choose them for launching my courses on this platform too. Currently, only 1 course on SSCP is live now on the platform. However, around 7-8 courses will be launching in a few weeks time. [ This post will be updated with links of new courses]. Sharing the link for the course. https://www.simpliv.com/itcertification/systems-security-certified-pr

The Recipe is simple. Setup a network. Add a bit of internet to the mix. To improve the taste, add firewalls, IDS, IPS, and some monitoring programs. It's time to divide the network so that it can be served as per the requirements of the guests. Segment one part while segregating the other. Viola… The dish is ready to be served. Well, the dish cannot be served unless and until we learn the differences between network segmentation and segregation. I find them confusing and maybe you would do it. If you do, let’s finish this confusion once and for all through this blog post. I would like to approach this through layman terms rather than confusing myself with all sorts of fancy terms and technologies. If you look at a hotel on a whole, it’s a big building. Now no one person would like to book the entire building completely. So in order to maximize the revenue, the hotel person segments or in a way divides this complete hotel into various smaller portions called rooms. These ro

Paul is flying on an airplane from Bangkok to Hawaii. While the air hostess serves him a glass of champagne, Paul enjoys the calmness of the clouds around him. His flight is about to land in another 20 minutes. The pilot is communicating with the air traffic controller at the Hawaii airport. However, he is not able to connect to him. The traffic controllers are not responding back to him. Meanwhile, frantic calls are underway with the President and other top ministers. The decision is YES. Yes to pay to the hacker whose ransomware has crippled the entire system and thousands of lives are at stake. If you feel that is fiction, it can be, but what is the guarantee that this cannot be a real scenario. In today’s age, everything is possible. We saw hospitals hacked in the UK through ransomware, metro rails displaying ransomware riddled messages, what’s stopping the airports or other critical infrastructure being hacked? The Threat Quantum Airports have always been highly targeted

A credit card sized computer remains hidden in a laboratory connected to its network for a period of 10 months. During these 10 months, the attacker was able to enter into the systems and applications that were not approved for access. The system administrators did not check as to what devices were connected on the network. The attacker then took advantage of the weaknesses in the laboratory’s network to remain undetected for 10 months, stealing 23 files in the process. Two of these files contained information on International Traffic in Arms Regulations, which controls the transfer of military and space-related technology, related to the Mars Science Laboratory Mission. If you are wondering if this is from a fiction novel or a TV series, you are wrong. This is the attack which has happened at NASA. Yes, you read it right. The world’s most advanced space lab was hacked due to an unauthorized Raspberry Pi computer connected to the JPL servers. Welcome to the brave new world wher

Time passes so quickly that it's hard to believe for me that another year has gone by and this blog is now celebrating its 2nd birthday. This journey started two years ago after the completion of my CISSP certification. The year has been full of love and support from all the readers across the globe. This year saw around 90+ posts written on various topics involving security. The focus was however in explaining various topics of CISSP and SSCP in the simplest manner possible. Cybersecurity awareness series, blockchain, DevSecOps, etc. were also focussed upon. There were some months where I slowed down, but what pushed me forward was the love and support from multiple readers across the world. The best thing for a blogger is when he receives a mail from one of the readers who says "Thank you for writing. Your blog has helped me a lot". There are many readers who helped me correct some of the anomalies in the free practice question section while some gave their valua

Heartiest congratulations to you, if you have provisionally passed the CISSP, SSCP or any other (ISC)2 certification. After spending weeks or even months preparing for one of the most difficult exams, you have that very sheet of paper in your hand which says: Dear XXX,  Congratulations! We are pleased to inform you that you have provisionally passed the Certified Information Systems Security Professional (CISSP®) examination. By passing this examination, you have completed the first of two steps toward earning your CISSP credential! Notice that it is mentioned that you have provisionally passed the exam. Although the most challenging task is over, there is one more hurdle before you get the CISSP certificate in your hand. What is it? Well, this post is all about that. The next step as is mentioned in the emailer/letter is that you need to get yourself endorsed and submit the requisite details. I have tried to create a step by step guide here to help you out. I

  If you are even remotely associated with the security or the software development world, you would have heard the term - DevSecOps or just DevOps. If not, you are surely living under a rock!! DevOps is one of the hottest trends in the software development world now. In this article, we will, however, focus on DevSecOps. Is it an extension of DevOps? We will learn and explore the details in this blog post. Grab yourself some popcorn and get ready to understand what DevSecOps is all about. Understanding and appreciating DevSecOps is like reaching a summit. You cannot reach the top until you start from the bottom and learn all about slowly and steadily. This post involves certain terms which are commonly used in software development. In case you feel unsure about the meaning of a particular term, just Google it. The software has become an integral part of our lives. From power grids to smartphones, all aspects of our lives revolve around software. But how do you develop software