Learning Security with Mayur

If you would like to send a letter to me, what would be the most important aspect for you to send it across? My address. If you would have observed, we usually write the address in a certain format – building number, followed by area, city, state and then the pin code. Why do we do that? To avoid confusion. In a similar fashion, computers when they need to talk to each other, need to use the addresses. The Internet uses the IP addressing scheme, through which each computer on the Internet is assigned an IP address and that can be used for communication. Now think, how would you communicate if these addresses go missing? Read on to find out. A long time ago, when the Internet came into existence, the concept of IP addresses came to life. This was called the IPv4 addressing scheme. This scheme involved the addresses being recorded as say, for example, 10.22.10.150. So every computer on the Internet got one such address. Over time, with the population explosion, the number of com

Try to read the sentence written after this statement - “ youwillpasscisspexamifyoustudyhard ”. Clearly, you need to focus on the letters and your mind will try to discern the different words for you. Similarly, if I speak to you without pausing, it would again be difficult for you to discern and understand what I am communicating. So irrespective of the way we communicate – verbal or written, we need to follow certain grammatical rules so that the other party is able to clearly discern and understand what is being said. These grammatical rules for the written language include punctuation symbols such as comma, semicolon, spaces etc. while for verbal communication we use various aspects such as pausing, hand gestures, tones.  In a similar manner, technological communication protocols also have their own grammar and synchronization rules when it comes to the transmission of data. We have two kinds of transmission ways – Synchronous & Asynchronous. Both of them utilize

We learned about the TCP protocol in the article “ Understanding TCP and UDP .” A brief mention was made in that article on the 3-way handshake process. Before we delve into that further, we must recapitulate about the TCP (Transmission Control Protocol).  TCP is a reliable and connection-oriented protocol, which means it ensures packets are delivered to the destination computer. If a packet is lost during transmission, TCP has the ability to identify this issue and resend the lost or corrupted packet.  Now, before any data is sent across, handshaking takes place between the two systems that want to communicate. Once the handshaking completes successfully, a virtual connection is set up between the two systems. It’s just like a high profile deal that gets signed. Just like in a deal, both the parties discuss on various parameters such as the financial settlement, payment of outstanding dues, shareholding etc., in a similar manner, the two hosts (systems or computers) must agr

Have you ever wondered what happens behind the scenes when you click a video on your favorite website? Or when you are trying to log onto a secure website? There are multiple protocols that run behind the scenes to help you out and allow you to watch that favorite video of yours or buy that dress which you longed for. Two such important protocols are TCP ( Transmission Control Protocol) and UDP (User Datagram Protocol). These are one of the two most common protocols used during networking and setting up a secure infrastructure. Multiple services run on the top of this protocol or in simple terms utilize their services. Before we go further and understand the technicalities involved, we must try to learn what happens in simple terms. Everything we work upon is actually one and zeros only in the computer universe. The data that is sent across from one computer to another is a bunch of ones and zeros flowing from here to there. For the sake of simplicity, we will call this b

The button clicked. An exact amount of 9,99,000 $ was transferred immediately to an offshore untraceable account. This triggered an alert on the bank’s server. The response team quickly swung into action. Suddenly multiple alerts came rushing in like a raging torrent. Multiple transactions of 9,99,000 $ started popping up on the screen. The response team immediately knew it was under attack and triggered the alarm bell, but by then it was rather too late.   3 Hours Earlier It was a quiet afternoon and George was enjoying his cup of coffee. Looking outside his glass window, the view from the 22nd floor was amazing. The bank was doing well and the record quarterly profit cemented his position and power as the top man for the bank. George’s phone chimed. He quickly looked at it and smiled. The smile was palpable. The picture message sent made George bring back the memories of last night. His smile continued and he logged on to his laptop. Due to the regulatory compliance

Imagine a system that processes information. This information is classified in nature. When we say, its classified, it means that the information has been labeled according to the data classification scheme finalized by the organization. This scheme can be company specific, such as public, internal and confidential or military/government specific such as Confidential, Top Secret, Secret, Public. As a general user or a security professional, you would want that proper controls to be implemented and the system to be secure that processes such information. Imagine a scenario where such a malicious user tries to access this information. What clearance must this person have? Will he/she have access to all classified levels? Hey!!, stop imagining. Let’s discuss something else now. Hold on, I know, I had asked you to imagine the scenario above. But answers to all your questions would follow, so keep on reading further. We need to learn and understand a few terms before we are ready

With effect from 1st November 2018, (ISC)2 would be doing a domain refresh in the course content of SSCP certification. This is in line with a refresh cycle of 3 years for every certification which (ISC)2 offers. In this post, we look at changes which will take place in this refresh. We will look at it from a perspective of what will remain the same for an exam giver and what would change. Question 1. Have the domains changed completely? No, the weight of the domains has changed. There are minor changes. So if “Security Operations & Administration” had a weight of 17% in the earlier exam (2015), it has been reduced to 15% in the new exam outline. Question 2. Would the changes affect my already bought course material? No, the course content broadly remains the same. The course content does not change. Your old books or exam material will remain fully valid.  Question 3. Is there a change in the exam format too just like CISSP? Absolutely No. The f