Monday, 27 February 2017

Data Secure Communication

In our last two threads I mentioned how data are secured in Production Environment and in data stored state.

What about the data’s while in transaction state, like office in one country and regional office in another country and how the data’s are transferred securely?

Think about voice/video communication all communication is made through IP packets only. Do you think its secured and it cannot have hacked by others?

We need all the data should be secured in either form of communication through data, voice or video mode.

Even accessing remote devices through command prompt or remote desktop are replaced by SSH access.

In corporate network, most secured form of transaction is done through Encrypted VPN connection either client access the network i.e. users is accessing from his own laptop. Or for site to site access.

Organizations often enable remote access solutions such as virtual private networks(VPNs). VPNs allow employees to access the organization’s internal network from them home or while traveling. VPN traffic goes over a public network, such as the Internet, so encryption is important. VPNs use encryption protocols such as TLS and Internet Protocol security (IPsec).

What is VPN?  VPN stands for Virtual private network, connecting to private through a secured tunnel in public Environment (through worldwide internet), which is an unsecured. we need to understand what is tunnel for complete understanding of VPN connectivity.

What is tunneling? it’s a network communication process, it protects the content of the packet by encapsulating with another protocol. Encapsulation and decapsulation will be done by both the end, by using a VPN device. Normally this services will come along with all the firewall devices.

Common VPN protocols are PPTP, L2F, IPSEC VPN technology.

In SSH mode of communication all the data will be encapsulated, old form of remote accessing like telnet has a serious of security issue, which result in accessing Encrypted session like SSH. Putty is the software commonly used for accessing remotely.

Sunday, 26 February 2017

Data storage

In my previous thread we discussed about , labelling of data’s and privileges to accessing of data in secured way.
Let us look on how the data’s are secured in the stored environment, below are the storage places where datas are stored .

  • Hard-disk
  • External Hard-disk
  • USB Flash drive
  • CD-Drive
  • Memory Card etc
  • Tape drive

CD-Drive/Floppy disk now a days most of the peoples are stopped using this as datas are moving in terabyte sizes now a days, so let us ignore this devices .

Devices like hard,flash drive can be protected by password mechanism, privilege level access to the storage devices are also provided ,like the Administrator can only able to access all area in the hard drive. End users was restricted to access it .

In USB type storage ,users are restricted with passwords . so high security devices can be accessed only through the required credentials.

A common and recommended form of  protecting mechanism is through Encrypting the devices, You can see the encryption software in external hard drive by default , the data will get encrypted with the encryption only it will be decrypted with the same key .we will see deeper into encryption and decryption on my future threats.

How about the recovering of erased data ? yes it can be recovered using a recovering software and lot other technologies .

Data should be permanently deleted as the data should not disclosed to anyone. Below are the some common form of deleting datas

  • Erasing
  • Clearing
  • Purging
  • Declassification
  • Sanitization
  • Degaussing
  • Destruction

Still to go a lot on data security .....

Friday, 24 February 2017

Thought of the day...!

Stress Management...In today's environment  we can commonly hear the word stress in their jobs most of the youngsters are facing stress mainly in IT environment . And they don't know how to overcome from the stress. From my experience i will suggest some tips which will be useful for yours .

  • Job is not only a world to you, and you are the not one and only employee to your company.
  • Don't ever postpone your works and be in time and leave in time. Don't forget there is a family waiting for you after office hours .
  • Be positive and ignore people who make pressurized
  • Laughing is a big remedy, have jokes .
  • Involve in nature ,gardening swimming early morning walking.
  • Spend your time with your loved one, time will go will never come again.
  • Don't ever spend more than your income , ignore credit cards and type of loan cards.
  • Plan yours life such that you can save some thing on your monthly income
  • Interact with people ,spend time with them not through social medias  
  • Learn to give back to society, as a aid or free knowledge transfer.
  • Get involved in Music ,arts ,games which will make you feel relaxed.
  • Explorer world ,travel a lot migrate the people with different culture and character.
  • Take everything easy …:)

Thursday, 23 February 2017

Sensitive Data Classification - Labeling

As I Informed in my previous writing, we will start discuss the security concept one by one. I am discussing the things based on my experience and the knowledge which I gathered from valuable material.
Our First Topic is about privileges in on the corporate environment, as all of us knows humans are the main cause of attacking either they known or the unknowingly they become victims for attack.

What is meant by unknowingly …? here our risk starts.
A study says most of the network are attacked due to the in-proper or poor privilege management from the user level. So how will the privilege have given. Here security study starts.

Labeling: Have to segregate data based on its sensitive and its Business Impact. I am going to label data based on its Sensitive data.

·         Confidential – Data if its disclosed outside will cause a serious damage, example let’s say formula for making coke, company sensitive data if it’s disclosed it will lead to serious damage to the organization. Personal Information includes Bank Number data which leads to serious damage will also include confidential.

·          Sensitive – Data which will give a negative impact but it will not create a serious damage to the corporate or individual.

·         Public – These data are not sensitive, will all come in to this level.

So how the labeling is going to work, based on the Positon the user handling we have to provide privilege to the users. For Example, the account Manager have rights to access only the account related documents like employee salary not the employee attendance or employee leave Access.
Handling of data’s can be managed by providing ownership to the documents and the owner can grand privileges to his employees, Example Account Manager have rights to access all the data’s related to account department. He can grand read /full access to his team member based on the role his team member is handling. like Internal accounts employee can have only rights to access employee salary detail nothing else in the department. Same Accountant who is handling for payment of purchase he have only had rights to access Invoice payment only nothing else in his own department.

Each department will have data owner and the respective privileged employee, in centralized environment the whole data is controlled by data security professional. Privilege revocation will also have done in a fast manner if the employee is shifted to other department.
                                                                                                       Will continued on next threat...

Tuesday, 21 February 2017

Top Security Certification in 2017

As we discussed  in the previous threat about deep study of technology and certification in IT world, let's us analyse deeper about certification first.

Below recommended certifications are neutral product vendor support and having a great booming in security world.

1)      Certified in Risk and Information Systems Control (CRISC)

                                                  Click here for CRISC

2)      Certified Information Security Manager (CISM)

                                                         Click here for CISM

3)      Certified Information Systems Security Professional (CISSP) 

                                         Click here for CISSP

4)      Certified Information Systems Auditor (CISA)  

                                                    Click Here for CISA

We will discuss  each certification in detailed manner on upcoming threat

Technology Growing where we are

   Hello world, today we are going to see the growth of network technology in the networking and security world.

Ten years before in the networking world Vendor based devices are dominated in the networking world, corporates are forced to go for the vendor based devices for the stability of the network, vendors developed their own protocol and this created vendor based certification and vendor related jobs in the marked.

Now the situation is changed tremendously, corporates are started movie from vendor based to their own requirements, it’s time for us to concentrate more on technology rather than going vendor based devices.
Now the situation is changed tremendously, corporates are started movie from vendor based to their own requirements, it’s time for us to concentrate more on technology rather than going vendor based devices.
Let us go more deeply into the today networking world in corporate environment, Entry of mobile devices (BYOD device) created a new environment in corporate world, Technical person should concentrate more on securing data, as the Mobile devices are going beyond corporate control.  
Security is one of the main area we should concentrate in today environment. Starting from sharing the folders to the terabytes data storage, Encrypted Communication, VPN technology and so on.
Let us look on the technology on by one on my upcoming writings and also Neutral vendor certificates are also hitting tremendous growth in the market, let us look one by one on the coming threats.