Posts

INFOSEC - Learning Log #6

For the past meetings, we've discussed about Physical Security. We went into depth why physical security is important. I think the main lesson I'v learned is that "No matter how good your network or application security tools are, data are still at risk if there are no good physical controls available.". This means that everything we've learned the past months in class would be useless if the physical security is faulty. There are a lot of considerations to take into account when it comes to physical security. One is CPTED or Crime Prevention Through Environmental Design. What some people think are just building or location designs for aesthetic purposes are actually placed for people's safety and are well-thought of. Another thing is that the number one priority is No Life Lost! Physical goes into so much detail. You even have to plan what type of doors and windows to use. There are different types of fire deterrents and sprinklers. It's safe to say

INFOSEC - Learning Log #5

For this learning log, the lesson discussed in class was about Cryptography. I already had some knowledge about cryptography because we studied it the year before in COMPAIS class. I remember enjoying this lesson because of it's number patterns. (Yes, I like math). However, in INFOSEC we had a more detailed discussion. I learned about symmetric algorithms and asymmetric algorithms. Under Asymmetric Encryption, we studied RSA (Ron Rivest, AdiShamir, and Leonard Adleman) which makes use of n (product of two prime numbers, p and q), e (public key) and d (private key). We also studied the Diffie-Hellman Algorithm. We did some exercises abot the 2 algorithms. I enjoyed doing these exercises. I kind of felt like I was a spy decoding messages.

INFOSEC - Learning Log #4

Image
Last week (July 25, 2017 - July 28, 2017), Asia Pacific College celebrated SoCIT Techfest. Usually, SoCIT students are excused from class in order to participate in activities or seminars planned by various organizations. INFOSEC was no exception. Sadly, it was raining hard and the wind was very strong last Thursday morning. I was already in corporate attire by 8am so that I could attend my 9:30 INFOSEC class. However, I couldn't leave the house because it was raining hard. I tried to go out and got soaked by the rain. Thus I had to wait an hour before the rain relented and had a hard time commuting because some areas were starting to flood. I got to school at 10:15. I headed straight for the auditorium because we were asked to participate in the VR (Virtual Reality) Seminar. There we learned the difference between virtual reality and augmented reality (AR). We also learned how VR and AR can be applied in different industries. Ex: Medical students use VR to learn about hu

INFOSEC - Learning Log #3

For the past 2 weeks, we discussed about Legal Issues and Privacy. The lesson about legal issues made me more aware of what and what not to do online and on computers. There are apparently several laws on the proper use of computers, internet and information security. For example, the E-Commerce Act of 2001 and Cybercrime Prevention Act of 2012 are existing laws in the Philippines. These laws can be classified as Statutory, Administrative and Common law. Statutory Law is written law by the legislative body of the government. Meanwhile, Administrative Laws are laws enacted by the executive body of the government. Lastly, Common Laws are judicial rulings.  Meanwhile last week, we discussed about privacy. I was asked by the professor, "What is privacy for you?". I was caught off guard and answered nonsense. Yes, it was very embarrassing. I said that privacy is for example, what's mine is mine therefore I dictate who can view it or know about it. I openly admit that my

INFOSEC - Learning Log #2

This period in INFOSEC, we've focused on Operational Organizational Security. We learned the difference between policies, standards, guidelines and procedures. We learned about Access Controls, Group Policy and Password Policy. I used to think that password were simple. I'd only change it when I was prompted to do so, but then I learned about minimum password age and maximum password age. Like how minimum password age is meant to protect from users. There are some users who are lazy when it comes to memorizing passwords. For example, a student can have a password of student1 and password history of 2 passwords. Without min password age, the student can change his password to student2, then student3, and then back to student1 in the same day - having exceeded the password history count of 2. This defeats the purpose of actually maximum password change and changing the password so that it won't be compromised. I felt sort of guilty while listening to the lecture about

INFOSEC - Learning Log #1

Image
It's the first term for academic year 2017-2018. It's nice to have sir Justin Pineda as a professor again this term in INFOSEC (Information Systems & Security). Since he is our professor again, it's time to start writing learning logs again. For my first learning log entry for INFOSEC, I'm going to start off by talking about what INFOSEC basically is. According to Sir Justin, INFOSEC is  Confidentiality (protection from unauthorized disclosure) , Integrity (protection of resources from modification)  ,and Availability (protection from DoS). We also cleared some misconceptions in class - like how IT Security is also INFOSEC. INFOSEC actually has many domains such as IT Security, Operational Security, Personal Security, etc.  After the discussion we were given case studies to be done as a group. We had to use SMART objectives. SMART means specific, measurable, attainable, realistic, and time-bound. The next meeting, 2 groups presented. I noticed that th

Learning Log#6 - DNETCOM

Image
This week is our last discussion week. After 13 weeks, the term is about to end. Our final lesson was RIP. RIP in routing means Routing Information Protocol. It uses a metric called hop count. In our last lesson it took me a while to fully understand  what the next hop of a route was. You could imagine my reaction when I heard the term hop count. When our prof showed us how to implement RIP in Packet Tracer. I thought it looked easy enough. It looked easier than manually routing in a static route. So our group was eager to do the last exercise. After 2 meetings, we were still unable to finish it. Whenever we pinged a device, it would return as a failure. It was very frustrating. When we were about to give up, sir helped us out. However, he discovered that there was a problem with the case. We just had to laugh it out. We had let the exercise frustrate us when we should've asked for help right away instead. We would've saved ourselves the trouble.