Learning Log for Information Systems Security: Week 11 and 12 (End is the Beginning of Something New. )

For the Week 11, the INFOSEC class taught by sir JP had 3 meetings overall and it should be 2 meetings per week and it is because of the Wednesday had a Monday schedule, the schedule of the INFOSEC is Monday and Thursday. For the first day of this week, sir JP had a review with cryptography, specifically in RSA and Diffie-Hellman Algorithm. I really enjoyed these two algorithms because of them were very challenging to answer and sir JP had given us an exercise about these two algorithms. The exercise was moderately hard because there are conditions starting with the RSA, the condition is that 3-digit prime number must be used for the value of p and q since the overall answer must be equal to 1, and the values must not be equal 0 and 1, the value of p should not be equal to the value of q and should not be equal to e. Next is the Diffie-Hellman wherein, we are use 3-digit also but we can use a composite also for the values of g and p. The value for the small a and b can be 1-digit number so it is very easy to solve, the conditions is that the values of g and p should not be equal and also for both small a and b, it should not be equal to 0 and 1. For the second meeting, we had discussed the Physical Security and for the topics of Physical Security Concepts is somewhat enjoyable because sir JP had discussed what should be the effect of a 99% secured factor, and I enjoyed the failures of other high-tech security systems. For the topic CPTED, was astounding because sir JP had given me an insightful outlook for the natural security system that can be observed everywhere and he expanded my knowledge about securing the environment. For the last meeting of this week, sir JP had given us another exercise in accordance with the physical security that was discussed the day before today/yesterday and the exercise was very easy since our main topic is to assess the physical security of our school, Asia Pacific College. For Week 12, we had a review of our topics in Data Networks wherein sir JP is our instructor that time. The first 5mins of the review, I felt my dignity being diminished and gradually took my breath-a-way because I could not apprehend all the reviewed items. The funny thing is that the class, in my perception, has the same state as I am wherein all our knowledge was washed-up and cleaned carefully, but some of my classmates can answer it based on what they remembered. This would be the last learning log for Information Systems Security and I hope that you enjoyed my post until the end of this term. --------------Sir Justin, magtatagalog na po ako kasi medyo nauubos na po ang English ko dahil sa sobrang dami ng nilalagay ko sa aking mga learning logs kung ito’y inyong napapansin. Dapat nga sir magpopost pa ako ng pang Week 13 at 14 para lang magbigay ng huling paalam pero bigla ka nalang nagsabi na hanggang 6 nalang ang learning logs at ayaw ko naman magbida since marami akong mga avid readers globally ayon sa views na nakikita ko sa aking history. Sir, salamat sa lahat ng mga pangaral nyo saamin at ang mga oras na magkakasama tayo ay hindi hihigit sa anumang pilak sa pinaka-malalim na dagat. Sana sir kung babalik ka ng APC siguraduhin mo lang na bumalik ka bago grumaduate ang batch namin, siguro sir ok na yung January diba? Dahil maraming humahangga sa inyong angking galing at pakikisama sa mga estudyante, hindi tulad ng ibang mga propessor na wala nang ginawa kundi isampal sa aming mga mukha ang kanilang natutunan at mga gintong medalya na nakaframe sa kanilang bahay. MARAMING MARAMING SALAMAT TALAGA SIR! Dahil sa mga turo at paalala niyo saamin sa loob ng 2 term ay binigyan mo kami ng malawak na pag-unawa pagdating sa NETWORKING ahahhaah!!……..syempre biro yun sir, pagdating sa teknolohiya. GOD BLESS SIR! SANA MAS MAGING SUCCESSFUL KA PA SA HINAHARAP! SANA AY HINDI MAGBAGO ANG PANANAW MO SA BUHAY! STAY HUMBLE PO! TAKE CARE SIR! SEE YOU WHEN I SEE YOU! J

Learning Log for Information Systems Security: Week 9 and 10 (Machine Project)

For these weeks, we are about to start our machine project because our group aims to get the additional points for the finals and we will strive hard for the final period of this term. But first, we should stick to the academics and the lessons discussed in our subject, we discussed about the topic Cryptography. Back in the Discrete Math subject in our flowchart, our class have encountered and study the nature of cryptography. At first, I could not really cope up with the background of the topic, but after a while of discussion and evaluation, I have now fully understand its nature. For this term to be honest, I have really forgotten the nature of cryptography, how it works. The good thing is I don’t have to review it all again, but I should have an outlook of the application of Cryptography in information security which is much more likely to conceptualized. Some of the terms in Cryptography that was discussed by sir JP like ciphertext, cryptology, and encryption was first discussed in my Discrete subject, and it provides confidentiality, integrity, identification, authentication, and non-repudiation. There are some things that is new to me, but I’m not really sure if this is really new to me because maybe I have recalled sometimes related to these sub-points: that is was used during ancient Egyptian times, that it have much laws, and the algorithms that it uses. Honestly, the algorithms part are very new to me and my mind was blown because of this new knowledge. So we should start with Symmetric Encryption, this uses one key to encrypt and decrypt, and there are more sub-points to be discussed but we only focus on the main one. Asymmetric Encryption, uses one key to encrypt and uses another key to decrypt. In a scenario, to send a encrypted file, you will have to use the public key of the receiver, then the receiver will decrypt the file using the receiver’s private key, simple as that. There are much more algorithm discussed by sir JP, but this are the only two that I 100% understand the other algorithms are almost there. The Week 9 ended because the resumption of I.T week is Thursday which is Infosec time, so no classes. For the two meetings in Week 10, a debate was exhibited and I would like to share our debate topic. Our motion is to adapt China’s internet censorship here in the Philippines, our arguments are much valued than the opposing so we won the debate. I wouldn’t share the content because copy rights maybe exhibited and faults may occur for the greater good, but once again we won the argument.

Learning Log for Information Systems Security: Week 7 and 8 (Defense Break)

In Week 7, we had discussed ethics. Concepts, cultural norms, ethical issues, etc. Social media is I think the focus of this discussion and I think all is applied for the cyber world. The Code of Ethics that I’ve learned from Sir JP is somewhat similar to the Ethics of life that can be applied for real world scenario, like protect society/commonwealth/infrastructure, act honorably/honestly/justly/responsibly/legally, provide diligent/competent service to principals, advance/protect the profession. The Six ethics of life is that before you speak - listen, similar in protecting society; before you write – think, similar to act honorably; before you quit – try, similar in providing diligent; and lastly, before you die – live; similar in protect the profession in your limited given life. By the way there were only five given, but the original is six. In this week, ethics of hacking back was discussed and until now, I still don’t have a concrete answer from the generated questions coming from the discussion of Sir JP, maybe because understand it vividly. For me, hacking back is just a premade trap just waiting for its prey and it is applicable for anyone whom who thinks the same and I think that hacking back should be avoided. For the Week 8, we had discussed the six arguments relating to the controversial of hacking back. I wouldn’t explain these six arguments, but I’ll just provide a brief summary. The argument must be under the law and it shouldn’t exceed its boundaries with a purpose of replying a self-defense protocol without becoming one of the hackers and making sure that you have the knowledge of who is attacking you. Cyber attacks could happen abroad and this questions what kind of jurisdiction do you have with a public health issue is in question like if it could help you in your daily life and if your actions are practically effective. Also in this week, we are preparing for a debate on Monday, Jul 31 wherein our topic is Internet Censorship, that we are siding for the government. I really don’t know if we would win the debate, but we will do our best to secure that this motion would be positively implemented and also our machine project was given to us for finals.

Learning Log for Information Systems Security: Week 5 and 6 (Present Defense)

For the week 5, I was surprised that we will be using Cisco Packet Tracer all over again and my last use of this was last year. I and my group could not cope up with the exercise given to us because all of us had really forgotten all about this, but we didn’t just sit and wait, we asked for help and I mean all the help we can get to finish this exercise. After 4 days, we had done the exercise and sent it to our professor Sir JP and before finishing it, we struggled hard mainly in the setup region because this is the part wherein all the connections should be receiving packets from all the devices vice-versa. For the next week, we had discussed all about the Legal Issues and the background of Privacy, which for an instant was very shallow, but after an hour my perception had changed. Let’s first start with Legal Issues, this discusses different kinds of cyber crime and its law for both U.S. and Philippines. I enjoyed studying the difference between the Civil Law and the Criminal Law, I thought first for Civil Law because it rings a bell in my mind which is the Civil War in Captain America’s movie that in the same concept, it needs two parties in the discussion where both have their own perception about a subject. The Criminal Law that I truly hate is that the bulleted point in the PDF file is “To convict someone, the crime must be proven beyond any reasonable doubt” proof is really highlighted in this sentence which I think is practiced with the same concept in any judicial courts. For the Privacy discussion, I could not really explain the way I remembered it explaining to us by Sir JP, but for my perception that I’ve summarized is that Privacy is neither Good or Bad because for every Privacy created, it will really create a rift(metaphorily speaking) in the society and its up to us to see a side of it where would fit in our standard of perception to that topic. I really don’t know the answer, but my guess is Privacy is unfathomable. Today, our team would be focusing in the development of our Midterm Presentation about Bitcoin and the reality is we are nearly done.

Learning Log for Information Systems Security: Week 3 and 4 (Organizational Security)

In the past 2 weeks, all we think about is the preparation for midterm paper mainly the related literature connected to our topic which is the Bitcoin. At first, I really don’t want to participate with my groups due to other activities that I am attending but because of perseverance, I had done my part when I found time for doing it. Sometimes the things you do might be boring to you but, looking at the bright side lets you see the brighter side or the positive side. Coincide with the preparation of the paper is our discussion, which is the Organizational Security. For the Week 3, I have learned that the security hierarchy are based on the organization’s priority, policies and ethics. The Operational Model are planning, implementing, monitoring, and evaluating which is a never ending cycle if maintenance for the security will be conducted. We discussed much policies in an organization and the thing that I am fascinated about is that there are some policies wherein power in the company is not an option, meaning equality was established in this policy for example, IUP or Internet Usage Policy, which is the connectivity of all the members in the organization in the internet. We also discussed the 3 types of Model, Sir JP said that there are 30 Model, but we focused for 3 models only because this are most commonly used in the organization. Let us start with Bell La Padula Model, with a misconception of Bella Padilla based on first time encounter, that is a confidentiality model that has the rules of simple security rule that doesn’t allow to read security higher or different from your department; Star property that cannot write security if lower or different from your department. Next is Biba Model which is the integrity model that has a simple integrity rule that is the contrast of Bell La Padula and also the star property. Last is the Clark-Wilson Model is an integrity model and it uses a medium for its security. This discussions are all done for the Week 3 because Week 4 was dismissed due to different kinds of events. For Week 4 first meeting, It is the end of Ramadan and Muslims had to celebrate it despite of the war in Marawi City. Second meeting, Sir JP told has that his not feeling well and unable to tutelage us for this period, so he cancelled that session, this really broke my heart. Take Care and Get Well Soon Sir JP!

Learning Log for Information Systems Security: Week 1 and 2 (Information Security)

Another year another term, same professor same activity, but this professor is the BEST in terms of Computer Networking and Security and I wouldn’t write his name here due to the privacy of that professor, but we can call him Sir. JP. For our first meeting, we were astonished that our past professor will be our current professor for computer security, so in an instance, we clapped so hard and preached his name like watching a live Fliptop battle, Sir JP!3x. After a few minutes of idolization and homecoming, we began to study the scopes of information security and I began to review my current knowledge about this topic and began to cope up with the new knowledge that I am receiving. Sir JP has summarized all his knowledge for just the title and just small amount was absorbed, and the good thing is we are just in the title portion far from the real integration of information security. Confidentiality, Integrity and Availability are the first bulleted points that I have written in my notebook and with these 3 items, I could feel the real vibe of information security. I learned the Security Architecture is almost the same with the 7 levels in the past networking lessons. Sir JP taught us the strong and the weaknesses of information security if vivid knowledge was not apprehended and also the offensive and defensive process in the system. The most interesting part of the discussion is the authoritarian level of security wherein there are certain levels that cannot be accessed by an ordinary person but a higher level can access it. Sir JP had given us a case event wherein we will analyze the problem and we must fill in the necessary requirements for the case. For the sake of the shortness and the ending of this post in the case that was given to us stating in the Recommendation section, in my personal opinion, if DDoS attack happen, have a different kind of brand for your security device because not only do you see the error but you also segregate the rotting security devices from others.

Learning Log for Data Networks: Week 12 and 13 (Huling Paalam)

Sa huling pagkakataon ko sa paggawa ng "Learning Log for Data Networks" ay naisipan kong magsalita ng tagalog dahil alam ko na ito'y magiging mataimtim at ito'y tatagaos sa puso ng aking mambabasa. Hindi naman sa nagbibiro pero seryoso kong sinasabi na maraming akong natutunan sa aking guro. Para sa dalawang linggo kong pag-aaral ng Routing Information Protocol(RIP) ay natutunan ko na ito'y medyo madali kaysa sa natutunan ko noong nakaraang dalawang linggo na gumagamit ng "Static Routing" kung saan kailangan magkakaroon ng komunikasyon ang dalawang computer na konektado sa kani-kanilang router na nakonekta sa isang router na gagawa ng isang mahabang komunikasyon. Kung ihahalintulad mo sa pag-aaral ng database, ito'y tinatawag na isang bridge entity na tumatanggap at nangangasiwa ng komunikasyon sa bawat router na nakakonekta rito. Balik tayo sa RIP, sobrang taas ng ngiti ko sa pakikitungo ko rito dahil ang mga pangitain nito ay sobrang dali sa level na naiintindihan at mauunawaan ko. Nagustuhan ko ang "hop count" kung saan ay ito'y nagpapasa nang komunkinasyon sa ibang mga computer sa bilang ng labing-anim na kung saan ang pinaka-huling laktaw kung hindi pa napupuntahan ang pinaka-destinasyon ay ito'y tutukuyin bilang isang "dead packet" na sinasabing wala nang kwenta ang komunikasyon. Pinapansin rin nito ang ang iba't ibang oras sa pagdating ng komunikasyon; simula tayo sa "Hold down timer:" kung saan naghihintay ito ng tatlong minuto, pagkatapos noon at babasahin ang kumunikasyon. "Flash Timer:" kung saan ito ay nagdagdag ng isa pang minuto na kapareho ng hold down timer. "Invalid Timer:" kung saan ito ay nagbabasa ng anim na beses at kung walang nakita ay ito'y magiging mali. At ang huli, "Update Timer:" kung saan ito'y nagbabasa pagkatapos ng trenta minutos. Oo marami pa akong natutunan pero iigsian ko na dahil pag naglagay ako dito ay sinisigurado ko na tama at ito'y aking nasiyasat at napag-aralan ng husto, yung tipong nagresearch. Tatapusin ko na itong "Learning Log" pero bago iyon, mag-iiwan ako ng mensaheng galing sa puso na hindi pa nagtatanghalian upang pag-isipan ito. MARAMING SALAMAT PO SIR JUSTIN!!!! dahil sa inyong mga turo ay mas naunawaan ko ng mataimtim ang buong katauhan pag sinabi ang salitang "INTERNET", dati kasi hindi pag connected sa wifi yun na yun, pero dahil sayo sir ngayon ay alam ko na kung paano mag-ayos ng ip address, DNS, Default Gateway, etc. Salamat Sir! Mag-iingat ka lagi. ^_^