For the Week 11, the INFOSEC class taught by sir JP had 3
meetings overall and it should be 2 meetings per week and it is because of the
Wednesday had a Monday schedule, the schedule of the INFOSEC is Monday and
Thursday. For the first day of this week, sir JP had a review with
cryptography, specifically in RSA and Diffie-Hellman Algorithm. I really
enjoyed these two algorithms because of them were very challenging to answer
and sir JP had given us an exercise about these two algorithms. The exercise
was moderately hard because there are conditions starting with the RSA, the
condition is that 3-digit prime number must be used for the value of p and q
since the overall answer must be equal to 1, and the values must not be equal 0
and 1, the value of p should not be equal to the value of q and should not be
equal to e. Next is the Diffie-Hellman wherein, we are use 3-digit also but we
can use a composite also for the values of g and p. The value for the small a
and b can be 1-digit number so it is very easy to solve, the conditions is that
the values of g and p should not be equal and also for both small a and b, it
should not be equal to 0 and 1. For the second meeting, we had discussed the
Physical Security and for the topics of Physical Security Concepts is somewhat
enjoyable because sir JP had discussed what should be the effect of a 99%
secured factor, and I enjoyed the failures of other high-tech security systems.
For the topic CPTED, was astounding because sir JP had given me an insightful
outlook for the natural security system that can be observed everywhere and he
expanded my knowledge about securing the environment. For the last meeting of
this week, sir JP had given us another exercise in accordance with the physical
security that was discussed the day before today/yesterday and the exercise was
very easy since our main topic is to assess the physical security of our
school, Asia Pacific College. For Week 12, we had a review of our topics in
Data Networks wherein sir JP is our instructor that time. The first 5mins of
the review, I felt my dignity being diminished and gradually took my
breath-a-way because I could not apprehend all the reviewed items. The funny
thing is that the class, in my perception, has the same state as I am wherein
all our knowledge was washed-up and cleaned carefully, but some of my
classmates can answer it based on what they remembered. This would be the last
learning log for Information Systems Security and I hope that you enjoyed my
post until the end of this term. --------------Sir Justin, magtatagalog na po
ako kasi medyo nauubos na po ang English ko dahil sa sobrang dami ng nilalagay
ko sa aking mga learning logs kung ito’y inyong napapansin. Dapat nga sir
magpopost pa ako ng pang Week 13 at 14 para lang magbigay ng huling paalam pero
bigla ka nalang nagsabi na hanggang 6 nalang ang learning logs at ayaw ko naman
magbida since marami akong mga avid readers globally ayon sa views na nakikita
ko sa aking history. Sir, salamat sa lahat ng mga pangaral nyo saamin at ang
mga oras na magkakasama tayo ay hindi hihigit sa anumang pilak sa
pinaka-malalim na dagat. Sana sir kung babalik ka ng APC siguraduhin mo lang na
bumalik ka bago grumaduate ang batch namin, siguro sir ok na yung January
diba? Dahil maraming humahangga sa inyong angking galing at pakikisama sa mga
estudyante, hindi tulad ng ibang mga propessor na wala nang ginawa kundi
isampal sa aming mga mukha ang kanilang natutunan at mga gintong medalya na
nakaframe sa kanilang bahay. MARAMING MARAMING SALAMAT TALAGA SIR! Dahil sa mga
turo at paalala niyo saamin sa loob ng 2 term ay binigyan mo kami ng malawak na
pag-unawa pagdating sa NETWORKING ahahhaah!!……..syempre biro yun sir, pagdating sa
teknolohiya. GOD BLESS SIR! SANA MAS MAGING SUCCESSFUL KA PA SA HINAHARAP! SANA
AY HINDI MAGBAGO ANG PANANAW MO SA BUHAY! STAY HUMBLE PO! TAKE CARE SIR! SEE
YOU WHEN I SEE YOU! J
I'm just a Simple Guy with Simple Dreams and with Simple Ways to do it. -(Samie 2017)
Ginagawa mo dito? ^-^
Thursday, August 24, 2017
Sunday, August 13, 2017
Learning Log for Information Systems Security: Week 9 and 10 (Machine Project)
For these weeks, we are about to start our machine project because our group aims to get the additional points for the finals and we will strive hard for the final period of this term. But first, we should stick to the academics and the lessons discussed in our subject, we discussed about the topic Cryptography. Back in the Discrete Math subject in our flowchart, our class have encountered and study the nature of cryptography. At first, I could not really cope up with the background of the topic, but after a while of discussion and evaluation, I have now fully understand its nature. For this term to be honest, I have really forgotten the nature of cryptography, how it works. The good thing is I don’t have to review it all again, but I should have an outlook of the application of Cryptography in information security which is much more likely to conceptualized. Some of the terms in Cryptography that was discussed by sir JP like ciphertext, cryptology, and encryption was first discussed in my Discrete subject, and it provides confidentiality, integrity, identification, authentication, and non-repudiation. There are some things that is new to me, but I’m not really sure if this is really new to me because maybe I have recalled sometimes related to these sub-points: that is was used during ancient Egyptian times, that it have much laws, and the algorithms that it uses. Honestly, the algorithms part are very new to me and my mind was blown because of this new knowledge. So we should start with Symmetric Encryption, this uses one key to encrypt and decrypt, and there are more sub-points to be discussed but we only focus on the main one. Asymmetric Encryption, uses one key to encrypt and uses another key to decrypt. In a scenario, to send a encrypted file, you will have to use the public key of the receiver, then the receiver will decrypt the file using the receiver’s private key, simple as that. There are much more algorithm discussed by sir JP, but this are the only two that I 100% understand the other algorithms are almost there. The Week 9 ended because the resumption of I.T week is Thursday which is Infosec time, so no classes. For the two meetings in Week 10, a debate was exhibited and I would like to share our debate topic. Our motion is to adapt China’s internet censorship here in the Philippines, our arguments are much valued than the opposing so we won the debate. I wouldn’t share the content because copy rights maybe exhibited and faults may occur for the greater good, but once again we won the argument.
Thursday, July 27, 2017
Learning Log for Information Systems Security: Week 7 and 8 (Defense Break)
In Week
7, we had discussed ethics. Concepts, cultural norms, ethical issues, etc.
Social media is I think the focus of this discussion and I think all is applied
for the cyber world. The Code of Ethics that I’ve learned from Sir JP is somewhat
similar to the Ethics of life that can be applied for real world scenario, like
protect society/commonwealth/infrastructure, act honorably/honestly/justly/responsibly/legally,
provide diligent/competent service to principals, advance/protect the
profession. The Six ethics of life is that before you speak - listen, similar
in protecting society; before you write – think, similar to act honorably;
before you quit – try, similar in providing diligent; and lastly, before you
die – live; similar in protect the profession in your limited given life. By
the way there were only five given, but the original is six. In this week,
ethics of hacking back was discussed and until now, I still don’t have a
concrete answer from the generated questions coming from the discussion of Sir
JP, maybe because understand it vividly. For me, hacking back is just a premade
trap just waiting for its prey and it is applicable for anyone whom who thinks
the same and I think that hacking back should be avoided. For the Week 8, we
had discussed the six arguments relating to the controversial of hacking back.
I wouldn’t explain these six arguments, but I’ll just provide a brief summary.
The argument must be under the law and it shouldn’t exceed its boundaries with
a purpose of replying a self-defense protocol without becoming one of the
hackers and making sure that you have the knowledge of who is attacking you.
Cyber attacks could happen abroad and this questions what kind of jurisdiction
do you have with a public health issue is in question like if it could help you
in your daily life and if your actions are practically effective. Also in this
week, we are preparing for a debate on Monday, Jul 31 wherein our topic is
Internet Censorship, that we are siding for the government. I really don’t know
if we would win the debate, but we will do our best to secure that this motion
would be positively implemented and also our machine project was given to us
for finals.
Thursday, July 13, 2017
Learning Log for Information Systems Security: Week 5 and 6 (Present Defense)
Thursday, June 29, 2017
Learning Log for Information Systems Security: Week 3 and 4 (Organizational Security)
In the past 2 weeks, all we think about is the preparation
for midterm paper mainly the related literature connected to our topic which
is the Bitcoin. At first, I really don’t want to participate with my groups due
to other activities that I am attending but because of perseverance, I had done
my part when I found time for doing it. Sometimes the things you do might be
boring to you but, looking at the bright side lets you see the brighter side or
the positive side. Coincide with the preparation of the paper is our
discussion, which is the Organizational Security. For the Week 3, I have
learned that the security hierarchy are based on the organization’s priority,
policies and ethics. The Operational Model are planning, implementing,
monitoring, and evaluating which is a never ending cycle if maintenance for the
security will be conducted. We discussed much policies in an organization and
the thing that I am fascinated about is that there are some policies wherein
power in the company is not an option, meaning equality was established in this
policy for example, IUP or Internet Usage Policy, which is the connectivity of
all the members in the organization in the internet. We also discussed the 3
types of Model, Sir JP said that there are 30 Model, but we focused for 3
models only because this are most commonly used in the organization. Let us
start with Bell La Padula Model, with a misconception of Bella Padilla based on
first time encounter, that is a confidentiality model that has the rules of
simple security rule that doesn’t allow to read security higher or different
from your department; Star property that cannot write security if lower or
different from your department. Next is Biba Model which is the integrity model
that has a simple integrity rule that is the contrast of Bell La Padula and
also the star property. Last is the Clark-Wilson Model is an integrity model
and it uses a medium for its security. This discussions are all done for the
Week 3 because Week 4 was dismissed due to different kinds of events. For Week
4 first meeting, It is the end of Ramadan and Muslims had to celebrate it
despite of the war in Marawi City. Second meeting, Sir JP told has that his not
feeling well and unable to tutelage us for this period, so he cancelled that
session, this really broke my heart. Take Care and Get Well Soon Sir JP!
Thursday, June 15, 2017
Learning Log for Information Systems Security: Week 1 and 2 (Information Security)
Another
year another term, same professor same activity, but this professor is the BEST
in terms of Computer Networking and Security and I wouldn’t write his name here
due to the privacy of that professor, but we can call him Sir. JP. For our
first meeting, we were astonished that our past professor will be our current professor
for computer security, so in an instance, we clapped so hard and preached his
name like watching a live Fliptop battle, Sir JP!3x. After a few minutes of
idolization and homecoming, we began to study the scopes of information
security and I began to review my current knowledge about this topic and began
to cope up with the new knowledge that I am receiving. Sir JP has summarized
all his knowledge for just the title and just small amount was absorbed, and
the good thing is we are just in the title portion far from the real
integration of information security. Confidentiality, Integrity and
Availability are the first bulleted points that I have written in my notebook
and with these 3 items, I could feel the real vibe of information security. I
learned the Security Architecture is almost the same with the 7 levels in the
past networking lessons. Sir JP taught us the strong and the weaknesses of
information security if vivid knowledge was not apprehended and also the
offensive and defensive process in the system. The most interesting part of the
discussion is the authoritarian level of security wherein there are certain
levels that cannot be accessed by an ordinary person but a higher level can
access it. Sir JP had given us a case event wherein we will analyze the problem and
we must fill in the necessary requirements for the case. For the sake of the
shortness and the ending of this post in the case that was given to us stating
in the Recommendation section, in my personal opinion, if DDoS attack happen,
have a different kind of brand for your security device because not only do you
see the error but you also segregate the rotting security devices from others.
Thursday, December 15, 2016
Learning Log for Data Networks: Week 12 and 13 (Huling Paalam)
Sa huling pagkakataon ko sa paggawa ng "Learning Log for Data Networks" ay naisipan kong magsalita ng tagalog dahil alam ko na ito'y magiging mataimtim at ito'y tatagaos sa puso ng aking mambabasa. Hindi naman sa nagbibiro pero seryoso kong sinasabi na maraming akong natutunan sa aking guro. Para sa dalawang linggo kong pag-aaral ng Routing Information Protocol(RIP) ay natutunan ko na ito'y medyo madali kaysa sa natutunan ko noong nakaraang dalawang linggo na gumagamit ng "Static Routing" kung saan kailangan magkakaroon ng komunikasyon ang dalawang computer na konektado sa kani-kanilang router na nakonekta sa isang router na gagawa ng isang mahabang komunikasyon. Kung ihahalintulad mo sa pag-aaral ng database, ito'y tinatawag na isang bridge entity na tumatanggap at nangangasiwa ng komunikasyon sa bawat router na nakakonekta rito. Balik tayo sa RIP, sobrang taas ng ngiti ko sa pakikitungo ko rito dahil ang mga pangitain nito ay sobrang dali sa level na naiintindihan at mauunawaan ko. Nagustuhan ko ang "hop count" kung saan ay ito'y nagpapasa nang komunkinasyon sa ibang mga computer sa bilang ng labing-anim na kung saan ang pinaka-huling laktaw kung hindi pa napupuntahan ang pinaka-destinasyon ay ito'y tutukuyin bilang isang "dead packet" na sinasabing wala nang kwenta ang komunikasyon. Pinapansin rin nito ang ang iba't ibang oras sa pagdating ng komunikasyon; simula tayo sa "Hold down timer:" kung saan naghihintay ito ng tatlong minuto, pagkatapos noon at babasahin ang kumunikasyon. "Flash Timer:" kung saan ito ay nagdagdag ng isa pang minuto na kapareho ng hold down timer. "Invalid Timer:" kung saan ito ay nagbabasa ng anim na beses at kung walang nakita ay ito'y magiging mali. At ang huli, "Update Timer:" kung saan ito'y nagbabasa pagkatapos ng trenta minutos. Oo marami pa akong natutunan pero iigsian ko na dahil pag naglagay ako dito ay sinisigurado ko na tama at ito'y aking nasiyasat at napag-aralan ng husto, yung tipong nagresearch. Tatapusin ko na itong "Learning Log" pero bago iyon, mag-iiwan ako ng mensaheng galing sa puso na hindi pa nagtatanghalian upang pag-isipan ito. MARAMING SALAMAT PO SIR JUSTIN!!!! dahil sa inyong mga turo ay mas naunawaan ko ng mataimtim ang buong katauhan pag sinabi ang salitang "INTERNET", dati kasi hindi pag connected sa wifi yun na yun, pero dahil sayo sir ngayon ay alam ko na kung paano mag-ayos ng ip address, DNS, Default Gateway, etc. Salamat Sir! Mag-iingat ka lagi. ^_^
Subscribe to:
Posts (Atom)