Machine Project in Infosec

Objectives ■To be able to configure, implement an open-source security tool. ■To simulate a real-world attack scenario where the security tool can be used. ■To show how to configure necessary functionalities of the security tool. Tasks ■Each group will be assigned a specific security tool. Each group will research about the topic and download an […]

Research Paper on Emerging Technologies

Introduction A Case Study will be held as an academic symposium during the midterms week to discuss various emerging technologies in the field of information security. Each group will be tasked to research on a specified topic, explore and answer key issues about the subject. As its culminating activity, an academic paper with a required […]

Lesson 5: Social Engineering

When I studied and took EC-Council’s Certified Ethical Hacker (CEH) in 2013, I learned a very important lesson: even if you follow the hacking methodologies, it only has a 10% success rate. This lesson has, on the other hand, 90% success rate. In gist: Why would you spend a lot of time to brute force […]

Lesson 4: Types of Authentication and Access Control

Authentication Authentication is defined as proving who you are claiming to be. By default, we have 3 types of authentication: Something that you know – A form of authentication coming from what you know (residing in the mind) Ex. Password, pin Something that you have – A form of authentication that is tangible. Ex. Token, […]

Lesson 3: Defense in Depth and related concepts

We have agreed that we protect data/information in Infosec. And as we have discussed in Lesson 1, the scope of Infosec is very broad and IT Security is just part of it. We have also learned in Lesson 2 that preventive controls are incomplete without detective controls and response. With former concepts discussed, a more […]

Lesson 2: Security CIA, Protection & Least Privilege Concepts

The CIA Triad All issues and solutions pertaining to security fall under 3 categories: Confidentiality – Protection against unauthorized access Integrity – Protection against unauthorized modification Availability – Protection against denial of service The exact opposite of the CIA is the DAD – Disclosure, Alteration and Destruction. See the following events and solutions: Locking the […]

Lesson 1: Introduction to Information Security

Information Security (Infosec) is relatively a new discipline in Information Technology (IT). Usually, it is included as an elective in a course or just a section in software development or network administration. But in these modern times, the study of Infosec encompasses various domains in IT and industries. Meaning to say, Infosec can be applied […]