Ethical Hacking: Industry’s Buzzword

Hackers have done this; hackers have done that…definitely something wrong, and so on and so forth. These are the most common news considering the current era of Information Technology (IT). Surprisingly, in modern world most of the people believe that computers and the Internet gave birth to the today’s buzzword “Ethical Hacking”. However it is not fair to restrict this branch of knowledge only to computers. Historically, ethical hacking dates back to 6th century when the very first version of modern chess game was played. With the passage of time, this tactical game evolved in various ways and had been used by early rulers to help their armies prepare for battle. The first team of modern hackers appeared in 1960s at Massachusetts Institute of Technology (MIT), who targeted electric trains with the aim to make them perform faster and more efficiently. In 1995, IBM’s John Patrick used the term of “Ethical Hacking” for the first time. In cyber world however, Ethical hacking is the use of computer programming skills by a computer or network security expert to determine whether a system, software or network is vulnerable to adversaries or not.

The main ambiguity among many computer users and journalists regarding ethical hacking is the use of term hacker (also known as white hat hacker) vs cracker (also known as black hat hacker). Particularly, the use of word “hacker” instead of “cracker” in information security news is due to this misinterpretation. Remember that hacker is a computer security expert, mostly hired by an organization that is authorized to use his/her skills and find out any vulnerabilities in the computers or networks to get them fixed before they are exploited by malicious users. On the other hand, cracker has the same level of computer expertise but uses his/her skills in an unauthorized way and exploits the system vulnerabilities to break into an organization’s computers or networks with the aim of performing some mischievous activities. A very interesting point is that many white hat hackers are former black hat hackers.

Familiarity with some other ethical hacking related terminology is better, so we will talk about a few here. A threat is an action or event that is a potential violation of security. Threats can include everything from viruses, Trojans, back doors to complete attacks from malicious hackers…ok crackers, right? Vulnerability is a weakness in design or implementation that may result in an unexpected, undesirable event compromising the security of the system. Reducing the number of vulnerabilities mitigates the chances of an information system from being compromised. Exploit is a defined way to breach the security of an information system through vulnerability.

Ethical hacking is good or bad; we’ll talk about that now. Well, actually it is quite better for an organization to hire hackers to strengthen the security of its IT infrastructure…computers and networks. But the dark side of the picture is that if somehow these hackers turn against the organization, it could be really very dangerous for that organization. The reasons behind an employee’s turning against his/her own organization could be many.

Having said all that, we conclude that the term “Ethical Hacking” has caught the attention of almost every computer literate person or even some people who have just heard of computer and its miracles, but they don’t get a clear picture of even very basic things about this buzzword of industry.

Here are some links that you might find interesting:

The article is written by Mr. Yasir Mehmood.

Posted in Ethical Hacking | Leave a comment

Twinkle twinkle little star, how I wonder which NoSQL database is suitable so far?

NoSQL databases have no longer become an unknown database paradigm, since it has been almost a decade or two after its introduction in the market. Some of the most popular NoSQL databases include MongoDB, CouchDB, Voldemort, Cassandra etc. The use of these databases in the industry, mainly due to their elastic nature and simplified application development, is spreading like a viral disease these days. Everyone tries to use them in their applications, most probably because of their open source nature. But the question arises “Is every NoSQL databases fit for every kind of purpose?” Well, certainly not, partially because all of these databases have different features and schema definitions and partially because there is no single proper way to compare performance of these databases. “So how someone can compare what kind of NoSQL is suitable for their workload?” This is definitely a question to ponder upon.

Some NoSQL databases have their own benchmark tools such as the ones proposed by MarkLogic and Riak etc. One of such benchmarking tool is the open source YCSB (Yahoo Cloud Serving Benchmark) which is initially designed for testing the performance of Yahoo’s PNUTS (a parallel and geographically distributed database system). The main reason of developing YCSB as defined by Brian F. Cooper, the mastermind behind YCSB, is “The purpose of using the Yahoo! Cloud Serving Benchmark (YCSB) is to develop a framework and common set of workloads for evaluating the performance of different databases”. YCSB is mainly designed for evaluating the performance and scalability of NoSQL and “Cloud based” data stores. These are the two main tiers used for the evaluation of NoSQL databases though YCSB Benchmark. On one hand, the performance tier (tier 1) calculates the throughput and latency of NoSQL databases after increasing the server load, and on the other, the scalability tier (tier 2) measures the scalability of databases by increasing the number of servers and monitoring their performance. However, the configuration of YCSB is quite simple and consists of only two main parts:

  1. The workload generating client – used for generating load and making decisions about which operation to perform, what record to insert of delete etc.
  2. Workload packages – standard and custom defined packages for defining read/write mix operations, request distribution and record size etc.

Once you are done with these configurations and minor tweaking (in case this benchmark is not supporting your database), you can easily generate different comparison reports to compare performance and scalability of various NoSQL databases.  A few of the NoSQL database comparisons benchmarked by YCSB can be found in [1] and [2]. Furthermore, YCSB is also planning to release two more evaluation tiers of replication and availability in future which will definitely the increase the effectiveness of using this tool.

Here are some links which might interests you:

 The article is written by Miss Anam Zahid.

Posted in Database | Tagged | Leave a comment

Breadcrumbs leading to Quality Research !

Lately, in one of the seminars “Do’s and Don’ts of writing a good research paper”, held at CIPS-NUST and conducted by Elsevier personnel, I found many rules of thumb related to how one can productively manage his/her research article, journal and likewise dissertation. Inspired by that, along with my personal experience, I’m sharing some practical tips in this article which might facilitate noobs:

  1. First of all, highlight the methodology and ideas involved in the research you are carrying out. You should have some justified piece of work in hand, with crystal clear reasons and innovative ideas head on. Do extensive background reading before you start writing!
  2. Prepare a tentative “outline” of your write-up highlighting the major sections and subsections for future correspondence to avoid losing track. Follow the outline throughout!
  3. Your argument and evidence should be clear, logical, and creative.
  4. Title of your research paper is the mirror to your research material. Be focused in choosing one!
  5. Abstract of your research paper should be effective because through it, readers can quickly and correctly grasp the gist of the work. Be precise and concentrate on writing your abstract. Moreover, write Abstract and Introduction after you are done writing your whole paper. These two sub-sections are the condensed version of the information you are amplifying in the whole paper.
  6. Cross check the linking between two paragraphs as well as sections.
  7. Try to include as many “authentic” references as possible. Avoid citing Wikipedia.
  8. Take grip on some reference manager such as JabRef (http://jabref.sourceforge.net/) from the very initial stage of reading research papers, else it becomes cumbersome to manage large number of references in the end.
  9. Proof reading and fine tuning the data from the very beginning is a must. Try to read your write-up as many times as possible because every time you read, your paper gets more mature. Peer reviewing is also beneficial for getting fresh perspective.
  10. Present data correctly and accurately. Avoid story-telling. In the end, what matters the most, is the way you put up your work to influence readers.

Some worth considering web links in order to manage your research process are:

  • http://www.mendeley.com [Mendeley is a free reference manager and academic social network that can help you organize your research, collaborate with others online, and discover the latest research.]
  • www.sciencedirect.com [Science Direct is a full-text scientific database which offers journal articles and book chapters from more than 2,500 journals and almost 20,000 books.]
  • http://www.elsevier.com/online-tools/scopus [Scopus is the world’s largest abstract and citation database.]
  • http://journalfinder.elsevier.com/ [Elsevier Journal Finder helps you find journals that could be best suited for publishing your scientific article.]
  • http://www.latex-project.org/ [LaTeX is a high-quality typesetting system; it includes features designed for the production of technical and scientific documentation.]

Remember, you write research papers/ dissertations for fellow researchers, therefore, try to organize it in a way that is easy to understand the knowledge conveyed and don’t forget, it is the quality that matters not the quantity!!

The article is written by Faria Mehak.

Posted in Research | Leave a comment

Tackle Your Abstract Head On !

One of the first things a researcher learns when starting out is the K.I.S.S. principle: “Keep it Simple, Stupid”. Unnecessary complexity, abstract notions, and ambiguity are considered bad writing practices and must be strictly avoided while writing research articles.

The same goes for Abstracts. Reviewers will think you’re a genius if you’re able to take complex subject matter and explain it in a simple, compelling way. Abstract is generally the reduced form of your research article that highlights the key points enclosed, concisely defines its content and scope, and analyses its material in a summarized form. Simply, it’s the minimized version of your research paper.

An effective abstract is the one that allows its reader to quickly and correctly grasp the core idea of the article. After reading the abstract, readers should be able to decide whether or not the presented research is of interest to them.

A perfect abstract must contain statement of purpose, research methodology, research findings, observed results and conclusions. These components do not necessarily have to be presented in the above mentioned order. How the elements are sequenced in your abstract depends on the intended audience. For-instance, if the audience is exclusively or mainly interested in quickly applying state-of-the-art information, then perhaps you would want to discuss your most important deductions and results first, followed by the statement of purpose, research approach and further conclusions and specifications.

 What an Abstract Must Have

Most of the following suggestions come from the American National Standard for Writing Abstracts published by the Council of National Library and Information Associations.

  1. Explain the purpose of your paper. Preferably in one sentence, state the primary objectives, scope of the study including rationale for your research.
  2. In terms of research methodology, clearly state the techniques or approaches used in your study.
  3. Describe your results, the data collected, and effects observed as briefly and concisely as possible. Results could be experimental or theoretical, just remember to reflect that in your abstract. Clearly highlight your motivation and contribution. Give special priority to new and verified findings that contradict existing theories, if any.
  4. The conclusion part should essentially describe the implications of the results: Why are the results of your study important to your field and how do they relate to the purpose of your research?
Additional Tips 
  • Write your paper first, and then write the abstract.
  • Good abstract must not exceed 250 words.
  • Proofread your abstract several times
  • Avoid complex jargons and acronyms — readers do not encourage complicated and unfamiliar terms.
  • Identify your potential audience and aim your abstract accordingly.
  • Find a reader buddy, who can peer review your abstract and explain you what your research is about. Or try the 12-year old nephew test: Could he understand your topic if you explain it? He should. If s/he has issues explaining your research, your abstract possibly needs reconsideration.

A well-structured abstract plays a key role in the acceptance of a research paper, encourages the people to read it and increases its impact. Needless to say, a badly research paper with poor presentation, even with commendable knowledge, has far less probability of being accepted and published.

The article is written by Umme Habiba.

Posted in Research | Leave a comment

What is XACML ?

XACML (Extensible Access Control Markup Language) is an open standard XML-based language designed to express security policies and access rights to information for Web services, digital rights management (DRM), and enterprise security applications. Ratified by the Organization for the Advancement of Structured Information Standards (OASIS) in February 2003, XACML was developed to standardize access control through XML so that, for example, a worker can access several affiliated Web sites with a single logon. XACML is sometimes referred to as Extensible Access Control Language (XACL).

XACML was designed to work in conjunction with Security Assertion Markup Language (SAML), another OASIS standard. SAML defines a means of sharing authorization information, such as user passwords and security clearance, between security systems. A rules engine (a program that examines established rules and suggests behaviors that comply with them) with policies expressed in XACML can compare such information with established criteria to ascertain user rights. The XACML specifications were developed through a collaborative effort of OASIS members including IBM, Sun Microsystems, and Entrust.

Posted in Access Control | Leave a comment