I.T. Laboratory

I.T. Laboratory
YOU IMAGNE, WE CREATE

What Are We????

THANK YOU FOR VISITING US.


We are a department of Information Technology in Padmabhushan Vasantdada Patil Prathishthan`s College of Engineering. You can see & come to know about the different activities going around in our dept. Also you can check out the conversations on different issues regarding the Information Technology field that`re talked about on this blog. Many newly updated information in the field of Information Technology you can get to know here.

Monday 23 April 2012

These are few earlier Question papers for reference of Second year I.T. Engineering (Semester 4):
  December 2010



  May 2010

Posted by at No comments:
These are few earlier Question papers for reference of Second year I.T. Engineering (Semester 4):
  December 2011



  May 2011




Posted by at No comments:
Examination Time Table for the 1st half of 2012 is out.
All the best to everyone!!
Posted by at No comments:
Congratulations to Students & Faculty of Information Technology! Our Department of Information Technology has been Accredited for 3 years. Hope we continue the good work together.
Posted by at No comments:

Tuesday 20 March 2012

Data protection: It's often about locking the front door

Organisations, regardless of industry and size, continue to face costly data breaches, but the common attack methods are not necessarily sophisticated and obscure.
So what are the most common ways criminals are getting access to corporate networks?
In many cases, it is through obvious doors into the organisation, such as legitimate remote access applications, according to John Yeo, director of Trustwave SpiderLabs, Europe.
In the past year, his team has collected data from 300 data breach investigations in 18 countries, 2,000 penetration tests and more than two million vulnerability scans, and published its findings in the Trustwave 2012 Global Security Report.

Remote access entry points

The data reveals that in 62.5% of cases, attackers were able to harvest data in transit within the victim organisation through remote access applications used by internal staff, contractors and supply chain partners.
"The first problem is that most of the organisations targeted in this way do not know which of the thousands of apps they use provide remote access," Yeo told Computer Weekly.
In many cases, he said, access points are set up by individual business units or support organisations that those responsible for IT security are not aware of.
According to the Trustwave report, a third party responsible for system support, development or maintenance of business environments introduced the security deficiencies exploited by attackers in 76% of cases investigated.
"Outsourcing of system admin is a major risk factor associated with compromise," said Yeo. "Non-functional security requirements are often left out of outsourcing contracts because the focus is on getting the job done."

Weak passwords leave systems open to attack

In several cases, investigators found that systems integrators had used the same password across all customers. "Criminals know this, so when they find a password, they will try that password on all the customer organisations they are able to identify," said Yeo.
This make many of the organisations relatively easy to target because they are still using weak or default administrator passwords, he said.
Analysis of two million real-world passwords used within corporate information systems found that 5% of them used weak passwords such as "Password1" and 1% based on the word "welcome".
"Password1 is commonly used by admins because it satisfies the minimum requirements of eight characters, at least one upper-case letter and at least one number," said Yeo.
Many companies set up passwords such as "Wecome123" for new starters, which users often fail to change, but it all boils down to poor administration, he said.
In one instance, TrustWave SpiderLabs found that attackers were able to compromise as many as 250 unique critical systems at a single target location by exploiting duplicate credentials.

Breach detection should be better managed

The next weakness shared by 84% of organisations hit by breaches investigated by Trustwave SpiderLabs was the inability to detect that their IT systems had been compromised.
According to the Trustwave Global report, only 16% of the organisations breached had detected the data compromise themselves. The remainder had been informed of the breach by third parties.
"There is still a huge reliance by organisations on regulatory bodies, law enforcement and credit card payment processors to know if they have been compromised," said Yeo.
Investigations show that on average the time between intrusion and detection is about six months, compared with just 43 days in organisations that have self-detection capabilities.
There is still a huge reliance by organisations on regulatory bodies, law enforcement and credit card payment processors to know if they have been compromised John Yeo, Trustwave SpiderLabs
An allied problem, said Yeo, is that often when someone within an organisation has noticed an anomaly, nothing has been done. "It is not just about having detection technologies, organisations also need to have the correct processes in place to ensure action is taken when required," he said.

Central control is desirable

In this regard, Yeo said it is also important for organisations to be able to correlate security information across all IT systems. "It is difficult to take action when relevant data is isolated in various silos within the business," he said.
The absence of a central information security view or control over applications is common among highly vulnerable organisations, according to Yeo.
A single top-down approach to applications is enabled only when organisations have visibility across their entire application portfolio. "Knowing what you have got is essential to being able to rate applications according to their criticality to the business or of the information they process, and assign the appropriate protections based on that rating," he said.
Yeo said organisations should have a more data-centric approach to security because data is what they ultimately want to secure. "In theory, at least, if data is secure, it is less important who has access to the network," he said.

Tips for protecting corporate networks

What other simple things can organisations do to improve their resistance to attack?
There are several quick wins, said Yeo. First, organisations need to set up systems in such a way that it is impossible to use weak, blank or easily guessable passwords.
"If an attacker is able to get into a network user's account, even if they are on a low level, it is just a matter of time before they can work their way up to getting into an admin account, and then it is game over," he said.
Second, organisations should standardise on the hardware and software used by everyone to make security and management easier. "In a standardised environment, it is less likely that IT will forget to update systems as they will have a better view and understanding of what is going on," said Yeo.
Third, organisations should continually work to raise the security awareness of IT users that is appropriate to each individual's role in the business, including contractors and other third parties that have access to corporate systems.
It is also worth noting that organisations which score highly in penetration testing typically use two-factor authentication methods. "This makes it more difficult for attackers to gain entry through automated password guessing," he said.
More resilient organisations also typically use web application firewalls, which provide a base level of protection against many common web-based attacks, said Yeo.

New data protection rules

Will the proposed EU data protection framework help foster better security?
Yeo believes it will. "In many organisations, data protection is seen as an IT problem, but the proposed regulations require company directors to take ownership," he said.
The regulations also make breach disclosures mandatory, which means ignorance is not a defence for non-disclosure, therefore knowing what is going on will be a basic requirement of company leaders.
Posted by at 1 comment:

About Our Department

Information Technology is one of the few sectors which are not stagnant. Knowledge of the techniques alone is not enough, it is equally important to upgrade the knowledge then is exactly what the objective of IT department.
This department was established in the year 1999-2000. The department is headed by Prof.V.E.Narawade. The performance of IT department has been consistent from the time of its inception. The department has produced university toppers consistently and regularly. The staff members are also well qualified, versatile and dynamic. 80% of our staff is ME and 50% of our staff are pursuing PhD Program.
The department is well equipped with a good number of PCs and workstations hosting several software packages like oracle, Rational Rose, NET & SQL Server. Three well equipped state-of-the-art laboratories are linked through LAN. The department PCs are having internet connectivity. The internet server having a proper software to make the institute secure from unauthorized access.
Posted by at No comments:
Subscribe to: Posts (Atom)