Vipin Kumar Tiwari

AAA stands for Authentication, Authorization & Accounting. AAA is an information security framework used for controlling access to computer resources, enforcing policies & tracking for auditing usage of resources required for billing of resources.                           AAA used to control which user is allowed to access the network resources by comparing user's login credentials (user id & password) with AAA server's database (Active Directory) stored user credential data called Authentication, authorize that user for performing a pre-defined task as per roles & responsibilities set in the database (enforcing policies) called Authorization and tracking the actions performed while accessing the network called Accounting. Here AAA server acts as an Identity & Access Management Tool. For example, administrator can access a network device by using console normally.  In case of accessing networ...

OWASP Top 10 is an awareness document mentioning top 10 most critical risks in web application security which is regularly updated by an international non-profit organization called Open Web Application Security Project, dedicated to web application security. 1. Broken Access Control Broken access control vulnerability allows attackers to read / view sensitive data and carry out actions that they are not authorized to carry out. As an illustration, consider a website allows only admin users to view its admin pages and protected from regular users. If access control is compromised, an unauthorized user can read private data belonging to other users, gain access to admin and carry out actions that they are not intended to. Example of such type of vulnerability is Insecure Direct Object References (IDOR). Consider a user on a website uses following URL to access his / her account: https://xyz.com/user_acct?user_num=123 Using the URL, user retrieving his information from the database in th...

TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a standard protocol suite used to facilitate communication between network devices over the internet which consists of two components TCP and IP. TCP/IP is a compact form of OSI model. Unlike the OSI model, which has seven layers, it has four layers. The data is divided into packets by the TCP/IP Model at the sender's end, and in order to preserve data correctness, the same packets must be reassembled at the recipient's end. The data is divided into four layers by the TCP/IP paradigm, which arranges the data in a sequential fashion at the sender's end and reorders it at the recipient's end. Network Access Layer: A combination of Physical layer & Data Link layer defined in OSI model, responsible for the transmission of the data between two devices over network. Ethernet protocol is used by this layer. Network Layer / Internet Layer: It is responsible to send the packets from a network to the des...

Application architecture diagram shows how a software application is structured internally, including its components, services, data flow, and interactions. It often includes layers like presentation, business logic, and database storage, describes how software modules interact with one another and with other necessary resources, such as databases and middleware. In addition to being application-specific, architectures can also be business- or industry-specific. A repeatable solution to an issue is described by a pattern. Application architectures that are more generic can be developed by connecting patterns. It is possible to make advantage of pre-existing design patterns rather than entirely developing a new architecture. The application architecture includes both front-end and back-end services. While back-end development concentrates on granting access to the data, services and other current systems that enable the app to function, front-end development works with the user experien...

Computer Network Architecture is a physical design or layout which includes hardware, software, their connections, protocols used as well as communication channels within an organization or across the internet. This focuses on how devices, servers, and systems connect within a network. It illustrates routers, switches, firewalls, communication flows, and protocols, ensuring smooth data transmission and security. Types of Network Architectures 1) Peer-to-Peer (P2P) Model:  A network in which all computers / peers are connected with each other. Every computer is a node & working as a client & server both. It requests and provides resources to other nodes without the need for a central authority or server.                      Usage: *  It is used in a file-sharing applications using BitToorent communication protocols or small number of computers are in use ( BitTorrent enables users to distribute dat...

The OSI (Open Systems Interconnection) model is a conceptual framework or guidelines used to understand and describe different networking protocols interacting within a computer network, developed by the International Organization for Standardization (ISO) in 1970s to create a standardized or structured way of discussing and understanding the complexities of network communication. The OSI model divides network communication into seven distinct layers, each one is responsible for specific tasks, organized in a hierarchical manner, with each layer building upon the services provided by the layer below it, ensures that data moves from its point of origin to its destination efficiently and accurately. The block diagram of seven layers are as follows: Physical Layer (Layer 1): Physical layer lies at the base of the OSI model, focusing on the transmission of raw data bits through physical mediums such as cables, fibers, or wireless connections. It defines attributes like voltage levels, dat...