10-05-2021 Issue 9

Technology Newsletter
SYSADMIN @ Jocata -
Network Management and Data Security Initiatives

Many organizations around the world have already embraced work-from-home practices to ensure business conti-
nuity and limit employee exposure to COVID-19 infection. In this regard, Jocata has strongly encouraged its employ-
ees to work from home and insisted on practicing health and hygiene guidelines and other safety protocols set by the
government, for keeping themselves and their families safe.

Needless to say that the pandemic has brought a profound change in terms of how we conduct our business with
more than 70% of our staff working remotely. This laid a massive emphasis on infrastructure availability, network
management, and cybersecurity.

Also, with Jocata being an ISO 2700:2013 standard organization, it is imperative that we implement and practice in-
formation security standards and controls that help us in establishing, operating, monitoring, reviewing, maintain-
ing, and continually improving our Information Security Management Systems (ISMS). These recommendations are
very useful in conducting our business smoothly without compromising on data security.

Infrastructure Availability
Jocata’s head count has grown rapidly in the last year. We are now around 500+ employees in Jocata. Increase in the
number of employees means increase in the IT ticket volumes. We ensure that any ticket raised to IT Support is re-
solved within a time frame of 2-4 hours. To achieve this target, we have spilt our IT Administration team in to two
sub-teams:
• SysOps (System Operations) SysOps DevOps

• DevOps (Development Operations) The SysOps team handles all
the tickets related to infrastruc-
ture requirements such as
SysAdmin@Jocata 1 hardware and software compo-
Inside this issue:
The DevOps team handles the
tickets related to configurations,
deployments, migrations, and
backup creations. Besides these,

nent requests, and requests the team also takes care of

This Month in Technology History 5 related to various network fa- onboarding and offboarding ac-
cilities required for an employ- tivities such as providing access
Expert Tips ee to start working. to repositories, configuring Gerrit
5
accounts, and giving access to
Maven central repository.
Puzzle Section 6
 Page 2 Technology Newsletter

SYSADMIN @ Jocata (contd..)

The workload is distributed between these two teams, and the tickets are assigned to the team members based on the
type of ticket and the amount of work they are handling.

Creating Tickets
Creating IT Support requests is now made easy, as
We created new Microsoft Excel templates for differ-
Jocatians can raise their requests to the SysAdmin team
ent types of IT support requests/processes, which all
either through email or YouTrack. We have automated the
the employees need to follow and update the details
IT Support Ticketing process in a way that whenever an
in the respective templates and attach the same,
employee sends an email to its@jocata.com a ticket is au-
whenever they are raising a ticket in YouTrack or
tomatically created in the YouTrack and the same is as-
sending an email to the IT Support team.
signed to either L1 or L2 member in the SysAdmin team,
in Round-robin method.
The following table lists the links to IT Support pro-
Similarly, the employees can send DevOps related re- cess templates that the employees need to use as per
quests to devops@jocata.com. The tickets get auto created their requirements.
in the YouTrack and assigned to the team members in
DevOps division.
Request Type Link to the Templates
As mentioned earlier, the team tries its best to address
and close a request within 2 to 4 hours, after it is raised.
New Server Request
However, this is not always possible.
Form

For example, VPN access requests raised by new joiners

for different servers or installation of software on their Server Request Form
systems. There is a high possibility of delay as the new IT Request \Templates**
joiners themselves send support requests to SysAdmin VPN Access Request
without approval from their immediate reporting man-
agers, vertical heads, or owners of the respective serv- Gerrit New Project
ers. This results in the exchange of back-and-forth Or Branch Request
emails and causes a delay in closing the ticket.
Gerrit Project Access
To avoid this, we laid out a strict process where the re- **You must connect to VPN to access the Link.
spective team leads/vertical heads of the new joiners need
to send the requests to the SysAdmin team with required Providing the details as specified in the above men-
tioned templates helps us to understand the request,
information and approvals from the corresponding own-
verify the approvals, and do the needful within the
ers (server owners in case of VPN access), on behalf of
stipulated time.
their new team member(s).

Network Management
Optimum network performance at all levels is an important aspect of our business. To ensure our network is up and
running all the time, we have deployed a network monitoring and management tool called Zabbix. Zabbix observes
every portion of our network and automatically:

• collects network performance and utilization information to support service level agreements.
• provides network health report alerting the SysAdmin team whenever the disk space is low, device status reach-
es a critical state, device temperature is too high, etc.
• determines required network modifications to improve performance and supports increasing demands.
• alerts the team when configuration changes such as adding or deleting devices from the network, modifications
in the device serial numbers, etc, are identified.
 Page 3 Technology Newsletter

SYSADMIN @ Jocata (contd..)

In simple terms, the Zabbix tool monitors our servers and

focuses mainly on:

• Server Availability
• User Management
• Company Files and Directory Access Management
• Disk Space Management

Providing VPN Access

Whether it is working from remote locations or office
premises, we provide VPN (Virtual Private Network) ac-
cess to all our employees, by default. VPN provides an ad-
ditional layer of security to our data when the same
moves from our core systems to external machines, by
routing the data through secured virtual tunnels. Only the
users with the correct key can access the data in these
encrypted tunnels.

A good VPN service:

• hides the IP address without any hassle

• encrypts data transfers in transit
• masks the location, thus providing anonymity and
security

Considering the current crisis where most of our employees are working from home, we have streamlined our VPN
Access Request process where the SysAdmin team verifies:
• credentials of the employee who raised the VPN access request
• resource for whom the VPN access is required
• reason why the resource needs VPN access
• access approvals from the server owners

Only when all these details are accurate, the team provides VPN access to the resource. Adherence to this process
ensures that we are providing right access to the right resource (Refer IT Support Process Templates).

Usage of TeamViewer
In addition to deploying VPN in all the machines, we also use TeamViewer, a remote access and remote-control
software which is used for troubleshooting the issues and for installation and uninstallation of software on differ-
ent machines, and so on.
TeamViewer offers another layer of security to our data, as it connects to the employee’s machines only through
the automatically generated unique IDs and passwords. The tool works only within Jocata’s network and the data is
transferred completely through the secured channels. Another key feature of the tool is, the TeamViewer network
servers verify the validity of the IDs of both the endpoints, before establishing a connection. (For information on
security aspects of TeamViewer refer to https://en.wikipedia.org/wiki/TeamViewer.)
 Page 4 Technology Newsletter

SYSADMIN @ Jocata (contd..)

Data Leak Prevention (DLP) Policy Guidelines on Using Company Assets

Our Data Leak Prevention strategies ensure that our data
at rest and data in use are safeguarded. The antivirus and
AI integrated security software used for DLP:
• does not allow sharing a piece of code or WAR files be-
tween two systems within Jocata’s network.
• monitors and stores every activity performed by an
employee, such as sharing of files, adding and deleting
details from the system, URLs accessed, etc. When an
activity is performed more than once or repeated multi-
ple times, the software sends a notification to the Sys-
Admin team regarding the same.
Password Reset Activity
As part of our stringent security policy, the SysAdmin team
conducts automatic password reset activity every quarter
using Ansible, an IT automation engine and configuration
management tool, where the passwords of all our servers
are reset and redefined. This provides clear details about
the number of users who have access to a specific project
before and after the activity is performed. The team con-
ducts the password reset activity during weekend, to make
sure there is no disruption in work during the weekdays.
(For more information on Ansible refer to https://
www.ansible.com/)
Besides, we are also encouraging our employees to change
their system passwords frequently for additional security.
If an employee enters incorrect password more than five
times, the system gets locked, and he/she needs to contact
the SysAdmin team to unlock the system.
The SysAdmin team has defined a formal process
for providing and tracking the company assets giv-
en to the employees. The team has shared several
emails with guidelines to our employees on how to
use company assets properly.
Additionally, the team also shared a telecommuni-
cating agreement between Jocata and the employ-
ees, which has stern terms and conditions on using
Jocata assets, where the employees ought to:
• use company technology only for conducting
company business.
• use company equipment with proper care and
protect it from any damage.
• contact SysAdmin team immediately for any
technical assistance.
• return all company equipment within 15 work-
days, if the telecommunicating agreement is ter-
minated or upon request by the company.
Creating Awareness
At Jocata, we do not compromise on security and
we have been educating our employees on adher-
ing to our data security policies from time to time,
be it working remotely or from office premises.
We are sharing interactive quizzes and emails with
tips and tricks on information security, strong
password policies, phishing emails, and so on to
promote cyber security awareness among our em-
ployees.

With enough preparedness, and by having necessary infrastructure in place, deploying highly scalable and AI inte-
grated network management and security monitoring tools, streamlining the IT Support ticketing processes, imple-
menting cybersecurity guidelines to minimize data breaching activities, and also training the employees on efficient
and safe usage of Jocata assets, we, the SysAdmin team is persistent in making sure every Jocatian is working
smoothly without any hindrance while protecting our sensitive data.

Benston Kodamala and Kuladeep Velaga - Thank you for

sharing your valuable knowledge with us.
 Page 5 Technology Newsletter

T H I S M O N T H

Technology History
May 23, 1994, marks the first appearance of Java, a class-based, object-oriented programming language. It was
James Gosling who created Java, teaming up with his colleagues at Sun Microsystems Inc. (acquired by Oracle in
2010). The idea was to come out with a virtual machine and a language similar to C/C++, which could offer greater
uniformity and simplicity. Gosling’s ‘Green Team’ started the project in June 1991, adopting the file extension ‘.gt’.
Later, the project was named OAK, until eventually renaming it as ‘java’. Java is not an acronym, but a type of es-
presso bean. Hence the logo sports the picture of a coffee cup.
In 1995, Java 1.0 met its first public implementation. Java came along with a tag ‘Write Once, Run Anywhere’ due to
the cross-platform benefits such as writing source-code once and reusing it across platforms, faster development,
wider market reach, and so on. The evolution of the language over the past 25 years, from being used in digital ser-
vices such as Set-top boxes, VCRs, etc, to becoming platform-independent, robust, architectural neutral, secured,
and so on, is what differentiates Java from other compiled languages such as C++ and C. Therefore, Java is consid-
ered as one of the most successful and widely-used programming languages for creating any web application.

EXPERT TIPS Security Tips When Working From Home

Work-from-home has become more popular nowadays. Most IT professionals have been working from home con-
tinuously for more than a year now because of Covid-19 pandemic and lockdown. The companies instruct their
employees to exercise precautions and follow basic security measures to maintain data privacy and security. How-
ever, working from out of office could compromise their computer to cyber-attacks unlike an office environment.
Here are a few tips that help you in preserving your organization’s data from cyber-attacks:

Unique Router Password Device Encryption

The default password of a Wi-Fi Router is generic.
Cybercriminals decrypt these default passwords to
gain access to home routers and access the connect-
ed devices. Therefore, it is highly recommended to
use unique router passwords. Moreover, regular
firmware updates could offer protection against
exploitation of vulnerabilities.
Separating Work and Personal Devices
Use separate devices for your personal purposes,
such as for paying bills, online shopping and so on.
Using your computer for such purposes can allow
exploitation of data in the computer, especially
those confidential to your business.
Encryption is a process of applying password, PIN, or bio-
metrics access to the computer. A computer enabled with
encryption denies access to any unauthorized user.
Updating Device
Most modern-day devices apply updates automatically.
However, restarting your computer ensures successful in-
stallation of the updates.
Additional Security Through Antivirus Software
Malware attacks can cause data corruption, in addition to
allowing an external user access to a computer. A good an-
tivirus software offers universal protection against all such
viruses and malware attacks. It is recommended that you
keep your anti virus program up-to-date.
 Page 6 Technology Newsletter

Expert Tips (contd..)

Recognizing Phishing, Spear Phishing, and
Whaling Attacks
Email-based scams or malicious email attachments pro-
vide media for Phishing, Spear Phishing, and Whaling
attacks. Verifying the complete email address of sender
before opening any attachment or responding to the
email prevents such attacks. Email received from out-
side of Jocata domain usually comes with a caution.
Browser Plugins
Browser plugins from unknown or unidentified devel-
opers can retrieve relevant information including cre-
dentials from the computer. You must avoid installing
such plugins.
Securing Web Applications with HTTP Strict
Transport Security (HSTS)
This web security policy mechanism allows web
browsers to access websites only via secure HTTPS
connections (and never HTTP). This ensures protec-
tion of your websites from protocol downgrade and
cookie hijacking attacks.

Working from home can also expose physical security of the computers. Although automatic locking is enabled in
most office computers when unattended for a pre-set time, locking the device manually prevents anyone from ac-
cessing the computer. Furthermore, storing the device in a locked cupboard or so will avoid devices from being
stolen. Practicing these measures provides a secure workspace at home as that of an office workspace.

Puzzle
Cyber Security

Across

2. An automated software testing technique which feeds random, invalid data to monitor behavior of a computer
program.
 Page 7 Technology Newsletter

Puzzle (contd..)

Across (contd..)

4. A technique intended to distract hackers from a real target with a fake target (a computer or data) and make
them pursue it.
6. An Internet standard protocol that allows email clients to retrieve email messages from a remote mail server.
8. A software which secretly monitors and captures keystrokes made by user.
10. A process in which fraudsters create a fake social media account for financial gain or stealing data.
12. The inherent risk and nature in IT technologies and systems are evaluated by trained and skilled profession-
als known as IT _____.
13.The amount of data that can be transferred between two points in a network within a specific interval.

Down

1. The process of verifying a user identity, process or device before allowing the user to access resources in a
system.
3. A computer program used to test and detect issues in a target program.
5. An entity designed to securely manage data flows across connected networks from different security do-
mains.
7. A basic mechanism that denies access for the items on the list.
9. A set of software tools that disguises itself in the system and allows privileged access and control to an unau-
thorized user.
11. The percentage of time of operation or availability of a computer or a machine.

Send your answers to tech-writers@jocata.com

Answers for the Last Month Puzzle

1. Artificial General Intelligence (c)

2. 1/126 (d)
3. Performing the tasks that are human-like (b)
4. Anomaly detection
5. 78 (a)
Page 8
Technology Newsletter