Average CCNA Security Salary

What is the Average CCNA Security Salary?

Employers prefer certified professionals in the field of security to assure information security throughout the network. According to Pay Scale, the average salary for CCNA Security certification holders ranges from $44,147 to $113,790 per year.

One especially fascinating finding of this review is females who hold the CCNA Security certification regularly gain higher wages than their male colleagues, despite the fact they just make up 5% of the individuals who hold the certificates. The standard pay for a female CCNA Security professional ranges from $49,612 to $113,550, while the average male compensation falls between $51,510 to $96,399 annually.

What is the Average CCNA Security Salary by City?

The majority of CCNA Security professionals are located in Washington, D.C., Atlanta, Dallas, Austin and New York. However, the city with the highest average salary was Washington, D.C., with a range of $59,771 to $118,721 per year.

Cities	Salary Range
Washington, D.C.	$59,771 – $118,721
Atlanta, GA	$55,752 – $101,153
Dallas, TX	$49,665 – $96,836
Austin, TX	$65,167 – $90,852
New York, NY	$52,369 – $100,803

What is the Average CCNA Security Salary by Job Role?

You can see from the table below that senior network engineers ($97,615) and security engineers ($87,470) earn the highest wages. Network administrators earn the least at $62,181 per year.

Job	Salary
Security engineer	$87,470
Network security engineer	$86,633
Network administrator	$62,181
Network engineer	$76,768
Senior network engineer	$97,615
Information security analyst	$68,991
Systems engineer (computer networking / IT)	$72,700

What are the Benefits of Becoming CCNA Security Certified?

The CCNA Security certification will create the foundation needed for success in the information security world. It will ensure you have the knowledge needed to perform critical tasks, including designing a routed and switched network infrastructure from the ground up, while recognizing, planning for and defeating threats and vulnerabilities.

How to Hack WiFi (Wireless) Network

How to Hack WiFi (Wireless) Network

Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.

In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.

What is a wireless network?

A wireless network is a network that uses radio waves to link computers and other devices together. The implementation is done at the Layer 1 (physical layer) of the OSI model.

How to access a wireless network?

You will need a wireless network enabled device such as a laptop, tablet, smartphones, etc. You will also need to be within the transmission radius of a wireless network access point. Most devices (if the wireless network option is turned on) will provide you with a list of available networks. If the network is not password protected, then you just have to click on connect. If it is password protected, then you will need the password to gain access.

Wireless Network Authentication

Since the network is easily accessible to everyone with a wireless network enabled device, most networks are password protected. Let’s look at some of the most commonly used authentication techniques.

WEP

WEP is the acronym for Wired Equivalent Privacy. It was developed for IEEE 802.11 WLAN standards. Its goal was to provide the privacy equivalent to that provided by wired networks. WEP works by encrypting the data been transmitted over the network to keep it safe from eavesdropping. 

WEP Authentication

Open System Authentication (OSA) – this methods grants access to station authentication requested based on the configured access policy.

Shared Key Authentication (SKA) – This method sends to an encrypted challenge to the station requesting access. The station encrypts the challenge with its key then responds. If the encrypted challenge matches the AP value, then access is granted.

WEP Weakness

WEP has significant design flaws and vulnerabilities.

• The integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can be compromised by capturing at least two packets. The bits in the encrypted stream and the checksum can be modified by the attacker so that the packet is accepted by the authentication system. This leads to unauthorized access to the network.
• WEP uses the RC4 encryption algorithm to create stream ciphers. The stream cipher input is made up of an initial value (IV) and a secret key. The length of the initial value (IV) is 24 bits long while the secret key can either be 40 bits or 104 bits long. The total length of both the initial value and secret can either be 64 bits or 128 bits long.The lower possible value of the secret key makes it easy to crack it.
• Weak Initial values combinations do not encrypt sufficiently. This makes them vulnerable to attacks.
• WEP is based on passwords; this makes it vulnerable to dictionary attacks.
• Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP does not provide a centralized key management system.
• The Initial values can be reused

WPA

WPA is the acronym for Wi-Fi Protected Access. It is a security protocol developed by the Wi-Fi Alliance in response to the weaknesses found in WEP. It is used to encrypt data on 802.11 WLANs. It uses higher Initial Values 48 bits instead of the 24 bits that WEP uses.  It uses temporal keys to encrypt packets.

WPA Weaknesses

• The collision avoidance implementation can be broken
• It is vulnerable to denial of service attacks
• Pre-shares keys use passphrases.  Weak passphrases are vulnerable to dictionary attacks.

Updated Cyber Security Questions And Answers 2019

Q: What is cybersecurity?
Cyber securities are defined as a group of processes, technologies and practices which are designed in a special way to protect computers, networks, access which are unauthorized and many more.

Q: What do you mean by Cross Site Scripting?
Cross Site Scripting generally tends to refer to an injected attack which is from the side of the client code, where, the one who is attacking has all the authorities in executive scripts which are malicious into an application of web or a website which is legitimate. Such kinds of attack are generally seen where the web application is making use of the non-encoded or non-validated inputs of the users inside the range of the output which is generated.

Q: What does Cyber security work for in a specific organization?
There are mainly three major reasons for which cyber security works: 
1. Confidentiality: Whenever information is transmitted from one place to another, a certain level of secrecy is maintained, which is known as confidentiality.
2. Integrity: This means that whenever there is a need for change in any document stored beforehand or new, it can only be done by an authorised person with proper and secure mechanism. 
3. Availability: Everything that is important should be readily available to the authorized people otherwise there will be no use of such information that is not available. 

 Q: What can you defend yourself from Cross Site Scripting attack?
Like any other injection attack, Cross Site Scripting attack can also be prevented by the use of the proper available sanitizers. Web developers have to have an eye on the gateways through which they receive information and these are the gateways which must be made as a barrier for malicious files. There are software or applications available for doing this, like the XSS Me for Firefox and domsnitch for Google Chrome. Also, the default web application firewall formula, popularly known as ModSecurity Plus will also do the job quite satisfactorily. 

Q: What do you mean by a Botnet?
A botnet is basically known to be a network or a group of computers which are affected by malware and are being constantly monitored by a server which throws the commands. The one is in control of the botnet can impact some serious damage through all those linked computers affected with malware.

Q: Strike the difference between vulnerability, a risk and a threat? 
These three terms are interlinked but they are very different from each other: 
1. Vulnerability: If your security program has a breach or weakness then different threats can further exploit the program and thus hack into your system to access data that is stored securely. 
2. Risk: If your system is not secure enough and has the chances of getting damaged or destruction along with loss of data when a threat exploits the vulnerability, it’s under huge risk. 
3. Threat: Something that is necessary for exploiting the vulnerability either knowingly or by accident in order to damage or destroy personal and official data. 

Q: How can the two factor authentication be implemented for the public facing websites?
The two factor authentication or shortly abbreviated as 2FA acts as another or an extra seal on your already protected account with a password. This two factor authentication can be implemented on public-facing websites like Microsoft, Twitter, Apple, Google and LinkedIn. For enabling such services, one can easily go to settings and then to manage security settings. Here, you will find the option of enabling two factor authentications.

Q: Being a professional, what is more important Threats or Vulnerabilities? 
]Despite the advancements in the security systems with the years, the threats and vulnerabilities have only increased with each passing day. Assessing threats is still not under the control of any high-tech security team. Although, a threat rises from vulnerability, so if we have proper control over them, we can still try and control threats. Secondly, the type of threats remains same but the vulnerabilities are what keep on changing. Thus we need to focus on building something that has a proper defence mechanism and also can track down new vulnerabilities. 

Q: What is the main point of consideration when it comes to the differences between the Stored XXS and the Reflected XXS?
In case of Stored XXS, since Stored XXS is stored in a page which is static, thus, it is directly pulled out and displayed to the user directly as per needed. On the other hand, in Reflected XXS, the user has to send a request first. Now, this request will start running on the browser of the victim’s computer and then will reflect the results back from the website or the browser to the user who has sent the request.

Q: How does the HTTP control the State?
This is a tricky question. HTTP doesn’t and will never control the state. Answers like cookies are still better. The job of the cookies is to provide a gateway to what HTTP can’t do.  In simpler terms, cookies serve as a hack to what HTTP fails to do.

Q: Describe the 3 major first steps for securing your Linux server.
Every system has its own security software’s so for securing your Linux, the first three steps are:
1. Auditing: A system scan is performed using a tool called Lynis for auditing. Every category is scanned separately and the hardening index is provided to the auditor for further steps. 
2. Hardening: After the audit is complete, the system is hardened depending on the level of security it further needs. It is an important process based on the decision of auditor. 
3. Compliance: The system needs to be checked almost every day for better results and also lesser threats from security point of view. 

Q:  What are the techniques used in preventing a brute force login attack?
To avoid brute force login attacks, you generally have three kinds of techniques to go about. The first technique is to implement a policy for account lockout. In this method, an account will be locked out unless and until the administrator himself opens it. The second being progressive delays. In this method, after a few attempts of login, your account will stay locked for the next few number of days. Lastly, use a challenge-response test. This prevents any kind of automatic submissions on the login page.

Q: How can you defend yourself against CSRF attacks?
To defend yourself against CSRF attacks, you can opt for two available methods. Firstly, with every request try to include a random token. In this way a unique string of tokens will be generated which is a good safeguard. Secondly, for each field of form, try using different names. This will somewhat help you in becoming anonymous due to the entry of so many different names and thus will behave as a safeguard from CSRF attacks.

Q: What is the need for DNS monitoring? 
The Domain Name System allots your website under a certain domain that is easily recognizable and also keeps the information about other domain names. It works like a directory for everything on the internet. Thus, DNS monitoring is very important since you can easily visit a website without actually having to memorise their IP address. 

Q: Define the process of Salting and state the use of Salting.

Salting is that process where you extend the length of your passwords by using some special characters. In order to use salting, you must know the entire mechanism of salting and also, it is not that very difficult to be cracked by a person who already knows the concept of salting.
The use of salting is to make your passwords stronger and not easy to be cracked if you are someone who is prone to use of simple or ordinary words as passwords.

Q: State the difference between Symmetric Key Cryptography and Public Key Cryptography.
Both of these cryptography, that is, the Symmetric Key Cryptography and the Public Key Cryptography, does the same job of encrypting and decrypting, thereby, here lies the main difference between them. Thus, the main difference between them is that in Symmetric Key Cryptography, only one key is put into use for encryption and decryption. On the other hand, in the case of Public Key Cryptography, they make use of two different keys. The public key for encryption and the private key for decryption. Generally, the Symmetric Key Cryptography is known to be faster and simpler.

Q: Describe the working of Traceroute. 
Small Time To Live (TTL) values are transmitted through packets via traceroute. This process prevents the packets from getting into loops. After the router subtracts from the given packet’s TTL, the packet immediately expires after the TTL reaches absolute zero. After that the sender is sent messages from Traceroute that exceed the time. When small values of TTL are used, the expiration happens quickly and thus the traceroute generates ICMP messages for identifying the router. 

Q: How will you prevent the “Man-in-the-Middle” attack?
Commonly known as the “Bucket Brigade Attack”, this attack happens through a man who is in between two different parties and controls the complete conversation without the two ends even realising that. The first method to prevent this attack would be to have an end to end encryption between both the parties. This way, they both will have an idea with whom they are talking because of the digital verification. Secondly, to prevent this, it is best to avoid open Wi-Fi networks and if it is necessary then use plugins like HTTPS, Forced TLS etc. 

Q: How encoding, hashing and encryption differs from one another.  
1. Encoding: Encoding converts the data in a desired format required for exchange between different systems. This doesn’t convert it into a secret data, but usable data. It can be further decoded through the same tools when necessary. 
2. Hashing: This serves for maintaining the integrity of a message or data. This way if any day it is hampered or changed, you will get to know. 
3. Encryption: Encryption ensures that the data is secure and one needs a digital verification code or image in order to open or access it. 

Q: SSL and HTTPS: Which is more secure? 
SSL (Secure Sockets Layer) is a protocol which enables safe conversations between two or more parties over the internet. HTTPS (Hypertext Transfer Protocol Secure) is HTTP combined with SSL which provides you with a safer browsing experience with encryption. So, this is a very tricky question but SSL wins in terms of security. 

Q: In encryption and compression of data during transmission, which of them would you do first? Justify with proper reasons.
If I had the option to encrypt and compress data, I would first compress the data. This is because of encrypting a data we obtain a stream of bits which are random. Now, these random bits become impossible to be compressed, in other words, they are incompressible. The reason to why these random bits become incompressible is because of the lack of any patterned structure. Compressing data always requires any specific pattern to be compressed which is lacked in random bits.

Q: Which is more secure? An open source project or a proprietary project?
The securities of these projects depends mainly on the size of the project, the total number of the developers who are working under this project and the one factor, which is most essential as well as important, is the control of the quality. Just the type of project won’t determine its quality, the inside matter of the corresponding projects will matter. 

Q: How do you acquire the Cybersecurity related news?
There are several places from where one might get the best cybersecurity news from but it is important to remember not all of it is correct and precise. So, for the best news related to cybersecurity you can go for Reddit, Team Cymru, Twitter etc. You have to be on top of the news count so that you don’t wait for one to inform you about the recent changes. 

Q: State the difference between Diffie-Hellman and RSA.
The basic difference which lies in both of these is the type of protocol they are. RSA is a protocol which is used for signing or encryption. On the other hand, Diffie-Hellman is a protocol which is used for exchange of key. Also, the RSA will expect that you have all the key materials with you beforehand, which is not the case with Diffie-Hellman.

Q: How to access Active directory from Linux? 
It is quite surprising but you can use Active directory from Linux or iOS system or any other system apart from windows. The directory makes use of the SMB protocol which further can be accessed from a non-windows platform with the help of the Samba program. 

Q: Why is using SSH from Windows better? 
SSH is a connection used on different platforms on appliances for the best security. This hardens your security system against any threat and works well with Routers, SFTP and switches. It works the best with Windows although is compatible with other platforms too. 

Q: How can you make the user authentication process more secure?
User authentication may sound very secure but it is not so secure. You need just the username and password to break into or hack into the authentication of that person. The main way of hardening is by choosing the password accordingly. You can either generate memorable passwords which are secure, passwords based on algorithm, making the use of password vaults, using authentications which are multifactor and highly secure and alternate embedding of the alphabets of a specific memorable word, are the best ways of hardening user authentication.

Q: Is SSL enough for your security? 
SSL is meant to verify the sender’s identity but it doesn’t search in a hard way for more hazards. SSL will be able to track down the real person you are talking to but that too can be tricked at times. TLS is another identity verification tool which works the same as SSL but better than it. This provides some additional protection to the data so that no breaches are formed. 

Q: Differentiate a white box test from a black box test. 
During a white box testing, the team that is responsible for performing the test is informed about the details related to it but in case of black box it’s the opposite. When black box testing is done, the testing team is not given any information and is rather kept in dark. 

Q: What are the different ways in which the authentication of a person can be performed? 
1. Passwords: This is something that the user should know from when they started their activity. 
2. Token: This is something they are provided with and should have it. 
3. Biometrics: This is an internal property of that person registered for verification. 
OTP: A one-time pin or password is sent to the user through which they verify the identity. 

Differences between HTML and DHTML

Some differences between HTML and DHTML:

• HTML is a mark-up language, while DHTML is a collection of technology.
• DHTML creates dynamic web pages, whereas HTML creates static web pages.
• DHTML allows including small animations and dynamic menus in Web pages.
• DHML used events, methods, properties to insulate dynamism in HTML Pages.
• DHML is basically using JavaScript and style sheets in an HTML page.
• HTML sites will be slow upon client-side technologies, while DHTML sites will be fast enough upon client-side technologies.
• HTML creates a plain page without any styles and Scripts called as HTML. Whereas, DHTML creates a page with HTML, CSS, DOM and Scripts called as DHTML.
• HTML cannot have any server side code but DHTML may contain server side code.
• In HTML, there is no need for database connectivity, but DHTML may require connecting to a database as it interacts with user.
• HTML files are stored with .htm or .html extension, while DHTML files are stored with .dhtm extension.
• HTML does not require any processing from browser, while DHTML requires processing from browser which changes its look and feel.

What is a Sniffing attack and How can you defend it?

Introduction

In this article, we will be discussing what is a sniffing attack and how you can save yourself or an organization from a sniffing attack. We will also cover some tools that can be used to perform sniffing and recover information. Sniffing in general terms refers to investigate something covertly in order to find confidential information. From an information security perspective, sniffing refers to tapping the traffic or routing the traffic to a target where it can be captured, analyzed and monitored. Sniffing is usually performed to analyze the network usage, troubleshooting network issues, monitoring the session for development and testing purpose. Since we have understood what basically sniffing is, let’s move on to know how it can be used to perform attacks.  

Define a Sniffing Attack

Remember back in some movies, law agencies, and criminals used to bug the telephone lines in order to hear the calls that a person receives in order to get some information. This is a perfect example of sniffing attacks. This technology can be used to test the telephone lines and determine the quality of the call but criminals used it for their own illegitimate purpose. In the world of internet, sniffing can be performed using an application, hardware devices at both the network and host level. Any network packet having information in plain text can be intercepted and read by the attackers. This information can be usernames, passwords, secret codes, banking details or any information which is of value to the attacker. This attack is just the technical equivalent of a physical spy.

Sniffing motives:    

• Getting username an passwords
• Stealing bank related/transaction related information
• Spying on email and chat messages
• Identity theft

Types of Sniffing

There are two types of sniffing- active and passive. As the name suggests, active involves some activity or interaction by the attacker in order to gain information. In passive the attacker is just hiding dormant and getting the information. Let’s discuss passive sniffing first.

Passive Sniffing:

This kind of sniffing occurs at the hub. A hub is a device that received the traffic on one port and then retransmits that traffic on all other ports. It does not take into account that the traffic is not meant for other destinations. In this case, if a sniffer device is placed at the hub then all the network traffic can be directly captured by the sniffer. The sniffer can sit there undetected for a long time and spy on the network. Since hubs are not used these days much, this kind of attack will be an old-school trick to perform. Hubs are being replaced by switches and that is where active sniffing comes into the picture.

Active Sniffing:

In a nutshell, a switch learns a CAM table that has the mac addresses of the destinations. Basis this table the switch is able to decide what network packet is to be sent where. In active sniffing, the sniffer will flood the switch with bogus requests so that the CAM table gets full. Once the CAM is full the switch will act as a switch and send the network traffic to all ports. Now, this is legitimate traffic that gets distributed to all the ports. This way the attacker can sniff the traffic from the switch.  

Let’s discuss some of the attack implementations in the network 

MAC flooding:

Flooding the switch with MAC addresses so that the CAM table is overflowed and sniffing can be done. 

DNS cache poisoning:

Altering the DNS cache records so that it redirects the request to a malicious website where the attacker can capture the traffic. The malicious website may be a genuine looking website which has been set up by the attacker so that the victims trust the website. The user may enter the login details and they are sniffed right away.

Evil Twin attack:

The attacker uses malicious software to change the DNS of the victim. The attacker has a twin DNS set up already (evil twin), which will respond to the requests. This can be easily used to sniff the traffic and reroute it to the website that the attacker wishes.

MAC spoofing:

The attacker can gather the MAC address(s) that are being connected to the switch. The sniffing device is set with the same MAC address so that the messages that are intended for the original machine are delivered to the sniffer machine since it has the same MAC address set.  

How do you identify a Sniffer?

Identifying the type of sniffer can depend on how sophisticated the attack is. It is possible that the sniffer may go undetected for a large amount of time hiding in the network. There is some anti-sniffer software available in the market to catch the intruders but it may be possible that the sniffers get away with it creating a false sense of security. A sniffer can be software installed onto your system, a hardware device plugged in, sniffer at a DNS level or other network nodes etc. Practical networks are complex and so it becomes difficult to identify sniffers. Since identification is tough, we will be discussing ways to render the sniffed information useless to the attacker.

Protocols vulnerable to sniffing attacks

As we are aware that the network follows a layered approach, each layer has a dedicated task that the next layer adds up to it. Till now we have not discussed that on what layer sniffing attacks happen. Sniffing attacks work on various layers depending on the motive of the attack. Sniffers can capture the PDU’s from various layers but layer 3 (Network) and 7 (Application) are of key importance. Out of all the protocols, some are susceptible to sniffing attacks. Secured version of protocols are also available but if some systems are still using the unsecured versions then the risk of information leakage becomes considerable. Let’s discuss some of the protocols that are vulnerable to sniffing attacks.

1) HTTP:

Hypertext transfer protocol is used at layer 7 of the OSI model. This is an application layer protocol that transmits the information in plain text. This was fine, when there were static websites or websites that did not required any input from the user. Anyone can set up a MITM proxy in between and listen to all the traffic or modify that traffic for personal gains. Now when we have entered into the web 2.O world, we need to ensure that the user’s interaction is secured. This is ensured by using the secured version of HTTP i.e. HTTPS. Using https, the traffic is encrypted as soon as it leaves layer 7.

2) TELNET:

Telnet is a client-server protocol that provides communication facility through virtual terminal. Telnet does not encrypt the traffic by default. Anyone having access to a switch or hub that connects the client and the server can sniff the telnet traffic for username and password. SSH is used as an alternate to the unsecured telnet. SSH uses cryptography to encrypt the traffic and provides confidentiality and integrity to the traffic.  

3) FTP:

FTP is used to transfer files between client and server. For authentication FTP used plain text username and password mechanism. Like telnet, an attacker can sniff the traffic to gain credentials and access all the files on the server. FTP can be secured by sung SSL/TLS or can be replaced by a more secured version called SFTP (SSH file transfer protocol). 

4) POP:

It stands for Post office protocol and is used by email clients to download the emails form the mail server. It also used plain text mechanism for communication hence it is also vulnerable to sniffing attacks. POP is followed by POP2 and POP3 which are little bit more secure than the original version. 

5) SNMP:

Simple network management protocol is used for communication with managed network devices on the network. SNMP uses various messages for communication and community strings for performing client authentication. Community strings in effect are just like password that is transmitted in clear text. SNMP has been superseded by SNMPV2 and V3, v3 being the latest and most secure.

Top Sniffing tools

Wireshark:

An opensource packet capturer and analyzer. It supports Windows, Linux etc. and is a GUI based tool (alternate to Tcpdump). It used pcap to monitor and capture the packets from the network interface. The packets can be filtered basis IP, protocol and many other parameters. The packets can be grouped or marked basis relevance. Each packet can be selected and dissected as per need. 

dSniff:

It is used for network analysis and password sniffing from various network protocols. It can analyze a variety of protocols (FTP, Telnet, POP, rLogin, Microsoft SMB, SNMP, IMAP etc) for getting the information.
Microsoft network monitor: As the name suggests it is used for capturing and analyzing the network. It is used for troubleshooting the network. Some of the features of the software are Grouping, a Large pool of protocol support(300+), Wireless monitor mode, reassembly of fragmented messages etc.

Debookee:

It is a paid tool that can be used to monitor and analyze the network. It is able to intercept and analyze the traffic from devices that are in that subnet, irrespective of the device type (Laptop, devices, TV etc). It offers various modules:

• Network analysis module: scan for connected devices, Intercept traffic in a subnet, TCP port scanner, Network analysis and monitoring of HTTP, DNS, TCP, DHCP protocols, Analyse VoIP calls etc.
• WiFi monitoring module: Details of access points in radio range, wireless client details, wifi statistics etc.
• SSL/TLS decryption module: Support for monitoring and analyzing secured protocols.

Precautionary measures against Sniffing attacks

1. Connect to trusted networks: Do you trust a free Wi-Fi offered by the coffee shop next door? Connecting to any public network will have a risk that the traffic might be sniffed. Attackers choose these public places exploiting the user’s lack of knowledge. Public networks are setup and then may or may not be monitored for any intrusions or bugs. Attackers can either sniff that network or create a new network of their own with similar names so that the users get tricked into joining that network. An attacker sitting at an airport can create a Wi-Fi with the name of “Free Airport Wi-Fi” and the nearby users may connect to it sending all the data through the attackers’ sniffer node. The word of caution here is that you should only connect to the network you trust – home network, office network etc.   
2. Encrypt! Encrypt! Encrypt! : Encrypt all the traffic that leaves your system. This will ensure that even if the traffic is being sniffed, the attacker will not be able to make sense of it. One thing here to be noted is that security work on defense in depth principle. Encrypting he data does not mean that now everything is safe. The attacker might be able to capture a lot of data and run crypto attacks to get something out of it. Use of secured protocols ensures that the traffic is encrypted and renders security for the traffic. Websites using https protocol are more secure than the ones that use HTTP – how is that achieved? Encryption.    
3. Network scanning and monitoring: Networks must be scanned for any kind of intrusion attempt or rogue devices that may be setup in span mode to capture traffic. Network admins must monitor the network as well so as to ensure the device hygiene. IT team can use various techniques to determine the presence of sniffers in the network. Bandwidth monitoring is one, an audit of devices which are set to promiscuous mode etc.

Basic Statistics

Basic Statistics

Collecting and analyzing data forms a major part in a Six Sigma project or any other continuous improvement initiative. All of the stakeholders in a Project, right from Champions to Yellow belt members must be aware of the basic Statistics used. Though the Green belt and Black belt members will own the responsibility of analysis, knowledge of the basic statistics is necessary to identify the type of data, to collect the data in the right format, and various other requirements. 

§  Types of Data: What types of data exist actually and how to identify the type of data

§  Descriptive Statistics: What measures describe the property or nature of the data being collected

§  Normal distribution: Most of the statistical tools and analysis are developed for Normal distribution. If the underlying data is not normal, then the data is transformed into normal with the help of some tools.

§  Types of Data

§  There are two broad categories of data: Qualitative and Quantitative data. The name itself indicates that the former cannot be quantified in numbers whereas the later can be.

The below tree will explain the types of data simply and clearly:

Descriptive Statistics

As most of the data that we use are continuous, let us learn about how the data can be studied and interpreted.

A population or sample can be represented in two ways: i) Measures of Central Tendency ii) Measures of Dispersion.

A distribution can be best described by the above two measures: how good are the data points lying around the central value and how are they spread around this central point. Thus measures of central tendency finds out the central point of the data and measures of dispersion try to find the spread of the data.

Measures of Central Tendency

a. Mean: It is the arithmetic average of all values:

Mean = Sum of all values /Total number of values

b. Median: It is the central value of the data points, when arranged in ascending or descending order:

Mean = (n+1)/2th value

c. Mode: It is the most frequently occurring value in the data set.

Based on the nature of data, any one of these is used.

Measures of Dispersion

a. Range: It represents the gap between the highest and lowest value in the group.

Range = Maximum value – Minimum Value

b. Inter-Quartile Range: It represents the gap between the mid 50% values, when the data is arranged in ascending order. The data can be divided into four quartiles.

First quartile value = (n+1)/4th value
Third Quartile Value = 3(n+1)4th value
Second Quartile Value = 2(n+1)/4th value = (n+1)/2th value, which is the Median value
IQR = Third Quartile Value – first Quartile Value

c. Standard Deviation (σ): It represents the deviation of all the data points around the mean (µ).

d. Variance: Variance is the squared value of standard deviation. It magnifies the deviation value and thus is used in fields where even a small variation is very critical.

Thus, the entire population or data set can be described by these two parameters. They form the preliminary observation of any data before proceeding to choose further analysis.

Normal Distribution

Any population has numerous data points spread in different ranges. There are a lot of distributions that exist when they are plotted in a frequency plot. Normal distribution is one of them and the most frequently used one also. A Normal Distribution can be characterised by two values: Mean and Standard deviation. The Normal distribution looks like a bell shaped curve. The peak central value represents the mean and the tapered ends represent the maximum and minimum values. The size of standard deviation determines the width of the curve. Higher is the SD, the curve looks broad. Lower the SD, the narrow is the curve, for the same Mean.

The above diagram explains how the data points are spread differently for the same mean and different standard deviations.

The entire concept of Six Sigma (99.9997% of values falling within six standard deviations), Control charts, Process Variation reduction, and many others revolve around this Normal curve. Thus it becomes very much necessary to understand the normal distribution.

Knowing the types of data, how to represent the data in descriptive statistics and Normal distribution lay the foundation for Statistical data analysis.