INFO300 - IT Infrastructure & Security - Spring 2012

Current Stuff as at May 14th:

F I N A L Grades are posted.

Exam Times: The 12:30 section's exam time is Tuesday May 8th at 1:00 thru 2:50. Quiz #3 will be given at the Exam Time for your class. An 'exit exam' is required of all students, will count 5 to 10 points depending on your placement in the class' ranking. The 9:30 section's exam was Thursday May 3rd at 1:00 thru 2:50. If you want to take the optional exam, made up of questions from Quizzes #1 and #2, you may take it after Quiz #3 and add 30 points to your total -- Points earned on the exam will be posted back to the prior quizzes -- this gives an opportunity to raise a score a letter grade or two.

The Hands On Linux portion and Tech Marketplace Brief will be skipped this semester -- new topics have crowded this part out. Get your hands on linux asap if you're heading toward Network Management, let me know if you want an account at, or if I can help in some way. To avoid disappointments for those who were counting on 'project points' max points will be posted for everybody.

Quiz #1 & #2 Topics have been moved to the bottom of the page.

Quiz #3 Topics & Dates:

(4/24) Any discussion of Software these days needs to start with the admonissions that security should be _designed_ into systems, that it's not always feasible to _add_ security to a system without it, and that a system's first security breach may result in the failure of the system's owners' enterprise or organization. As at 2012, IT Professionals have developed a legacy of standards and recommendations for securing and operating information systems -- ignorance of them is no defense against blame or liability claims when a system is robbed of 'sensitive' data or it is otherwise lost or corrupted.

Most security breaches are the fault of application software, not the operating system. For example: WordPress, the heart of more than 300,000 of the blogosphere's engines, has had a recent spate of vulnerabilities in the add-on applications available for WordPress which made inappropriate disclosure of personal information or allowed destruction or defacement of the stuff of blogs.

Windoze and the *ixes (Linux & proprietary unix) all provide super-adequate capabilities for securing an application environment's OS, DBMS, mail and Web servers. But much of a typical application environment's security is provided by the application software.

Most of the 'vulnerability' in systems today comes from poorly designed or detailed application software that fails to provide 'non-repudiation', 'version control', 'authentication & authorization' or other pillars of system security.

Here are some links about security issues in application code: Top 25 Most Dangerous Software Errors; SANS provides Top 20 Security Controls, and with a practical guide stated as Critical Security Controls. CyberCiti suggests20 Linux Server Hardening Tips.

Lecture Topics:

Quiz #3 Study Questions Note: some of these questions come from the Setup and Secure a Firewall/Server topic...

Stuff under here is not organized for Spring 2012 Yet

End of Semester Notices and Topics

The next deliverable for the Tech Marketplace Brief & Hands-on Linux is due the 8th.

Due Dates for HOL and Tech Marketplace Brief:

Semester End:

Is lack of INFO160 holding you up? The new 'pre-req check' in eServices is keeping students out of INFO360. This new requirement will be waived for students who have already had EBUS202, INFO202, or INFO300. Ask if you need the waiver, I'll be bringing the forms to classes next week.

The scheduled exam times will be used for Quiz #3, the IS Dept's Assessment Test, and an Optional Final Exam:

Exam Schedule:

No variation of the exam times will be permitted except attending another section's scheduled exam time which have been published far in advance so there are no conflicting exam times. Students who cannot arrive within fifteen minutes of the scheduled start times for the exam must use the School's last makeup session from noon thru 4:00 December 16th.


LAN Project: Bill of Details and Network Diagrams for an office LAN

Specs for this project are delivered in the memo below and verbally in class. The network rack with DMZ fire-walling is similar to the DMZ sketched on the board in class. Students are asked to get together 1) purchase orders for hardware, software, and services, 2) Summaries of up-front purchases and recurring costs for operating the application environment, 3) a floorplan for the premises wiring showing equipment location and jacks for networked equipment an phones, and 4) a separate, detailed diagram showing the equipment and jumpering on the server rack.

Here is the Memo From The Boss, including a sketch of the floorplan and network rack, and general requirements for the LAN.

On the due date, bring a printed copy at the _beginning_ of class where I'll have a heavy-duty stapler, please don't submit your project in a binder of any type.  Send an electronic copy prior to class as one document (Word or PDF work well, so does Excel...), preferably not zipped, attached to VCU-originated email to

Visio is recommended for the diagrams -- it's free thru the MSDNAA. Anything else will have you working harder for a less-polished result. Here's Where & how to get MSDNAA software.

(Don't wimp out and use the Excel or Word drawing tools! The job will be much more difficult since you'll have to invent your own shapes and the diagrams won't be very Pro in appearance.) Excel makes it easy to do the Bill of Details (POs, and summaries of up-front and operating expenses). Most students put the final document together in Word and copy/paste the Visio diagrams and Excel bill of details into it. Open Office users can add 'Dia', an open-source, Visio-like, 2D CAD software that plays well with Open Office.

This is an exercise with technical drawing tools. Hand-drawn diagrams, or hand-drawn marks on a diagram are not acceptable.

Here are general requirements for the project.

Here are some Examples of winning projects.

Tips for Pro work:

Tech Marketplace Brief and Hands On Linux:

Approved Topics and Mimimum Requirement for these Technical Briefs.  On the due date, posted on the home page for your class, Bring a printed copy to class, stapled or ready to staple at the upper left corner, no binders please.  Also submit an electronic copy as a single document attached to a VCU-originated email, due before the last class.

The _Outline_ and _References_ are of the essence for this assignment, so please print or copy any pages referenced in your brief. Markup on the pages, using a highliter or any other making device, any facts you've included in your brief. If you read 40 pages of stuff but only use facts from a few pages, copy only those few pages and markup the first of them with the exact url, or publication, with the facts.

Consider the Coding Standards as you work putting your brief, or a pithy abstract of it, on the web. The Instructor offers these standards as an abreaction to getting crappy looking stuff as a response to this project and not being able to dock points for it. Points will be docked liberally for any deviation from these specs. The Rubric for scoring the printed copy is also worth your consideration to earn max points and have a project worthy of your professional portfolio.

Use View -> Source on this example of a winning project to see how easy this can be: This gentleman submitted well-researched briefs of about 6 or 8 pages each, and posted these abstracts on-line. Every deadline was met, and there were a several pages of 'hilited facts' that were very useful in updating this elder geek about these well-known products and manufacturers. No time was wasted on fancy effects, but it reeks of a careful reading of the specs and serves as a clear example. You might want more pizzazz or subtle effects for your web-design portfolio, but this got max points for the class.

A portion of the Hands On Linux portion of the project will be scored automatically and reported on a 'Progress Page'. A 'snapshot' of the page with the contents of students' home directories and web space will be taken at the due date/time and points assigned on what's there. The deadline is of the essence for points on the Progress Page portion of the project. Lab Time in class will be provided, and some students get the required work done in class.

Progress Pages:

Resources for getting your hands on Linux:

Timely delivery is one of the essential requirements for both these exercises. Progress not demo'd on the class' Progress Pages by the time due will get zero points. Late papers will be docked five points for delivery after the class meeting where they are due and another point deducted for each midnight that passes before delivery.

Printed briefs and references shown at least five days before the last class may be critiqued and scored on the spot in class or in my office, and if re-work would net more points another copy submitted on or before the deadline will be considered as a candidate for full points. Please do not send me anything to review in email, or ask for critique and scoring during the four day period before the deadline.

Due Dates:

Past Topics:

Welcome to INFO300! This is usually the first stop after students have decided on an IS major, and is a look into the deeper corners of the IT that makes IS work. The course introduces vocabulary and fundamental concepts about hardware, software, and networks that are expected of IS workers, managers, and executives. It also introduces some of the deep technical skills demanded for careers in data & network security and application development.

Final Grades are posted from last semester. This semesters' points will be similarly arranged.

Suggestions to Ace the course: Come to every class, on time; Abandon social networks during classtime; pay attention; take notes; ask questions; give testimonials; followup on any new topics using the links for the course and google -- this is all current stuff, google is IT's friend. Don't hesitate to update the Instructor -- IT's changing quick and some of you are at the front lines, see stuff coming before I do; Take notes -- if you're not taking notes, with a pencil or deft key or table strokes, you're denying yourself one of the brain's most powerful tools for recalling details and learning stuff.

Students who want to be working in 'network security' or 'network management' should already have their hands on a machine, or a few of them, on the internet, firewalling for a LAN, handling mail, &c -- If they don't it's high time to do it!

(1/17) Syllabus with course objectives, textbook info, rules for submitting papers, classroom policy, &c.

Quiz #1 Topics

Why all the stuff about Linux?

Yes, the Instructor is biased by decades of experience! He prefers UX servers to Windows, longs for more Linux on Desktops, is glad to see it everywhere else. So will most of the technical interviewers you encounter on your way into a career.

Linux is like a Swiss Army Knife, lots of tools are built-in. Linux works fine on desktops and notebooks, but has a tiny market-share in that environment. It's getting lots of attention in 2011 as Droids and other Android OS devices catch on for smartphones and tablets, and we wonder what's next. In server and networking environments UNIX, and Linux, are doing what they were built to do and have major share. UNIX was originally built to run telephone switching and grew to handle all kinds of networks from HAM radio through the fastest Optical and other digital networks.

The 20-year anniversary, Fall of 2011, for the Linux kernel is a good time for the environment. More than ever it's becoming apparent that the compleat IT manager needs skills with at least Windows and Linux, and adding other environments like IBM's series i5 and z or Sun's Solaris makes good value too.

Here's a perspective of Linux at 20 Years. Here's how Linux got to be ubiquitous while being invisible without any help from maniacal marketeers, and lots from a zealous open source community, and is getting more firmly entrenched in the IT legacy as the 2010s play out.

Linux is in many ways an extension and improvement on many Unices/Unixes, which had been rock-solid platforms for many computing and networking tasks since the mid-'70s, then became dead-end platforms during the shakeout of mid-range computer manufacturers in the '80s. Here is a UNIX Timeline. It's surprising for some to see iOS and OS-X on there, but there they are, sprung off of WestCoastix.

Windoze NT came along in 1993, and in about 2011 Windows NT and Server have worked up to about half the the 'application server' market. Microsoft's Visual Studio IDE, Share Point, Dynamics ERP, Small Business Server, and thousands of business applications developed in the wake of the NT have matured nicely and are easy to sell, especially in a small-to-medium sized organizations where Windows solutions fit. Although some of our students leave to work in a 'Windows Only' environment, most are in a 'mixed environment'. Knowing how to work in both is more valuable than only one...

Efficient and Secure? Threads for IIS vs. Apache serving up a static page. Complexity doesn't necessarily mean insecurity, but it doesn't help it either.

Lecture Topics:

Quiz #2 Topics

LAN Project Is ready for SPRING '12