IT Infrastructure & Security - Fall 2012

Current Stuff as at December 20th:

F I N A L Grades were posted with eServices Wednesday mid-day, with a few changes not reflected in what's posted here.

It's a pleasure to see A is the most-earned grade, 28 of them, and 18 Bs! Thru the semester these students have shown me good to excellent skills in the tech at hand, from CAD to the Command Line. They're respectful and attentive in class, take notes, appear to use the links and text on the class' page, and show they can read and follow instructions. They'll likely be at the head of the line for the few jobs available in IT this season or the next. It's hard to post the same number of Ds and Fs, 46 of 120+, but it agrees with what I see in class, represents at least the third to half of students who are seldom or never engaged in the lecture or demo at hand, _never_ take a note, some even chuckle out loud and gesticulate about whatever they're watching on their small screen, and demo repeatedly they can't or won't read and follow instructions. They're distressing to see in class, but there they are... 8 Honor Violation Fact Sheets were submitted to the honor coordinator, even more distressing to see, mostly for cheating on the LAN assignment, another for openly cheating on a test.

Exit Exam: It's been posted below for some time that the exam time will be used for the IS department's 'exit exam', aka Assessment Exam, but, I'm chagrined to relate, the details posted in the past about it have been klutzed away, and neither is there a column for it on the points sheet... The exit exam is a 70-item, multiple choice, exam that covers all the topics from INFO300. Points posted for it will be 'curved' using the decile attained, 5 points for all scores at or below the 5th decile, plus 1 point per decile past the 5th. So, someone scoring at the 2nd or 3rd decile gets 5 of 10 points posted, a score at the 4th or 5th gets 5 points, a score in the 9th decile gets 9 points, the top several scores in the section get 10 points. These 'assessment exams' are given by the department to all sections of every course of our technical core. The results are used to compare instructors teaching the same courses, identify knowledge gaps section by section, guage effects of meeting times, and otherwise support decisions about our curriculum. Instructors are asked to make a portion of the final grade dependent on the exit exam to help ensure a best effort by those taking it. In my sections the 5 point spread is about half a letter grade and performance on the exit exam correlates highly with points earned in the course.

Quiz #3 was the last day of classes for the daytime sections, December the 6th, and will be at the Exam Time for the evening, December 11th.

Several students have asked to retake only the 'converting values among binary, decimal, and hex' part of Quiz #2. I'll have these at the quiz and exam times, will replace the six points on the quiz with the results from the retake...

The Tech Market Brief & Hands On Linux project is underway. Bring any questions to class along with your notebook computer. Due dates: Dlv #1, topic in the right place, Friday the 30th for the day sections and Tuesday 12/5 for the evening. Dlv #2, outline & references in the right place with the right permissions, is due Friday the 7th for all sections. The printed brief with highlighted references is due at the exam time for your class. Websites will be scored Thursday the 13th.

These snapshots were taken after the deadline for Dlv #1: Morning Section; Afternoon Section, Evening Section.

Exam times: Morning - Thursday the 13th 8:00 thru 10:50am; Afternoon - Tuesday the 11th 1:00 thru 3:50; Evening - Tuesday the 11th 7:00 - 9:40 (date corrected 12/4). For the daytime sections, the time will be used for the IS Dept's Exit Exam and retaking a quiz or taking the optional final exam. For the evening section the exam time will be used for Quiz #3 and the IS Dept's Exit Exam.

Here's a resuscitated 1st Generation beast: Harwell Dekatron, another decimal-based calculator/computer a few years post-ENIAC. Another build out of Babbage's Difference and Analytical Engines is afoot. 10 Computers that Changed the World.

Earlier topics have been moved down the page...

Quiz #3 Topics & Dates:

Any discussion of Software these days needs to start with the admonissions that security should be _designed_ into systems, that it's not always feasible to _add_ security to a system without it, and that a system's first security breach may result in the failure of the system's owners' enterprise or organization. As at 2012, IT Professionals have developed a legacy of standards and recommendations for securing and operating information systems -- ignorance of them is no defense against blame or liability claims when a system is robbed of 'sensitive' data or it is otherwise lost or corrupted.

Most security breaches are the fault of application software, not the operating system. For example: WordPress, the heart of more than 300,000 of the blogosphere's engines, has had a recent spate of vulnerabilities in the add-on applications available for WordPress which made inappropriate disclosure of personal information or allowed destruction or defacement of the stuff of blogs.

Windoze and the *ixes (Linux & proprietary unix) all provide super-adequate capabilities for securing an application environment's OS, DBMS, mail and Web servers. But much of a typical application environment's security is provided by the application software.

Most of the 'vulnerability' in systems today comes from poorly designed or detailed application software that fails to provide 'non-repudiation', 'version control', 'authentication & authorization' or other pillars of system security.

Here are some links about security issues in application code: Top 25 Most Dangerous Software Errors; SANS provides 20 Critical Security Controls. CyberCiti suggests20 Linux Server Hardening Tips. The study guides for ITIL, Security+, or other IT Security related certificates provide more detail, are heartily recommended for any student wanting a career in IT.

Lecture Topics:

Quiz #3 Study Questions Note: some of these questions come from the Setup and Secure a Firewall/Server topic...


LAN Project: Bill of Details and Network Diagrams for an office LAN

Specs for this project are delivered in the memo below and verbally in class. The network rack for DMLH, Ltd. is put together similar to the DMZ sketched on the board in class, and a sketch is included in the Memo From The Boss just below. Students are asked to get together purchase orders, a summary of purchase and on-going costs, a floorplan for the premises wiring showing equipment location and jacks for networked equipment an phones. A separate, detailed diagram showing the PBX, equipment and jumpers on the network rack is requested.

Memo From The Boss Start on LAN Project, quick intro to networking security, firewalls & LANs.

The 'warm backup server' needs to be rigged with at least three ethernet ports so it can take over for either the secure app server or firewall. It will be running 'rsynch' to log all updates on the secure application server or the firewall machine. In the event of the failure of either, a couple of jumpers can be changed and appropriate services started on the warm backup server so it can quickly take over for the failed server or firewall/router.

Visio is recommended for the diagrams -- it's free thru the MSDNAA. (Don't wimp out and use the Excel or Word drawing tools! The job will be much more difficult since you'll have to invent your own shapes and the diagrams won't be very Pro in appearance.) Excel makes it easy to do the Bill of Details (POs, and summaries of up-front and operating expenses). Most students put the final document together in Word and copy/paste the Visio diagrams and Excel bill of details into it. Open Office users can add 'Dia', an open-source, Visio-like, 2D CAD software that plays well with Open Office.

This is an exercise with technical drawing tools. Hand-drawn diagrams, or hand-drawn marks on a diagram are not acceptable.

Here are general requirements for the project.

Here are some Examples of winning projects.

Tips for Pro work:

On the due date, bring a printed copy at the _beginning_ of class where I'll have a heavy-duty stapler, please don't submit your project in a binder of any type.  Send an electronic copy prior to class as one document, preferably not zipped, attached to VCU-originated email to

Tech Marketplace Brief and Hands On Linux:

Approved Topics and Mimimum Requirement for these Technical Briefs.  On the due date, posted on the home page for your class, Bring a printed copy to class, stapled or ready to staple at the upper left corner, no binders please.  Also submit an electronic copy as a single document attached to a VCU-originated email, due before the last class.

The _Outline_ and _References_ are of the essence for this assignment, so please print or copy any pages referenced in your brief. Markup on the pages, using a highliter or any other making device, any facts you've included in your brief. If you read 40 pages of stuff but only use facts from a few pages, copy only those few pages and markup the first of them with the exact url, or publication, with the facts.

Consider the Coding Standards as you work putting your brief, or a pithy abstract of it, on the web. The Instructor offers these standards as an abreaction to getting crappy looking stuff as a response to this project and not being able to dock points for it. Points will be docked liberally for any deviation from these specs. The Rubric for scoring the printed copy is also worth your consideration to earn max points and have a project worthy of your professional portfolio.

Use View -> Source on this example of a winning project to see how easy this can be: This gentleman submitted well-researched briefs of about 6 or 8 pages each, and posted these abstracts on-line. Every deadline was met, and there were a several pages of 'hilited facts' that were very useful in updating this elder geek about these well-known products and manufacturers. No time was wasted on fancy effects, but it reeks of a careful reading of the specs and serves as a clear example. You might want more pizzazz or subtle effects for your web-design portfolio, but this got max points for the class.

A portion of the Hands On Linux portion of the project will be scored automatically and reported on a 'Progress Page'. A 'snapshot' of the page with the contents of students' home directories and web space will be taken at the due date/time and points assigned on what's there. The deadline is of the essence for points on the Progress Page portion of the project. Lab Time in class will be provided, and some students get the required work done in class.

Progress Pages:

Resources for getting your hands on Linux:

Timely delivery is one of the essential requirements for both these exercises. Progress not demo'd on the class' Progress Pages by the time due will get zero points. Late papers will be docked five points for delivery after the class meeting where they are due and another point deducted for each midnight that passes before delivery.

Printed briefs and references shown at least five days before the last class may be critiqued and scored on the spot in class or in my office, and if re-work would net more points another copy submitted on or before the deadline will be considered as a candidate for full points. Please do not send me anything to review in email, or ask for critique and scoring during the four day period before the deadline.

HOL Due Dates:

See the top of the page for this semester's due dates.

Past Topics

Quiz #1 Topics

Quiz #2 Topics

Here's an unprecedented look into Google's Data Centers. Highly secretive since their startup, Google just released these photos mid-October 2012.

Note Relaxed Due Dates: The LAN Project printed and emailed copies are due at the beginning of class on Tuesday November 6th for the day sections and November 13th for the evening. If you don't already have it, get the Visio that fits your MS Office version from the MSDNAA site. Visit Take the 'ISY Lan Accounts' link at the left of the page and follow the instructions to set up your ISY Lan Account. (The numbers requested are on your VCU One card.) When your LAN account is set up, take the 'Software' link from the ISY home page and find the link to MSDNAA, from where you can download Visio and other Microsoft software.

Stuff under here is not organized for Fall 2012 Yet

End of Semester Notices and Topics

The next deliverable for the Tech Marketplace Brief & Hands-on Linux is due...

Due Dates for HOL and Tech Marketplace Brief:

The scheduled exam times will be used for Quiz #3, the IS Dept's Assessment Test, and an Optional Final Exam:

Exam Schedule:

No variation of the exam times will be permitted except attending another section's scheduled exam time which have been published far in advance so there are no conflicting exam times. Students who cannot arrive within fifteen minutes of the scheduled start times for the exam must use the School's last makeup session from noon thru 4:00 December 16th.

Past Topics:

Welcome to INFO300! This is usually the first stop after students have decided on an IS major, and is a look into the deeper corners of the IT that makes Information Systems work. The course introduces vocabulary and fundamental concepts about hardware, software, and networks that are expected of IS workers, managers, and executives. It also introduces some of the deep technical skills demanded for careers in data & network security and application development.

F I N A L Grades from Spring are posted. Points for this Fall will be assigned similarly.

Suggestions to Ace the course: Come to every class; Abandon social networks during classtime; pay attention; take notes; ask questions; give testimonials; followup on any new topics using the links for the course and google -- this is all current stuff, google is the IT Pro's friend. Don't hesitate to update the Instructor -- IT's changing quick and some of you are at the front lines, see stuff coming before I do; Take notes -- if you're not taking notes, with a pencil or deft key or tablet strokes, you're denying yourself the haptic connections which make our brain's most powerful cross-references, for recalling details and otherwise learning stuff.

Students who want to be working in 'network security' or 'network management' should already have their hands on a machine, or a few of them, and some virtual ones on The Internet, firewalling for a LAN, handling mail, &c -- If you're interested in managing IT Infrastructure and don't have hands-on experience it's high time to get it so you'll have the skills when you've graduated. I expect any student in these classes to be able to do the stuff I demo, and do it better than I do. All the software's freely available to an INFO major, and an enthusiastic exploration of mail and web servers will differentiate you from other University Grads who may have the degree but have no hands-on experience or certificates. Some found machine, or one purchased for a few hundred $, can be one of the keys to professionalism in IT.

(8/23 day, 8/28 evening) Syllabus with course objectives, textbook info, rules for submitting papers, classroom policy, &c. Wandering out and back into the classroom while class is in session is prohibited. Pop Quizzes may be given in the first minutes of class, about topics visited in a prior class session. Please silence all ring tones on cellphones or notifications from social media during class. Do not have a smartphone or other device on your lap or otherwise visible during a quiz. Calculators are not allowed. All these topics in the The Provost's Policy apply to this course. Continued arrival to these classes indicates acceptance of these policies for email, honesty, behavior in the classroom & other facets of Faculty, University and Student roles.