G Saunders' Home Page INFO300 Home Page    

Quiz #3 Topics - Network Security, Number Systems, Data Types and Representation, IT Professional & Security Standards

(12/8) Visualizing Network Traffic. You can't fix it, or tell what needs fixing, if you can't _see_ it! You don't want your _customers_ to be the ones informing you the network's down! Without the right tools you'll just be guessing...

Demo tech to visualize traffic:

(12/8 Quickly) Linux and Network Security

Discussed setting up a secure LAMP Stack at RackSpace. Visited godaddy.com to see steps to purchase a domain name and SSL certificates. Visited RackSpaceCloud.com to demo steps for setting up a virtual server.

Logged into this virtual machine and did demo of port scanning, packet sniffing userid/password, Tailing /var/log/maillog & /var/log/messages to track down mail to Yoda. Demo Linux firewalling with iptables and xinetd's hosts.allow & hosts.deny, used iptables to turn ping response on/off. Demo'd iptraf, tcpdump, netstat, vmstat, top, htop, and killing errant processes. Investigated startup processes with chkconfig --list and /etc/rc.d/rc.local. Looked at scheduling jobs with crontab -e. Demo'd administrative scripting with php and bash to backup a server with tar -c, verify the backup with tar -w, then move the backup set offsite securely with scp.

Some tools for security:

Software

Computers don't do anything without software. Some software is burned or flashed into ROM or other chips to become 'firmware', but it all started life as software.

Types of Software: Operating Systems; Utilities; Malware: Virus, Worms, Spyware/Keystroke Loggers, Rootkits, Trojans, Bots; Security: Anti-Virus, Firewall, IDS, Anti-Spam, Surveillance & Motion Detection; Programming Languages, IDE, Frameworks; Version Control; DBMS; Artificial Intelligence; Web Servers: HTTP, SMTP, POP, IMAP, SSL; Application Software: Office/Productivity, Single vs. Multi-user vs. Enterprise!, ERP, 'Vertical Market' for practically every category of business; Games; Graphics: CAD 2D & 3D, Drawing, Animation, Photo Editors, Video Capture, Editing & Compositing; SCADA & other Process Control; &c, &c...

Was this a comprehensive list? What's left out? Sometimes 'free software' and 'proprietary software' are the answer for 'what kinds of software are there?' but that's not what the instructor's looking for on a quiz...

Software (Outlines software chapter in text). 'Structured' and 'Object Oriented' are the two most important topics!

Diagram on board how software can get to the OS Executive: 1GL, 2GL, 3GL to Executable, 4GL is DB-aware and 'writes' 3GL code as developer drags/drops, middleware like .NET Framework or JVM-Java Virtual Machine runs Bytecode, which is a compilation from a 3GL like VB or C# or Java. Open Source scripts like PHP, Perl, Ruby, or Python are Interpreted line at a time by their interpreter which produces binary for the Executive. DMA and SMP are included in the discussion.

Version Control is Key

Professional software development, revisions, and upgrades are managed using 'version control' or 'revision control' systems so that programmers don't step on each others' efforts as they work, and managers can control and audit software as it is installed and revised on the computers they manage. 'Configuration Managers' use version control systems to tie the software they install all the way back to the requirements definitions and other contractual agreements with the developers to make sure the software they install is what was ordered.

There are dozens of options for source code development and revision control. Microsoft provides 'VSS-Visual Source Safe' for small projects, and 'TFVC-Team Foundation Version Control' can scale to large projects. There are Open Source tools for revision control. 'CVS-Concurrent Versions System' has decades of use and is freely available. On-line resources like Git Hub are popular with open-source development teams, as are SourceForge, BitBucket, and several other websites that facilitate collaboration on software projects.

There is a very real risk that changes to a business system can 'take the system down' or take the business down. Procedures are important to test, accept, install, roll back the installation if necessary, and recover data lost in the process.

Generations of Programming Languages:

This is not to be confused with 'Generations of Computers', which is mostly about advances in miniaturization of hardware components. The generations of programming languages do advance across the same decades as generations of computers, but they're all in current use today, none of the generations is obsolete. It's important for IT pros to understand how each generation of code is produced, all impact system security, recoverability, and portability among platforms.

Sketch and discuss the several ways program code gets to the OS Executive from the programmer and some of the tradeoffs involved:

IT Security and Professional Standards

IT Pros are guided by lots of and industry 'Best Practices'. After all these decades in IT it still amazes the instructor that an organization or company will hire an IT guy who isn't familiar with best practices for power and data backup or the body of knowledge about IT security and operations. Hoping that VCU IS majors will always be informed, this link is quick run through standards and best practices in the new millennium...

SOX is a _law_ affecting businesses that trade stock. Some are guidelines that put responsibility for IT Security at the Board level. Others are recommendations about how to manage IT and IS. Knowing about HIPA, ITIL, EDI, COBIT, PCI, SOX and other professional standards is important when seeking a position in IT management. A certificate in ITIL, for example, can help lubricate entry into an IS or IT position in government or enterprise.

Security and Professional Standards

Machine Cycles - Little Man Computer

(On your own) Little Man Computer exercise: Machine cycles, instruction set and otherwise expand on the text. First mention of Data Structures, static in RAM of the LMC.

Data Structures and Algorithms

An historical view of Data Structures & Algorithms for processing them Sequentially and Directly. Underlying data structures, mostly indexes, allow DBMS to fetch desired records from huge databases instantly...

Quiz #3 Study Questions Quiz #3 Study Questions for Spring 2017 updated May 8th... Note: some of these questions come from the Setup and Secure a Firewall/Server topic...


G Saunders,
Dept of Information Systems
VCU School of Business

G Saunders Wings

Content © 1999 - Today
By G Saunders
Images are Available on the Web