Monday, November 15, 2021

Defensive Measures

Kostopoulos stated that “every business is a cyber business.” He wasn’t wrong.  In today’s society, every business has some dependence and tie to technology and the internet, creating a cyber society.  With such dependence, the role of cybersecurity is becoming more and more integral to the operation and success of any business.

The twentieth century gave way to a huge technological and cyber revolution. Fueled by the advances in technology the world created the World Wide Web, a “virtual oxygen of the planet.” (Kostopoulos, 2013) Even though industry specific global networks existed prior to the internet in sectors like banking and telecommunications, the revolution of the internet has created a much larger societal reliance.

In today’s world it is imperative for trusted data to meet four major principles; confidentiality, integrity, availability and non-repudiation. In order to meet these principles cybersecurity must be employed.   

The idea of technology being turned against us isn’t new.  The are many science fiction movies of the robots turning on us and in today’s TV landscape, almost every medical and procedural drama has had some sort of episode focusing on a cyber attack.  All this being said, we are only as smart as the last attack.  It is difficult to plan for the unknown.  Cyberattacks as we know them attack the systems we use every day, from hacking to spying to malicious intent.  Having the right protocols in place helps protect us from those things. (Sathnur, 2019).

Technological attacks have evolved significantly from something as simple as programming a machine to do something other than intended with malicious intent and having to physically be in the system, to an attacker not even needing to be in the same country.  A cyberattack today could originate from thousands of miles away and cripple your system by having you click a button in a random site or email. Many cyberattacks would affect the hardware in the system, even if they are initiated through software. For example an attacker could control the hardware and technologically controlled machines in a hospital by virtually taking control of the entire system.

Cybersecurity has a large role in programming. First, the right coding and programming could protect you from a cyberattack.  Historically, the thought in programming was to have the least amount of code to execute the functions due to the limitations of size and speed.  However, as this is less of a concern now, redundancies through resident and transient design.  Similar to how RAM and hard disk space work, the program can be coded in a way that only the relevant functions can be brought forward, thus allowing protection to be coded into the program or system without slowing down the process.

Application software plays a role in cybersecurity as it also has to be secure and many times an application can be the source of the problem. For example, there are many concerns about the tik tok application as it was seen as a national security threat and at one point was threatened with a shut down.  An application that looks legitimate could also be spyware or a program that tracks your movements.  It is important to know the application that is being downloaded and trust the builder of the application.

Many cyberattacks are targeted on databases of information.  Information for users can be sold on the dark web and used for malicious intent, such as identity theft or other financial gain.  Database administrators must be vigilant in policing the data and making sure it is secure.  Even with al the security measures, attacks and breaches can happen.  Having a strong incident response plan is just as important as preventative security.

As stated before we are only as smart as the most recent attack.  Criminals are always finding new ways to get through the loopholes and exploit weaknesses.  It is imperative for all industries to have a strong protection and remediation plan in place, should a cyberattack occur.  Cybersecurity is quickly becoming the most important part of a technology plan and it is important that companies understand the value of the expense in strong cybersecurity.  Training staff and users to understand the types of attacks that exist and educating them on how to avoid these types of attacks are the strongest defense. Be safe and protect yourself!

 

Kostopoulos, G. K. (2013). Cyberspace and cybersecurity. CRC Press.

Sathnur, A. (2019). The business of cybersecurity : foundations and ideologies. Business Expert

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from      zybooks.zyante.com

 Press.

 

Thursday, November 11, 2021

Network Security

Ping commands can be used to bring down a network in a few ways such as Application Layer Attacks, Volume Based attacks and Protocol Attacks.  Application Layer attacks happen when an attacked creates a connection via ping commands and then continues to send connection requests, overwhelming the server.  Volume based attacks are similar, but the aim is overwhelm the bandwidth by sending large packets which prevents other from accessing the servers. Lastly, protocol attacks happen by sending specifically crafted packets that will crash or deplete the resources of the server, also known as a ping of death. (Gupta, Alka and Lalit, 2020).

Ping commands are just one of many security incidents that can happen, two that are closely related are email spam and phishing. Spam can be seen as less malicious and more inconvenient.  Basically spam is email that is sent with the intent to cause psychological and/or monetary harm to the recipient.  This is generally an undesired commercial email that causes the end user to be unsatisfied with the email.  Though spam can be seen as a less malicious and somewhat harmless attack, it is still an attack. (Rastenis, Ramanauskaitė, Suzdalev., Tunaitytė. Janulevičius, Čenys, and Szczypiorski, 2021).

Phishing however tends to look like legitimate email and are intended to make the user execute a command or take an action that could potentially harm them, either by revealing personal information or creating a way into their system.  Phishing attacks can be considered a form of social engineering as the attacker tries to force the user into an emotional response rather than a rational one.  An example of a phishing email would be an email that looks to be from a person bank informing them of a security breach and the urgent need to have the user change their password, in doing so a user may reveal their current password as well as a new one allowing the attacker to access the users personal banking information. . (Rastenis, Ramanauskaitė, Suzdalev., Tunaitytė. Janulevičius, Čenys, and Szczypiorski, 2021).

Future of Tech

I currently work in the information technology industry, specifically in technology services.  Obviously, IT is important in this industry as it what we sell and it is imperative for us to be at the forefront of the demand.  Computers and technology play an indispensable role in our every day as it is how we power and keep track of the work and sales we are doing.  There are many systems to keep track of inventory, sales leads, billings, projects and more.  As employees it is important to be computer literate so we can operate all the systems and easily adapt to other user interfaces of new programs.  In addition, it is important to have a basic understanding of the projects and services we are offering so that we can talk about them to our clients, or at least know enough to bring in the subject matter experts.

In the future, I see IT moving more and more toward services, for example “device as a service” and “software as a service.”  We are already seeing this in major shifts.  For example, we used to buy a Microsoft CD that had all the Office programs and they were yours.  If you wanted a new version, you bought a new version.  With a shift to “as a service” now you by a subscription to O365 and have all the current updates. As the world moves more fluid, application of DevOps is becoming more and more prevalent.  The world is too impatient to wait for all the bugs to be ironed out of a program before it is released, so constant updates are always being made.  As such, the move into IT services will be strong and swift. 

Ping and TraceRoute Activities

 

Site

Number of Packets Sent

Number of Packet Received

Number of Packets Lost

Range of Response Speeds

Google.com

4

4

0

Min: 78ms

Max: 87ms

Ave: 82ms

Mediaweek.com.au

4

4

0

Min: 187ms

Max: 195ms

Ave: 191ms

Baidu.com.cn

4

4

0

Min: 173ms

Max: 177ms

Ave: 174ms

Google.com ping.JPG mediaweek.com ping.JPG baidu.com ping.JPG

Site

How Many Routers

Time between hops

Fails? (Y/N)

Google.com

22

Varies, see screenshot

y- failed 9 times before reaching destination

Mediaweek.com.au

12

Varies, see screenshot

Y – failed 3 times before reaching destination

Baidu.com.cn

17

Varies, see screenshot

Y – failed 5 times before reaching destination

google traceroute.JPG mediaweek traceroute.JPG baidu traceroute.JPG

 

A packet travels through a network via a series of hops, moving from one IP or domain to another on its way to a destination.  The packet will originate from a machine and hop to a local internet services provider that offers access to the network.  The packet will then travel through a series of IP addresses to its destination. In comparing the ping results for Google.com, mediaweek.com.au and baidu.com.cn I noticed that packet loss was 0% on all 3 indicating strong signal and reliability of the network.  Further distances did have a longer response time.  For example, Google.com was at least half the response time of the overseas sites.  In looking at the traceroutes, I found it interesting that google had the most time outs of the 3, even with a shorter roundtrip time.  I think this indicates how large the google network is and how many redundancies are in place to make sure we can all access our favorite search engine. The farthest location, mediaweek.co.au had the least amount of hops, which is interesting to me, however may indicate the overall spread of network locations on the Australian continent.

A ping or a traceroute can be used to troubleshoot internet connection problems in a couple of ways.  To start a ping checks to see if a website it available, this can help identify if the website or the internet connection is to blame.  For example, last month when Facebook, Instagram and other social media was down, many users at first thought it was their own internet connection.  However, doing a ping to Facebook.com would have indicated that the site was down, not the personal internet.  A ping can timeout if the destination is not reachable, but also if there is a more local internet issue.  For example, if a user is disconnected from the internet, maybe by turning off the wireless on their laptop, the ping would timeout before going anywhere.

While a ping can identify that there is a problem, a traceroute can help identify where the issue is. A traceroute will follow the digital pathway that is taken between your computer and the desired site. This can help in finding issues along the network that may be causing the slowness.

Application Review - Garmin Connect

 I recently purchased a Garmin Forerunner 245 for my running training and will be providing a review of the Garmin Connect Application that works with my running watch.

The use of the app is fairly simple. Opening it from the icon takes you to a “My Day” screen, providing quick access to a dashboard of statistics about the current and previous day. This allows for a quick view of how things are going and allows a quick comparison to previous days.  Personally, I use my Apple Watch when I am not running, so the statistics shown are limited to my running workouts.

 






Along the bottom for quick access, there are Challenges, Calendar, news feed and more.

The Challenges provides access to challenges with other users.  I have not used this feature, so I don’t have much to review. The look and navigation seems easy enough though.



 

The calendar has bars on each day for activity, heart rate, body battery, stress and steps. As I said, I only use when I am running, so data on non-running days is limited. Clicking on each day gives you a further breakdown.  I like this as it gives me an overview of the days I am active and drills down further into the activity if I want.

 


 


 

The newsfeed is a way to connect with friends and acts as like a Garmin social network.  I have not delved into this much, but looks forward to its capability.  As it stands, I see my activity. 

 


The “more” tab opens up a listing of a lot of other functionality.  At this time, I have worked mostly with the training feature as it lets me move into workouts that I can program to my running watch.   





Overall the usability of the app is good.  The design is pleasing to the eye and generally easy to navigate.  There is a lot more functionality than I have explored, which can seem a little overwhelming.

I would like a way to quickly access features I use more frequently.  For example, to get to the workout creation screen I do have to navigate through 3 separate screens.  It would be nice to have  way to customize the quick access buttons. It would also be good if some of the stats were explained a little more. For example, I have a statistic of my VO2 max, and I ended up googling what that meant for my overall health.

In addition, I did have to do some Google searching to find out how to program some of my workouts.  A quick, embedded tutorial for the different features would be beneficial. As I have said, I haven’t explored all the functionality and I am sure there is a lot more that I might find beneficial.  Having so much at my fingertips is a little daunting.

Lastly, as I know I am not the only person who uses this just for running and a dedicated smart watch in the day to day, it would be nice if the app integrated more with other apps.  Backwards and forward compatibility with Apple Health would be nice to get a full picture of my day to day activities.  Further, compatibility to speak with other running apps would be helpful too.  I tend to use Runkeeper to provide audio cues while I am running and sometimes a race will require me to use Strava to track my progress.  Interaction between the apps would help paint the overall picture. 

Application Reflection - Office Suite

 Application Reflection

            The Microsoft Office suite of applications is a standard for many reasons. The more used applications in a professional day to day are Word, Excel and PowerPoint. Word is a word processing application which allows the writing and formatting of documents. There is functionality in creating tables, manipulating formats and fonts, and tailoring the look of your document to meet your needs. Excel has similar word processing capability; however, it adds the complexity of being able to calculate formulas and easily keep track of tables of information.  In addition, Excel does have the capability to be used as a basic database to store information. PowerPoint provides a way to present information in a much more visually pleasing format than both Excel or Word.  It allows for clear animation and the ability to present information through a slide show or deck, that would be easier when presenting for an audience.

It would be possible to do many of the same things within the different programs, but each offers different capabilities that are more suited to specific tasks.  For example, you could document your day as a journal entry in PowerPoint, however many of the word processing formats would not be available to you.  In contrast, you could create a presentation in Word, however the animations and things that make a presentation more engaging would not be available. 

Word offers the ability to format and design documents both large and small for many purposes. The program offers options to help format to certain things and create templates based on many others best practices.  It is an industry standard and is easily read and used among many computing platforms.  As developed as Word is, it is not the most complex and it doesn’t have the most capability in designing documents. While you could design an effective flier or white page in Word, many designers and advertisers would prefer the enhanced ability something like Adobe Illustrator would offer.

            Like Word, Excel is an industry standard in spreadsheet applications.  It has robust capability mixed with more ease of use than some other programs.  Excel offers feedback on how to make a formula work if it isn’t working and provides easy one-click ways to sort, calculate and organize data. The drawback to Excel, however, is that there is a lot of functionality that takes awhile to learn.  While it has a user-friendly interface, in order to perform some more complex functions a user would need to look up how to do things or take a class.  Excel has the flexibility to serve as a basic database as well, but I have found in working with it in this capacity, the more information that is entered it can get glitchy or start corrupting. 

            Like Word and Excel, PowerPoint is the standard in presentation software.  It has strong capabilities to make presentations engaging and pleasing to watch.  It allows for design templates and offers suggestions in formats based on the information that is being presented.  It also allows the user to have notes and be able to present that information without it being visible on the screen and it allows for fliers of the presentation with notes columns to be distributed.  The drawback to PowerPoint can be its multitude of functionality.  Many times, a user can feel the need to incorporate way too many animations or engaging things on slides, making a presentation very busy and almost tiring to watch.

            In documenting my day, I think that Word is the most appropriate application.  It allows me to list out my tasks and see which things I am engaging in on a day to day basis.  That being said, there are benefits to documenting my day in both Excel and PowerPoint, depending on my desired outcome. If I am looking at just a personal journal of my day, Word more than fits the bill.  However, if I want to see how much time I am spending on tasks or need to see where I can find some time to complete other tasks, the functionality of Excel might be more fitting.  Lastly, if I am trying to illustrate to others what my day looks like and how I am spending my time, PowerPoint would likely be the more effective format to present that information.

            The Microsoft Office suite offers a lot of functionality.  Word can be used for documenting my day but is also an effective tool to format notes from a team meeting that I can send out. It is also a good application for typing up essays and reflection papers, like this one. Excel is a great application for basic calculations and I often use it as a quick calculator, but it is also a robust tool for reporting and comparing information.  I use Excel daily to report back financials on clients and partners and the create charts to visualize the information. PowerPoint is an effective presentation software to present information in a meeting or similar forum. The cross compatibility of the applications allows charts from Excel to be copied into PowerPoint to be displayed. I use PowerPoint almost daily in presenting the reporting and information from Excel to the interested and appropriate teams.  I am also currently using PowerPoint to build out a strawman depiction of a SharePoint site I am working one and I frequently use it to create flowcharts and simple process flow diagrams. Overall, the Microsoft Office suite of applications offers the functionality I need to complete my day to day tasks.

 

 

 

 


 

References

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from      zybooks.zyante.com

Programming Language and Batty Programming

 Batty Programming - Programming Languages

Using Scratch was a new experience to build “Gone Batty” https://scratch.mit.edu/projects/584673198.   Having done little to no programming or coding in the past, it was a bit of a learning curve.  However, the experience was pleasant an it was easy to get carried away.  It felt like experiences using HyperCard in the late 1980’s and early 1990’s in my elementary school computer lab.  

While using the program, I had difficulty in breaking down to the granular level. As my day to day career and experiences require me to look at the whole picture, breaking down to the step by step level was a challenge.  My other difficulty had to do with timing, in order to make my “sprites” do what I wanted, I had to get the timing correct and spent time playing with timing and position.  In order to overcome these difficulties, I had to force myself to think on the step by step level rather than just the outcome.  Flexing some critical thinking skills and thinking about each step allowed me to look closer at each action and think about the steps that needed to happen to achieve my desired outcome.  To overcome my challenges in timing, it was mostly trial and error, I had to try one thing to see how it affected the next steps in the chain and use some minor addition to add up the seconds.

Having worked with the program, I understand more the level of detail that programmers and coders need to analyze in order to make successful programs. Starting with an idea and working backward to determine all the steps that need to happen in order to achieve the end goal is a level of detail I have not had to work with in some time. The problem-solving skill is impressive as well. As I worked, I would run a test of the program and it would not have the desired outcome. Reviewing and determining where something went wrong was a good exercise for my brain.  Coding and programming are very detailed; however, it is driven by the desire for an end result.

The textbook describes machine language, assembly language and high-level language. Working through the exercises in the text, I found machine language to be the most difficult and time consuming to understand, as it truly is a different language of 1s and 0s, requiring more translation from written commands to binary. Experience in Scratch was most similar to assembly language, but the commands were an easy drag and drop rather than having to write myself.

Each of the programming languages are built on the other.  Early computers worked on machine language, requiring programmers to translate commands into 1s and 0s.  Assembly language built on that, moving to a textual representation that is run through an assembler to translate into machine language for the computer to understand. Further, high level languages, such as Python and C++ are more human readable and able to execute higher commands that compile into assembly and machine language.  Each language builds on the one that precedes it. (Vahid & Lysecky, 2017).

I found the higher-level programming language exercise easiest as it felt like Algebra and it was easier to flow through the commands.  In machine language, I had to reference the ASCII table often and figure out which letters corresponded with which series of numbers. Assembly was slightly easier as it moved into text, however I did find that I would sometimes mis-order the commands. 

As far as we have progressed in technology, I do not see an application where machine programming would be the best choice.  Even the smallest computers have a need for more complex programming. Assembly language would be best used as a teaching method for higher level languages or in applications such as Scratch to help teach programming.  I think high level programming languages are used in most applications today.

I would think that high level programming languages would be easiest to use as they would have the most versatility and capability to achieve desired outcomes. However, I would expect that since there are so many different languages it would be difficult to master all of them and it would make it difficult to determine what language to use for different applications.

 

References

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from      zybooks.zyante.com

Defensive Measures

Kostopoulos stated that “every business is a cyber business.” He wasn’t wrong.  In today’s society, every business has some dependence and t...