Week 12 reflective post

ITEC 610 course is coming to an end. This has been one really interesting course. Prof. Pang has prepared very challenging and intellectually stimulating course. I liked the most the chapters related to information security and Decision Support Systems. I think these two areas will develop with a great speed. Information security and Decision Support Systems are areas without which modern businesses cannot operate today. Mid size to large businesses have some many data points and metrics that needs to be examined on a daily basis, that it is becoming impossible to do this manually. This is where Decision Support Systems come in very handy, they can pull all the data and do the number crunching necessary to provide necessary information to make sound decisions in a matter of minutes.
In a similar way, information and IT security is another field that any business (even households these days) cannot operate without. IT security is crucial for running the business without interruptions and to gain the customer confidence. If customers don't have much confidence in a company, that company will not last very long. These (and more) are the topics that ITEC 610 course and Prof. Pang have prepared us for. Thank you all for spending together very insightful and intellectually stimulating semester.

Week 10 reflective post

Since this week we can discuss any topic related to IT, I'd like to write about security by obscurity.
Security by obscurity is actually quite common in IT. Many of the companies with IT infrastructure (almost all in this day and age) rely on security by obscurity. The rationale in most of the cases is that to implement proper IT security is expensive and since nobody knows how the company is connected to internet, then there is nothing to worry about since nobody knows what IP to attack. Bad news for all of you who think like this!
My dynamic IP address is attacked every day between 150 to 500 times and this is an IP address that is assigned to my router from the pool of IP addresses that my ISP owns. So no one really knows which IP I'll get and when it will change, but still, every IP I get is constantly attacked all the time, 24x7. I know about it because I decided to do something about it, so I run Snort (intrusion detection software) on my router which gives me all these statistics. My Snort instance is configured with SnortSam plugin which automatically blocks offending IP addresses for 24 hrs, so the same attackers are not attacking me all the time (at least not all day). Most of the attacks are attacks for windows based computers, so all of you running windows, at least install or activate firewall software on your computers and install latest security patches.

The conclusion is that security by obscurity may work for a while, but sooner or later someone will hack their way into your computer unless you decide to protect yourself against it.

Week 9 reflective post

Security threats on the internet are one of the things that everyone needs to be aware of. Malware and spyware are probably the biggest threats that regular users as well as businesses need to be aware of. Unfortunately the way Microsoft Windows works and its default configuration is aiding spyware and malware distributors in infecting as many Windows computers connected to internet as possible. Another problem is that Internet Explorer is integrated into Windows kernel, so any security vulnerabilities in Internet Explorer are potentially exposing also Windows kernel which is very bad thing.

Since 99% of malware and spyware is targeting Microsoft operating systems and its inherent security vulnerabilities, together with other defense mechanisms against spyware and malware, effective defense against malware and spyware is to not use MS Windows operating systems, but OpenSolaris, Linux or Apple’s OS X. They can all do things that Windows computers can and if necessary they can also run Windows applications in their OS (through Wine project on Linux) or in virtual machines (in Linux, OpenSolaris and OS X). The problem with malware and spyware is so big that over 70% of emails send through internet today are all spam originating from computers infected with malware and spyware. This is separate from all credit card and identity fraud that is committed using the information found on infected computers.

Cloud computing myth

It started with virtualization and now it is cloud computing. Cloud computing is officially “in”, must have service. But the question is how cloud computing is helping your efforts and is it making your life easier? A little bit of both I would say. Cloud computing can actually reduce costs for a businesses that embrace cloud computing. Good example of cloud computing are Google Apps and Amazon S3 services. With Google apps, you can run your business on a relatively inexpensive computer, which is able to run Internet browser. So no longer do you need to pay Microsoft license fees for Exchange, Windows, MS Office and similar products, you can do it all using Google Apps. There are few problems here, what do you do when Google Apps are experiencing an outage which can sometimes last for hours or days? What do you do when you loose internet access at your place of work, or you don’t have internet access where you are currently? What is with privacy issues when you trust someone with your confidential business and financial data? Can you call someone in Google Apps and ask them, hey can you please restore this file from a last month’s backup? I don’t think so. In my opinion all of these are issues which are severely limiting cloud computing initiative and in my opinion are making cloud computing not usable. My preferred method of running a business would be to run Linux on all desktops and use open source tools for email and office documents. Off course I would have backups on site and off site. In my opinion this is much better solution than cloud computing since I am in control of my data all the time