Tutorial 4: Computer Security- Methods of Attack

Hello everyone, welcome to my final tutorial blog. This time I am going to talk about computer security and the ways to attack. Generally speaking there are 6 ways to attack a computer. I will talk about each method and the impact it can have on businesses and home users.           

The first way a computer can be attacked is called data tampering. Data tampering is often done by insiders who have legal access to the system but use this in an illegal way. It can mean entering false, fabricated or fraudulent data into the computer or changing or deleting existing data. Without any security mechanism in place it can be very difficult to find the people responsible for that.        
            The second method is programming attacks. This kind of attack uses programming techniques to directly or indirectly attack a computer. An example would be a buffer overflow, where the program overwrites existing memory. This increases the vulnerability of the whole system. It is however quite complicated compared to data tampering and programming skills as well as knowledge of the targeted system are required.

            A third method to attack a system is computer viruses. A virus is a computer program that has the ability to attach itself to other computer programs, thereby infecting them. Most often the users/ owners of the software or program are not aware of the infection. When the software is used, the virus spreads, causing damage to that program and/or others.
            A quite similar method of attack is called a worm. Compared to a virus a worm has the ability to spread itself. Whereby a virus has to wait that the program/ software is executed, the worm tries to find security problems in the system, like “no password protection of networks” to infect and spread. Most often worms use networks to spread or infect and they can even infect hand held devices and spread via instant messaging. 

   A fifth method is called a Zombied PC. A Zombied PC is a computer that is infected by a Trojan and therefore under the control of someone else than the owner. The spyware that controls the Zombied PC can be used to launch DoS attacks as well as to spread adware. I talked about a DoS attack in my last blog when I explained the necessity of a business continuity and recovery plan. People who attack computer systems in these ways are also called “Phishers” and they are a serious threat as they continuously change their tactics.         

The final method to attack a system is called a botnet. A botnet is a huge amount of hijacked PC that has been set up to forward traffic, including spam and viruses over the internet. Although all kinds of attacks have to be taken serious, I personally think that botnets are a worst thing. I experienced to be part of such a botnet. The result was that my PC was running really slow all the time and after a while I was not able to sent emails anymore. The reason was that my IP-address was on a black list, probably because the people who run the botnet used my computer to send SPAM etc. As a result I had to delete my whole system and I had to install everything new. Luckily I did a backup before my PC was infected and my most important data were saved. According to a BBC article, botnets are a big danger and are growing in number. The difficulty is in detecting the people behind as well the actual size of the botnet. That’s why it is often a long process to get the people but as Detective Burls put it in the BBC interview, “They are complex investigations they're very time consuming, they cross international boundaries but we are making progress, they're very satisfying when you get a suspect before a court".

Source: 

- http://www.freedigitalphotos.net/images/view_photog.php?photogid=659">Image: Salvatore Vuono / FreeDigitalPhotos.net

-http://www.freedigitalphotos.net/images/view_photog.php?photogid=1152">Image: jscreationzs / FreeDigitalPhotos.net

Secure email Project

The iPremier Service Company

The iPremier company is a company focusing on web-based commerce. It was founded in 1996 by two students and had grown to one of the top two market leaders in selling luxury goods at the web. The product prices range from a few hundred till a few thousands of dollars. This means, iPremiers customers were high-class and credit card limits were high as well. As a result, stolen information on credit cards would be a disaster.

The management culture at the company was very mixed. On the one hand there were young people who were with the company from the beginning. On the other hand there were more experienced older managers who joined the company in its growth phase. The culture was described at intense with governing values like “discipline, professionalism, commitment to delivering results, and partnership for achieving profits.

The core of the company was its technical system. As a web-based company one of the most important things they could deliver was customer service. This only works with a fast and reliable website that guarantees data security. iPremiers technical data structure was outsourced to Qdata, a company which was an early provider of hosting and collocation businesses, but which suffered enormously during the Internet bubble. Although iPremier had a long and good relationship with Qdata, it was clear that they were probably not the safest way to manage their data. Qdata missed advanced technology and many employees were leaving the company.

In January 2007, iPremier experienced a hacker attack on their website. The website was down for almost 2hours because of a DoS attack on the system of iPremier, which was managed by Qdata. This was the beginning of the chaos. The employee for resolving those problems at Qdata was in holiday. No one at iPremier knew whom else to contact. Another problem was that the security systems installed by Qdata were not appropriate and too easy to hack. So the management at iPremier was afraid of hackers stealing the credit card information of their customers, which would probably mean the end of iPremier. After many phone calls between iPremier managers, IT-Staff, Qdata executives etc., the hacker attack luckily ended by itself.

The major problem of iPremier was that they had no actual Business Continuity and Disaster Recovery Planning in place. Usually every company should have an updated and standardized procedure how to react in those situations.  Its purpose is to keep the business running after an attack and recover as soon as possible. Such plan is probably one of the most important documents in security management and every company should have it. It would have saved a lot of time and phone calls and maybe they could have got the hackers. Another big problem of iPremier was that they outsourced their technical management to Qdata. Although outsourcing in general is not a bad idea, each company has to ensure that the quality delivered by the other company meets its requirements. With Qdata this was not the case. For a high class selling web-site, security should be one of the main priorities. Qdata was not able to deliver this security, and as a consequence either Qdata has to change something or iPremier should change its provider.

Source:
http://harvardbusinessonline.hbsp.harvard.edu/relay.jhtml?name=itemdetail&id=609092

Tutorial 3: Data warehouse

Hey everyone, today I am going to talk about data warehouses, how they work and what benefits they provide.

In every business data plays a crucial role in understanding customer behavior. Examples include customer to business e-commerce, connecting trading partners, implementing CRM or supporting performance measurements. A data warehouses purpose is to provide easy access to data. It creates a data infrastructure and tries to eliminate bad quality data. A data warehouse has several important characteristics. It is first of all subject oriented. That means it is organized around a specific subject and not around an entire business process. That makes the data storage more reliable. Second of all it is integrated into the organization and it receives its information (data) from multiple sources. It maintains historical data and thereby allows detecting deviations, long-term trends and relationships. Finally a data warehouse is more or less non-volatile, which means that users cannot change or update data. This guarantees the warehouses data quality.

Data warehouses basically make use of the ETL process. This means Extraction, Transformation and Loading and is a four layer process.

The first layer is to find the data sources from which the warehouse receives its data. It can be data from many applications, like ERP systems. The problem with most of the data is that it is in a bad quality. Once the data sources are identified, data extraction has to take place. There are two ways to extract the data. The first would be to custom write data extraction programs, this however is only useful if the company has highly skilled technical experts and also wants to avoid the cost of purchasing an ETL system. The other way, as already mentioned is to purchase ETL software from a vendor. This is the most popular solution, as vendors allow a high degree of customization and ongoing support. The next layer is data staging. It is an intermediate storage area between the information source and the warehouse. In this layer the final process of data transformation takes place, which is at the same time the fourth layer of a data warehouse system. Data transformation is probably one of the most important steps. Because it is the “gatekeeper” that guarantees that only good data enters the warehouse. The transformation layer should be a standardized process, so that every data ends up in the same format in the warehouse. The process should look like this:

1.       You parse the data

2.       You correct and enhance the data

3.       You standardize the data

4.       You match the records

5.       Finally you consolidate the matching records and load them into the warehouse

The main advantages of a data warehouse are that it provides a common data source. In addition, it guarantees reliable and useful data through its transformation layer. Moreover, a data warehouse can work in conjunction with other systems which need a tremendous amount of data, like customer relationship management systems. Data warehouses also support decision support systems which help management to make strategic decisions. Another advantage is that a data warehouse can be combine with relational database management systems, like Microsoft Access, and thereby improve the performance and capability of these programs. Altogether we can say that almost every business organization needs to have a data warehouse in some way, as good data can lead to competitive parity or even a competitive advantage. See the following video for more information.

Source:

http://www.youtube.com/watch?v=KGHbY_Sales

Watson, Hugh J. (2002) "Recent Developments in Data Warehousing," Communications of the Association for Information Systems: Vol. 8, Article 1

Database Project - Microsoft Access

Hallo everyone, welcome to my post about the Access database project. Microsoft Access is a useful tool to analyze data in an efficient way and it provides the possibility for creating forms and reports that make the gathering and reporting of information very convenient. During the project me and all the other students learned basically the four main functions of Microsoft Access.

First of all we had to create a table, where we learned how to import data into access and format it appropriately. This is already an important step as only correctly imported data can provide correct information. “Garbage in, garbage out”!

The second task was to create a query. Queries help to for example combine information from multiple tables into one database. Moreover, they make it possible to create a database with only certain information. This is helpful for databases that have a lot of information irrelevant for the task. The query allows putting out only the information needed. 

The third activity was to create a form. A form is a pre-designed sheet in Access, which allows entering information into the database. The advantage of a form is that restrictions can be set, so that the information is correctly entered into the database.

Our last activity was to create a report. The advantage of this is, that you can determine which information and in what manner this information is presented in the report. It allows grouping data and sorting as well as several design issues that you would like to have in your report. Altogether I think this project was very useful. I had never worked with Access before and I definitely think I will need it in my future career as a business student as it makes working with data more structured.

There are many ways to enhance the functionality of the database at hand. I will focus on storage capacity and security. One problem of Microsoft Access is that it does only work very well until a certain amount of data. After this the program gets slow, and information may be processed in a wrong way. As long as the gym, where we get the data from, is local this will probably not become an issue. However if they expand nationwide, data will grow to a huge amount. Then another issue of Microsoft Access becomes important, its security. Although the program offers some kind of protection through passwords, the company should then rethink if this would be enough. One solution that would solve both problems and enhance the functionality of the database through increased speed and security would be to use an SQL Server as the database engine and Microsoft Access as the front-end. There are many companies who offer this as a business solution.

Source (Images):

Screenshots from my own PC (database)

Tutorial 2: How to use Camtasia Studio 7

Welcome to my second tutorial blog. Today I am going to talk about recording your PowerPoint presentation with Camtasia Studio 7. This program is very easy to use and it allows you to record audio as well as video presentations. It was a helpful tool in preparing the Presentation Project for this course.

First of all you need to get the program. You can either buy it online or get a 30 days free test version. I chose the free test version, as it was sufficient for preparing the project. However, as the program is really helpful and easy to use I could imagine buying it.

You just have to go on: http://www.techsmith.com/download/trials.asp and select download.

Then you have to enter your email address and select “Download now”. Next you have to install the program which is very self-explanatory. After doing this you can directly start with recording your presentation. (As a hint, you have to prepare your presentation beforehand with PowerPoint)

A nice thing with Camtasia is that it is actually possible to put it in your add-in toolbar of PowerPoint. Either it does it automatically or you have to open Camtasia Studio and then click on “ToolsàOptionsàPowerPoint Tabàand enable the PowerPoint Add In Button”. Now it should work. To check it you open your PowerPoint Presentation and if you have Office 2007 or higher the recording button should appear directly below your “Office Button in the PowerPoint presentation. It should look like this:

The first button controls whether audio is recorded or not. The second button control video. So you decide if you want only and audio presentation or an audio video presentation or just a video presentation. To make sure on your video presentation is everything you want to see, you can use the camera preview button next to the video button to adjust it. You can further customize your settings with the recording options button. There you can select your microphone, the volume which you want to record and many more. Click ok to save your settings. Now you are ready to record your presentation!

To record the presentation, you click on the record button in the toolbar. Now the presentation will start pauses, so you have time to prepare. A window appears on the bottom right corner where you can finally start your presentation. Click on” Click to begin recording” to start. You now just present your presentation as you normally would do. At the end of your presentation you click on “Stop recording” in the appearing window to finish your presentation. Now you choose a destination on your computer where you will save your presentation. Name your file and then click on “Produce your recording” in the appearing window. You also have the possibility for editing your project but I will not explain this in this tutorial.

Your final step should be to produce and share the video or presentation you did. To do this you have to click on the “Produce and Share” button in your Camtasia Studio.

On the first page of the Production menu you have several opportunities in the drop down menu how you want to produce your video. You can make an MP4 file out of it, directly share it on YouTube or Secreencast.com( a WEB 2.0 tool).

It’s up to you what you want to do with your video. Finally click on finish to rendering you video. That’s all you have to do. So thank you for visiting my blog and I hope to see you next time.

Sources:

Screenshots of Camtasia on my on PC.

Presentation and Web 2.0 Project

Hey everyone, this is my blog about my presentation project. First of all I would like to say that it was a valuable experience to prepare the presentation. I really liked that there were plenty of opportunities you could choose from. I decided to do a presentation about a non-governmental, no-profit organization, “The Power of Love foundation”. They basically try to fight the HIV epidemic in underdeveloped countries like Zambia, Kenya and India.

I think I’ve learned a lot during this project. Beginning the presentation with a storyboard was new for me, as I was used to start directly with preparing my slides. However, it was really helpful in preparing the presentation, as the structure was already set. That’s why I think my presentation has a logical sequence and flow of content. Regarding the questions part I think it was quite difficult to post them. I tried to manage the content of my presentation in that ways that it leaves no questions open. By putting a video in the beginning that showed the problems in Zambia or Africa in general I tried to grab the attention of the audience. I think I managed that quite well. The program I used in preparing the video was new to me. That’s why you sometimes hear some clutter. In total, I think the amount is quite ok and it is not disturbing the presentation. I think I could improve the sound of my voice a little bit, because it is quite silent. It is really difficult to present something and no one is in front of you. So that’s why I prefer live presentations.

By evaluating another presentation you get a feeling of what it means to grade a presentation. I think this is valuable. First of all, you see the nice work of other students. Second of all, you are able to judge their presentations because you know that it is a lot of work to get a final presentation of 10min content. Finally, it makes it easier for you to reflect on your presentation style. See my presentation below.

As already said, I learned a lot during this project. Especially the use of the Web.2.0. tools and the video recording of my PowerPoint was new to me. I think I can use it during business life very often. If you work for a multinational company and you have to convince people in a subsidiary on another continent, the use of these tools is really helpful. It also allows watching the presentation more than once. This may be a tool for training purposes. You could make a training presentation for interns or new employees, so they can watch it when they need it.

Here is my link to the Web 2.0 post:

The Power of Love Foundation

That’s all I can say about this valuable project. Thank you very much for reading my blog.

Excel Project

The excel projects intention was mainly to apply the skills we learned during the Excel Scavenger Hunt. So the use of basic excels formatting and functions as well as Pivot tables.

In the first task we had to work on the given data and create new useful cells with the help of excel functions.  I made the first two rows bold and centered the gender column. In addition I froze the first two rows, as it makes it more convenient to scroll through the data.

After that I created several new cells that provide new data information.

·         Maximum Heart Rate (Max HR)

·         Target Heart Rate (Tgt HR)

·         Highest Heart Rate Achieved ( Highest HR)

·         Target Achieved (Tgt Achieved)

·         Heart Rate Increase (PctIncreaseHR)



Excel Sheet

With these new data it is now possible to give more informative information about the effectiveness of the new workout in the fitness center. To print these data, the printing layout had to be adjusted to make it fit to one page. In addition headings and footers where included for a professional look.

Pivot table

After that I created two Pivot tables which allow making analysis of different relations between data. As you can see in the table below, I separated the data into three age groups and then in male and female. The table clearly shows that the group 20-29 years and female has the highest “Heart Rate Increase” and the group 40-49 female the lowest. 

Overall this exercise should prepare us for the daily business in a company, where you often work with Excel. Especially the Pivot table function can save you a lot of time as you can quickly create new tables.