These days, organizations invest heavily in security for their information systems. IS security attacks are a daily occurrence and the need for security grows with the sophistication of such attacks.
Information Security is "the protection of information systems against unauthorized access or modification and against Denial of Service to authorized users or provision of service to unauthorized users".
Some of the main threats to security are:
Denial of Service
Dos attacks exploit known vulnerability in specific applications, operating systems protocols or services. They deny authorized users access to information or computers e.g websites. The most common types are SYN, Ping of Death (POD) and Distributed Denial of Service (DDOS) attacks.
SYN Attacks: Utilizes the TCP 3 way handshake to establish a conneciton between 2 PCS. Normally PC1 sends a synpack, PC2 responds by a syn/ack pack, and PC1 then sends an ack pack. The attacke floods the second PC with fake synpack requests with non-existant IP's on the first PC so steps 2 & 3 cant be completed.
Ping of Death: Ping is a tool used to test if a host is reachable across a network. An attacker sends a pack of > 64k (normal packs are 56 bytes). Some older systems cant habdle the packet size and crash.
Distributed Denial of Service Attacks: These target multiple systems, target bandwidth, or the resources of a system. The attack uses a client program to connect to master's compromised systems that control and issue commands to thousands of zombie agents. These compromised systems run the attack to generate traffic. These collections of compromised systems are called BotNets.
Malware is code installed without permission or knowledge of the user. Types of Malware include:
Viruses: Viruses replicate by attaching themselves to executable files and run before the file is executed
Trojans: A trojan is a piece of software that appears to solve a desirable function, but in actual fact facilitates unauthorized access to the users PC
Worm: A computer worm is a self replicating program that services on its own. It spreads by expoiting vulnerabilities in the OS.
Logic Bombs: Logic bombs are deliberately installed, generally by an authorized user. Tney sit dormant until a certain event triggers them e.g. date/time. It can damage records, databses and delete files.
Sunday, December 6, 2009
Neural Networks
A neural network is basically a mathematical version of what goes on in our brain. The brain consists of neurons, a basic cell, which when interconnected produces what we call a neural network. The sole purpose of a neuron is to receive electrical signals, accumulate them and see if they are strong enough to be passed forward.
A neuron is a cell which accumulates electrical signals. It then compares the accumulated signal with a pre-defined value unique to every neuron, called a bias. Neural networks can be broken down into 3 different layers: input layer, hidden/middle layer, and output layer.
Input Layer: The input layer takes the inputs and passes them to the middle layer. This is its sole task. The input layer never processes data, just passes it along.
Middle/Hidden Layer: This layer is what allows the network to solve complex problems. There can be any number of middle layers but for most tasks, one is sufficient. This layer takes values from the input layer, performs some calculations and passes them to the output layer.
Output Layer: This layer takes input from the middle layer, performs calculations and gives a final result. It is similar to the middle layer but instead of passing values on to the next layer, they are treated as output.
Some practical applications of neural networks include:
A neuron is a cell which accumulates electrical signals. It then compares the accumulated signal with a pre-defined value unique to every neuron, called a bias. Neural networks can be broken down into 3 different layers: input layer, hidden/middle layer, and output layer.
Input Layer: The input layer takes the inputs and passes them to the middle layer. This is its sole task. The input layer never processes data, just passes it along.
Middle/Hidden Layer: This layer is what allows the network to solve complex problems. There can be any number of middle layers but for most tasks, one is sufficient. This layer takes values from the input layer, performs some calculations and passes them to the output layer.
Output Layer: This layer takes input from the middle layer, performs calculations and gives a final result. It is similar to the middle layer but instead of passing values on to the next layer, they are treated as output.
Some practical applications of neural networks include:
- Optical character recognition
- Stock market prediction
- Loan risk analysis
- Image analysis
Tuesday, November 3, 2009
Genetic Algorithms
This week in class we covered Genetic Algorithms. Genetic Algorithms are used in computing to find the optimum answer to a problem. The probolems are solved using a number of variables and possibly a formula. The results are displayed graphically on what is called a fitness landscape. The algorithm continues to run within confines, such as for how many turns it should run, or how long it should run for. The results are displayed in what is called the search space.
Genetic Algorithms can be very useful for performing an otherwise extremely tedious task. Some ways genetic algrithms are applied to everyday life include:
Genetic Algorithms can be very useful for performing an otherwise extremely tedious task. Some ways genetic algrithms are applied to everyday life include:
- Autimated Design
- Software Engineering
- Code Breaking
- Bioinformatics
- Timetabling probelms - creating non-conflicting timetables
Sunday, October 18, 2009
History of Artificial Intelligence
When we think of Artificial Intelligence, we think it to be a fairly new concept and associate it with science fiction efforts such as "The Terminator". In actual fact, the idea of artifial intelligence stretches way back, as far as Greek mythology and the Golden Robots of Hephaestus. Through the ages, various philosophers reasoned that all rational thought could be made as systematic as algebra.
The 1930's, 40's and 50's is when AI really began to develop. There was a computer that could play an average checkers player and win. Then Arthur Turing published a paper and devised a test that stated if a machine could teletype a conversation that was indistinguishable from a conversation with a human being, it could be deemed intelligent. In 1956, at Dartmouth College, a conference on the subject was held and the official name Artificial Intelligence was given to the subject.
Through the next few decades, the development of AI was subject to harsh "winters". This was the term used when various stumbling blocks were hit in the development of AI. In the 70's and 80's, the technology experienced a number of "winters", usually in keeping with the economic climate. The advent of Expert Systems in the 80's was seen as a revival, but was followed by a "winter" when the limitations of Expert Systems were realised.
Today AI is more widely used in everyday life. Algorithms are used to aid medical diagnostics, solve banking problems and of course, AI is widely used in video games to great effect. The reason the technology has advanced seems to be mainly down to the processing power of computers today. Moores Law states that the processing power of computers doubles every two years. At this rate it has been estimated that by 2029, we will begin to see machines with humans level intelligence.
The 1930's, 40's and 50's is when AI really began to develop. There was a computer that could play an average checkers player and win. Then Arthur Turing published a paper and devised a test that stated if a machine could teletype a conversation that was indistinguishable from a conversation with a human being, it could be deemed intelligent. In 1956, at Dartmouth College, a conference on the subject was held and the official name Artificial Intelligence was given to the subject.
Through the next few decades, the development of AI was subject to harsh "winters". This was the term used when various stumbling blocks were hit in the development of AI. In the 70's and 80's, the technology experienced a number of "winters", usually in keeping with the economic climate. The advent of Expert Systems in the 80's was seen as a revival, but was followed by a "winter" when the limitations of Expert Systems were realised.
Today AI is more widely used in everyday life. Algorithms are used to aid medical diagnostics, solve banking problems and of course, AI is widely used in video games to great effect. The reason the technology has advanced seems to be mainly down to the processing power of computers today. Moores Law states that the processing power of computers doubles every two years. At this rate it has been estimated that by 2029, we will begin to see machines with humans level intelligence.
Robot Building
This week in class we did something a little bit different. We divided into groups and were each given a box which contained the parts necessary to contract a robot. We had 3 hours to complete 3 tasks:
As we had a group of 4, we divided into 2 teams of 2 in order to complete the construction of the robot. This worked well and we were able to complete the robot in a relatively quick time and run the demo, which worked fine. With the next two tasks, we were not as successful, however. In order to program the robot to performt the afore-mentioned tasks, we had to use the software that was provided with the set. This proved more difficult than we imagined, and we had basically no success with either task. All the while we were losing chips until our kitty was empty. Soon after, time ran out.
After the exercise, Martin explained that he had been trying to teach us that in business, there are always problems that you dont consider. He removed one piece from the set to distract us, which it did. Also, when he was going round taking chips, he was stealing 1 or 2 extra each time. He also made us aware of the fact that we should have used the chips to call him in, and then consult with other groups. Finally, he told us that we should have broken into 2 teams from the outset - 1 for harware, 1 for software.
All in all, I found the exercise to be an enjoyable experience but also a harsh lesson in project management.
- Build the robot to specification
- Make the robot move forward until it hit an object, then pick it up
- Make the robot complete a lap of the circuit, navigating around an object
As we had a group of 4, we divided into 2 teams of 2 in order to complete the construction of the robot. This worked well and we were able to complete the robot in a relatively quick time and run the demo, which worked fine. With the next two tasks, we were not as successful, however. In order to program the robot to performt the afore-mentioned tasks, we had to use the software that was provided with the set. This proved more difficult than we imagined, and we had basically no success with either task. All the while we were losing chips until our kitty was empty. Soon after, time ran out.
After the exercise, Martin explained that he had been trying to teach us that in business, there are always problems that you dont consider. He removed one piece from the set to distract us, which it did. Also, when he was going round taking chips, he was stealing 1 or 2 extra each time. He also made us aware of the fact that we should have used the chips to call him in, and then consult with other groups. Finally, he told us that we should have broken into 2 teams from the outset - 1 for harware, 1 for software.
All in all, I found the exercise to be an enjoyable experience but also a harsh lesson in project management.
Friday, October 16, 2009
Social Networking
A Social Network is an online community of people who share a common interest such as music, sports, movies etc. Social Networking has been around longer than most people might think. The website classmates.com offered users the opportunity to keep in touch with friends from school. It wasn't until the early part of the 20th century that it really began to take off however, with the introduction of Friendster, MySpace and Bebo. These social network sites allowed users to build a page for themselves, customize it with wallpaper and video widgets and then build a database of friends and communicate with these friends through email, wall posts and instant messaging. Today there is a loarge number of social networking sites in operation, the biggest being MySpace, Facebook and Bebo.
Although originally intended for friends to keep in contact, the uses for social network sites have become far more numerous. With such high numbers becoming members of the various sites, comanies have become keen to advertise on the sites. The money receiced by the social network sites from advertising allows the admins to better develop them and encourages continuing innovation.
There have been growing privacy concerns regarding social networks. This stems from the worry that people may be divulging too much sensitive information to the site owners. This year Facebook tried to bring in legislation that would give them ownership of any material (pictures, videos etc.) that was on a certain users page, if that user decided to close their account. This was eventually blocked once members became aware of what was happening. There have also been concerns that social networks increase the risk to members by stalkers or sexual predators.
Social networking also has implications for the business world. If used correctly, one can build a network of colleagues in order to discuss issues and develop their business skills and list of contacts. Some examples of how social networks have played a part in the business world are mentioned in the link below.
http://www.bnet.com/2403-13070_23-219914.html
Although originally intended for friends to keep in contact, the uses for social network sites have become far more numerous. With such high numbers becoming members of the various sites, comanies have become keen to advertise on the sites. The money receiced by the social network sites from advertising allows the admins to better develop them and encourages continuing innovation.
There have been growing privacy concerns regarding social networks. This stems from the worry that people may be divulging too much sensitive information to the site owners. This year Facebook tried to bring in legislation that would give them ownership of any material (pictures, videos etc.) that was on a certain users page, if that user decided to close their account. This was eventually blocked once members became aware of what was happening. There have also been concerns that social networks increase the risk to members by stalkers or sexual predators.
Social networking also has implications for the business world. If used correctly, one can build a network of colleagues in order to discuss issues and develop their business skills and list of contacts. Some examples of how social networks have played a part in the business world are mentioned in the link below.
http://www.bnet.com/2403-13070_23-219914.html
Thursday, October 15, 2009
Cloud Computing
The next topic we covered was Cloud computing. Cloud computing is the term given to anything that involves delivering hosted services over the internet. The name "Cloud Computing" comes from the way the internet is depicted in network diagrams. Cloud computing can be broken down into 3 categories:
- Software-as-a-Service (SaaS)
- Hardware-as-a-Service (HaaS)
- Platform-as-a-Service (PaaS)
From the presentation my group compared on cloud computing, I learned that it has the potential to be a very viable technology in the future if it is developed properly. It allows smaller businesses access to processing power and software that would normally be beyond their reach. The fact that this technology is so promising has been reflected in the calibre of company that has made strides into develeoping it - IBM, Google and Amazon.
Integrated Systems
At our first CIIS lecture, the case study we looked at was the integrated statewide information systems (ISIS) project, which was undertaken by the State of Louisiana. From this case study, I learned that the State of Louisiana decided it needed a new system to comply with the increasing financial reporting requirements and to take advantage of the latest technology. This included integrating purchasing, contracts, payroll an the financial system. It began the ptocess of replacing its existing system in 1991. It was broken down into 7 phases. At the time the study was published, the State were at phase IV but had encountered numerous problems and had to call in consultants for advice on how to manage the various vendors involved in the project. The consultants produced a report that said the HR system was too fragmented and not properly finded to manage the project, and produced a list of recommendations. The State also ran into problems with its implementation of the Enterprise System. They had learned somewhat from their efforts with the legacy systems from the 1980's, but still were unprepared for the changes to management etc. that are necessary for the ES to succeed.
From my reading of the case study, I realised that the idea of having an integrated system is very attractice. Having one large database to facilitate the flow of information throughout the organization freely, allowing increased productivity, better decision making etc. However, it seems that it is much more difficult to achieve the desired effects than you would imagine. Underestimating the scope of the prject seems to be the main pitfull from my reading of this case study. If I were to be involved in undertaking such a project, I would try to make sure that extensive studies were conducted to make sure that there were no shortfalls financially and technologically and that the time frame given was realistic.
From my reading of the case study, I realised that the idea of having an integrated system is very attractice. Having one large database to facilitate the flow of information throughout the organization freely, allowing increased productivity, better decision making etc. However, it seems that it is much more difficult to achieve the desired effects than you would imagine. Underestimating the scope of the prject seems to be the main pitfull from my reading of this case study. If I were to be involved in undertaking such a project, I would try to make sure that extensive studies were conducted to make sure that there were no shortfalls financially and technologically and that the time frame given was realistic.
Subscribe to:
Posts (Atom)
