Download Management Information Systems

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Deep packet inspection wikipedia , lookup

Network tap wikipedia , lookup

Computer network wikipedia , lookup

IEEE 1355 wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Airborne Networking wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Computer security wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Transcript
Management Information Systems
Rutgers Business School / Undergraduate New Brunswick
Professor Eckstein, Fall 2004
Class Notes
The first midterm exam will be based on Chapters 1-4 of the Post and Anderson book, and on
these notes. The exam will not emphasize the history material.
Class 1
Overview
 Topic: using computer and network technology to help run businesses and other
organizations
 Won’t focus especially on “managers”
 Will combine “Top-down” descriptive learning (P&A book) with “bottom-up” learning
by example (Microsoft Access and G&B book)
Rules and Procedures – see the syllabus and schedule
Data, Information and Knowledge (P&A chapter 1)
 Datum is singular, data is plural
 Information is data structured and organized to be useful in making a decision or
performing some task
 Knowledge implies “understanding” of information
o Knowledge representation in computers is called “artificial intelligence” (AI). It
got a lot of hype in the 1980’s, but it is still growing gradually. We will not
discuss it much, and stick to information instead.
The organizational “pyramid”
 Strategic management/decisions at the top
 Tactical management/decisions in the middle
 Operational management/decisions and operations at the bottom
 Whether something is information or data depends on the level of the decision –
something that might be information relative to an operational task could be just data
relative to a strategic decision. The higher you go, the more aggregated the information
needs to be
Information systems
 The ways that organizations
o Store
o Move
o Organize
o Manipulate/process
their information
 Parts of information systems
o Hardware – physical tools: computer and network hardware, but also low-tech
things like pens and paper
o Software – instructions for the hardware
-- 1 --



o People
o Procedures – instructions for the people
o Data/databases
Information systems existed before computers and networks – they just used very simple
hardware that usually didn’t need software.
Impact of electronic hardware
o Greatly reduces cost and increases speed of storing, moving (etc.) information
o Information doesn’t have to be stuck with particular things, locations, or people
o Can increase efficiency of things you already do
o Can permit new things
 Combine scale efficiencies of a large firm with responsiveness of a small
one
 Can remove middlemen or levels of inventory that shielded you from
handling information
How much processing of information?
o Many computer information systems just store and organize information and
perform very simple processing tasks like
 Finding/entering/altering/deleting specific data
 Finding specific data
 Sorting
 Summarizing (adding, averaging, etc.)
o Just these simple operations can accomplish enormous amounts
o Relational Databases (RDB’s) are great at these things
o To get computers more involved in making or suggesting parts of decisions, you
often need more sophisticated tools than RDB’s
 Special/custom computer programming
 Expert systems/artificial intelligence
 Decision support systems/management science/operations research
o This course focuses on how to organize information in RDB’s and perform simple
forms of processing, plus a little programming (if things go on schedule)
IT Foundations – Layering and Modularity (Class 2)
Electronic computing equipment is constructed from
 Wires
 Transistors and the like
 Storage devices (such as tiny magnets) that can be in one of two possible states
Although technically possible, we do not want to think about complex systems as being made out
transistors. If somebody said “make an accounts payable system, and here is a pile of
transistors”, you would probably not get very far!
The keys to organizing information systems (and other computer-based systems) are
 Layering – provide foundations that do simple tasks and then build on them without
worrying about how they work internally
-- 2 --

Modularity – divide each layer into pieces that have well-defined task and communicate
with one another in some standardized way
The most basic layering distinction is hardware and software
 Hardware consists of physical devices (like PC’s) that are capable of doing many
different things
 Software are instructions that tell hardware what to do
Kinds of hardware
 Processors (CPU’s = central processing units; like “Pentium IV”)
 Primary storage (RAM and ROM)
 Secondary storage (hard disks, CD’s, floppies)
 Other input/output (“I/O”) – screens, mice, keyboards etc.
 Network hardware
Standard way of arranging hardware (like PC)
 One processor and bank of memory, and everything attached to them
 Mainframes are like PC’s, but designed to do very fast I/O to a lot of places at the same
time (they used to compute faster as well)
More recent things –
 2 to 16 processors sharing memory (servers and fast workstations)
 Parallel processing supercomputers with many memory/CPU units communicating via a
network
 “Disk farms” that put together 100’s-1000’s of disks and connect them to a network as a
shared storage device
 Basically, networks have “shaken up” the various ways that hardware modules are
connected, although the basic PC style is one of the most common patterns
 Nowadays, only a one-person company has only one computer. So all companies are
doing a certain amount of “parallel” or “distributed” computing.
If you look at things at each hardware module, you’ll find layers and modules within it. For
example, a CPU will have modules inside like
 ALU (“arithmetic/logical unit)
 Instruction decoder
 Memory controller
 Etc.
Software structure
 BIOS is lowest level (basic I/O system)
 Operating system on top of BIOS
o Arbitrates between tasks
o Tracks files
o Structures contents of screen
o Within an operating system, you will find modules and layers
 Application software
Application software may have layers, such as
 Relational database engine (MS Access, Oracle, Sybase, DB2, etc.)
 Specific business application built on top of engine (we will study how to do that!)
Languages for expressing software
-- 3 --




Lowest level = machine language – just 0’s and 1’s saying things like “add register 2 to
register 5” (a “register” is a very fast piece of memory inside a processor, usually just
holding a single 4- or 8-byte number)
Assembly language – says the same thing in text, for example “ADD R2, R5”. An
assembler program translates this text to machine language.
“Higher-level” languages that look more like English or algebra
o BASIC (numerous dialects)
o C
o C++
o Java/JavaScript
o COBOL
o … many, many, more…
Compiler and interpreter programs translate these languages into things the processor can
actually do
o Compilers translate once and produce a complete machine language program (a
.EXE file in Windows)
o Interpreters translate pieces of the program on an as-needed basis
o Compilers typically produce faster programs
o Interpreters make it easier to find bugs in programs and may be simpler (fine if
other things are more important than speed)
Data representation (Classes 2 and 3)
(Also see the memory storage calculation handout)
Notes: computers store number in base 2, or binary. Instead of a 1’s place, a 10’s place, a 100’s
place etc. each with a digit from 0 to 9, you have a 1’s place, a 2’s place, a 4’s place, an 8’s
place, and so forth, each containing the digit 0 or 1.
Example: 100101 = 1  20 + 0  21 + 1  22 + 0  23 + 0  24 + 1  25
When bits are combined to represent a number, sometimes one bit – often called a “sign bit” – is
set aside to indicate + or – . (Most computers today use a system called “two’s complement” to
represent negative numbers; I will not go into detail, but it essentially means the first bit is the
sign bit).
There are also formats that are the binary equivalent of “scientific notation”. Instead of 3.478 
105, you have things like 1.00101011  213. These are called “floating point”. They are usually
printed and entered in decimal notation like 3.478  105, but represented internally in binary
floating point notation.
Some common amounts of memory for computers to manipulate at one time:
 A single bit – 1 means “yes” and 0 means “no”
 8 bits, also called a “byte” – can hold 28 = 256 possible values. These can represent a
single character of text, or a whole number from 0 to 255. If one bit is used to indicate +
or –, can hold a whole number from –128 to +127.
-- 4 --



16 bits, or two bytes. Can hold a single character from a large Asian character set, a
whole number between 0 and about 65,000, or (with a sign bit) a whole number between
about –32,000 and +32,000.
32 bits, or four bytes. Can hold an integer in the range 0 to about 4 billion, or roughly –2
billion to +2 billion. Can also hold a “single precision” floating-point number with the
equivalent of about 6 decimal digits of accuracy.
64 bits. Can hold a floating-point number with the equivalent of about 15 digits of
accuracy, or some really massive whole numbers (in the range of + or – 9 quintillion).
Most processors sold today manipulate data in 32- or 64-bit chunks. The Intel Pentium class of
processors can manipulate up to 32 bits per machine cycle (on a 2.4-Gigahertz processor, for
example, there are 2.4 billion machine cycles per second). Other processors, like the G5 or the
Athlon 64, can process up to 64 bits per machine cycle.
See the storage calculation handout for more information, especially about representing pictures,
sound, and video.
One important concept is compression. Compression algorithms are mathematical algorithms
that reduce the storage needed by text, pictures, sound, or video, by producing specially
compacted streams of binary numbers. There are two kinds of compression:
 Lossless – the orginal data can be reconstructed perfectly by a complementary
“uncompress” algorithm
 Lossy – the original data cannot always be perfectly reconstructed, but only some close
approximation. Lossy compression may be tolerated for pictures, sound, or video, but
not usually for text.
Compression algorithms take advantage of structure in the data
 In text, not all characters appear with the same frequency, and if you know the last few
characters, you can make predictions the next one pretty accurately – for example, in a
legible English text, “Z” is very unlikely to follow “BR”.
 In recognizable pictures, nearby dots are likely to have very similar colors.
 In sound recordings, consecutive air pressure readings are likely to be similar.
 In videos, successive frames are usually very similar.
The compression factor is the size of the original data, divided by its size after it has been
compressed.
Text compression algorithms often work quite well on other kinds of data, such as machine
language programs. Some common compression algorithms:
 Text and miscellaneous streams of bits: ZIP, BZIP, GZIP (these also have facilities for
packing many source files into a single compressed files)
 Pictures: JPEG (also called .jpg)
 Sound: MP3
 Video: MPEG (also called .mpg)
-- 5 --
Networking and Telecommunications (Classes 3 and 4)
We now discuss transmitting data between physically separated computers
 Something that connects two computers is a link
 Many computers connected by many links comprise a network.
 Each computer on the network is called a node.
 Generally speaking, data should be able to get from any network node to any other node.
 There are many different shapes (or topologies) that can be used to build a network
o Today the predominant network topology is a collection of interconnected “stars”.
o At one time, interconnected “rings” were also popular, and they are still in use.
 Some nodes on the network serve primarily as connection points or to make sure data
gets sent to right place
o Switches
o Hubs
o Routers
Kinds of links
 Link speed is usually measure in bits per second (b/s), with the usual (decimal) prefixes
K (kilo/1,000), M (mega/1,000,000), G (giga/1,000,000,000), etc.
 Wires (usually copper) these can be used in many ways.
o A standard wire technology these days is “ethernet”. This comes in three flavors,
10 Mb/s, 100 Mb/s, and 1Gb/s.
o Wires can carry a lot of data for short distances, but slow down for longer
distances
 Optical fiber (carries light pulses)
o Invented about 30 years ago
o More economical than wire for high data rates and long distances. Links can have
capacities in the many Tb/s
 Broadcast electromagnetic waves (radio/infrared/microwave) – “wireless”
o Within-building and similar distance capacities typically about 11 Mb/s right now
o Slower for wide-area coverage (cell-phone modems)
A history of computer communications:
 The first large-scale electronic networks built were telephone networks. But they were
not used by computers initially (Because computers didn’t exist! In fact, “computer” was
actually a job title for a person who did mathematical calculations for engineers and
scientists)
 When computers started, each organization had its own computer in its own room. Data
got in and out of the computer room by being physically carried as punched cards, printed
reports, magnetic tape etc. (eventually floppy disks, too) – later called “sneakernet”.
 People began placing I/O devices outside the computer room, connected by wires:
printers, card readers, terminals (=printer + keyboard or screen + keyboard), etc.
 Technology was invented to encode (modulate) data into sounds the telephone network
could carry. The data would be “demodulated” back into bits at the other end (thus the
term “modem” – modulator/demodulator).
o This allowed people to have terminals at home and work over telephone lines
o Many other business applications involving sending or receiving data from remote
locations
-- 6 --
o Early modems were slow (100 b/s = 0.1 Kb/s in the 1960’s). This gradually
increased to about 56 Kb/s today.
o The technology is still widely used
 In the late 1960’s, interest was growing in large general-purpose data networks
independent of the telephone network.
o Before, these existed only for specialized application (mostly military)
o ARPANET – the (defense department) Advanced Research Projects Agency
NETwork was built in the early 70’s
o This became the “internet”
o The internet had a fairly small user base until the mid 80’s. Then it began to
gather momentum
o In the early 90’s, the “world wide web” became very popular and drove a massive
expansion of the internet (along with the “.com” boom)
o In the 90’s there was a general telecommunications boom of which the internet
boom was a big part. A lot of firms tried to secure their place in the boom by
building lots of network links, especially in North America
o A lot of network capacity was built. About the same time technology appeared
that greatly increased the amount of data an optical fiber could carry. Things
cooled off a lot, but internet use continues to climb.
How networks work: LAYERING is very important
 Bottom: physical layer – the physical workings of the links (wire, fiber, wireless, etc.)
 Network layer (typically “IP”, standing for “internet protocol”): lets the network figure
out what computer the data is meant for.
o Currently, each computer has a 32 bit “IP address” (usually split into four bytes
printed in decimal like 128.6.59.202).
o The addresses have structure – for example “128.6” in the first two bytes of the
address means somewhere at Rutgers (although 165.230 could also be at Rutgers),
the 59 designates a particular “subnet” (roughly the same as a building), and the
202 identifies which computer on the subnet.
o Note that most computers also have a “hostname” and “domain name” that is
easier for humans to remember, like “business.rutgers.edu” or www.amazon.com.
While these are related to IP addresses, they aren’t exactly the same. Special
computers called “name servers” provide the translation. Small organizations
may not have a name server, relying on a name server elsewhere. Large
organizations like Rutgers may have dozens of name servers.
o 32 bits is no longer enough space for an IP address, and we will gradually move
from IPv4 (32 bits) to IPv6 (128 bit addresses). Various workarounds suffice for
now:
 Dynamically allocating IP addresses only when computers are connected
to the network (“DHCP” is a common way of doing this), or
 Grouping small sets of computers to share a single IP (network address
translation or “NAT”)
 Transport layer (typically “TCP”). Specifies how data is split up and logically moved in
the network
o TCP specifies up to 65,000 logical “ports” for each computer on the network.
Each port can be used for a different application.
-- 7 --
o For each port, than can be more than one “session” or logical connection between
to computers (for example, you could have two independent web browser
windows connected to the same website from your own PC)
o For each session, there may be a sequence of messages in each direction
o TCP is a “packet switched” protocol – messages are cut up into “packets” that
might take different paths through the network and are reassembled at the
destination. Telephone networks are “circuit switched” – the whole conversation
uses the same route through the network.
 Application layer: specifies different protocols for moving data in different ways. These
constitute an “alphabet soup”:
o First: TELNET (old) – run a terminal session (a text-based interaction between a
person and a computer)
o FTP (old) – move files back and forth (still in some use when security isn’t an
issue)
o SSH – encrypted terminal sessions and file transfers. This is how you connect to
the “Eden” system to do text-based interactions
o HTTP/HTTPs – hypertext transmission. This appeared in the early 1990’s and
rapidly evolved into a way of projecting a wide range of graphic user interfaces
across the internet. The “s” means secure/encrypted. HTTP is a much easier and
more secure way to do arbitrary things on a remote user’s screen than making
them run custom software.
o SMB, NFS – file sharing. Making disks on a distant computer look like they’re
on yours
o SMTP – sending e-mail to and between mail servers (computers that can route email). This is a “push” protocol: the computer initiating the connection sends the
messages.
o POP3, IMAP – retrieving mail from e-mail servers. These are “pull” protocols:
the computer initiating the connection receives the messages (if there are any)
o And many, many, more…
 Typically, each protocol uses a single TCP port (or perhaps a few). For example, HTTP
usually uses port 80, and SSH usually uses port 22.
Some more notes on layers and protocols
 The picture on P&A page 100 is quite instructive – as you move downwards in the
protocol layer “stack”, more and more “bookkeeping” data, also called “headers”, get
appended around the data you actually wanted to send. This means the actual number of
bits transmitted can be substantially longer than the actual data you want to send. Header
information may get appended to each packet, if the message is divided into packets.
 TCP and IP usually go together and are known as “TCP/IP”
 You can run more than one network layer on top of a physical layer on the same link (for
example, IP and AppleTalk)
 You can run several transport layers on top of a network layer (for example, TCP and
UDP on top of IP)
 And, of course, you can run many application layers on top of a transport layer
Kinds of networks
 LAN – “Local Area Network” on the level of a single building
 WAN – “Wide Area Network” a vague term for something larger than a LAN
-- 8 --

Enterprise network – a larger-than-LAN network dedicated to a particular company or
organization
 Internet – multiple networks networked together
o The idea of an internet preceded the current notion of the internet – “the” internet
happened when most things got connected!
o The “IP” network layer was specifically designed to make it easy to create
internets. That is why “the” internet could grow so quickly in the 1980’s and
1990’s, and conversely why TCP/IP is now the dominant network layer.
 VPN – “Virtual Private Network” – runs over the internet but encrypted in such a way
that it looks like a private WAN that outsiders can’t snoop on (we hope!)
Current network technology
 Most firms now have LANs implemented with copper wire, usually Ethernet, and now
also wireless
 Many larger firms have WANs and/or enterprise networks containing wire and/or fiber
and maybe some satellite/microwave (depending on the firm’s size). The longer links in
these networks are typically leased from ISP’s (see the next item)
 Internet service providers (ISP’s) maintain interconnected, overlapping networks made
primarily of fiber (examples: AOL, ATT, Sprint, etc.) ISP’s also lease capacity for use in
enterprise networks. Large and medium firms connect directly to ISP’s.
o Also, there are some non-profit alternatives to ISP’s, like “Internet2” which
serves large universities like Rutgers
 Large firms can afford to lease dedicated high speed connections to ISP’s, like “T1” lines
 The dreaded “last mile”: smaller firms and individual households connect to the ISP’s in
various non-ideal ways
o By phone and modem (sometimes directly to employer instead of ISP)
o Cable modem – signals carried over cable TV wires. Capacity usually 0.5-5
MB/s, but capacity may be shared with other users in the neighborhood
o DSL – signals carried over regular phone lines, but not at audible frequencies.
About 0.5-1 Mb/s, but occasionally faster. Only works if you are within 2 miles
of telephone switching center, but does not have capacity sharing problems.
 Most network connections are carry a fixed charge per month, without tracking the exact
number of bits sent – one reason we have so much “spam”!
Uses for networks (not covered explicitly in class)
 Sending messages and data between people by “push”: e-mail possibly with attachments,
instant messaging, voice over IP (VoIP) telephone
 Sharing/disseminating information by “pull” (basic web, FTP). Computers that are
“pulled” from are usually called “servers”
 Other modes of sharing data. Some (or all) computers hold data that other computers can
share.
o Computers that share data on their disks are often called “servers” or “file
servers”.
o An example: “network drives” disks that are not on your computer, but act like
they are (if a little slowly)
 Sharing other hardware like printers, scanners (these actually contain processors)
 Combination push/pull messaging and sharing: chat rooms, newsgroups
 Specific teamwork applications
-- 9 --


o Calendar/scheduling applications
o Joint authorship systems (Lotus Notes?)
Gathering data and interacting with customers
o Websites that gather data or take orders
o Sensors and scanners
Offsite backup (this used to be done with tapes, but they are so slow now compared to
hard disks)
Sample file transfer calculation: Suppose we want to do “video-on-demand” downloads of 4
GB movies in DVD format (binary-style GB). How long would that take over a 1 Mb/s DSL
line, or a 50 Mb/s cable modem connection? (Note that connection speeds typically use decimalstyle K, M, and G prefixes, whereas memory specifications usually use binary style).
Size of movie = (4 GB)(1024 MB/GB)(1024 MB/KB)(1024 B/KB)(8 bits/B) = 3.44  1010 bits
Seconds to transfer with DSL = (3.44  1010 bits)/(1  106 bits/sec) = 3.44  104 sec
= (3.44  104 sec)/(60 sec/min  60 min/hr) = 9.54 hours – probably not acceptable!
Seconds to transfer with cable modem = (3.44  1010 bits)/(50  106 bits/sec) = 687 sec
= (687 sec)/(60 sec/min = 11.5 minutes – probably OK
Note that actual transfer times would be somewhat larger due to overhead (headers) added by the
application, transport, network, and physical network layers
Security (Class 5)
Computer technology has made it much faster, easier, and cheaper to
 Store
 Move
 Organize
 Manipulate/process
… information than with older “manual” technology.
Unfortunately, the same technology can also make it faster, easier and cheaper to
 Steal
 Destroy
 Corrupt
 Abuse
… that same information!
There is no such thing as total security
 Don’t think of security issues as “one-time” problems; it is an ongoing process and a
portion of the workforce needs to be dedicated to it
 Need to consider these costs when looking at cost-effectiveness of computer technology
 With awareness and effective countermeasures, security can usually be manageable
Accident and disaster threats
-- 10 --






Accidents always were a threat to organizations’ data. Fires and hurricanes can destroy
paper files just as easily as computer files
Centralized systems can be vulnerable to problems at the central site
Distributed systems can be vulnerable to problems at just one site (depending on their
design)
Power failures can do a lot more damage than they used to
With the introduction of computers, there are a lot of new ways for things to go wrong
o Hard disk “crashes”
o Software “crashes”
o Software “bugs”
o Etc…
Countermeasures:
o Backup, backup, backup, backup, backup
 Can back up data to external media (CD-R, DVD-R, tapes) – protect the
media!
 Back up data to another site over a network
 Power backup devices (generators, UPS, etc.)
 Backup of software
 Have a backup plan for hardware (for example, “SunGuard”)
o For software developed in-house: proper development, maintenance, and
lifecycle procedures to contain damage from bugs (covered later in course)
Internal threats and problems – employees and consultants
 The larger the organization, the larger the frequency of
o Employee mistakes or failure to follow procedures
o Dishonest employees (rarer, but still a concern)
 Shortcuts or dishonesty by MIS employees may have a lot of “leverage” and may be
hard to detect (trap doors, skimming, “time bombs”, …)
 Countermeasures:
o Separate functions: for example, most programmers shouldn’t have access to real
customer data
o Use data access hierarchies and rules
o Encryption?
o Monitoring (ugh – this can take many forms)
o Give employees support – make it easy (or automatic) for them to do backup,
install security software etc.
Business partner and vendor threats
 If you share interact electronically with vendors, customers, and partners, you may be
exposed to their security problems as well as yours
 Exacerbated by recent “outsourcing” and cooperation trends like
o EDI (Electronic Data Interchange): firms automatically share data they believe are
relevant. For example, we may let our suppliers see our parts inventories so they
can plan better
-- 11 --



o ASP (Application Service Providers): outsourcing portions of your information
system needs (very common for payroll)
o The growth of the web/internet gave new momentum to EDI and ASP by making
it easier and cheaper, but I think many firms are reluctant to let another company
control their data
Web commerce technology can make improper/questionable monitoring of customers
practical/profitable (cookies)
In an e-business environment, it may be harder to tell legitimate vendors, customers, and
partners from crooks masquerading as such
Countermeasures?
o Limit access
o Investigate partners
o Try to use reputable vendors/partners
o Encryption
o Monitoring
o Consumer awareness
Outside threats
 Two motivations
o Personal gain – thieves
o Malice/troublemaking – hackers etc. (this I find harder to understand)
 These threats always existed, but computer technology – and especially network
technology – makes attack much cheaper, faster, and easier
 Snooping: monitoring networks as others’ data passes by
o Wireless networks especially vulnerable
 Hacking: gaining access to private systems and data (and possible abusing/damaging
them)
o Port scans
o Bug exploitation (usually in operating systems, browsers, and e-mail programs)
o “Social engineering” – faking messages from tempting or official sources to
induce people to run booby-trapped software, reveal passwords, or disclose other
confidential information
 Spam
o Time-wasting
o Nowadays, usually dishonest/fraudulent
 Annoyance/vandal attacks – denial of service (DoS)
o For example, bombard a server computer with “ping” messages so it has no time
to do its real job
 Self-replicating attacks: viruses and worms
o May move via e-mail and have a social engineering aspect (like many spams)
o But may exploit security hole (like a forgotten trap door) and not require any
human participation
o Can reproduce very quickly
o The more powerful software is, the more vulnerable (MS Office macros)
 Many attacks combine categories
 Hierarchy among hackers and spammers
-- 12 --
o “Script kiddies”
o Spam pyramid schemes?
Security Technologies/Techniques
 User identification
o Passwords
 Make sure they are not vulnerable to guessing
 Have a change schedule
 Problems:
 You get too many of them
 Have to write them down or use one password for several systems
 Vulnerable to snooping interception with some older protocols like
TELNET and FTP
o Password generators: small electronic card that combines
 Fixed user password
 Internal passcode
 Time
o … to produce a password with a very limited lifetime
 Example: “SecurID”
o Biometrics: promising, but:
 Expense?
 Reliability?
 Ready yet?
 Access control within a computer system (server)
o Read, write, execute, (delete) privileges for files or parts of files
o Basic levels: user/group/all
o More advanced: hierarchies and “access control lists” (ACL’s)
 Restrict physical Access
o Example – US Government systems with classified data are supposed to have no
physical connection to any unclassified system.
o If a computer seems compromised by hackers or viruses, physically detach it from
the network immediately
 Audits/verification
o Example – user-verified paper voting records
o IT audits
 Scanning software and hardware
o Virus scanners: scan received disk files and arriving e-mail for suspicious
patterns
o Spam filters
o Watch network for suspicious packet patterns
o Spyware – this may be too intrusive?
o Firewalls (hardware and software): block traffic into your network or computer
 Example – for a home, do not allow any connections initiated from outside
 Example – for medium-sized business, block all incoming connections
except SMTP and HTTP into your mail/web server.
-- 13 --


Virtual private networks – use encryption to simulate a private network even if parts are
carried over the internet (or some less secure private net)
Encryption!
Encryption:
 Can be applied to both files and network messages; current emphasis on network
messages
 Applications:
o When sensitive data is transmitted
 Passwords!
 Credit card numbers
 Personal data
o VPN’s
 Basic procedure: mathematical procedure for
o Message + key = gibberish
o Gibberish + key = Message again
o Try to make it too hard just to decode by just trying all possible keys
 Cryptography predates computers, but
o Computers make code-breaking easier (“Enigma” in World War II was one of the
first applications of electronic computers – the allies cracked German and
Japanese codes with the help of early electronic computers)
o Computers can also create fiendishly difficult codes to crack
 Basic problem – how to send key?
 Solution – multiple keys:
o Encoding requires one set of keys
o Decoding requires another set
 Example: encode requires key A, decode requires key B
o Publish one key, keep the other private
o Example 1:
 Bob’s public key is on his personal webpage
 Alice encodes a file with Bob’s public key
 Alice e-mails the file to Bob
 Bob decodes with his private key
 Anybody intercepting the e-mail would have to break into Bob’s computer
to get the key to decode the attachment
 Used to send data on secure web forms (and also to receive information
from secure web servers)
o Example 2:
 Joe’s public key is on his website
 Joe encodes a message with his private key
 Sends the encrypted message to Kathy and Laura
 They decode it with his public key
 If it is intelligible, then they know it came from Joe… or whoever
published his website… (safer if he gave them the public key personally or
they have stored it for some time)
 But, anybody else can decode it
-- 14 --
o Example 3:
 David encodes a message with his private key
 David further encodes the result with Ed’s public key
 Sends it to Ed
 Ed decodes it with his private key
 Ed decodes the result with David’s public key
 Result is intelligible only to Ed, and he’s pretty sure it came from David.
o Other/related applications
 If I connect to “business.rutgers.edu”, warn me if it looks like this isn’t
actually the same computer that said it was “business.rutgers.edu” last
week
 Making sure passwords can’t be snooped
-- 15 --