It's
so hard to realize that it's only weeks away. It's always fun to
start preparing for the holiday season. This year we have Richmond
family visiting the Orlando family, so we get to cook the turkey (I
actually escaped that one, I get to do Friday's feeding of the
clan). It's always so nice to see how much the little ones have
grown, and check out the hair of the adults (how much is still
there, what length, what color, etc.)
The weather, of course,
is now wonderful – this is Florida's bragging time of year. We're
taking advantage of it and have scheduled CSTA
(Computers: Systems, Terms, and Acronyms) in Orlando on December
4th. Think about it – sweater weather in December, beautiful sunny
days, one day of training which you can make part of a long weekend
. . .
Back to technology –
Security is this month's
technical subject. Obviously I'll just be able to touch the
highlights with such a huge topic, but I wanted to cover current and
new security technologies. As you do the quiz, see if you can figure
out the relationship of the questions – there is one. It's explained
at the end of the answers.
We'll be in Chicago on November
18th and the DC area on the 20th. We return to the NYC area on
December 2nd, and Orlando on the 4th. Web
sessions for both CSTA and Specific Technology modules are
on November 5th, 6th, and 7th and December 8th, 9th, and 10th. The
Web-based Technical Recruiting was such fun we're repeating
it on December 16th.
Keep in touch . . .
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security
Techniques/Protocols
Security is
certainly a major concern for every company – now more than ever
with the growing use of wireless systems. Encryption is the heart of
every security system. These systems start with firewalls, then can
build a DMZ (Demilitarized Zone), use Proxy Servers, and transmit
information through VPNs (Virtual Private Networks). Each of these
techniques follows protocols – rules and
standards.
Firewalls
Firewalls are, of course, the
basis of security systems. All companies use firewalls to keep
intruders out of their internal systems and data. Firewalls can be
hardware (a computer that does nothing but run firewall software) or
software, and use filters to work with some or all of the following
protocols to control access.
IP (Internet Protocol) -
the main delivery system for information over the Internet.
TCP (Transport Control Protocol) - used to break apart
and rebuild information that travels over the Internet.
HTTP (HyperText Transfer Protocol) - used for Web pages.
FTP (File Transfer Protocol) - used to download and
upload files.
UDP (User Datagram Protocol) - used for
information that requires no response, such as streaming audio and
video.
ICMP (Internet Control Message Protocol) - used by
a router to exchange the information with other
routers.
SMTP (Simple Mail Transport Protocol) - used to
send text-based information (e-mail).
SNMP (Simple
Network Management Protocol) - used to collect system information
from a remote computer.
Telnet - used to perform commands
on a remote computer.
Proxy Servers
Proxy Servers
perform two functions: they cache information and can function as
security points. They sit between the Web browser and an application
server and save, or cache, the Web pages they retrieve for a certain
amount of time. Often this allows them to fulfill a later request
for a specific page from saved information instead of having to
return to the originating site. As a security point, proxy servers
can be used as filters and deny access to certain sites. Some proxy
servers also act as firewalls. Proxy servers commonly work with the
following protocols:
HTTP (HyperText Transport
Protocol).
FTP (File Transfer Protocol).
NNTP
(Network News Transfer Protocol) - governs discussion group
messaging.
SSL (Secure Socket Layer) - establishes
security between the client and server for any amount of data.
DNS (Domain Name Service) Maps user friendly names to IP
addresses.
SHTTP (Secure HTTP) - provides security for a
specific message.
IMAP (Internet Mail Access Protocol),
and
POP (Post Office Protocol), and
SMTP (Simple
Mail Transfer Protocol) – are all email protocols.
DMZ
(DeMilitarized Zone)
A DMZ is a network security technique that
sets up a computer as a neutral zone between the corporate network
and external networks. One of the easiest ways to picture this is
that everything that is not in the corporate network or the Internet
is in the DMZ – it sits between the two. Typically companies place
their Web sites in the DMZ. This permits access by corporate
outsiders to the Web site, but allows the company to set up a
firewall between viewing Web pages and accessing other corporate
information, such as a list of employees. Protocols supported are
typically:
HTTP (HyperText Transport
Protocol).
TCP/IP (Transmission Control Protocol/Internet
Protocol).
IPsec (IP security) - encryption,
authentication, and key functions for Internet
systems.
L2TP (Layer 2 Tunneling Protocol) - used for
tunneling over the Internet.
PPTP (Point-to-Point
Tunneling Protocol), and
L2F (Layer 2 Forwarding) – are
both tunneling protocols which have been supplanted by L2TP but are
still seen.
SMTP (Simple Mail Transfer Protocol) which
deals with email.
VPN (Virtual Private Network)
A
VPN uses public networks to transmit private data. Usually used by
companies to use the Internet to give remote users access to
internal corporate networks. A VPN creates a virtual tunnel in the
Internet and tunneling protocols follow:
IPsec (IP
security).
L2F (Layer 2 Forwarding).
PPTP
(Point-to-Point Tunneling Protocol).
L2TP (Layer 2
Tunneling Protocol).
Encryption Protocols
All of
these security techniques use encryption, and the many protocols
associated with it are not tied to a specific type of security, but
are meaningful to the encryption process:
Kerberos -
encryption and authentication protocol used with client-server
applications. Authenticates remote users.
SSH (Secure
SHell) – encryption and authentication protocol for remote
users.
SSL (Secure Socket Layer) – establishes security
between the client and server for any amount of data. By convention,
names of Web sites that use this protocol start with https: rather
than http:.
SET (Secure Electronic Transaction) – used to
secure credit card transmissions.
SHTTP (Secure HTTP) –
same as SSL, but works with a single message.
PGP (Pretty
Good Privacy) – provides email encryption.
S/MIME (Secure
Multipurpose Internet Mail Extensions) – provides email
security.
There are many more protocols – and even
techniques, but these are among the most common. There's no way of
knowing which of these you might run across. but as security becomes
more important, you'll undoubtedly see some of them.
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1.
Are mainframes on their way out?
2. What is the
fastest growing database today?
3. What new product
has been added to Microsoft's Office Suite with the release of
Office 2003?
4. What two PDA (Personal Digital
Assistant), or handheld computer, vendors just merged?
5.
Which of the following are synonyms?
a) convertible tablet
b) pure tablet
c) slate
tablet
d) tablet PC
e) Web tablet
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
IT is Not Rocket Science .
.
. |
So why
do we often feel as if we don't know what we're doing? Nothing can
lower your confidence as much as trying to participate in a
conversation and not even knowing what questions to ask. And, it's
hard to do a good job without having the confidence to speak up, ask
questions, and make decisions. In addition, you need to have
confidence in your ability to do a good job in order to enjoy what
you're doing.
It doesn't matter what your job is –
recruiter, account manager, compensation analyst, trainer, analyst –
when you are dealing with technical people and products you have to
understand the terminology. This is what makes IT look like rocket
science – it's the words, not the content. This field not only makes
up new words every time someone has a new idea, it often makes up
two or three words for the same thing. When dealing with products,
knowing the name of the software is not enough, you also have to
know the vendor name because the techies you talk to might use that
name. The terms have overlapping meanings – just what is the
difference between infrastructure, integration, and interface? It's
easy to say you understand the terminology, but IT is a huge,
dynamic field and new products and words are introduced daily. No
one knows it all.
The first thing to understand is that IT
has a basic structure that hasn't changed since businesses first
started using computers in the 1960s. Everything in the field can be
assigned to one of five
categories:
Platforms
Development
Data
Communications
Applications
You
need to understand these basic areas and the technology, techniques,
systems, and, of course, the terminology that defines each area.
Then, delve into the areas you work with and don't worry about the
others (learn the details about networking only if and when you have
to!).
How do you learn?
Seminars, TechRef, the Web –
and ask questions
Seminars: SemCo's seminars cover
the basic technology through CSTA,
and cover new technologies and specialties through Web-based Specific
Technology modules. Vendors often hold Web sessions
describing their technologies. Sure, these are sales sessions, but
they present lots of good information.
TechRef:
SemCo's online
database provides current information about all of IT – it's
great to learn the basics, thoroughly cover any single area, and
keep up with new technology.
The Web: When you really
need detail on a specific product, the vendor's Web site might help.
Warning - these sites are often difficult to work with – some are
marketing tools with little specific information, others are written
for techies with too much detail!
Ask Questions:
Listed last, but most important. Ask your peers, ask sales
people, and, again, TechRef
is a resource with a point-and-click questioning capability.
Finally, when you have the confidence that you understand the
basics, you can ask the techies. If you don't understand the answer,
ask again. Remember, IT is not rocket science.
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
Short Destructive Software
Vocabulary |
Destructive software - programs that are written to
cause problems – has been around since programs were first written.
As we all become more and more dependent upon computers, and trust
more and more of our data and our processing to the computer
environment, it's worth taking a look at all the different attempts
to destroy our electronic world.
backdoor A type of
program that is hidden and gives remote access and control over a PC
to unauthorized persons. Backdoors are used by hackers to get
into a system as an authorized user.
DOS (Denial of
Service) Destructive software which is characterized by an
explicit attempt by attackers to prevent legitimate users of a
service from using that service. An incident where users are
deprived of resources they usually can access. It usually is the
temporary loss of network connectivity and services, very often
email. DOS is commonly the result of a virus and not
destructive to Web sites or data, but can be very damaging to
business operations. Includes:
· "flooding" a network, thereby
preventing legitimate network traffic
· disrupting connections
between two machines, thereby preventing access to a service
·
preventing a particular individual from accessing a service
·
disrupting service to a specific system or
person.
DDoS (Distributed Denial of Service) An attack
that uses Zombie programs to attack a central program from
many individual systems.
drone A software program that
allows a hacker to use a machine to perform a Denial Of
Service attack against targets like web servers, ftp servers,
and mail servers. Often Zombie programs are distributed to
individual systems through email attachments. A hacker will usually
locate several Zombie machines to launch a large attack
against the target server, in order to make it busy so the site is
effectively down thus causing a DDoS (Distributed Denial of
Service) attack. A Zombie program is also called a
drone.
logic bomb Destructive program that
destroys data, but does not affect other programs. Also, a resident
computer program that lies dormant for a period, and then triggers
an unauthorized act when a certain event, such as a date, occurs.
malware Computer virus. Software that is
embedded and hidden in other software. Often used to describe
Trojan Horses and back doors that are inserted into systems
developed offshore.
Trojan Horse A destructive
program that is disguised as something benign, such as a
directory lister, archiver, or game and contains a
virus.
virus Computer program that attaches
code to other programs. When these infected programs run, the
unsuspected attached code can do very damaging things throughout the
entire computer system. Entire systems can be deleted through
viruses. A virus infects other programs within the computer
system but cannot affect another system unless a person copies or
downloads the affected program. Programs that have been affected by
viruses are called "Trojan Horses."
worm A
program that propagates itself over a network, reproducing itself as
it goes. A destructive program that replicates itself throughout
disk and memory, using up the computer's resources and eventually
putting the system down. A worm can affect many systems
without any human action.
Zombie Destructive software.
A software program that allows a hacker to use a machine to perform
a Denial Of Service attack against targets like web servers,
ftp servers, and mail servers. Often Zombie programs are
distributed to individual systems through email attachments. A
hacker will usually locate several Zombie machines to launch
a large attack against the target server, in order to make it busy
so the site is effectively down thus causing a DDoS
(Distributed Denial of Service) attack. A Zombie program is
also called a drone.
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. No, but maybe. According to market reports, 90% of
Fortune 1000 companies still use mainframes for their
mission-critical applications, and over 70% of transactional
corporate data is stored on mainframes. Mainframes aren't going away
in the near future. But the growing use of grid computing and server
blade technology does show a possible end to these large systems.
It'll be fun to watch.
2. You're probably going to be
surprised – it's MySQL. MySQL started out as an open source RDBMS
(Relational DataBase Management System) used for small systems. It
has since grown to handle enterprise data stores and is available
commercially from MySQL AB to provide support in addition to being
available as a free download. Also, SAP turned over its database
product to MySQL in 2003, so it's now one of the databases used in
SAP installations. Chances are, you'll be hearing more about
MySQL.
3. . Infopath. This software allows
non-technical users to collect data in XML (eXtensible Markup
Language) format without knowing XML and automatically deliver the
information to back-end systems. Developed under the name XDocs, and
released in 2003 with Office 2003. Available with the Professional
Enterprise Edition.
4. Palm and Handspring. The new
company will have a new name (to be decided) and two divisions –
PDAs and smart phones. This merger creates a very strong
mobile/communications company based on product lines and portfolios.
PalmSource (software company that produces PalmOS) is now an
independent company.
5. b) and c). Pure tablets are
also called slate tablets.
A Web tablet is an Internet appliance
that looks like a small chalkboard. It has a touch screen and
accepts pen input. Some tablets offer functionality almost
equivalent to laptop PCs, and others provide only Internet access
and basic functions such as calendaring and address books. Some need
to connect to phone lines and/or network cables while others provide
wireless access. Web tablets are categorized as pure tablets (or
slate tablets), with touch screens that work with pen and stylus
only, or as convertible tablets which have an add-on keyboard and
can function as a regular laptop. A subcategory of Web tablet is
tablet PC.
A tablet PC is usually a notebook computer that
allows users to write words with an electromagnetic digitizer pen on
a specially adapted LCD screen that acts as a writing surface. The
system can then either store the note in a format called "digital
ink" or convert it into an ASCII text file. Initial machines fall
into two categories: convertible laptops that support both keyboard
and pen input, and native tablet PCs that don't include a keyboard.
The questions are in the order they are because each deals
with a specific computer environment. The questions, in order relate
to the following environments:
1 – mainframe
2 – midzsize
3
– PC/laptop
4 – PDAs
5 – Internet appliance
Back to
top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SemCo
Enterprises, Inc. respects your privacy. We do not sell, rent or
share your information with anyone.
|
Forward to
a Friend!