AU Blogspot

            Thanks to Donovan Mueller for permission to use this Photo. 

It’s standard practice that if you have an always-on Internet connection, then you should have a firewall, implemented in either hardware, such as a router, or in software.  But even if you are using a dial-up connection, you really need a software firewall to protect you from intrusions.  You would be surprised at the number of attempts to get into your PC a good software firewall will block on a PC using dial-up.  A firewall will also notify you of attempts to go out to an Internet website.  You can then allow or disallow the outbound traffic.  You would want legitimate programs such as Windows to access the company’s website for update purposes, but you’re safer to block any programs that you don’t recognize from doing so.  Be sure to check for correct spelling.  Say you have Symantec’s anti virus program on your PC and have set it up for automatic virus signature updates.  Your firewall will ask you whether you want to grant the program permission to go outbound.  But some malware could identify itself as Symantek.  Should you allow it to access the Internet, you could be in for an unpleasant surprise. 

Yes, it’s unfortunate that there are so many nasty things that can happen to your computer.  And thwarting such attempts can cost you time and money, but you really need to do this.  At minimum you need a firewall, an anti-virus program, and an anti-spyware utility.  You’ll also need to update the anti-virus and anti-spyware programs’ signature files at least once a week, as well as scanning with each at least once a week, more frequently if you are online daily.then you should have a firewall, implemented in either hardware, such as a router, or in software.  But even if you are using a dial-up connection, you really need a software firewall to protect you from intrusions.  You would be surprised at the number of attempts to get into your PC a good software firewall will block on a PC using dial-up.  A firewall will also notify you of attempts to go out to an Internet website.  You can then allow or disallow the outbound traffic.  You would want legitimate programs such as Windows to access the company’s website for update purposes, but you’re safer to block any programs that you don’t recognize from doing so.  Be sure to check for correct spelling. 

Say you have Symantec’s anti virus program on your PC and have set it up for automatic virus signature updates.  Your firewall will ask you whether you want to grant the program permission to go outbound.  But some malware could identify itself as Symantek.  Should you allow it to access the Internet, you could be in for an unpleasant surprise. 

Yes, it’s unfortunate that there are so many nasty things that can happen to your computer.  And thwarting such attempts can cost you time and money, but you really need to do this.  At minimum you need a firewall, an anti-virus program, and an anti-spyware utility.  You’ll also need to update the anti-virus and anti-spyware programs’ signature files at least once a week, as well as scanning with each at least once a week, more frequently if you are online daily.

Dave Ronan
Computer Training Instructor
Ashworth University

The threat of “cyber-terrorism” still strikes many as abstract, a symbolic fear first represented in seminal works such as William Gibson’s Neuromancer, followed by an explosion into pop-culture fantasy through the Wachowski Brothers’, “The Matrix.” While these dark visions of man’s accelerated move towards techno-slavery have certainly colored our perspectives, the reality of cyber-terrorism has existed since the 1950’s, when state secrets were first buried in dense programming language instead of manila folders labeled “top secret.”

Behind the curtain, the borderless battlefield is virtual and the threats are as imposing as those posed by nuclear weapons. After all, launch codes are just that—codes that are developed, stored, distributed, and controlled within cyberspace. The following podcast interview features Bruce Hoffman, a cyber-terrorism expert who outlines the precise nature and ominous implications posed by this threat. Mr. Hoffman also presents us with an in-depth report on how the U.S. government has redirected its’ counterterrorism strategies. Do you see a future where the Internet is under government control? Let’s think inside the box and brainstorm on the possibilities. Thanks.

Ryan Rode
Interactive Services Manager
Ashworth University

 
              Thanks to Miguel Lopes for permission to use this Photo.

The architecture of cyberspace is interconnected, timeless, and invisible from the inside-out.  On the Ashworth University Blog, we’re not afraid of the matrix and try to share perspectives from around the world, just a 0 1 code, on the technology issues that influence how this network will evolve in complexity, and most of us would like that evolution to be open rather than closed in principle.  Earlier this year, the nation of Estonia was involved in what by any measure must be considered one of the most large scale and sophisticated “cyber attacks” in history, an attack that operated on several levels simultaneously, resulting in the virtual collapse of this nation’s electronic infrastructure.  Instantly, the fundamental question, “who did this?” was buzzing with elements of fear and conspiracy.  Did Vladimir Putin and Russia conduct this operation in the shadow of political revenge?  Was the attack the work of loosely connected and politically marginalized hackers who were sending their own message to an establishment attempting to exert increased state control over the Internet, i.e. you’re more vulnerable than you think and we’re waiting for your next move.  The following video consists of an interview with information security expert, Dmitry Skylyarov, in which he shares his inside perspective on what occurred and the big picture implications of what is perhaps the most misunderstood yet powerful of political weapons; the large scale, well conceived, organized, and executed cyberattack.  This is a must watch interview.  Click on the image above to watch this video.  We look forward to hearing your thoughts.

Ryan Rode
Interactive Services Manager
Ashworth University School of Information Technology

                     Thanks to .res for permission to use this Photo. 

The annual IT Salary and Skills Report conducted by Global Knowledge and Tech Republic was released this week for 2008.  Here are some of the points of interest from the study:

• The average salary in the IT industry was $73,963, up 3.25% from 2007.  80% of workers reported an increase of pay for 2008.   
• The average salary for those with a college degree was $76,446.  Those with a certificate or degree from a technical college had an average salary of $65,712.
• Those 25 and younger with 2 years of experience or less make $39,883 on average.  This same age group made $46,303 with 3 to 4 years of experience.
• The average IT worker is 43 years old and has been in IT for 14.3 years.
• 59% have a college degree
• 78.7% report that they are very or mostly satisfied with their career choice
• IT is the third highest paying industry field
• 42% plan on obtaining an IT Certification within the next year.
• 34.4% hold a Microsoft Certification of some type
• The highest paying IT Certification is the Project Management Professional (PMI) at $101,695.  The lowest paying IT Certification is Comptia A+ at $41,726.
• On average, those with a Cisco CCNA make $64,260.  Microsoft MCSEs make $71,980.
• Help Desk Support professionals make an average of $48,773.
• Admin Support personal make an average of 51,819
• Network Administrators make an average of $56,277
• Web/Internet Professionals make an average of $62,658

Brad Rudisail
Computer Network Technician/Network Security Instructor
Ashworth University

In reference to my introduction to VMware, one of the most exciting networking software applications to come to fruition in some time, I wanted to offer a little background what a SAN (storage area network) is.  First off, VMware’s parent company, EMC is the #1 manufacturer of SANs in the world.  A SAN is also required in order to make the most of VMware.  SANs have also been transforming the data storage market over the past several years.

There are three types of storage today:

1. Direct Attached Storage - a tape unit attached to a server
2. Network Attached Storage - a dedicated storage server that resides on the internal network
3. Storage Area Network – A collection of storage devices that reside on a separate private LAN

Direct Attached Storage is still used today in small organizations with only a few servers although some organizations may still use this outdated method in larger organizations.  It consists of have a separate tape storage device directly attached to each server.  The backup process is managed by some type of backup application which automatically backs up the server at a specified time each night.  However, it does require someone to change the tapes every day.  The personnel cost and management of this model doesn’t make it viable for a large network structure.  Also, the replacement costs of multiple tape drive units are cost inhibitive as well.

Network Attached Storage consists of a server placed on the network built of numerous very large hard drives.  In most instances, all backup processes of network servers are managed by a backup application such as Veritas from a designated server.  The application then directs all involved servers to backup their files to the NAS server.  This is a very simple and relatively inexpensive model to implement.  The problem with the NAS model is that the NAS resides on the Ethernet network.  This means that the backup traffic competes with the other traffic on the network for bandwidth.  Although organizations almost always run their backups at night, for many organizations with terabytes of data, backups must run during active network hours as well.  This will slow down the network and impact its efficiency.

What is a SAN? (more…)

 
                              Image courtesy of 80stees.

In a surprise announcement, Microsoft vowed to increase the openness of its key products!

Yes this is still February, April 1st is several weeks away yet!

So what did Microsoft say in this release? Well,

Specifically, Microsoft is implementing four new interoperability principles and corresponding actions across its high-volume business products: (1) ensuring open connections; (2) promoting data portability; (3) enhancing support for industry standards; and (4) fostering more open engagement with customers and the industry, including open source communities

Several times in the last few years I have advocated for Microsoft to Open Source Windows and Internet Explorer and while this announcement doesn’t go that far, it does seem to be a step in the right direction.

According to Microsoft’s CEO-in-waiting and current Chief Software Architect, Ray Ozzie

“Customers need all their vendors, including and especially Microsoft, to deliver software and services that are flexible enough such that any developer can use their open interfaces and data to effectively integrate applications or to compose entirely new solutions,” said Ozzie. “By increasing the openness of our products, we will provide developers additional opportunity to innovate and deliver value for customers.”

The Microsoft products this refers to are Windows Vista (including the .NET Framework), Windows Server 2008, SQL Server 2008, Office 2007, Exchange Server 2007, and Office SharePoint Server 2007, and future versions of all these products. (more…)

 
                           Image courtesy of Sandlot Science.

In addition to my Instructor position here at Ashworth University, I also teach a Programming Logic and Design class for the University of California Extension.  You may be surprised that I teach this class without using a computer or a specific language.  We use only pseudocode or flowcharts to develop programming solutions.  The reason I mention this is because each time I teach a section of this class, I tell the students that I will have one or two examples from the class each week where sloppy programming and design would cause problems.  I don’t even bother saving these examples of bad programming for future classes, because each week there will be new ones, some more serious then others.  Two of the most publicized examples of poor programming in the past several years were related to NASA and their Mars program.  Two Mars missions failed because of programming errors—very expensive errors, I might add! 

Another example of poor programming involved a major automobile maker and its top-of-the-line models, with possible failure of major components, some of which were safety related.  Guess what one of the major problem was?  That’s right, it was defective software.  It is one thing when the result of sloppy program design and/or coding in an application causes minor inconveniences; it is quite another when lives are at stake! 

As you continue your programming involvement, keep your eyes and ears open for instances of poor programming.  One of your goals ought to be to never contribute to the world of sloppy programming.  The fact that you are either currently enrolled or considering enrolling in Ashworth University’s computer programming program already demonstrates that you share my same standards.  Let me know if you need any assistance with your studies.  I’m here to help! 

Jim Potter
Computer Programming Instructor
Ashworth University

               Thanks to radiorover for permission to use this Photo.

The following interview with Robert Moore illustrates the apathy that is still amazingly apparent in the IT industry today despite the strong awareness of IT vulnerabilities and the importance of tightening security for all organizations and even home users.  It also shows how easy it is for even computer novices to break into network devices.   

A quick Google search for sites showing the default passwords for just about any computer or network device sold on the market in the past decade can be easily found.  Many of these sites are not developed for malicious purposes.  The fact is that network devices are constantly resold and recycled.  This requires that the device be reset to its default configuration to erase the settings made by the original owner.  In order for the new owner to configure the device, he or she must know the default password credentials in order to access the device.  Because the original device documentation is often missing, these default password sites are vital. 

These sites make it even more important to immediately change the password for any newly purchased network device.  Recently, I heard a high school student inform me that he regularly accesses his neighbor’s wireless router by using the default logon for the device.  By doing this, the student can use his neighbor’s DSL connection for free.

Brad Rudisail
Computer Network Technician-Network Security Instructor
Ashworth University

I just read Computer World’s glowing review of the latest Webkit deveopmental build.  If you’re not familiar with Webkit, it’s an open source web browing engine that’s been “buzzing” around the I.T. industry.  It’s somewhat confusing to understand at first, but Webkit is also serves as the developmental version of the engine used in Safari.  As the review indicates, Webkit runs at a considerably faster rate than Firefox 3, Internet Explorer, Opera, and Safari’s standard browser.  I highly recommend that you keep a close eye on Safari-Webkit’s every development.  I’ll keep you updated on our blog, so be sure to check in frequently.  Take care.

David T. Ronan
Computer Training Instructor
Ashworth University 

 
                Thanks to J. Parks for permission to use this Photo.

Microsoft recently unveiled their Forefront Security Application Suite that provides antivirus protection as well as Spam and spyware protection.  Forefront provides network protection at client, server and enterprise edge level.  Due to the pricing and licensing structure that Microsoft offers their enterprise customers for their products, Forefront is sure to make a big splash on the marketplace and offer strong competition to industry leaders such as Symantec and Norton.   As a network security specialist, it’s absolutely vital that you stay in tune with soon to be mass-market security applications such as Forefront, so be sure to check into this blog often as I continue providing weekly updates.  Let me know if you have any questions and feel free to share your thoughts in the comments section.  We’ll talk again soon…

Brad Rudisail
Computer Network Technician-Network Security Instructor
Ashworth University