Tech Topic Connection

    The advancement of computer systems brought the birth of Cyber Crime and a race between hackers and cybersecurity experts. This course taught us the fundamentals of computer technology and how the different components and industries developed around computers now require Cyber and Network security to protect their information.

    While computers originated in the early 1990s from telephone switches (Vahid, ch 1.1), the first hackers can be traced back to France in 1834, where two thieves hacked the French Telegraph System to steal financial market information. (Monroe College, para 6). The first computers were built in the 1940s, occupying entire rooms containing thousands of switches.

    From the 1962 MIT Student Allan Scherr, who managed to steal other students' passwords from a computer by triggering it to print via a punch card he designed, to the 1969 RABBITS Virus, which rapidly replicated itself, overwhelming the computer it was installed on and ultimately causing it to shut down (Monroe College para 8), hackers were quick to start identifying vulnerabilities in computer systems and exploiting them. As computer systems developed throughout history, so did Cyber Crime.

    With the birth of the internet and the quickly developing reliance on the web to exchange information, hackers began to exploit vulnerabilities in data transition, leading to the absolute necessity for Network Security.

    Vulnerabilities can exist in both software and the computer component hardware. While a hardware attack isn’t as easy as a software attack, it is still an opportunity for a hacker to gain access to a network if not protected. Protection can include Firewalls, Proxy servers, and monitoring network traffic from a device (Yasar, para 1). One way to protect computers is to introduce more computers into the environment. By creating a Multi-Server Environment, you introduce Separation of Duties SoD, and separate your environment across multiple servers to isolate any attacks to only the infected servers (PhoenixNAP, 20. Create Multi-Server Environments).

    Programming and knowing coding languages are essential skills for Network and Cyber security. It is important to learn how to code the languages to defend against attacks using them. Java is an excellent language to learn for network security as it can be used to securely and safely transmit data over networks by generating cryptographically secure keys (Sharma, 1. Java). Python is another invaluable coding language to learn for Network security, as it can be used to write scripts for network monitoring programs (Sharma, 2. Python). Using execution methods, these programs can be set to run automatically on a timed basis.

    Cyber Security software solutions is a booming industry today, with many providing robust network security options. Software applications play a prominent role in Network security, and many companies have begun offering application suites featuring different software applications, each providing invaluable Network Security.

    Software can be used to define who has access to what information on a network through Identity and Access Management (IAM). Remote Access VPN software can be used to securely connect remote computers to a company's network, which has become even more necessary with the growth of remote workers. With fewer companies using on-prim servers and moving to cloud solutions, Cloud Network Security software has also become extremely important for the company using the service and the company providing the service. (Checkpoint, Benefits of Network Security). While these are a few examples of ways to offer Network protection through applications, many more scenarios and areas still require security measures provided by security software. There are also software solutions for home PCs that offer out-of-the-box protection solutions for even those not technology-inclined.

    One of the most significant assets requiring protection for a company is their information and the Databases they reside on. With databases being a large target for hackers and bad actors to gain access to steal data or hold ransom, Network security becomes vital for protection. One example of an attack that Network security solutions can help withstand is a Denial-of-Service DoS/DDoS attack. By multiple sending large packet ping requests from a Botnet, hackers can overwhelm a server and crash it, denying access to the information on it to users. A vastly scaled, defensive network architecture can mitigate such attacks (Imperva, Denial of Service).

    Having a highly developed, meticulously managed, and protected network environment is Network Security. Scaling your architecture and utilizing security software tools enables your company to be defensive instead of reactive in the face of network security risks.

References

Checkpoint. (n.d.). What is Network Security? CheckPoint. https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/

Imperva. (n.d.). Database Security. Imperva. https://www.imperva.com/learn/data-security/database-security/

Monroe College. (n.d.). CYBERSECURITY HISTORY: HACKING & DATA BREACHES. Moneroe College. https://www.monroecollege.edu/news/cybersecurity-history-hacking-data-breaches#:~:text=Cybersecurity%20history%20is%20interesting%20indeed,would%20become%20%E2%80%9Cthe%20internet.%E2%80%9D

Sharma, A. (2023, August 08). 6 Best Cyber Security Programming Languages To Learn in 2023. Hackr.io. https://hackr.io/blog/best-cyber-security-programming-languages

PhoenixNAP. (2023, January 11). 21 Server Security Tips to Secure Your Serve. PhoenixNAP. https://phoenixnap.com/kb/server-security-tips

Vahid, F., Lysecky, S., Wheatland, N. (2019). TEC 101: Fundamentals of Information Technology & Literacy. Zyante Inc.

Yasar, K. (2022, June). Hardware Security. TechTarget. https://www.techtarget.com/searchitoperations/definition/hardware-security

Network Security

    With the rise in computer usage has come the rise in security breaches. Data breaches have exponentially risen, from 157 million in 2005 to 1579 million in 2017 (Vahid et al., ch 8.1). The rise in cybercrimes has seen the birth of cybercrimes like Malware, DoS attacks, Phishing, and Internet Scams.

    A Denial of Service (DoS) attack can be committed using the ping commands we learned last week. By sending numerous large request packets to the target, the target network must respond with the same number of packets. This disrupts normal traffic to the target network. When more devices are part of the attack, it becomes a distributed denial-of-service (DDoS) attack. (NetScout, para 1).

    Two Security Incident types stand out to me, as they have recently had some high-profile cases, Social Engineering and Security Holes / Vulnerabilities. Both incidents can have widespread effects, damaging systems, company’s public images, and depending on the victim, leading to loss of revenue or personal finances.

    While not a Cyber Attack, Social Engineering can be the catalyst to a wide-open door for a Cyber Attack. Using persuasion psychology tactics, the bad actor will attempt to gain access to a network by conning a target to lower their guard, trust them, and perform unsafe actions against their knowledge. (Cisco, para 1). The vulnerability in this case is human error. It can largely depend on the target's trusting nature and lack of knowledge and can be damaging if no mitigative measures are in place. Some mitigative steps can be multi-factor authentication and consistent training for the organization to notice when someone is attempting to socially engineer them (Cisco, para 2).

    This month, a significant breach happened at the MGM Resort in Vegas, supposedly due to a Social Engineering incident. A group called Scattered Spider is alleged to be responsible for the breach; in an interview with Financial Times, someone claiming to be a member claimed that they called MGM’s IT help desk and used information found on an employee's LinkedIn, were able to convince the support agent to obtain credentials (Morrison, para 7). They then used malware called Ransomware to hold the network hostage (Morrison, para 6). MGM shut down its systems and went into manual mode for several days to protect its data and handle the attack (Morrison, para 2). While the total damage and actual cause has yet to be seen, this may be a large cyber-attack stemming from Social Engineering.

    Another security breach can be due to Security holes or vulnerabilities, which bad actors can use to breach the security of systems. Banner Health recently reached a $1.25 million settlement due to a data breach of patient information (Innes, para 1). This breach was because of vulnerabilities in their system, as hackers gained access to their food and beverage payment system and then moved to other servers containing ePHI (Innes, para 10).

    Computer systems can be vulnerable to Security Holes because they can be penetration points for Bad Actors to gain access to systems and steal information, commit ransom attacks, and other ill-intentioned misdeeds. To prevent security holes in computers, it’s recommended to keep your operating system updated to the newest version (Vahid et al. ch, 8.1). It is also recommended to have a firewall to block unauthorized communication from a computer (Vahid et al. ch 8.3).

References

Cisco. (n.d.). What Is Social Engineering? https://www.cisco.com/c/en/us/products/security/
what-is-social-engineering.html

Innes, S. (2023). Banner Health paid $1.25 million to resolve federal data breach probe.
AZCentral. https://www.azcentral.com/story/money/business/health/2023/02/04/banner-health-paid-1-25-million-to-resolve-federal-data-breach-probe/69871530007/

NetScout. (n.d.). ICMP Flood DDoS Attacks. https://www.netscout.com/what-is-ddos/icmp-
flood#:~:text=An%20Internet%20Control%20Message%20Protocol,echo%2Drequests%20(pings).

Morrison, S. (2023). The chaotic and cinematic MGM casino hack, explained. Vox.
https://www.vox.com/technology/2023/9/15/23875113/mgm-hack-casino-vishing-cybersecurity-ransomware

Vahid, F., Lysecky, S., Wheatland, N. (2019). TEC 101: Fundamentals of Information Technology & Literacy. Zyante Inc.

Computers in the Workplace

    I am choosing the Healthcare industry as I currently work in IT for a large healthcare system. Computers play a large role in healthcare in many areas. PCs and Laptops are used all over the company, from the Corporate side to the hospitals, where doctors and nurses use them to enter patient information into online databases; the cafeterias and gift shops use them for transactions, and hospital administration uses them for daily operations. More and more medical equipment contains computers and requires computer skills. A great example is a PillCam, which is a tiny pill-sized computer that patients swallow. While it travels through the patient’s system, it takes pictures of the digestive tract and transmits them wirelessly to a recorder the patient wears on a belt. The doctor has to synch the recorder and camera and review the digital records, making computer skills crucial for this equipment.

    When I first moved into IT, I took a job in AV at the beginning of 2020, when lockdowns from the pandemic began happening. This was an interesting time, as computers rapidly became important for remote meetings while as many as possible were sent to work from home. In the hospitals, I worked with many of the AV computer pieces to help connect remote meetings in large meeting rooms. One example was a weekly Tumor Board, where doctors working in the hospital would come into the large classrooms and socially distance as a meeting was connected to a projection screen. Other doctors would connect remotely to the video call from home or other hospitals to discuss patient cases and share knowledge.

    With patient data being stored in clinical applications, it’s extremely important for hospital staff to be computer-literate when handling EPHI, especially as bad actors become more sophisticated in attempting to phish and trick staff to steal PHI.

    Medical equipment has begun to evolve rapidly and includes more sophisticated computers and specialized software. I believe this is going to impact our industry as it’s going to make it increasingly difficult for someone who is computer literate to go through their day without requiring computer skills for the various equipment. As cyber security becomes more important, it will also require a level of awareness when operating computers to stay safe.

Traveling Through a Network

Ping Activity

Google.com


Republic of Serbia - mfa.gov.rs


Zimbabwe - parlzim.gov.zw

Traceroute Activity

Google.com


Republic of Serbia - mfa.gov.rs


Zimbabwe - parlzim.gov.zw



    By sending small packets of information, a computer can communicate with other computers through a network—these small packets of information run through routers to their destination. A PING is a utility tool you can use to check for a response from a destination. By PINGing, you run a call and response as small packets are sent to specific IP addresses. The destination will acknowledge that it received the ping by sending an echo reply to the packet. You can record information about the ping, including the total round trip time of packets and the number of packets sent, received, and lost. This command is useful for a quick test to see if a destination IP is reachable and, if so, how long it takes to reach.

    I found the ping test interesting; when I used to game on MMOs if someone was lagging, we would do a simple “ping” test in chat to check the lag time. One user said “Ping” in chat, and the person lagging would respond with “ping” as soon as they saw it. This was used to see their call and response time. Learning the ping command gave me perspective on where this simple test came from!

    A traceroute is a more in-depth command that traces the path small packets take to reach the destination site and logs the routers the sent packets go through. It also logs the "hop" - the time between each router. This command can be useful to see where a transmission has failed if it cannot reach the destination.

    The fastest ping was from google.com, the second with almost 5x as long was the Republic of Serbia government site (.rs), and the slowest was the Zimbabwe government website (.zw) at almost 6.5x as long as the ping to Google. Traceroute-wise, the hops between routers to Google.com were all between 1-31ms, while the hops between routers to .rs and .zw spiked from 1-30ms around the 4th hop to between 160-200ms a hop with a few requests timing out at routers.

    Geographically, Zimbabwe is the farthest from my location and was the slowest to be reached; Serbia is about 2/3rd the distance as Zimbabwe and was faster, but was still slow to be reached as both destinations were hosted on servers overseas. Google was the quickest to be reached as it is on Servers in the US.

    Part of my current job is working with "Discovery", which is a tool that finds devices on our network for our CMDB. If Discovery is unable to find a device on the network, the ping command is a great way to check if a device is active on the network and what the call and response time would be from my PC or the Server Discovery is running on. A traceroute command could be of great use in this scenario to find where an issue may be occurring by running a traceroute from our Discovery server to the device and seeing where the failure to connect is occurring.

    A Ping command or Traceroute may return a timeout or fail if a router is configured not to return information or does not accept the packets sent to it or if the server that is hosting the Website is offline.

Documenting a Day

    Microsoft Word, Excel, and PowerPoint all provide similar, yet very different services. Microsoft Word is a word processor, allowing you to type out your words and format your text (Vahid et al. ch. 5.1). Although it has many graphical options to make cool designs, for things like flyers or brochures, it is limited in its capacity and can be a pain to use when trying to create more intricate designs and adding images. Word is perfect for writing and formatting your text and was a great starting point for this assignment as it allowed you to gather and write out your thoughts and initial list simplistically. For this assignment, I felt that Microsoft word was the best application to document my day as I was able to easily type out my thoughts and adjust numbers and words without worrying about messing up formatting or formulas. When creating my excel and PowerPoint, I had my word document up the entire time to use.
    

    Microsoft Excel, like word, allows you to type and add words into the spreadsheet but is not useful for presenting text. Instead, Excel is great for formulas and creating data tables that enable you to create graphical data views, like pie charts, that adjust when data is added to the tables and calculations (Vahid et al. ch. 5.2). If my goal for this assignment was to calculate the amount of hours I spent on activities a day and represent it in a graph to see where the most time is spent, excel would have been the best application.
    

    Finally, Microsoft PowerPoint guides you in creating a presentation based off your writing and data views and gives you an easy-to-use presentation mode with notes. While all three applications overlap in some ways, they each shine in their own and are great when used in tandem. If my goal in this assignment was to present to a group how I spend my day, this application would be the best option. With a presentation I could interactively show the group, and keep them engaged instead of showing a wall of text or cells with numbers.

References

Vahid, F., Lysecky, S., Wheatland, N. (2019). TEC 101: Fundamentals of Information Technology & Literacy. Zyante Inc.
 

Web/Mobile App Critique

    I reviewed the Wyze smart home application, which I use to connect and control my cameras, outdoor lighting, and a smart lock. I decided to purchase the Wyze cameras over the summer after someone drove their car through the wall surrounding my property, and without video, I could not find who did it. Because of this, my primary use of the app is for my outdoor cameras.

    When you open the application, you are brought to a list of your devices. You can open the devices, click some shortcuts for options (like turning lights on/off), and activate ‘shortcuts’ which execute a list of commands for your devices. You also have a hot bar at the bottom that you can use to navigate to events that have been recorded from your cameras, monitoring options (I do not pay for these), their online store and your account. One nice feature of the app is that you can set up rules for your devices and create a shortcut to execute a list of instructions. An example of one shortcut I have programmed is when I select “I’m away” my front door locks and notifications for all my cameras turn on. When I choose “I’m home” my front door unlocks, and all notifications turn off.

    The first feature I recommend is their recorded events. From the list view, you can filter down to the cameras you would like to view events from and events containing people, vehicles, animals, etc. I recommend adding an additional filter that allows you to adjust the time you are looking for. When you begin scrolling down your list to find a particular time or video, it takes a while to load, and if you click on one video to view and back out, you have to start at the beginning again. Based on my experience this past summer, I chose to have my camera record all events out front of my house, leading to many videos of cars passing by throughout the day. If I had another incident of someone driving their car into my wall, I would need to scroll to find specific time windows, click to see if the video is of the event, and re-scroll down to the time window again if it was not the video. Having the time filter would cut down on time spent searching through videos and the number of videos needing to be loaded in the list.

    The second feature I would recommend is to add an existing feature, detection zone, to their options when setting up rules. Currently, you can use a detection zone to set what area you would like your cameras to record if something enters. I would like it to record all events happening in the entire camera view, then have the option to set up a detection zone when managing my alerts so I am only sent notifications when people have entered a certain area.

    The third feature that would be nice would be to create “widgets” for some of the commonly used features, like the outdoor lighting. Currently, if I want to turn on a light, I have to open the app, which can take a while to load my devices as they need to connect and select the “On” button next to the light. It would be convenient if they could create a widget to add to your phone's home screen to allow you to one-click on/off devices to reduce the time spent opening and loading the app.

    Overall, the application has a nice layout and pretty robust rule creation, making it fun to play around with. The app is easy to navigate, but the lack of being able to filter events really cuts down the usability and is a big hindrance. Overall, it’s a decent app that has a few areas needing improvement.

Programming Languages

    I had a fun experience using Scratch to build a program, though I did get frustrated at points. tried creating a few programs before deciding on a scene where a baseball home run scene plays when the start button (green flag) is selected. I initially struggled with timing all the moving pieces as I wanted my animation to begin when a sprite was clicked. I couldn’t figure out how to time the other sprite movements, so I instead opted for everything to be based upon when the start button was clicked and added timers to every sprite for their movements and when they are shown/hidden. Another difficulty I overcame was the ball placement never being the same, which I remediated by adding a starting x/y position to the scenes the baseball was in.

     One insight I gained from the exercise was just how precise you had to be with everything. While I assumed the ball would start where I had dragged it into the scene, that was not the case—every detail needed to be added to the program to make the scene play out correctly.

    Scratch was fun to play around with, but most of my enjoyment came from creativity. Overall, for programming, I enjoyed the Python coding activity more. With programming, I find it easier to see what exactly I am scripting to complete, and I found more satisfaction in finding bugs than figuring out the necessary command block in Scratch. Some of that bias may have been because I was growing annoyed at having to scroll to find the commands and constantly switching screens instead of operating off one page.

    In our reading, we encountered three programming languages: Machine Language, Assembly language, and two high-level languages, Fortran and Python. The machine language was the base language of the computer using binary numbers and how the CPU sends instructions to other pieces of hardware in the computer. Machine language is rarely used by programmers and is mostly used at the machine level between components. (Techtarget, para. 4).

    Assembly language is a “human-understandable representation” (Vahid et al. ch. 2.9) programming language that uses an assembler to convert assembly to machine language. This language would be used when necessary to closely control a program, or write subroutines for functions (IBM)

    A step further, Fortran is a high-level programming language that uses a compiler to convert standard formulas into machine language. This would be best used in programs involving converting numbers or adhering to a specific formula, like Fahrenheit to Celsius. (Vahid et al. ch. 2.10)

    Finally, Python is overall the easiest high-level-language to grasp and pick up, making programming easily accessible to learn. It is a great tool that is useful for data processing operations and general programming. (Vahid et al. ch. 2.11)

    Overall, I found Python the easiest to understand as I quickly began confusing the binary numbers in Machine language and the input numbers in Assembly language with the actual number characters on a keyboard. I believe Python is the most popular for the same reason: it is the easiest to understand and a great steppingstone into the world of programming.

References

Vahid, F., Lysecky, S., Wheatland, N. (2019). TEC 101: Fundamentals of Information Technology & Literacy. Zyante Inc.

IBM Corporation. (n.d.). Assembler language. https://www.ibm.com/docs/en/zos/2.1.0?topic=introduction-assembler-language

TechTarget. (2018, February). Machine code (machine language). WhatIs.com. https://www.techtarget.com/whatis/definition/machine-code-machine-language#:~:text=Machine%20code%2C%20also%20known%20as,sequence%20of%20zeros%20and%20ones.