Network Security Protocols and Technologies

SMTP
DHCP
DNS
MD5

Choose four (4) protocols and discuss its details and importance in network security. Research how they aid network security.

SMTP

• Simple Mail Transfer Protocol
• Used to send and receive email
• Due to its ability to queue the messages at the receiving end, this protocols usually used with one of two other protocols: Post Office Protocol (POP3), and Internet Message Access Protocol (IMAP). These will let the user to save messages in a server mailbox and download them periodically
• Typically, users use a program that uses SMTP to send email, and POP3 or IMAP use to receive email.

How it works?

Importance:

It verifies the configuration of the computer from the email that is being sent and grants the permission for the process. It sends out the message and follow the successful delivery of the email. 

DHCP 

• Dynamic Host Configuration Protocol
• It is a network management protocol that is used to assign an IP address to any of the new node entering the network
• It permits the node to be configured automatically, and it avoid the necessity of involvement by a network administrator
• DHCP is also known as RFC 2131
• It does:

1. Manages the provision of the added nodes or even dropped by the network
2. Maintains the IP address of the host by using the DHCP server

How it works?

Importance:

The DHCP reduces the amount of work that is required for the large network administration by eliminating the need to individually configure, and manage the IP address for every machine. And the administration is done in a single point

DNS

• Domain Name System
• It connects the URLs with their IP address
• With DNS, it is possible to type the words rather than a string of numbers into a browser
• When a user search for a domain names in the browser, it will sends a query to the internet to match the domain with the corresponding IP. 
• Once it is already matches, it uses the IP to retrieve the content of the website

How it works?

Importance:
Can increase the internet security, especially for organizations where hacking can always occur because they are handling with sensitive data for the clients. The organizations need proper security controls to protect the data, they can use DNS servers. 

MD5

• Known as cryptographic has algorithm 
• Produces hash value in a hexadecimal format
• Competes with other designs where hash functions take certain data and change it to provide a value that will be used in the place of the original value

How it works?

Importance:

References:

WhatIs.com. (2019). What is SMTP (Simple Mail Transfer Protocol)? - Definition from WhatIs.com. [online] Available at: https://whatis.techtarget.com/definition/SMTP-Simple-Mail-Transfer-Protocol [Accessed 23 Oct. 2019].

Techopedia.com. (2019). What is DHCP? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/11337/dynamic-host-configuration-protocol-dhcp [Accessed 23 Oct. 2019].

Namecheap.com. (2019). What is DNS? | DNS Definition | Namecheap . [online] Available at: https://www.namecheap.com/dns/what-is-dns-domain-name-system-definition/ [Accessed 23 Oct. 2019].

Webdevelopersnotes.com. (2019). What is SMTP - definition, function, importance and usage. [online] Available at: https://www.webdevelopersnotes.com/what-is-smtp [Accessed 23 Oct. 2019].

Techopedia.com. (2019). What is MD5? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/4022/md5 [Accessed 28 Oct. 2019].

TinyDNS.org. (2019). DNS Server: What Are They? Why Are They Used? Why Are They Important? - TinyDNS.org. [online] Available at: https://tinydns.org/dns-server/ [Accessed 28 Oct. 2019].

Slideshare.net. (2019). E-DHCP. [online] Available at: https://www.slideshare.net/ahmadtaweel2/edhcp [Accessed 29 Oct. 2019].

Business Intelligence

Create a table of comparisons for operational data, data warehouse, and data mart

Describe the purpose of 3 tools and explain how it works. Include the advantages and disadvantages.

Spreadsheets

• It is a file that has rows and columns
• Helps to sort the data, easy to arrange data, calculate the numerical data
• It has the ability to calculate values using mathematical formulas and the data in cells
• Mostly used in banks to calculate the bank balance

Advantages:

1. Easy to create instant calculations
2. Easy to change the data
3. It keeps the data organized efficiently
4. Can create multiple spreadsheets in one file

Disadvantages:

1. Take time to learn the formulas
2. Calculation error may be not recognized by the software or app
3. Take time to enter the data into each cell
4. Some of the files may be incompatible

Data Mining

• Process of analyzing the hidden patterns of data that are according to the different perspectives to categorize the data into a useful information
• The data is collected and assembled in common areas (data warehouse) for the efficient analysis, data mining algorithms, facilitating the business decision making and other information requirements to cut costs and increase revenue

Advantages:

1. Contribute in the strategic decision making by discovering the information
2. Discover information that was not expected to be obtained
3. Huge database can be analyzed 
4. Can offer the customers of the products or services that they need

Disadvantages:

1. Difficulty of collecting the data 
2. Depending on the amount of the database that it can take some time to process the information
3. Lack of appropriate security system that can be a risk in the privacy of the user's information
4. Not a perfect process if the information is inaccurate, can affect the outcome of the decision making process

Operational Dashboard

• Focusing on the performance of monitoring and measure the important metrics for any user
• Contain a set of well defined business metrics (KPIs and KRIs)
• The information is updated in real time
• Allowing the employee to monitor closely the efficiency and effectiveness of the operations

Advantages:

1. Manage the delivery of roll-up reporting to assist the measurement of corporate KPIs
2. Consistent, corporate

Disadvantages:

1. Costly to assure the executive, management, and operational needs are met
2. The impact leans heavily on maintaining the consistency 

Research the role of business processes within an organization and their function at different levels.

References:

Your Article Library. (2013). Decisions Making: Strategic, Tactical and Operational Decisions | Business Management. [online] Available at: http://www.yourarticlelibrary.com/information-technology/decisions-making-strategic-tactical-and-operational-decisions-business-management/10271 [Accessed 26 Oct. 2019].

JReport Blog. (2014). 5 Types of Business Intelligence Technologies Explained - JReport Blog. [online] Available at: https://www.jinfonet.com/blog/5-types-of-business-intelligence-technologies-explained/ [Accessed 26 Oct. 2019].

Techopedia.com. (2019). What is a Data Mart? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/134/data-mart [Accessed 26 Oct. 2019].

Definitions, S. and Hope, C. (2019). What is a Spreadsheet?. [online] Computerhope.com. Available at: https://www.computerhope.com/jargon/s/spreadsheet.htm [Accessed 26 Oct. 2019].

Gaille, B. (2016). 11 Pros and Cons of Spreadsheets. [online] BrandonGaille.com. Available at: https://brandongaille.com/11-pros-and-cons-of-spreadsheets/ [Accessed 26 Oct. 2019].

Techopedia.com. (2019). What is Data Mining? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/1181/data-mining [Accessed 26 Oct. 2019].

LORECENTRAL. (2018). Advantages and disadvantages of data mining ~ LORECENTRAL. [online] Available at: https://www.lorecentral.org/2018/12/advantages-and-disadvantages-of-data-mining.html [Accessed 26 Oct. 2019].

Dundas.com. (2014). Types of Dashboards: The Operational Dashboard. [online] Available at: https://www.dundas.com/resources/dundas-data-visualization-blog/types-of-dashboards-the-operational-dashboard [Accessed 26 Oct. 2019].

MashMetrics. (2019). Pros and Cons of Dashboards, Custom Reports and Performance Monitoring | MashMetrics. [online] Available at: https://mashmetrics.com/marketing-reports-dashboards-performance-alerts-pros-cons-of-each/ [Accessed 26 Oct. 2019].

Business Intelligence

Analyse and compare the systems and technologies associated with business intelligence.
For example:
Data warehouses

• It is a system, can be used for data to analysis or with a reporting software. 
• We can use data warehouse to integrate data from one or more disparate sources, creating a central repository of data
• Maintains a copy of the information from the source transaction systems, we only need a single query engine in order to view the data that we need
• It is useful to keep historical data, to improve the quality of the data (to be more consistent, less bad data), to combine all of the data from different sources into single data model
• Main goal is to combine the data form different sources and types of the data source
• Main benefit all of the associated data that can be used in disparate applications or in a singular application

Executive information systems

• It is a decision support system that is used to assist the senior executives for decision making process
• This is done by providing easier access to the important data that are needed in order to achieve the goals in an organization
• Usually features the graphical displays on the easy-to-use interface
• Can be used in many different types of organization to monitor the enterprise performance and to identify the opportunities and the problems 

Online analytical processing (OLAP)

• It is a category of software allowing the users to analyze the information from multiple database systems at the same time
• A technology that enables the analysts to extract and view the business data from different point of view
• With OLAP, the data can be pre-calculated and pre-aggregated and this make the analysis faster
• OLAP database are divided into one or more cubes, and the cubes are then designed in a way that creating and viewing reports become easy

References:

JReport Blog. (2014). 5 Types of Business Intelligence Technologies Explained - JReport Blog. [online] Available at: https://www.jinfonet.com/blog/5-types-of-business-intelligence-technologies-explained/ [Accessed 21 Oct. 2019].

Techopedia.com. (2019). What is an Executive Information System (EIS)? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/1016/executive-information-system-eis [Accessed 24 Oct. 2019].

Guru99.com. (2019). What is OLAP (Online Analytical Processing): Cube, Operations & Types. [online] Available at: https://www.guru99.com/online-analytical-processing.html [Accessed 24 Oct. 2019].

Network Security - Devices

Discuss the different types of network security devices
Explain how they are used to provide network security
Explain their advantages
Provide diagrams on how each device is used with justifications

Secure modem

• To transmit the signals that are digital over analog telephone lines
• The digital signals are converted into analog signals with different frequencies and then transmitted to the modem at the receiving locations. The receiving modem will reverse the transformation and will provide the digital output to the connected device to the mode, (computer)
• There are many telephone companies offer DSL services and many computers cable use modems as their end terminals for the use of identification and recognition of home and personal users

Advantage for wireless modem:

1. The internet connection is always on 
2. The modem provide fast internet connection
3. Offer a secure network with the flexibility and convenience of a wireless internet connection

Intrusion Prevention System (IPS)

• It is a form of the network security to prevent any identified threats. This IPS is monitoring the network continuously, this is to look for any possible malicious incidents in the network
• It is a network security prevention technology that will examine the traffic flows in the network and any vulnerability exploits, which usually comes in the form of malicious inputs to a service where the attackers use to interrupt and gain access to the application.
• IPS does scanning the network traffic as it will go across the network, this is to prevent from malicious events from happening. 
• This IPS will be sitting between your firewall and the other of your network to stop the malicious traffic from entering the network. Same concept for security guard. When any of the unknown event is detected, the packet will then be rejected.

Advantages/Benefits:

• Less security incidents

While the connected devices does not notice any changes, this IPS is making sure the disruption is less for the systems and reducing the numbers of security incidents

• Selective Logging

It only records the network activity if there is any action, maintaining the privacy of the network users

• Privacy Protection

An IPS is also protecting the privacy of the information that are available in the network

Wireless Intrusion Prevention and Detection System (WIDPS)

• Used to protect any wireless network or in any other cases a wired network, from any unauthorized users (WIPS)
• System sensors used in order to monitor the network in case if there is any intrusion of any unauthorized devices (WIDS)

References

Blog.netwrix.com. (2019). Network Devices Explained. [online] Available at: https://blog.netwrix.com/2019/01/08/network-devices-explained/ [Accessed 18 Oct. 2019].

Forcepoint. (2019). What is an Intrusion Prevention System (IPS)?. [online] Available at: https://www.forcepoint.com/cyber-edu/intrusion-prevention-system-ips [Accessed 16 Oct. 2019].

Paloaltonetworks.com. (2019). What is an Intrusion Prevention System? - Palo Alto Networks. [online] Available at: https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips [Accessed 16 Oct. 2019].

Wilkins, S. (2019). Basic Intrusion Prevention System (IPS) Concepts and Configuration > Basic Intrusion Prevention System (IPS) Concepts and Configuration. [online] Ciscopress.com. Available at: http://www.ciscopress.com/articles/article.asp?p=1722559 [Accessed 16 Oct. 2019].

Lewis, T. (2019). IDS and IPS 101: How Each System Works and Why You Need Them. [online] LBMC Family of Companies. Available at: https://www.lbmc.com/blog/ids-and-ips-101/ [Accessed 16 Oct. 2019].

Its.umich.edu. (2019). Intrusion Prevention System Benefits / U-M Information and Technology Services. [online] Available at: https://its.umich.edu/enterprise/wifi-networks/network-security/ips/benefits [Accessed 18 Oct. 2019].

Reuters.com. (2019). Wireless Intrusion Detection and Prevention Systems (WIPDS) Market – Global Industry Analysis, Size, Share, Growth, Trends and Forecast 2018 – 2025 - Reuters. [online] Available at: https://www.reuters.com/brandfeatures/venture-capital/article?id=50395 [Accessed 22 Oct. 2019].

Business Intelligence - Data Types & Mechanism

Produce a table of examples for unstructured and semi-structured data

Semi-structured data

• Is the information that is not reside in a rational database but have some organizational properties which is easier to analyze
• By performing some process, we can store the data in the relation database, but this semi-structured exist to make the space more easier

Unstructured data

• The data is not organized in a pre-defined manner or it does not have any pre-defined data model
• This is not good for any mainstream relational database
• There are alternative platforms to store and manage the data 
• Used by organizations in variety of business intelligence and analytical applications (Word, PDF)

Explain each type of decision in business and give example (strategic, tactical, operational)

Strategic Decisions

• It is the most major choices of actions or part in a business enterprise
• They contribute directly to the achievement goals of the enterprise
• They have long term implications on the business enterprise
• Might involve major departures from the procedures 
• Is unstructured and the manager must apply his business judgement, evaluation, and intuition into defining the problem
• The decision will be taken to the higher level of management 

Tactical Decisions

• Relate to the implementation of strategic decisions
• Directed to developing divisional plans, structuring workflows, establishing distribution channels, acquisition of resources (men, materials, money)
• This decision will be taken at the middle level of management

Operational Decisions

• Relate to the day-to-day operations of the enterprise
• Have short term horizon because they are taken repetitively
• The decisions are based on the facts regarding to the events and does not need much of the business judgement
• Taken at lower levels of management
• The information is needed to help the manager to take rational, well informed decisions, information systems that need to focus on the process of the managerial decision making

Discuss the functionality of business intelligence

Give the advantages and disadvantages of using an application software as a mechanism for business processing

• Meet the needs of the user because they are designed for only use one specific software to accomplished the task
• Cannot restrict any access as this can protect their network due to the viruses threat that can be custom made the application is very small
• The application software that has licensed has a regular updates from the developer in order to have security purposes. The developer will frequently send personnel to correct if the application software has problems that may arise

References:

Your Article Library. (2013). Decisions Making: Strategic, Tactical and Operational Decisions | Business Management. [online] Available at: http://www.yourarticlelibrary.com/information-technology/decisions-making-strategic-tactical-and-operational-decisions-business-management/10271 [Accessed 17 Oct. 2019].

Techspirited. (2019). Advantages And Disadvantages of Application Software You Didn't Know. [online] Available at: https://techspirited.com/advantages-disadvantages-of-application-software [Accessed 17 Oct. 2019].

GeeksforGeeks. (2018). Difference between Structured, Semi-structured and Unstructured data - GeeksforGeeks. [online] Available at: https://www.geeksforgeeks.org/difference-between-structured-semi-structured-and-unstructured-data/ [Accessed 21 Oct. 2019].

Network Security - Type of hacker

Academic Hacker

It is an action of hacking the academic or any institution. This is mostly done by either by the student or anyone in order to get what they want (to change their grades, or to know what is on the exam paper).

Below is the article of academy hacker:

A few short decades ago, the archetypal hacker was a bored teenager breaking into his school's network to change grades, à la Ferris Bueller. So today, when cybersecurity has become the domain of state-sponsored spy agencies and multibillion-dollar companies, it may be refreshing to know that the high school hacker lives on—as do the glaring vulnerabilities in school software.

At the Defcon hacker conference in Las Vegas today, 18-year-old Bill Demirkapi presented his findings from three years of after-school hacking that began when he was a high school freshman. Demirkapi poked around the web interfaces of two common pieces of software, sold by tech firms Blackboard and Follett and used by his own school. In both cases, he found serious bugs that would allow a hacker to gain deep access to student data. In Blackboard's case in particular, Demirkapi found 5 million vulnerable records for students and teachers, including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords, and photos.

Demirkapi points out that if he, then a bored 16-year-old motivated only by his own curiosity, could so easily access these corporate databases, his story doesn't reflect well on the broader security of the companies holding millions of students' personal information."The access I had was pretty much anything the school had," Demirkapi says. "The state of cybersecurity in education software is really bad, and not enough people are paying attention to it."

References:

Nast, C. (2019). Teen Hacker Finds Bugs in School Software That Exposed Millions of Records. [online] Wired. Available at: https://www.wired.com/story/teen-hacker-school-software-blackboard-follett/ [Accessed 13 Oct. 2019].

Business Intelligence - Data Input / Data Output

Produce and I/O for the following scenario:
- Enrolling HND in Micronet
Data Input

• Full name
• Address
• Postcode
• Date of birth
• Phone number
• Email address
• Nationality
• Religion
• I.C Number
• Signature 
• Parents information

Data Capture

• Gender
• Course
• Campus 
• I.C Color
• Status 

Data Process Activity

• Storing
• Communication

- Creating an Email
Data Input

• First name
• Last name
• Password
• Confirm password
• Another alternative email
• Username that will appear

Data Capture

• Date of birth
• Gender

Data Process Activity

• Collect
• Storing

- Registering on Facebook
Data Input

• First name
• Last name
• Name that will appear 
• Password
• Email
• Phone number 

Data Capture

• Gender
• Date of birth

Data Process Activity

• Storing
• Collect

Business Intelligence - Flowchart

Write the process of registering to MIC for HND

Write the process of buying and owning a car in Brunei

Write the process of opening a bank account

Network Security - Breaches

Two (2) network security breaches

Phishing
Definition

• It is a fraud action that make use of the electronic communications to get what they want from the current user that they target
• This is to attempt taking the sensitive, confidential information (passwords, credit cart information)

How it work? And what happen

• The person who wants to get the information might act like a legitimate individual or institution from a phone call or email 
• Example by email. They send a link to the person and if the person click on the link it will automatically directing the person who send the email to get any information that they want from the user. 

How to prevent?

• Organizations can train the employee on how to recognize any suspicious email, links or attachments.
• The person who are doing this breach are always refining their techniques, in order to deal with this, continued education is imperative
• Some tell-tale signs of a phishing email include:

1. Poor spelling and grammar
2. Threats of account shutdown
3. Unexpected attachments that usually ends with ".exe" files

• Additional technical security measures:

1. Two factor authentication (two methods of identifying confirmation i.e password)
2. Have other password logins (using personal images, security skins)

Password Attacks/Cracking
Definition

• Refers to the several measures to discover the computer passwords
• Usually accomplished by the recovering passwords from the data that are stored in or transported from the computer system

How it works?

• This is done by guessing the password repeatedly usually through a algorithm of the computer where the computer tries numerous combinations until the password are correctly discovered

How to prevent?

• The user must make sure that they password are strong, which must have at least eight (8) characters long
• The password must contain a combination of mixed-case random letters, digits or symbols
• Strong password must not be an actual words 

References:

Forcepoint. (2018). What is Phishing?. [online] Available at: https://www.forcepoint.com/cyber-edu/phishing-attack [Accessed 8 Oct. 2019].

Techopedia.com. (2019). What is Password Cracking? - Definition from Techopedia. [online] Available at: https://www.techopedia.com/definition/4044/password-cracking [Accessed 8 Oct. 2019].

Network Security

Network Security

• It is a term that covers the multitude of technologies, devices, and processes.
• In a simple term, a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of the computer networks and data using both software and hardware technologies. 

Advantages

• Protection from malicious attacks on the network
• Prevents users from unauthorized access to the network
• Protect the confidential information

Disadvantages

• Strict regulations
• Difficult to work with the non-technical users
• Easy to be attacked

Importance
This network security is important especially for home networks but also in business world. Most homes that has high speed internet connections will have wireless routers, not one but more, which this can be exploited or hack if it is not properly secured. By this, a solid network security system can help to reduce the data loss, theft, or even sabotage.

Basically network security is to protect the data from being lost and to protect the network from being hack.


Example of network security breach 

Date: May 2014
Impact: 145 million users compromised
Details: The online auction giant reported a cyberattack in May 2014 that it said exposed names, addresses, dates of birth and encrypted passwords of all of its 145 million users. The company said hackers got into the company network using the credentials of three corporate employees, and had complete inside access for 229 days, during which time they were able to make their way to the user database.

It asked its customers to change their passwords, but said financial information, such as credit card numbers, was stored separately and was not compromised. The company was criticized at the time for a lack of communication informing its users and poor implementation of the password-renewal process.

CEO John Donahue said the breach resulted in a decline in user activity, but had little impact on the bottom line – its Q2 revenue was up 13 percent and earnings up 6 percent, in line with analyst expectations.

How did this happen?

According to eBay, attackers compromised employee log-in credentials. This gave the attackers access to the corporate network and the systems on it.

As is the case with most attacks that result in credential theft, the attackers likely used a socially-based attack of some kind. The best bet is Phishing. However, eBay isn't discussing how the credentials were compromised, so it could be Phishing, or it could be malware. The public may never know.

References:

Forcepoint. (2018). What is Network Security?. [online] Available at: https://www.forcepoint.com/cyber-edu/network-security [Accessed 8 Oct. 2019].

profile, V. (2009). Internet Security : Advantages and Disadvantages. [online] Crush64.blogspot.com. Available at: http://crush64.blogspot.com/2009/10/internet-security-laws-advantages-and.html [Accessed 8 Oct. 2019].

Herzing University. (2017). What is Network Security and Why is it Important?. [online] Available at: https://www.herzing.edu/blog/what-network-security-and-why-it-important [Accessed 8 Oct. 2019].

Armerding, T. (2019). The 18 biggest data breaches of the 21st century. [online] CSO Online. Available at: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html [Accessed 15 Oct. 2019].

Ragan, S. (2019). Raising awareness quickly: The eBay data breach. [online] CSO Online. Available at: https://www.csoonline.com/article/2157782/security-awareness-raising-awareness-quickly-the-ebay-database-compromise.html [Accessed 15 Oct. 2019].

Business Intelligence

LO1 Exercise:

Explain Business Intelligence and its purpose

Business Intelligence refers to the tools, technologies, applications, and practices, that is used to collect and analyze and present the organization's raw data to create actionable business information.

Purpose:

• To help corporate executives, business managers, and other operational workers to make a better and more informed business decisions. 
• Companies use business intelligence to identify new business opportunities, and spot inefficient business process

Discuss "Business Process" with example

1. Finance - billing process, risk management process
2. Health - medical assessment, drug approval
3. Banking - credit check
4. Public Sector - application for a government service
5. Travel - trip booking, agent billing

Identify and describe the business process model

• Business process model is a graphical representation of a company's business process or workflows (identifying the potential improvements)
• Usually done through different graphing methods (flowcharts, data flow diagram)

References:

Financesonline.com. (2017). What Is the Purpose of Business Intelligence in a Business? - Financesonline.com. [online] Available at: https://financesonline.com/purpose-business-intelligence-business/#bi [Accessed 7 Oct. 2019].

PNMsoft. (2019). Business Processes - Explanation and Examples. [online] Available at: http://www.pnmsoft.com/resources/bpm-tutorial/business-process/ [Accessed 7 Oct. 2019].

Kothari, A. (2017). Business Process Modeling: Definition, Benefits and Techniques. [online] Tallyfy. Available at: https://tallyfy.com/business-process-modeling/ [Accessed 7 Oct. 2019].