Johnson & family

I am an aspiring IT Security Consultant who loves to engage in daily 5-mile walks, and the proud father of two beautiful daughters: Kim is a senior at Rhodes College in Memphis, TN, and Chelisa is a freshman at Georgia State University. Summing up the family is Chelisa’s ShihPoo (Shih Tzu-Poodle mix) named Rylee.

Family

Name: Johnson Irungu
Program of Study: Networking Specialist Associate of Applied Science Degree
Future Job: Network Security Consultant
Cell Phone: Apple iPhone

Desire is the starting point of all achievement, not a hope, not a wish, but a keen pulsating desire which transcends everything.
Napoleon Hill

Customize your Router

It is of utmost importance to set up and customize your router properly in order to keep it and the network behind it secure. To this end, you first want to ensure that your router cannot be accessed from the Internet as well as to restrict what IP addresses can manage it. The use of a firewall is encouraged to safeguard the management network. You will also need to keep the firmware updated and make sure services such as Telnet, UPnP, SSH, and HNAP are not reachable from the Internet.

I have a TP-LINK 300M Wireless N Router on my home network and here are the steps I used to enable the firewall and allow management access from select computers:

  1. Open web browser and go to http://192.168.0.1
  2. Type the default username and password on the login page.
  3. On the left side menu, click on Security and select Enable under Firewall on the main window.
    .
    TPLink1
    .
  4. Click on Local Management on the left.
  5. Under Management rules on the right, select “Only tthe PCs listed can browse the built-in web pages to perform Administrator tasks”
  6. Insert the MAC addresses of the systems that can manage the router.
    .
    TPLink2

The second thing you should do is to create unique login credentials.

  1. On the left side menu, click on System Tools.
  2. Under System Tools, click on Password
  3. You will be prompted to enter the following:
    1. Old user name
    2. Old password
    3. New user name
    4. New password
    5. Confirm new password

TPLink3

 

References:

http://www.tp-link.com/us/faq-73.html
http://www.tp-link.com.my/faq-359.html
https://www.youtube.com/watch?v=zr3nZclaaLI

 

Ethics in Technology

ACM & ICCP

ACM (Association of Computing Machinery) has its own Code of Ethics and Professional Conduct. This code of ethics is in many ways comparable to the ICCP (Institute for Certification of Computer Professionals) Code of Ethics. In both cases, the intention of the code of ethics is to promote integrity, loyalty, and honesty. In the information technology world, there is not a single body that is responsible for the overall rules governing the profession; there are many specialized professional organizations that formulate rules of conduct for their individual groups. The ACM and the ICCP are examples of groups that have formulated their own Code of Conduct.

The four elements pertaining to the ICCP Code of Conduct that are key to the identity of a professional are:

  1. A high standard of skill and knowledge.
  2. A confidential relationship with the people served.
  3. Public reliance upon the standards of conduct and established practice.
  4. The observance of an ethical code.

The ACM on the other hand has a similar set of guidelines that can be summarized as follows:

  1. Contribute to society and human well-being.
  2. Avoid harm to others.
  3. Be honest and trustworthy.
  4. Give proper credit for intellectual property.
  5. Respect the privacy of others.
  6. Honor confidentiality.

The case of Apple Vs. the FBI

Apple vs. FBI

The practical implementation of a code of ethics was in full display in the case of the Apple vs. FBI. The core argument in this case was whether or not the FBI can compel Apple (and therefore other manufacturers at large) to unlock for the government, information that was cryptographically secured on a device, in this instance an iPhone. Apple refused to participate in the “breaking into” of the device and the FBI eventually used an Israeli firm to access the contents of the device. This case was never fully concluded because the government withdrew before the courts could hear the legal arguments. There has been a similar instance in which a magistrate ruled that the government could not compel Apple to unlock an iPhone. I believe one of the key implications here is that the code of conduct followed by Apple implies that high emphasis is put on the confidentiality of the relationship between the Apple and the people its customers.

 

References:

https://www.iccp.org/uploads/8/1/2/9/81293176/iccp_code_of_ethics.pdf https://ethics.acm.org/code-of-ethics http://ethicsunwrapped.utexas.edu/case-study/fbi-apple-security-vs-privacy http://www.npr.org/sections/thetwo-way/2016/03/10/469994735/apple-vs-the-government-in-their-own-words

 

 

 

 

 

The Internet of Things (IoT)

IoT

The IoT may be off to a slower than expected start in terms of the adoption rate, but it is predicted to have enormous growth in the years ahead. According to estimates, the IoTs economic impact could range anywhere from 3.9 to 11.1 trillion dollars in 2025. Other estimates predict that the IoT will add up to 14.2 trillion dollars to the global economy by 2030.

In the IoT, things create the data. These things may include your smart phone, the Amazon Echo, the Fitbit, and your coffee pot amongst many others. These “things” record, use, and share information via databases, and can connect to the Internet, all without human interaction. This sharing of information can be very useful in tracking usage and can help reduce waste, loss and cost. A car with a faulty part can report the issue, a thermostat can be remotely operated to adjust the temperature, a security camera can be viewed and operated over the IoT. It is predicted that by 2020, about 50,000 devices with be connected to the IoT.

Whereas the IoT has brought us to the age of smart home technology and wearable technology, the security implications that go along with it are enormous. Recently, hackers compromised a fish tank that was connected to the IoT in order to monitor its temperature and cleanliness. Having gained access to the fish tank’s sensors, they then took control of the computer that controlled them. From there, they were able to infiltrate the casinos’ network and steal 10 gigabytes of data.

Another area of concern is the fact that some devices are programmed by the manufacturer to collect private data which is then shared with advertisers over back-channels which the consumer may not be aware of. A good example of this would be the Roomba, which in an attempt to more efficiently navigate while cleaning, creates a map of its users’ home. This map may then be shared with commercial partners by the manufacturer, thereby disclosing private information to a third party.

Finally, the question of ownership needs to be addressed. Who owns the information that is collected by these devices? More importantly, who own the software that is installed in these devices? Do the manufacturers have the right to control the software that in installed on a device that you “own”? Case and point: John Deere told farmers that they do not own their tractors, but just license the software. The implication here is that the farmers cannot fix their own equipment or through a third party, and would have to engage John Deere for any type of service or repair to their tractors.

Having stated the above, I have to acknowledge that the IoT is here to stay and will only grow bigger. The consumer needs to get informed on how the IoT is collecting and sharing private data in order to make an educated decision as to how much of our private space to share.

References:

  1. https://www.forbes.com/sites/bernardmarr/2017/04/10/what-is-the-internet-of-things-a-complete-beginners-guide-in-2017/#7d51f0065982
  2. https://www.pcmag.com/news/355164/roomba-is-mapping-your-house-to-make-iot-gadgets-smarter
  3. https://www.nytimes.com/2017/07/25/technology/roomba-irobot-data-privacy.html
  4. https://investorplace.com/2017/09/internet-of-things-sending-us-back-middle-ages-ggsyn/#.Wfz0zltSyUk

IS vs. IT

Information technology closely matches and is more aligned to my career goals than information systems. As a prospective IT Security Consultant and/or IT Security Analyst, I will be tasked with designing and building the best security solutions for my organization. My work will involve detailed analysis of threats and vulnerabilities, be they physical or logical. Along with the detailed analysis, I will need to provide reports on any security findings and audits, while taking mitigating actions to combat any security breaches. My hope is to specialize in network security as there are multiple many different sectors of IT security.

The Network Specialist Associate of Applied Science Degree at CTC will prepare me for my future career by providing a strong technical foundation in IT. With a mixture of Cisco, Linux, and some security-specific courses, I will be able to grow my networking skills, Linux scripting, and fundamental information security skills. At the same time, using the Cisco and Linux courses at CTC, I will be able to pursue certifications that will make me more valuable overall in the marketplace. My hope thereafter is to join Kennesaw State University upon graduation from CTC and pursue the Bachelor of Science in Cybersecurity Degree.

Looking back at my first post, I realize that my career goals have not changed. At the same time, I also appreciate that with every new piece of information, my goals and the vision of my future career gain more clarity. I am now in a better position to understand the difference between IS and IT and make the necessary course choices that will support my end goal.

Hardware and Software

Before disk storage came into existence, punch cards formed the basis for digital information processing and storage. In 1956, IBM introduced the 350 Disk Storage System which was a major component of the IBM 305 RAMAC system. With a maximum capacity of 5MB, the price point per MB of data storage was about $10,000.00 (roughly $90,000.00 in today’s dollars.) As displayed in the picture below, it consisted of numerous magnetic platters. A single arm guided the dual read/write head up and down the stack of platters.

IBM_350_RAMAC

By the early-1960’s, the hard drive system had shrunk down to the size of a washing machine with a removable drive bearing six 14-inch platters with a maximum capacity of 2.6 MB.

429px-Wechselplattenspeicher_IBM_1311

In 1973, the first modern “Winchester” 3340 hard drive was announced. It came with a sealed assembly, lubricated spindles, and a lighter read/write head. It offered three types od data modules providing 35 or 70 MB.

modul_eingelegt

The first 3.5-inch commercial hard disk drive (HDD) was introduced in 1983 by Rodime with a storage capacity of 12.75 MB and paved way for the standard 3.5-inch form factor. The RO352 had two platters with a capacity of 10 MB. Prior to this, Rodime had produced the 5.25-inch drive that is now mostly extinct.

1983-rodime-released-the-first-35-inch-hard-disk

By the 1990’s, big technological advances had taken place and the disk drive has gone through major milestones, both in physical size and capacity. 1992 saw Seagate bring to the market a 2.1 GB hard drive known as Barracuda spinning at 7200-revolutions-per-minute.

oracle-sun-part-number-370-2040-sun-2-1-gb-seagate-barracuda-hard-disk-2

This form factor has endured till today with data capacity rising to the terabyte (TB) range for the most modern hard drives. As the popularity of mobile computing devices continues to rise, smaller form factor drives and solid state drives (SSD) have become increasingly available.

 

Reference Links:
The evolution of hard disk drives
https://www.pcworld.idg.com.au/slideshow/372650/evolution-hard-disk-drives/
The evolution of the hard drive
https://community.spiceworks.com/topic/1131699-the-evolution-of-the-hard-drive
Timeline: 50 Years of Hard Drives
https://www.pcworld.com/article/127105/article.html
YouTube Video: A History of Hard Disk Drives (and How They Work)
https://www.youtube.com/watch?v=HLgzqanGHIg

Information Security

The CIA triad is the cornerstone of modern day information technology security. As the world becomes more connected via networks each day, the confidentiality of the information we exchange, the integrity, and the availability, become more important. It is important that private digital conversations be kept private and that is achieved via confidentiality. As these digital conversations traverse the Internet, we want to ensure that altered in any manner which we define as integrity. Thirdly, we want to ensure that the information is there when needed, and this is known as availability.

In this particular article, we are dealing with squirrels which dig up cables and cause damage to other data transport infrastructure, thus impacting availability of parts of the US electric grid amongst others. The frequency of such events surpasses any one single action that has demonstrably been caused by human beings.

Equifax Data Breach

https://www.consumerreports.org/privacy/what-consumers-need-to-know-about-the-equifax-data-breach/

The Equifax data breach which occurred mid May through July was discovered on July 29, 2017. This data breach compromised the information of 143,000,000 Americans including their social security numbers, as well as 209,000 credit cards. This can be categorized as a loss of confidentiality since the data was private and confidential.

Productivity Tools: Mint

Mint is a money manager productivity tool by Intuit that is available as an iPhone app, Android app, as well as an online web-based app. This tool acts as a one stop shop for all your money management needs. In order to get the most out of this tool, one has to input on a one-time basis, their bank information, credit cards, rent or mortgage, investments, utilities, and any other financial information they want to track. Along with entering the basic information, authorization has to be given to the app to allow it to log into those accounts that have been added. With this information, the app is then able to retrieve balances, aggregate all the information, then provide a detailed financial overview. The data provided will be broken down into several categories to include the following:

  1. Cash
  2. Credit cards
  3. Loans
  4. investments
  5. Property

Along with this overview, several tabs provide more in-depth information on each of the following:

  1. Transactions
  2. Credit score
  3. Bills
  4. Budgets
  5. Goals
  6. Trends
  7. Investments
  8. Ways to Save

Having used this app for a number of years, I would highly recommend it to anyone who wants to get a good grip on their finances. One of the features I really love in the app is the ability to set scheduled alerts for bills that are due, as well as any deposits and/or withdrawals to any of the registered accounts.

Best of all, Mint is totally free!

Mint home page

www.mint.com

Mint Youtube Video

https://www.youtube.com/watch?v=rK6WLHNYjwM

Mint001

Mint002

Mint003

 

Web Tracking

Web tracking is used by website owners and marketers on the Internet to build profiles which may then be used for targeted advertising. Tracking can use cookies, web beacons, flash cookies, and pixel tags among others, to profile a user based on their browsing and Internet search habits. The user is then presented with adverts about products and services deemed to be of their interest. Cookies are data generated on a website and stored on an end-user computer system by the local browser during a user’s browsing activities. These cookies can in some cases be shared between sites resulting in targeted adverts as a user moves from one site to another. In other cases, websites may track users by requesting or requiring that they log in via username and password in order to access the site.

The information collected may include pages visited, duration of time spent on each page, frequency of visits, IP address, and general geographical location as well as any searches that were conducted. Third party cookies are those that are set by sites that you are not visiting via advertisements that a user clicks on. Third party cookies are also used to track your activities while you browse the web, but they can also be intrusive and as such, may present a threat to users.

Reference Articles:
https://www.kaspersky.com/blog/internet-ads-103/13569/
https://www.howtogeek.com/115483/htg-explains-learn-how-websites-are-tracking-you-online/

Google Chrome: The Browser of Choice for Me

Of the three browsers I have, Google Chrome is my top choice because of its speed, versatility, and flexibility. It also provides exclusive access to the Google Store extensions marketplace and preferences can be ported across multiple platforms. On the downside, it is memory intensive when running multiple open tabs and slow on older computers. Also, earlier versions are 32-bit and the incognito mode does not do anything to make you incognito.

Microsoft Explorer is available by default in Windows systems and is the easiest to use with few compatibility issues. On the negative side, it lags behind in customizability and functionality with add-ons, is slower, and is Microsoft proprietary.

As a 64-bit browser, Mozilla Firefox is more compatible with a wide array of systems and is equipped with add-ons that improve functionality and allow for customization. As open-source software, it provides for great transparency and trustworthiness. Firefox is a memory hog that is slower than Chrome and experiences compatibility issues on some sites.

Even though I love Google Chrome, the idea and promise of an open source browser might make me consider switching to Mozilla Firefox.

 

Reference Article:
Pro’s and con’s of commonly used web browsers
http://shirleycomputerservices.co.uk/blog/pros-and-cons-of-browsers/