Post 7 - Tech Topic Connection

In Week 3 of the Fundamentals of Information Technology and Literacy course I had to select a topic for my final project; I chose IT careers. I felt this made sense because a big motivation to take this course was exploring different facets of IT to be better informed in my career choices. And having decided that I wanted a career in IT, a basic literacy and overview is required. You wouldn’t call yourself a chef if you’ve never been in a kitchen and never cooked for other people. On the other hand a chef is not required to know everything about every recipe, general knowledge and an area of specialization is all that’s needed. In a similar way learning about different areas of IT helps to prepare me for upcoming career choices and to figure out what I want my area of specialization to be. This week I got laid off of a long time position. While some might view this as a catastrophe, I choose to see it as an opportunity to venture out into new areas and broaden my horizons.

The topics discussed in the course are all essential to understanding how to navigate in the IT world. Knowing the history is essential, because computing is based on the same principles as when it began, as a series of switches or transistors that are either off or zero, or on and one (Vahid, 2017). Based on Moore’s Law, every two years the switch sizes decrease by half  (Lasky, 2017), but the underlying principles are the same. “For reasons of efficiency and speed, the central processing unit of a computer is designed to recognize instructions coded using only the 1's and 0's of the binary number system” (Shirer, 2019). Computers run programs, that have become more complex and are based on computational thinking. In the same way that arithmetic builds into more complex math like algebra and calculus, the basics of computational thinking are important to working in the modern IT field.

Knowing the major hardware components and function of modern computers is important to having a career in IT. Just like the chef must know his knives and different types of pots and pans the different types of hardware are critical to being successful, especially if the career I choose is a support or network type of position.  What if I have to update RAM or a video card? What if there’s a drive malfunction or I am working with a server or changing a keyboard? These are all types of hardware and knowing what they do is essential for a career in IT.

It’s likely that the career I end up in will have programing as part of the job tasks since this is something I enjoy and have done successfully in the past. “Programming languages provide a convenient way for people to issue instructions to a computer. Such a language is built from a fairly small set of natural language words and algebraic symbols, usually no more than a few hundred in number, chosen so that they reflect the actual operations to be performed by the computer. Many types of programming languages are available, some specialized for a particular processor, some suited for solving particular types of problems, and others designed for general use with many machines or procedures” (Shirer, 2019).

According to Tiobe (2020), Java, C and Python make up the current top three most popular programming languages, but the principles of programming are transferrable once the basic concepts are understood.

If hardware and programming are essential then applications must be as well. Applications are what the hardware runs via computer programs. In terms of IT careers the Business Analyst role is an area I’m interested in and uses applications like spreadsheets (Excel), word processors (Word) for documentation, and workflows (Visio) in order to document business processes. The Business Analyst also has to know how to access data, as does my prior role as a Reporting Analyst. This IT career path relies on knowing how to access data via an Electronic Data Warehouse and build models and reports in applications that write queries and display data in meaningful visual ways like tables, charts and dashboards.

Reference:

Lasky, J. (2017). Moore’s law. Salem Press Encyclopedia of Science. Retrieved from http://search.ebscohost.com.proxy-library.ashford.edu/login.aspx?direct=true&db=ers&AN=125600130&site=eds-live&scope=site

Latest news. (n.d.). Retrieved from https://www.tiobe.com/tiobe-index/

Shirer, D. L. (2019). Computer programming languages. Salem Press Encyclopedia of Science. Retrieved from http://search.ebscohost.com.proxy-library.ashford.edu/login.aspx?direct=true&db=ers&AN=89316936&site=eds-live&scope=site

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from  zybooks.zyante.com/

Post 6 - Network Security

This post builds on a previous assignment here that explored using ping commands. This post goes deeper into the topic revealing how pinging can be used for attacks and other vulnerabilities to computer security.
Earlier in the course we became familiar with using ping commands, and while it can be used for troubleshooting and connectivity testing, it can also be used by bad actors to launch attacks on critical websites like government and private company systems. One of the more types of using pinging to attack is called ping-flooding or Distributed Denial of Service (DDoS) attack. As the name suggest an attacker tries to overwhelm the resources of a system by flooding it with pings. If all the available bandwidth resources are being taken up by pings, no other users can get on. While this type of attack has been used to take down sites like Ebay, Yahoo, and ETrade (Kumar, 2006) I have also seen posts on Reddit about using ping floods to block scammers using Voice over IP connections for telephone scams. The DDoS is typically done with an automated program that can control the number of pings and the size of the packets (Crelin, 2018) (sending large packets is another type of DDoS referred to as a ping bomb.

Ping attacks are not the only threats systems are vulnerable to. Phishing is another common security risk modern systems face. “Phishing is the process of trying to steal user information over the Internet by claiming they are a trusted entity and thus access and steal the victim's data” (Kadhim, 2019) such as passwords or credit card information. Phishing can happen to individuals or at work. Just recently an email was sent from my “corporate office” about a holiday gift. If you clicked the link it would ask you to enter your user name and password to redeem your gift, which would potentially give the person on the other end access to the company system. While phishing is detected and prevented by several methods such as blacklisted websites and data mining, one of the most important keys to prevention is user awareness and intelligence. It is very difficult for a phishing email to completely replicate a legitimate system. For example in the example I recently experienced there were several typos in the email body, and if you hovered over the link you could see that the actual hyperlink didn’t lead to accompany domain. Checking domain name is an established method for preventing new phishing sites that have not been blacklisted by prevention software (Kadhim, 2019), but that still relies heavily on user intuition.

References:

Crelin, J. (2018). Denial-of-service attack. Salem Press Encyclopedia. Retrieved from http://search.ebscohost.com.proxy-library.ashford.edu/login.aspx?direct=true&db=ers&AN=90558289&site=eds-live&scope=site

Kumar, S. (2006, January 10). PING attack – How bad is it? Retrieved from https://www.sciencedirect.com/science/article/pii/S0167404805001926.

Huda Yousif Kadhim, Karim Hashim Al-saedi, & Mustafa Dhiaa Al-Hassani. (2019). Mobile Phishing Websites Detection and Prevention Using Data Mining Techniques. International Journal of Interactive Mobile Technologies, (10), 205. https://doi-org.proxy-library.ashford.edu/10.3991/ijim.v13i10.10797

Post 5 - Computers in the Workplace

I work for a contractor with Business Units in Defense, Intelligence, Health and Civil Sectors. I work in Finance specifically and the company could not function without a powerful Enterprise Resource Planner (ERP). With over 3000 active contracts, the main product the company sells is labor and a very sophisticated timekeeping software is needed to help set up and manage the time, move costs into the correct account with burdens, fees, as well as indirect costs and to report on all these for financial statements, balance sheets, all levels of management from the line to the executive level and provide reports for investors. Additionally the ERP the company uses is designed specifically for government contractors which helps to manage many rules and regulations that are required for Sarbanes Oxley and other compliance requirements as well as accounting standards like FAR and GAAP. 


For finance a literacy in certain types of computer programs are required, however many of the line organizations are using computers to fulfill contract and mission requirements so they are using programs that are much more technical. In the 7 years I have worked for the company there have been several evolutions. There were always sophisticated password systems, and this has been augmented over time with the requirement for usb dongles that have authentication hardware in order to access network resources and use computers assigned to a specific user. For instance in order to use my work computer there is an authentication password, then the password for the computer, then my dongle has to be inserted and a password for the dongle as well. Additionally if I am offsite another 2 passwords for the VPN are required. Another evolution is using the cloud for computer backups and recovery. In the next ten years I see a lot more intelligent automation being used, as robotic process automation is already something that is being implemented to automate various repetitive tasks.

Post 4 - Traveling Through a Network

This post was originally an assignment done in week 3 of the class:

Using a ping and traceroute command utility are two different ways to analyze how packets move through the Internet. Packets are the units which information is broken down in to send from one computer to another (Vahid, 2017). Each packet is made up of a maximum of 1500 bytes (Strickland, 2010). This means that transmitting a web site, a song, or even an email is being split amongst multiple packets. This is also a strength of the Internet over previous forms of communication that were a single direct line. If one route or line fails there are multiple other routes that the packet can take to reach its destination. The process of pinging refers to checking if the destination is receiving a signal, it’s like checking to see if someone is home. Traceroute goes along the route that the packet follows from origination to destination, and reports on the amount of time at each router the packet passes through as well as the IP address of each router and if there were any issues along the way. Each transmission between routers in the traceroute is referred to as a hop (Hoffman, 2017).

For the assignment I used google.com, as well as the website for the Australian government (Australia.gov.au) and a popular site in China (sina.com.cn).  For the pinging exercise the website hosted in China took the longest, while the domestic Google site was much faster and the Australian government site was slightly less time, but comparable to the Chinese website. However, when doing the traceroute exercise, both Google and sina.com.cn were able to complete the task in less than 20 hops, however the traceroute for the Australian site consistently timed out after about 14 hops. This is indicated by the triple asterisk in the output of the screenshot. I tried the exercise multiple times to confirm. This can mean that the website router is too busy or has exceeded the time threshold needed to respond to the traceroute call. It can also mean that there is a firewall blocking requests. Since the website in the traceback exercise is a government site, it’s likely that this is the case since traditionally hackers have used traceroutes to study how data moved on a network and then target vulnerabilities: “In the past, computer hackers would routinely use traceroutes to map how information moved within a company's computer network and then focus their attacks on certain computers. To combat that security threat, some networks will not allow you to perform a traceroute” (What is a Traceroute?, 2019).

Example ping:

 Example traceroute:

References:

  

Hoffman, C. (2017, July 6). How to Use Traceroute to Identify Network Problems. Retrieved from https://www.howtogeek.com/134132/how-to-use-traceroute-to-identify-network-problems/.

Mitchell, S. (n.d.). How to Read a Traceroute, InMotion Hosting Support Center. Retrieved from https://www.inmotionhosting.com/support/uncategorized/read-traceroute/.

Strickland, J. (2010, March 8). How IP Convergence Works. Retrieved from https://computer.howstuffworks.com/ip-convergence2.htm.

What is a traceroute? (n.d.). Retrieved from https://whatismyipaddress.com/traceroute

Vahid, F., & Lysecky, S. (2017). Computing technology for all. Retrieved from  zybooks.zyante.com/