IT Examples and Topics

Mitigation Model For Awareness And Knowledge Of Employees Toward DDos Attacks

Mitigation Model for Awareness and Knowledge of Employees toward DDoS Attacks

[Name of the Student]

[Name of the Institution]

Abstract

Cybersecurity is an issue of high concern for organizations to maintain their security. They confront threats of DDoS attacks and need to develop solutions for dealing with such situations. Mitigation plans are developed by organizations to address issues involving risks. A risk management embedded mitigation model is required to be developed for successful loss reduction and efficiency increase of organizations towards DDoS attacks. These attacks are usually unintentionally facilitated by employees due to their ignorance of cyber threats. This calls for creating awareness and imparting knowledge in employees so that they can contribute towards defense against DDoS attacks. This paper reviews twelve scholarly articles entailing recent researches that provide adequate information about the current status of defense against cyber (especially DDoS) attacks, provide a solution for dealing with these threats, and propose an embedded mitigation model for creating awareness in employees towards the above-said threats.

Keywords: Embedded mitigation model, distributed denial-of-service attack, risk management, cybersecurity, employees' awareness, business continuity plan

Introduction

A DDoS attack, ‘Distributed Denial-of-Service’ attack is an attempt aimed at disrupting normal traffic of a server, network, or service that is targeted by overwhelming with an excessive flow of Internet traffic. These attacks are made effective by the use of various compromised computer systems, which serve as the sources of attack traffic in these malicious attempts. The target machines exploited through DDoS attacks include computers and other devices. A request is made to a server or a website that looks valid but it is malicious, or the server/website is flooded with excessive data to take it down. DDoS attacks are automated attacks that are concentrated as well, and they attempt to send a large number of requests to the target network so that it becomes useless. The process of DDoS attacks is completed by sending a huge amount of data packets to some target network, computer system, or device to at fast speed, and the target starts lagging partly or completely until it is completely down. In upscale DDoS attacks, a traffic jam is created by blocking the highway, which eventually prevents regular traffic from reaching the desired destination. DDoS mitigation is the process that is developed to protect a targeted network or server from a DDoS attack. To ensure protection from a DDoS attack, specialized network equipment needs to be designed, or cloud-based protection is required. This will provide resilience against the DDoS attacks, though it cannot prevent the attacks. In organizations, DDoS attacks become serious concerns as the information is usually confidential, and an employee's work can be disrupted to a great extent as a result of these attacks. These attacks are capable of causing much harm to businesses. They can make the function of servers and websites disruptive. The current study relates to selected peer-reviewed articles on risk mitigation against DDoS attacks, seeks insight and useful information for creating awareness and knowledge against DDoS attacks, assesses the ultimate contribution of employees’ awareness and knowledge in this issue, and provides a mitigation embedded model to remain protected against the DDoS attacks by activating speed and response time of their activity.

Theoretical Background

Risk mitigation is one of the many ways to deal with risk threats in risk management studies. Risk management involves different strategies to reduce or eliminate risks that have different implications, i.e., accept, avoid, reduce, or transfer strategies. The mitigation embedded model is used for creating awareness in employees by accelerating the implementation of regulated policies and technical procedures. It explains the process of IT service continuity planning and the way it impacts the transitioning to embedded policies and practices. Information security management involves procedures for creating awareness and knowledge of DDoS attacks. An embedded model for mitigating risks of DDoS attacks comprises different components: creating knowledge and awareness, implementing policies and principles, applying technical procedures, improving business service and request management, and establishing (IS) Management, service continuity, and service configuration.

Employees can contribute well towards reducing loss and increasing efficiency against DDoS attacks by understanding these attacks and following the instructions given by the management for this purpose. On the service providers’ end, the administrators should enroll in a DDoS protection service, which detects traffic flows that seem to be abnormal and drives traffic away from the organization’s network. The service providers will make a recovery plan against the disaster. This will ensure efficient and successful mitigation, communication, and recovery in case an attack occurs. To strengthen the security further, certain initiatives prove beneficial, such as installing antivirus software, installing a firewall and then configuring it to control the incoming traffic, and evaluating the security settings if they meet the requirements of protection against present DDoS attacks. The web server must be protected from being overwhelmed by the flood of requests. Filters need to be added to identify, detect, and drop information packets from potential sources of attacks. Half-open connections have to be timed out deliberately to ensure protection. Certain spoofed information or requests are received; these requests should be dropped for security purposes.

Since all sites available on the Internet depend on each other to some extent, the security or insecurity of a site can be affected by that of others. A remote attacker can plan the attack by implanting tools to control multiple systems and direct them for launching an attack. Understanding the way DDoS attacks are planned and executed is crucial for preventing intrusions by implementing a system of security. Certain non-technical and technical procedures are available with the advancement in technology to develop security against DDoS. A company should be in consistent contact with the service provider to implement state-of-the-art services related to continuity, configuration, and management of security and protection.

Literature Review Table

Sr #

Author + Year

Problem/Purpose

Questions

Methodology

Findings

Conclusion

Comment

(Epoh, 2018)

Assess damages caused by DDoS

What can be the methods to prevent damages caused by DDoS

Secondary research, mixed methodology

Mitigation is only effective when the detective and preventive methods are used simultaneously

Damages caused by DDoS can be mitigated by using detective and preventive measures.

The study indicates the need for robust technologies for cybersecurity.

(Burke, 2018)

Research the methods to prevent the IoT devices to become compromised for being used in DDoS attacks

1. Nature of IoT devices and their vulnerabilities

2. Attacks against IoT devices and ways to prevent those attacks

Secondary research based on the existing literature on the subject

Security can be assured by developing protection for devices at risk implementing certain protocols as attackers attack specific industries.

Devices at risk need protection for their vulnerability

The study ascertains that service providers should take responsibility for providing security.

(Liu, Cao, Zhu, & Ge, 2019)

Prevention services provided by ISPs are mostly non-deployable and privacy-invasive

How is it possible to create DDoS prevention services that can be effective in coping with real-time threats?

An empirical study to determine the problem precisely and provide a solution subsequently

Developing a solution in the form of ‘Umbrella’ that deals with the issues being addressed

Umbrella efficiently deals with the serious attacks on the networks

Umbrella has been proved to effectively mitigate DDoS attacks

(D’Cruze, Wang, Sbeit, & Ray, 2018)

Traditional approaches to address DDoS attacks have limitations; need arises for a successful approach

Identify modern more sophisticated threats of DDoS attacks and proposing an effective solution

Mixed methodology, reviewing the existing literature and developing a new solution using quantitative data

The proposed solution, software-defined networking model, is an efficient, effective, flexible, and automated.

The model proposed is more effective in mitigating the cyber threat.

The model is being used successfully at Verizon networks.

(Singh, Dumka, & Sharma, 2019)

Detect and prevent the DDoS attacks on a mobile ad-hoc network by comparing various tools and techniques

How various techniques used in DDoS attacks impact a mobile ad-hoc network?

Comparative analysis of the techniques used in DDoS attacks conducting secondary research

Techniques used to secure the channel offer different solutions but they all cater to the problem addressed partly

Security remains a concern to date in spite of the availability of various channel security techniques

Further research is needed to secure the channels completely

(Saharan & Gupta, 2019)

Make the underlying network intelligent in SDN (software-defined network) environments to prevent DDoS attacks

How DNS protocol vulnerabilities can be altered to protect the functioning of the service provider?

Propose a mitigation solution by using quantitative data to analyze the flexibility and programmability of SDN

SDNs provide the basis for developing mitigation solution that makes them secure against DDoS attacks

DDoS attacks can be prevented by eliminating vulnerabilities of the DNS protocol

Research yields positive results in the direction specified

(Dayanandam, Rao, Bujji Babu, & Nalini Durga, 2019)

Analyzing DDoS attacks and developing preventive measures against them

What are the major components of defense mechanisms and their implications related to DDoS?

Classifying DDoS attacks and addressing them with relevant defense mechanisms using the existing research and technology

The classification of DDoS attacks after identifying them using an intrusion detection system can reduce the mitigation risks

Introducing a mechanism that will defend DDoS attacks at the application layer and network layer.

Classifying the DDoS attacks helps to develop a specific mechanism for protection against them

(Bojović, Bašičević, Ocovaj, & Popović, 2019)

Detecting the DDoS attacks with the use of a hybrid detection method

Does a hybrid detection method prove to be more advantageous than others for DDoS detection?

Comparing the proposed method with two others that exist in the literature already

The proposed method is more productive than the two others

The approach used in this study is verified and credible in mitigating DDoS risks

A controlled DDoS experiment is dependable in the empirical study of DDoS attacks

Williams –Banta, 2019)

People are considered to contribute to the success of cyber-attacks, and they need to make aware of the issue and protection measures

What is the relationship between the knowledge of cybersecurity, awareness attitudes about security, and breaches of data in an organization, and their required investments

A mixed approach involving qualitative and quantitative methodologies, and sampling one hundred persons for the research

The research question comprising three different parts was answered by the research, establishing the relationship in the three scenarios

Organizations have to understand the knowledge, attitude, and behavior of employees regarding cybersecurity

Creating a balance in the variables discussed is helpful for organizations to improve their security controls

(Sumi, Dutta, & Sarker, 2019)

Many people are still unaware of the cyber-attacks and respective preventive measures

How can people be made aware of various cyber-attacks and what preventive measures need to be taken

Certain related and useful keywords were used to collect secondary data from the Web

Cyber-security is essential to protect data, networks, and systems from cyberattacks

Cybersecurity implemented effectively can mitigate the risks associated with data, individuals, or organization

People need much training and awareness to reduce risks of cyber-attacks

(Saxena & Dey, 2019)

Cloud users cannot identify easily the source of DDoS attacks

How much value is the use of a third-party auditor in DDoS prevention in cloud-computing?

Experimenting an auditor-based traceback approach that used Weibull distribution to analyze the source of DDoS attack

The identification factor resulted from the study was strong, and the traffic pattern generated alerts regarding the attacks

The cloud environment DDoS defense can be easily obtained by Weibull distribution and third-party auditor

The proposed solution is more contributing to the problem than other available methods

(Azeez et al., 2019)

Data related to all layers of the OSI model are susceptible to cyber-attacks and need to be protected

What device or system can be developed to monitor a network or system?

An intrusion detection and prevention system (IDPS) is suggested to detect vulnerabilities and enact preventive measures

The study provides several responsive techniques to support the firms to cope with the computer-related crimes

An IDPS can identify vulnerabilities in different channels of information distribution

This review on IDPS is the latest in this particular issue.

Research Questions

“How can we mitigate risks and reduce losses by increasing employees’ awareness and knowledge of the DDoS attacks, using a mitigation embedded model in business setups?”

“Do the two factors, speed and response time, involved in the embedded mitigation model reduce the impact of the DDoS attacks if activated?”

Methodology

Participants

This study is comparative research about a selection of twelve articles, which discuss the DDoS attacks and relevant preventive measures. It involves considering different scenarios where different samples have been chosen for research.

Materials

The study involves the use of the latest technologies to protect against cyber threats like DDoS attacks. Systems are supposed to have an improvement in the security tools embedded. Protocols are revised for the sake of enhanced protection. Materials required for increasing awareness among employees of organizations include brochures, training manuals, and IT tools and devices.

Design

The study involves latent variables as well as observed variables. The latent variables include assurance and efficiency, and system and resources. The observation variables include response time, speed, quality implementation, availability of resources, and awareness of employees. Among these observation variables, the response time and speed have to be activated so that the embedded model for mitigating DDoS attacks risks could be activated properly. The response time and speed relate to the requests made at the server or website. Activating these two variables would accelerate network efficiency.

Procedure

The embedded model will discuss the issues of service continuity, configuration, and request management. From the twelve peer-reviewed articles described above, the model is developed for addressing the threats of DDoS attacks. This model would be a part of the business continuity planning for increasing credibility. The model will be embedded in the organizations' processes to ensure the training and education of employees accordingly. It will transform the system to be secured and resistible against DDoS threats.

Results

Embedded risk mitigation model increases the chances of risk reduction in DDoS attacks because they make use of certain techniques related to IT. Activation of the required variables will enable this system to address the issue appropriately. People's awareness of the security threats has a direct correlation with the mitigation model embedded in the company, provided that the company will develop the cyber risk reduction system satisfactorily. The above-said reviewed articles suggest that the embedded model should entail elements of risk management techniques that have been developed in the IT industry for this purpose.

Discussion

The study demonstrates that techniques and tools used for mitigating risks of DDoS threats are not as up-to-date and competitive as they should be. The DDoS attackers are much more sophisticated and they are always engaged in developing new ways to breach data and intrude people's privacy. Organizations are not safe concerning their information, systems, and people. Employees are still in dire need of extensive training to be able to protect themselves from getting involved in cybercrimes.

Conclusion

DDoS attacks pose a major threat to organizations today. Systems, networks, and devices are not secured. The attackers have become much advanced in crafting new techniques to commit data breaches, restrict the use of devices and computers by the authorized users, and intruding the privacy of organizations and employees. An embedded mitigation model can reduce the risks of DDoS attacks to a considerable effect. However, much research and advancement are required by the organizations to cope with these attacks competitively.

Works Cited

Azeez, N. A., Bada, T. M., Misra, S., Adewumi, A., Van der Vyver, C., & Ahuja, R. (2019). Intrusion Detection and Prevention Systems: An Updated Review. In N. Sharma, A. Chakrabarti, & V. E. Balas (Eds.), Data Management, Analytics and Innovation (pp. 685–696). https://doi.org/10.1007/978-981-32-9949-8_48

Bojović, P. D., Bašičević, I., Ocovaj, S., & Popović, M. (2019). A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method. Computers & Electrical Engineering, 73, 84–96. https://doi.org/10.1016/j.compeleceng.2018.11.004

D’Cruze, H., Wang, P., Sbeit, R. O., & Ray, A. (2018). A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks. In S. Latifi (Ed.), Information Technology—New Generations (pp. 141–145). https://doi.org/10.1007/978-3-319-54978-1_19

Dayanandam, G., Rao, T. V., Bujji Babu, D., & Nalini Durga, S. (2019). DDoS Attacks—Analysis and Prevention. In H. S. Saini, R. Sayal, A. Govardhan, & R. Buyya (Eds.), Innovations in Computer Science and Engineering (pp. 1–10). https://doi.org/10.1007/978-981-10-8201-6_1

Epoh, J. C. E. (2018). Techniques for Detecting, Preventing and Mitigating Distributed Denial of Service (DDoS) Attacks. In S. Latifi (Ed.), Information Technology—New Generations (pp. 899–904). https://doi.org/10.1007/978-3-319-54978-1_113

Liu, Z., Cao, Y., Zhu, M., & Ge, W. (2019). Umbrella: Enabling ISPs to Offer Readily Deployable and Privacy-Preserving DDoS Prevention Services. IEEE Transactions on Information Forensics and Security, 14(4), 1098–1108. https://doi.org/10.1109/TIFS.2018.2870828

Preventing DDOS Attacks against IoT Devices—ProQuest. (2018). https://search.proquest.com/openview/43313d89a65f45ca5e88bc172814f461/1?pq-origsite=gscholar&cbl=18750&diss=y

Saharan, S., & Gupta, V. (2019). Prevention and Mitigation of DNS based DDoS attacks in SDN Environment. 2019 11th International Conference on Communication Systems Networks (COMSNETS), 571–573. https://doi.org/10.1109/COMSNETS.2019.8711258

Saxena, R., & Dey, S. (2019). DDoS prevention using third party auditor in cloud computing. Iran Journal of Computer Science, 2(4), 231–244. https://doi.org/10.1007/s42044-019-00039-w

Security Technology and Awareness Training; Do They Affect Behaviors and Thus Reduce Breaches? - ProQuest. (2019). https://search.proquest.com/openview/3f1fd392d91d530b6da929de3ac18273/1?pq-origsite=gscholar&cbl=18750&diss=y

Singh, N., Dumka, A., & Sharma, R. (2019). Comparative Analysis of Various Techniques of DDoS Attacks for Detection & Prevention and Their Impact in MANET. In M. Pant, T. K. Sharma, S. Basterrech, & C. Banerjee (Eds.), Performance Management of Integrated Systems and its Applications in Software Engineering (pp. 151–162). https://doi.org/10.1007/978-981-13-8253-6_14

Sumi, F. H., Dutta, L., & Sarker, F. (2019). A Review on Cyberattacks and Their Preventive Measures. International Journal of Cyber Research and Education (IJCRE), 1(2), 12–29. https://doi.org/10.4018/IJCRE.2019070102

Subject: IT

Pages: 8 Words: 2400

Read

Mobile And Embedded Device Security

Your Name

Instructor Name

Course Number

Date

Mobile and Embedded Device Security

Security has always been a major concern in mobile computing. Not only in mobile computing but in everything online is not safe until proper security measures are not taken. To ensure the security of mobile computing several mobile device management tools are available that help facilitates users in securing their devices and data (Johnson).

SOTI MobiControl facilitates companies to securely manage and maintain any device or any operating system after it has been deployed. It also helps in controlling business mobility, while also tracking physical assets and handling contents and applications ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"zNeqKXtT","properties":{"formattedCitation":"({\\i{}MobiControlv14ConsoleTransitionGuide.Pdf})","plainCitation":"(MobiControlv14ConsoleTransitionGuide.Pdf)","noteIndex":0},"citationItems":[{"id":117,"uris":["http://zotero.org/users/local/sbFMNDWM/items/5XS32ZZT"],"uri":["http://zotero.org/users/local/sbFMNDWM/items/5XS32ZZT"],"itemData":{"id":117,"type":"article","title":"MobiControlv14ConsoleTransitionGuide.pdf","URL":"https://www.soti.net/files/shared/MobiControl/MobiControlv14ConsoleTransitionGuide.pdf","accessed":{"date-parts":[["2019",10,9]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (MobiControlv14ConsoleTransitionGuide.Pdf). While discussing several features of SOTI MobiCloud tool some of the main features are listed below:

On-boarding and off-boarding

Enrollment is done through a barcode scan. The scan of the barcode can automatically configure a device with the help of account information, proxies, applications, and virtual private network (VPN) settings.

App management

Admins have the authority to upgrade, manage and distribute secure applications on devices that are shared, personal or corporate.

Device management

The software tool provides toolkit contains several advanced features to manage access to corporate resources while also configure lockdown and detect rooted devices.

Security features

This tool can integrate with Office 365 and active directory. Further, it has built-in root detection features well. Moreover, it also has a malware detection system that facilitates minimizing the risk of any security issue to the android devices. In case of any security issue, the end-users can locate their device and then reset the password. By doing this they will be able to remove the data from their devices and can shop for administration sanctioned profiles.

Deployment options

SOTI MobiCloud can support both cloud and on-premises deployment. Whatever the medium the user may choose SOTI MobiCloud online site can help with the deployment process. Typically, the installation method contains two main steps that are: a console that communicates with the deployment server and exchange information from online support to the device. The next step is the deployment server that sends the information of the devices to the database.

Screenshots of the tool

Fig:1 SOTI MobiCloud console

Fig:2 Device list that SOTI MobiCloud can support synonymously

Views/Opinions

This tool facilitates a lot in managing the device security. It also aids in managing multiple devices and can support both android and IOS.

Works Cited

Johnson, David B., and D. Maltz. "Mobile computing." (1996): 153-181.

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY MobiControlv14ConsoleTransitionGuide.Pdf. https://www.soti.net/files/shared/MobiControl/MobiControlv14ConsoleTransitionGuide.pdf. Accessed 9 Oct. 2019.

Subject: IT

Pages: 1 Words: 300

Read

Mobile Application Threat Modeling Transcript

Chimene Tchokoko Diboma

School or Institution Name (University at Place or Town, State)

Mobile Application Threat Modeling Transcript

Introduction:

Advancements made in communication and information technologies have changed the way people do business. Mobile phones are turned into powerful computing devices. A modern smartphone is capable of handling intensive computing tasks. People rely on mobile devices for their digital needs. Depending on the exponential penetration of mobile devices in our lives, businesses are going mobile friendly as well. Most of the businesses have developed mobile applications to provide their customers with customized services. However, extensive growth in the mobile application development market has raised concerns as well. Mobile applications of major business outlets process personal information of their users making them a potential target of cyber-criminals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ac5krt83ob","properties":{"formattedCitation":"(Roy et al., 2019)","plainCitation":"(Roy et al., 2019)"},"citationItems":[{"id":2448,"uris":["http://zotero.org/users/local/gITejLE9/items/XFBHGY9K"],"uri":["http://zotero.org/users/local/gITejLE9/items/XFBHGY9K"],"itemData":{"id":2448,"type":"article-journal","title":"Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications","container-title":"IEEE Transactions on Industrial Informatics","page":"457-468","volume":"15","issue":"1","author":[{"family":"Roy","given":"Sandip"},{"family":"Das","given":"Ashok Kumar"},{"family":"Chatterjee","given":"Santanu"},{"family":"Kumar","given":"Neeraj"},{"family":"Chattopadhyay","given":"Samiran"},{"family":"Rodrigues","given":"Joel JPC"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Roy et al., 2019). The cyber threat landscape is shifting from server or mainframe computer markets to mobile applications. Secure mobile applications cannot be developed without appropriate modeling of threats posed to mobile applications. The report provides an insight into threats available to mobile applications and secure application development techniques.

Mobile Application Architecture:

In mobile application development, appropriate choice of application architecture plays the central role. As a cyber-threat analyst, I have evaluated the architecture for mobile application for a business that provides retail items to end users at their doorsteps. The application is used by the customers to place an order. The details of the order are collected by the application and processed by the backend corporate information technology infrastructure. Before, designing a mobile application, the developers must be aware of the fact that who will be using that application ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a27jp9qibr4","properties":{"formattedCitation":"(Schliep & Hopper, 2018)","plainCitation":"(Schliep & Hopper, 2018)"},"citationItems":[{"id":2449,"uris":["http://zotero.org/users/local/gITejLE9/items/5KCT9K4L"],"uri":["http://zotero.org/users/local/gITejLE9/items/5KCT9K4L"],"itemData":{"id":2449,"type":"paper-conference","title":"End-to-End Secure Mobile Group Messaging with Conversation Integrity and Minimal Metadata Leakage","container-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","publisher":"ACM","page":"2282-2284","ISBN":"1-4503-5693-1","author":[{"family":"Schliep","given":"Michael"},{"family":"Hopper","given":"Nicholas"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Schliep & Hopper, 2018). If the application is intended for business customers such as online retail store customers, then the application must provide limited functionality to the end user. It is important to hide extra features from client-side applications as novice users can be confused with technical features. The application must be simple and provide core functionality on mobile devices without bugs.

The application must be compatible with the mobile platform such as it should be compatible with the host device. Mobile applications are platform dependent. For example, applications developed for iOS (Proprietary mobile operating system of Apple) cannot be used on Android-powered devices. It is more useful to develop separate applications for different operating systems. Each of the operating systems will have different threat landscapes. Android is the most popular mobile operating system and due to the open source nature of operating system cybercriminals have all access to core operating system functions ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2hchc505v","properties":{"formattedCitation":"(Kaur & Kaur, 2019)","plainCitation":"(Kaur & Kaur, 2019)"},"citationItems":[{"id":2450,"uris":["http://zotero.org/users/local/gITejLE9/items/AHWVQ2U5"],"uri":["http://zotero.org/users/local/gITejLE9/items/AHWVQ2U5"],"itemData":{"id":2450,"type":"article-journal","title":"A COSMIC Function Points based Test Effort Estimation Model for Mobile Applications","container-title":"Journal of King Saud University-Computer and Information Sciences","author":[{"family":"Kaur","given":"Anureet"},{"family":"Kaur","given":"Kulwant"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kaur & Kaur, 2019). On the other hand, iOS developed by Apple is a closed source operating system and threat surface for this operating system is very small as compared to that of the Android operating system. Apple uses built-in device encryption and strong privacy controls to make the iOS ecosystem more secure as compared to rivals. Therefore, operating system dependent mobile applications must have different characteristics for both of the platforms while keeping the core functionality the same.

Android devices do not offer built-in encryption mechanisms as compared to iOS devices. Android application version of the application must not store critical information on the user device. To create platform independence up to some extent, client-server application architecture can be used for mobile application development. In this architecture, the mobile application will use internet connection wither cellular networks such as 3G or 4G connection or available WiFi connection to communicate with the backend server of the company. The application may interact with other applications installed on the device such as Camera. Inter-app connectivity must be refined by testing the application in real-world environments. Camera access may be required to scan a bar code or QR code ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1isfbf8hh9","properties":{"formattedCitation":"(Coles, Faily, & Ki-Aries, 2018)","plainCitation":"(Coles, Faily, & Ki-Aries, 2018)"},"citationItems":[{"id":2451,"uris":["http://zotero.org/users/local/gITejLE9/items/5QB3GC4Z"],"uri":["http://zotero.org/users/local/gITejLE9/items/5QB3GC4Z"],"itemData":{"id":2451,"type":"paper-conference","title":"Tool-supporting Data Protection Impact Assessments with CAIRIS","container-title":"2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE)","publisher":"IEEE","page":"21-27","ISBN":"1-5386-8420-9","author":[{"family":"Coles","given":"Joshua"},{"family":"Faily","given":"Shamal"},{"family":"Ki-Aries","given":"Duncan"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Coles, Faily, & Ki-Aries, 2018). The application may use direct access to camera hardware or may be assisted with the third-party camera application. Accessing the camera directly can reduce the risk of third party spying on application operations. In case of using a third party application for camera access that third party may collect information about the use of application potentially compromising the privacy of the user and corporate network as well.

Mobile applications transferring authentication information such as usernames and passwords must use encryption algorithms to secure the transmission of sensitive information. Developers mostly deal with the application layer while developing mobile applications however, corporate applications dealing with sensitive information must support transport layer security such as SSL certificates. Third party application API’s must be integrated using verified software development kits. Open source code available for API integration can reduce development overhead and provides more efficient integration of application operations. Data stored by the application or accessed by the application will be as secure as the host device itself. If the host device is compromised with malicious code then the logical measures to secure local data can fail miserably ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1vdnt45u2l","properties":{"formattedCitation":"(Atwater & Goldberg, 2018)","plainCitation":"(Atwater & Goldberg, 2018)"},"citationItems":[{"id":2452,"uris":["http://zotero.org/users/local/gITejLE9/items/YHJXKNJL"],"uri":["http://zotero.org/users/local/gITejLE9/items/YHJXKNJL"],"itemData":{"id":2452,"type":"paper-conference","title":"Shatter Secrets: Using Secret Sharing to Cross Borders with Encrypted Devices (Transcript of Discussion)","container-title":"Cambridge International Workshop on Security Protocols","publisher":"Springer","page":"295-303","author":[{"family":"Atwater","given":"Erinn"},{"family":"Goldberg","given":"Ian"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Atwater & Goldberg, 2018). Depending on the popularity of mobile applications, they are the most attractive target of cybercriminals. Cybercriminals can access sensitive information by attacking mobile application rather than compromising large-scale server architecture. For user authentication, the application must use multiple authentication factors and must not transfer sensitive information over insecure wireless channels.

Requirements for Mobile Application:

2609850362140500Mobile applications developed for different businesses will have different requirements as per the type of business. Mobile application developed for a retail business that provides end users with an online ordering system will have the requirements to collect information from the user and transmit it to the back end infrastructure for order processing. In a typical retail business application, the user will be provided with the application interface asking for registration. In case of an already registered customer, the application will ask for the login credentials. Login details will then be transmitted to the backend server of the company. After successful authentication of the user, authorized services will be provided to the customer. The communication between the mobile application and the backend server of the company will use the available network connection of the device. Following flow diagram presents a rough outline of the application login procedure.

The application will not store any user information on host device except the user identification files including session cookies. Cookies are small files used by web applications to identify users and to provide a personalized experience. Regarding authentication of the customers with the network of organization, username and password based approach are not secure enough to ensure confidentiality, integrity, and availability of the information. Passwords and authenticating credentials can be sniffed from wireless networks using packet sniffing tools ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a17hi62c3c7","properties":{"formattedCitation":"(Verdecchia, 2018)","plainCitation":"(Verdecchia, 2018)"},"citationItems":[{"id":2453,"uris":["http://zotero.org/users/local/gITejLE9/items/2GGU9VPC"],"uri":["http://zotero.org/users/local/gITejLE9/items/2GGU9VPC"],"itemData":{"id":2453,"type":"paper-conference","title":"Identifying architectural technical debt in Android applications through automated compliance checking","container-title":"Proceedings of the 5th International Conference on Mobile Software Engineering and Systems","publisher":"ACM","page":"35-36","ISBN":"1-4503-5712-1","author":[{"family":"Verdecchia","given":"Roberto"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Verdecchia, 2018). Criminals can then use compromised credentials to impersonate the original user. Similar actions can be performed by hijacking the session cookies that contain the authentication functions. If a session cookie is compromised then the personalized content can be accessed by the criminal without requiring the password. Attacks to compromise cookies stored in the temporary storage of the device are known as session hijacking attacks. A hijacked session can provide unlimited access to protected content.

The authentication process in mobile applications can be improved without investing in additional hardware. Most of the modern mobile devices support biometric identification methods to secure the mobile device. Biometric identification sensors and devices embedded in mobile devices must be used by third party applications as well to perform user authentication. Multifactor authentication can pose a lower probability risk on the other side. If the application is designed to access and use the biometric hardware of the device then it may store and transfer information about the geolocation of the device and unique device identifiers ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1qj478vuoq","properties":{"formattedCitation":"(Yoran & Amoroso, 2018)","plainCitation":"(Yoran & Amoroso, 2018)"},"citationItems":[{"id":2454,"uris":["http://zotero.org/users/local/gITejLE9/items/R57K9AKY"],"uri":["http://zotero.org/users/local/gITejLE9/items/R57K9AKY"],"itemData":{"id":2454,"type":"article-journal","title":"The Role of Commercial End-to-End Secure Mobile Voice in Cyberspace","container-title":"The Cyber Defense Review","page":"57-66","volume":"3","issue":"1","author":[{"family":"Yoran","given":"Elad"},{"family":"Amoroso","given":"Edward G."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Yoran & Amoroso, 2018). Users may not want to transfer or reveal their location information but the application will not function appropriately without having access to metadata of device location. In order to support payment processing, there will be API's of payment Processor as well. These API's may serve as an attack vector for the application compromising the security and privacy of data. Most of the API integrations of payment processing mechanisms store transaction histories in the local storage of the application. Poor encryption mechanisms in Android platforms can compromise this information with relative ease as compared to the iOS platform.

Threats and Threat Agents:

The mobile application will provide an extreme level of convenience to customers as they will be able to place orders online for their desired items. Increased level of convenience will bring more security and privacy challenges as sensitive information such as credit card details, social security numbers are being transmitted between the devices and databases. Inaccurate storage of credentials such as authentication details including passwords, session cookies can put users at risk of data loss. If the authentication tokens, location data, usernames, and unique device identification numbers are not stored in encrypted containers will be compromised if the device is lost or stolen ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1puqr06jfp","properties":{"formattedCitation":"(Yu & Hou, 2018)","plainCitation":"(Yu & Hou, 2018)"},"citationItems":[{"id":2455,"uris":["http://zotero.org/users/local/gITejLE9/items/YAF9AKMA"],"uri":["http://zotero.org/users/local/gITejLE9/items/YAF9AKMA"],"itemData":{"id":2455,"type":"paper-conference","title":"Survey on IMD and Wearable Devices Security Threats and Protection Methods","container-title":"International Conference on Cloud Computing and Security","publisher":"Springer","page":"90-101","author":[{"family":"Yu","given":"Jiaping"},{"family":"Hou","given":"Bingnan"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Yu & Hou, 2018). Loss of these sensitive information records including application data such as debug information, and transaction histories can occur due to the poor implementation of network communication protocols. Servers of the organizations used to host application data can also act like the threat agents for mobile applications. If the server hosting the application data or the server providing services is compromised by the attackers then end-user devices will also be compromised by the same attacker.

As the application will use available network man in the middle attacks can be performed as well. A monitored wifi hotspot can provide criminals with full access of the device to server communication. Man in the middle attacks can be mitigated by using secure coding techniques and transport layer security implementation built into the application core. Another considerable risk is present for the application by the compromised host. If the device of a user is already infected with credential-stealing malware then the application will be compromised as soon as installed on the host device regardless of the platform ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a15ntp8fcnv","properties":{"formattedCitation":"(Venkatasen & Mani, 2018)","plainCitation":"(Venkatasen & Mani, 2018)"},"citationItems":[{"id":2456,"uris":["http://zotero.org/users/local/gITejLE9/items/3LBBRQP9"],"uri":["http://zotero.org/users/local/gITejLE9/items/3LBBRQP9"],"itemData":{"id":2456,"type":"article-journal","title":"A risk-centric defensive architecture for threat modelling in e-government application","container-title":"Electronic Government, an International Journal","page":"16-31","volume":"14","issue":"1","author":[{"family":"Venkatasen","given":"Maheshwari"},{"family":"Mani","given":"Prasanna"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Venkatasen & Mani, 2018). As with the Android platform the applications are downloaded and run from the devices, attackers can use client-side injection attacks. They can inject scripts into the local interpreter process that will compromise all of the newly installed applications regardless of the vendor. Injection attacks designed for SQL databases and techniques can be fatal if the application support multiple users accounts on the same device ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2ek8a2d4rl","properties":{"formattedCitation":"{\\rtf (Navas & Beltr\\uc0\\u225{}n, 2019)}","plainCitation":"(Navas & Beltrán, 2019)"},"citationItems":[{"id":2457,"uris":["http://zotero.org/users/local/gITejLE9/items/26MIM2UY"],"uri":["http://zotero.org/users/local/gITejLE9/items/26MIM2UY"],"itemData":{"id":2457,"type":"article-journal","title":"Understanding and mitigating OpenID Connect threats","container-title":"Computers & Security","author":[{"family":"Navas","given":"Jorge"},{"family":"Beltrán","given":"Marta"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Navas & Beltrán, 2019). Allowing multiple user accounts in a single application is a useful feature in some cases but it can compromise the security and confidentiality of data as well.

Methods of Attack:

Cyber-criminals are always devising new and improved attack methods to avoid detection by the defense mechanisms of the applications and operating system of the target devices. Most popular methods of attacks used by the criminals include man in the middle attacks, phishing, XSS attacks, password sniffing, eavesdropping, malware, and monitored network attacks. All of the attacks methods used by the criminals focus on compromising the defense mechanism of applications and operating systems. Man in the middle attacks can be used to extract critical information from communication between the application and the server. Any function call that is not structured appropriately by the programmer can allow code injection into the application processes ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"atstcdjcfh","properties":{"formattedCitation":"{\\rtf (Rodr\\uc0\\u237{}guez-Mota, Escamilla-Ambrosio, Aguirre-Anaya, & Happa, 2018)}","plainCitation":"(Rodríguez-Mota, Escamilla-Ambrosio, Aguirre-Anaya, & Happa, 2018)"},"citationItems":[{"id":2458,"uris":["http://zotero.org/users/local/gITejLE9/items/LATI2HGA"],"uri":["http://zotero.org/users/local/gITejLE9/items/LATI2HGA"],"itemData":{"id":2458,"type":"article-journal","title":"Reassessing Android malware analysis: From apps to IoT system modelling","container-title":"EAI Endorsed Transactions","volume":"18","issue":"10","author":[{"family":"Rodríguez-Mota","given":"Abraham"},{"family":"Escamilla-Ambrosio","given":"Ponciano Jorge"},{"family":"Aguirre-Anaya","given":"E."},{"family":"Happa","given":"Jassim"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Rodríguez-Mota, Escamilla-Ambrosio, Aguirre-Anaya, & Happa, 2018). If the device is connected to an insecure public wifi hotspot then the probability of man in the middle attacks is much greater than on a private network connection. With the availability of integrated development environments to the general public and end users, it is very easy for an attacker to design a lookalike piece of application to steal credentials known as a phishing attack. It will not be possible for the end user to differentiate between a forged version of the application and an official version of the application.

Creating phishing applications and tricking users into installing them will allow the attackers to form botnets. Botnets are networked of compromised devices that are used to carry out distributed denial of service attacks. In a distributed denial of service attacks, attackers send floods of useless traffic to a target server that cause congestion on the links. Access of legitimate users is blocked to the service in such type of attacks. Distributed denial of service attacks using mobile applications is not that much popular as compared to other types of attacks. Hijacking sessions by using compromised cookies is a popular attack method being actively used by cybercriminals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1ncd3d2lfa","properties":{"formattedCitation":"(Tyagi, Sharma, Malhotra, & Khosla, 2018)","plainCitation":"(Tyagi, Sharma, Malhotra, & Khosla, 2018)"},"citationItems":[{"id":2459,"uris":["http://zotero.org/users/local/gITejLE9/items/T7IVKWTU"],"uri":["http://zotero.org/users/local/gITejLE9/items/T7IVKWTU"],"itemData":{"id":2459,"type":"paper-conference","title":"Comprehensive Methodology for Threat Identification and Vulnerability Assessment in Ad hoc Networks","container-title":"Cyber Security: Proceedings of CSI 2015","publisher":"Springer","page":"335-347","ISBN":"981-10-8535-8","author":[{"family":"Tyagi","given":"Richa"},{"family":"Sharma","given":"Naveen Kumar"},{"family":"Malhotra","given":"Kamini"},{"family":"Khosla","given":"Anu"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Tyagi, Sharma, Malhotra, & Khosla, 2018). Cybercriminals hijack session cookies using cross-site scripting attacks. If the application connects to a third party website to offer specific service then attackers can inject malicious java scripts in that third-party website. The injected code will be delivered to the application as part of the HTML body of the website that will then be executed by the application on the host device. The malicious javascript can be programmed to send the session cookies of the user to the attacker without generating an alert to the user. Therefore, compromised third-party resources pose serious risks to mobile application security.

Controls:

Threats for mobile applications can be mitigated and rendered useless by utilizing efficient security controls. The very first step in securing mobile applications is to use platform integration appropriately in mobile applications. For example, Apple devices provide a key chain storage area for application data as compared to local device storage space provided by other platforms. Applications designed for the iOS platform must use keychain data storage efficiently. Applications designed for Android and other mobile platforms such as ARM architectures must use trusted platform module chips to store encryption keys as these storage spaces are known to be tamper proof ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"am0b48fa1a","properties":{"formattedCitation":"(Ngalo, Xiao, Christianson, & Zhang, 2018)","plainCitation":"(Ngalo, Xiao, Christianson, & Zhang, 2018)"},"citationItems":[{"id":2460,"uris":["http://zotero.org/users/local/gITejLE9/items/TNSYU52X"],"uri":["http://zotero.org/users/local/gITejLE9/items/TNSYU52X"],"itemData":{"id":2460,"type":"paper-conference","title":"Threat Analysis of Software Agents in Online Banking and Payments","container-title":"2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech)","publisher":"IEEE","page":"716-723","ISBN":"1-5386-7518-8","author":[{"family":"Ngalo","given":"Tamsanqa"},{"family":"Xiao","given":"Hannan"},{"family":"Christianson","given":"Bruce"},{"family":"Zhang","given":"Ying"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ngalo, Xiao, Christianson, & Zhang, 2018). Mobile applications have to communicate with the parent server for various operations. The initial communication required for authentication and authorization operation is protected using transport layer security such as SSL and TLS certificates. However, complete communication security can be provided using secure communication protocols for every outside request made on the network. Security at the transport layer level also rules out the possibility of eavesdropping attacks on sensitive user information.

Mobile applications must go through rigorous testing as per the OWASP project standards. Rushing towards the publication of application without fixing the bugs can create a disaster. An infected host platform can compromise even well secure applications as well. Therefore, platform dependent security features must also be integrated with the application framework by the developer ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"acpmeamard","properties":{"formattedCitation":"(Kang, Kim, & Kim, 2018)","plainCitation":"(Kang, Kim, & Kim, 2018)"},"citationItems":[{"id":2461,"uris":["http://zotero.org/users/local/gITejLE9/items/V3FXWGD2"],"uri":["http://zotero.org/users/local/gITejLE9/items/V3FXWGD2"],"itemData":{"id":2461,"type":"article-journal","title":"Trustworthy Smart Band: Security Requirement Analysis with Threat Modeling","container-title":"arXiv preprint arXiv:1812.02361","author":[{"family":"Kang","given":"Suin"},{"family":"Kim","given":"Hye Min"},{"family":"Kim","given":"Huy Kang"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kang, Kim, & Kim, 2018). There are dedicated security businesses that recognize and remove unauthorized versions of mobile applications from the internet. However, mobile application developers must sign their application using valid digital signatures. Signed applications will not only remove the risk of supply chain attacks but will also make the reverse engineering of code extremely difficult for cyber-criminals.

References

ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Atwater, E., & Goldberg, I. (2018). Shatter Secrets: Using Secret Sharing to Cross Borders with Encrypted Devices (Transcript of Discussion). Cambridge International Workshop on Security Protocols, 295–303. Springer.

Coles, J., Faily, S., & Ki-Aries, D. (2018). Tool-supporting Data Protection Impact Assessments with CAIRIS. 2018 IEEE 5th International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE), 21–27. IEEE.

Kang, S., Kim, H. M., & Kim, H. K. (2018). Trustworthy Smart Band: Security Requirement Analysis with Threat Modeling. ArXiv Preprint ArXiv:1812.02361.

Kaur, A., & Kaur, K. (2019). A COSMIC Function Points based Test Effort Estimation Model for Mobile Applications. Journal of King Saud University-Computer and Information Sciences.

Navas, J., & Beltrán, M. (2019). Understanding and mitigating OpenID Connect threats. Computers & Security.

Ngalo, T., Xiao, H., Christianson, B., & Zhang, Y. (2018). Threat Analysis of Software Agents in Online Banking and Payments. 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), 716–723. IEEE.

Rodríguez-Mota, A., Escamilla-Ambrosio, P. J., Aguirre-Anaya, E., & Happa, J. (2018). Reassessing Android malware analysis: From apps to IoT system modeling. EAI Endorsed Transactions, 18(10).

Roy, S., Das, A. K., Chatterjee, S., Kumar, N., Chattopadhyay, S., & Rodrigues, J. J. (2019). Provably secure fine-grained data access control over multiple cloud servers in mobile cloud computing based healthcare applications. IEEE Transactions on Industrial Informatics, 15(1), 457–468.

Schliep, M., & Hopper, N. (2018). End-to-End Secure Mobile Group Messaging with Conversation Integrity and Minimal Metadata Leakage. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, 2282–2284. ACM.

Tyagi, R., Sharma, N. K., Malhotra, K., & Khosla, A. (2018). Comprehensive Methodology for Threat Identification and Vulnerability Assessment in Ad hoc Networks. Cyber Security: Proceedings of CSI 2015, 335–347. Springer.

Venkatasen, M., & Mani, P. (2018). A risk-centric defensive architecture for threat modelling in e-government application. Electronic Government, an International Journal, 14(1), 16–31.

Verdecchia, R. (2018). Identifying architectural technical debt in Android applications through automated compliance checking. Proceedings of the 5th International Conference on Mobile Software Engineering and Systems, 35–36. ACM.

Yoran, E., & Amoroso, E. G. (2018). The Role of Commercial End-to-End Secure Mobile Voice in Cyberspace. The Cyber Defense Review, 3(1), 57–66.

Yu, J., & Hou, B. (2018). Survey on IMD and Wearable Devices Security Threats and Protection Methods. International Conference on Cloud Computing and Security, 90–101. Springer.

Subject: IT

Pages: 8 Words: 2400

Read

Mobile Technology

Mobile Technology: Mobile Incident Response and Investigations

[Name of the Student:]

[Name of the Institution:]

Mobile Technology: Mobile Incident Response and Investigations

Mobile Technology Overview

Mobile technology is the technology that is used to carry out cellular communication. This implies that mobile technology is used for enabling efficient communication between mobile devices through a network. Mobile technology makes use of radio communication to connect with other devices over the network. The most commonly used method of radio communication is CDMA that stands for Code-Division Multiple Access. However, this method of mobile communication has evolved greatly over the past two decades.

Mobile devices are electronic devices that work as connecting points in a cellular network. The cellular network consists of cell sites that are specialized base stations for emitting and receiving the data signals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"dRXoNW8l","properties":{"formattedCitation":"(Ooi & Tan, 2016)","plainCitation":"(Ooi & Tan, 2016)","noteIndex":0},"citationItems":[{"id":53,"uris":["http://zotero.org/users/local/wreEcalP/items/3WLBYD7E"],"uri":["http://zotero.org/users/local/wreEcalP/items/3WLBYD7E"],"itemData":{"id":53,"type":"article-journal","title":"Mobile technology acceptance model: An investigation using mobile users to explore smartphone credit card","container-title":"Expert Systems with Applications","page":"33-46","volume":"59","author":[{"family":"Ooi","given":"Keng-Boon"},{"family":"Tan","given":"Garry Wei-Han"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ooi & Tan, 2016). These cell sites control the communication in a cellular network in the sense that they provide the basis for connections in transferring the data to the destined mobile devices as well as receiving data from those devices to float through the network. A cell phone offers the opportunity of transferring connection from one cell site to another. This is called full-duplex communication. It implies that the cell phone automatically switches between frequencies when the mobile phone user shifts from the range of a cell site to another cell site area. This allows the user to carry mobile phone from one place to another as the mobile phone adjusts and connects to the nearest cell site automatically that offers stronger signals.

Mobile devices have evolved considerably over time, and these devices are not meant only for voice communication in the modern world. Mobile devices have become capable of sending and receiving text messages, voice messages, multimedia messages, and other data. Mobile devices are used for calling video, as well as for having conferences online. These devices offer the facility of using email-enabled with full access to receiving and sending messages as well as the attached files. Further mobile devices can be utilized for sharing information of many types such as text files, audio or video files, images, podcasts, etc. There are many options for choosing among the available software and applications for sharing information through mobile devices ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"qAYC9WRp","properties":{"formattedCitation":"(Heflin, Shewmaker, & Nguyen, 2017)","plainCitation":"(Heflin, Shewmaker, & Nguyen, 2017)","noteIndex":0},"citationItems":[{"id":55,"uris":["http://zotero.org/users/local/wreEcalP/items/RAMQEJH9"],"uri":["http://zotero.org/users/local/wreEcalP/items/RAMQEJH9"],"itemData":{"id":55,"type":"article-journal","title":"Impact of mobile technology on student attitudes, engagement, and learning","container-title":"Computers & Education","page":"91-99","volume":"107","author":[{"family":"Heflin","given":"Houston"},{"family":"Shewmaker","given":"Jennifer"},{"family":"Nguyen","given":"Jessica"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Heflin, Shewmaker, & Nguyen, 2017). Some mostly used sharing facilities in mobile devices include Bluetooth, Share-it, and similar other options. Moreover, mobile devices offer multimedia players, video players, audio players, radio, and mp3 players. These applications have reduced the use of other devices by consumers. People prefer to interact with multimedia through their mobile devices. Today, viewers of sports, TV programs, movies, animated films, documentaries, and others confine their usage to mobile devices only for this purpose.

Mobile devices have the packet switching capacity that enables them to connect to the Internet when required. When connected to the Internet, mobile devices can access all the world's information and let the user avail it. The mobile devices are now extensively been used by consumers for banking purposes. Mobile or Internet banking has enabled customers to make most of the needed transactions through mobile devices. Nowadays, consumers make use of mobile devices to send or receive money, pay utility bills, purchase goods, and services online, and many other purposes. There are many other features that enabled these days in mobile devices that have made the life of consumers very easy. Mobile devices are used for navigation purposes and show the user direction of routes to guide him/her in the right way. The user can browse through the websites for collecting necessary information as well as for making transactions. Many users spend plenty of time playing games on their mobile devices. Finally, mobile devices can store data and keep track of transactions, activities, and contacts that the user has made in previous days.

Mobile networks are also referred to as cellular networks. The cell sites, as discussed above, occupy certain areas of land where cell towers have been installed. The cell towers use various radio frequencies and connect to transfer packets of signals. The cell sites are usually hexagonal, and the cell towers connect to other cell towers as well as the telephone exchanges. The mobile devices connect through these cell towers. To conclude, it can be said that mobile networks constitute a complex network of different devices, towers, and exchanges to provide unrivaled communication experience to consumers of this modern age. In this era, mobile networks have become the focal point of connecting consumers and sharing information with the advent of cellular phones, tablets, and other similar devices.

Mobile networks allow consumers to operate their cell devices over various frequencies in different areas. However, the point is to be noted that the cellular devices and networks adjust the frequencies to use for communicating the data. They make use of the low power transmitters so that they can offer their services with the minimum interference. Mobile networks have evolved with time and grown from simpler to more sophisticated and efficient series of generations. This has been made possible through improvements in mobile technology. The earlier two mobile networks used analog voice for transmitting data, referred by 1G. Later introduced was the digital voice, that is, 2G for communication purposes. Then emerged the 3G technology that introduced the data connections, and this technology proliferated the smartphones in the market. This was combined with access to the Internet on the mobile phone. This invention revolutionized the market of communications. Finally, with the rise of 4G technology, it became possible to use broadband technology over mobile devices. Broadband increased the pace of Internet browsing substantially. The latest version of these technologies has appeared, though. That is a 5G revolution in the mobile service. This technology offers the greatest speeds to consumers' Internet usage. The 5G technology also reduces interference with wireless devices that exist nearby. The latest 5G technology uses signals with shorter wavelength signals and very high frequencies in transmitting data over the network. This technology offers increased bandwidths, and the signals have little chances of distortion. That implies the signals remain more directional, ultimately reducing interference.

Trends in Mobile Technology

A trend is a way in some practice or industry that is becoming increasingly and widely accepted by the people involved. Trends in mobile technology refer to the gradual advancements in the technical aspects, increased usage preferences or inclinations of consumers, and the shaping of interacting behaviors of consumers with mobile networks and devices. Mobile technology has shown certain trends in new developments and productions. Mobile devices and mobile networks exhibit specific directions of advancements that are being observed in these days and will be speculated in the future more effectively ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Mjo61DBb","properties":{"formattedCitation":"(Fu & Hwang, 2018)","plainCitation":"(Fu & Hwang, 2018)","noteIndex":0},"citationItems":[{"id":56,"uris":["http://zotero.org/users/local/wreEcalP/items/KZHTPUCH"],"uri":["http://zotero.org/users/local/wreEcalP/items/KZHTPUCH"],"itemData":{"id":56,"type":"article-journal","title":"Trends in mobile technology-supported collaborative learning: A systematic review of journal publications from 2007 to 2016","container-title":"Computers & Education","page":"129-143","volume":"119","author":[{"family":"Fu","given":"Qing-Ke"},{"family":"Hwang","given":"Gwo-Jen"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Fu & Hwang, 2018). Trends in modern technology have been noticed by the researchers, and these trends indicate a hopeful future of technology.

The mobile apps are more heavily incorporated with artificial intelligence capabilities. This is to make mobile apps more intelligent. The term smartphone also indicates the fact that mobile devices are increasingly being equipped with artificial intelligence features. The use of banking services, shopping features, and browsing options demonstrate the trend exquisitely. Many apps have increased the capabilities of mobile phones. Google Assistant, Google Maps, Alexa, and many others are examples of the AI integrations to the mobile devices. Further, mobile technologies are being integrated with location tracking facilities, as well. Every time people use download feature installed in their devices, their location is accessed by the device. This is a common phenomenon. Mobile devices track their location to get permission for downloads from related websites. These location accesses enable various organizations to interact with the user for different purposes. For instance, the businesses can send their targeted customers ads featuring their exceptional features or ads directed toward specific customers. The government agencies can also trace the individuals based on their mobile phone devices’ locations.

Mobile phones have reshaped the lives of consumers to a great extent. People have shifted most of their communication over mobile devices. They are relatively in less contact with each other, especially families who strived to get together in the past; these days, members of a family are not more physically closer. Yet they are more connected mentally and feel more satisfied this way rather than the traditional direct way of communication all day long. This has given people more freedom and privacy. The children are also more connected with their parents. The parents can ask about their wellbeing and progress now and then. The parents feel an enhanced sense of supervising their children and being informed of their activities. The members of a family or a group of friends can share pictures instantly at any occasion or event. The concept of social linkage and living together in a community have got strengthened due to existence of mobile devices.

Mobile technology is focusing on the speed of the processes involved. The programmers in mobile companies are working hard to develop mobiles that take little processing time. For instance, developers are striving to empower mobiles with fast browsing capabilities. Mobile commerce experience for the customers has to be improved by enabling certain features on the device that allow customers to make transactions with ease and credibility. To offer customers an opportunity to carry out payments with convenience and reliability is deemed to win customer loyalty and trust. Many new apps have been legalized and verified for providing reliable transactions to customers, and these apps allow the users to make financial transactions directly through the mobile and without intervention of banks or target companies. The mobile device manufacturers are required to create personalized experiences for customers. They have to interact with them on a priority basis and address their problems with focus and responsibility. People can choose to interact on any platform with the company. The mobile devices are the future of communication devices. The current trends indicate that future success will be for those companies that stay competent in this age ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"2WWoyJBe","properties":{"formattedCitation":"(Lai, 2019)","plainCitation":"(Lai, 2019)","noteIndex":0},"citationItems":[{"id":57,"uris":["http://zotero.org/users/local/wreEcalP/items/8SZ5NLNM"],"uri":["http://zotero.org/users/local/wreEcalP/items/8SZ5NLNM"],"itemData":{"id":57,"type":"article-journal","title":"Trends of mobile learning: A review of the top 100 highly cited papers","container-title":"British Journal of Educational Technology","author":[{"family":"Lai","given":"Chiu-Lin"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Lai, 2019). Further, a new trend in mobile technology has emerged to be the pairing of wearable items with mobile devices. "Smartwatches, glasses, bracelets, healthcare monitoring devices, etc." are in great demand. People want every accessory they use to be smart and powerful. The mobile devices paired with them create a mutual link, and these accessories exhibit intelligence and communication depending upon their capacities.

Mobile technologies are advancing toward achieving great features for mobile devices. The companies have started making efforts to enable mobile devices to control the outside objects nearby. The hope exists about digital devices to control houses of people and allow them more comfort in life. For this purpose, the houses will also be intelligent a little bit. The mobile technology is advancing to optimize the customer experience with innovation, quality, and performance.

Among the latest trends in mobile technology is to enhance data protection and security. These efforts are being made to win the customer's loyalty. Improved protection and security means reduced risks of data loss. Further, mobile technology has turned to address the needs of investigating cases of mobile incidents and provide useful clues to solve those issues. This practice is associated with the implementation of certain scientific techniques and procedures to detect crimes. It is referred to as device forensics. The device forensics uses embedded systems for finding evidence that can prove helpful in the court. The embedded systems used in mobile or other electronic devices are GPS tracking systems, personal data assistants, and multimedia players. The evidence generated as an outcome of the forensics research is digital and reliable. The mobile devices are prevalent these days, and people are involved in many activities using these mobiles. Therefore, a lot of important personal data is associated with these mobile devices.

Threats posed to the extensive and universal usage of mobile devices entail cyber-crimes, social crimes, and crimes committed against individuals, organizations, or states. The information saved in or via mobile devices is the only way to solve the issue in most cases. The email history, previous calls are done by the user or received calls, messages exchanged, or the embedded apps used – all can be sources of evidence. The apps installed on mobile devices are becoming more proactive. The artificial intelligence has a great contribution toward enabling the mobile manufacturing companies to incorporate the intelligent systems in the devices. It provides certain algorithms, programs, and applications that will empower the electronic or mobile devices to meet the needs of the future and provide security to the user as well as the society on the whole.

Laws, Regulations, and the Forensic Handling of Mobile Devices

People in the modern world have become involved in countless activities that make use of the Internet and electronic devices such as mobiles, computers, tablets, etc. These activities are linked to different issues related to security and privacy. For instance, individuals can receive threats by a party on mobile devices via the Internet. Hackers can plan attacks against a computer network and can cause serious damages to the identity, assets, or confidential data of the entities involved. Another considerable threat that is prone to harm the vulnerable networks is the viruses that are generated artificially as well as they can emerge automatically due to system flaws. The viruses can cause defects in operating systems and other computer applications, leading to disturbance in work and potential loss of data. The electronic devices are used for storing data, which can contain information regarding the incidents.

Given the above-mentioned situation, it becomes necessary to address the issues of insecurity, crimes, and social evils related. To this end, the government has to step in and make the regulatory framework for the use of mobile and other electronic devices. The government authorities establish regulations to control online traffic, data, and assets security and protect identities of individuals and organizations. The laws and regulations that govern digital evidence in investigations of crimes are primarily sourced by the Fourth Amendment made to the United States Constitution or the statutory laws ensuring privacy. While considering various situations that emerge as a result of cyber-crimes, it can be noted that these situations mostly fall under either the Fourth Amendment or any one of the three statutory laws. The two primary sources of law sometimes overlap in regulating the use of electronic devices for communicating over a network. Therefore, these laws and their implications are usually discussed together to serve the purpose.

The laws restrict the authorities to search and seize digital evidence without a legal warrant. This is to ensure transparency, unbiasedness, and efficacy in the implementation of concerning laws ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"FL2AEnOg","properties":{"formattedCitation":"(Losavio, Chow, Koltay, & James, 2018)","plainCitation":"(Losavio, Chow, Koltay, & James, 2018)","noteIndex":0},"citationItems":[{"id":59,"uris":["http://zotero.org/users/local/wreEcalP/items/4LFMQH3D"],"uri":["http://zotero.org/users/local/wreEcalP/items/4LFMQH3D"],"itemData":{"id":59,"type":"article-journal","title":"The Internet of Things and the Smart City: Legal challenges with digital forensics, privacy, and security","container-title":"Security and Privacy","page":"e23","volume":"1","issue":"3","author":[{"family":"Losavio","given":"Michael M."},{"family":"Chow","given":"K. P."},{"family":"Koltay","given":"Andras"},{"family":"James","given":"Joshua"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Losavio, Chow, Koltay, & James, 2018). This is to ensure the security and dignity of people, organizations, and records so that no violations occur of the basic as well as civil rights of the entities involved. The law states that the search and seizure of property can be permitted only in case of some serious or meaningful interference with the possessions of an entity. The court will not accept any evidence that has been collected in violence of the “Fourth Amendment Protection Act." The laws have interfered and governed many situations that involve examination of the devices used by terrorist suspects ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"w6vCSEiZ","properties":{"formattedCitation":"(Wayne, 2018)","plainCitation":"(Wayne, 2018)","noteIndex":0},"citationItems":[{"id":61,"uris":["http://zotero.org/users/local/wreEcalP/items/RN7Y3MEZ"],"uri":["http://zotero.org/users/local/wreEcalP/items/RN7Y3MEZ"],"itemData":{"id":61,"type":"book","title":"Cybercrime and Digital Forensics","publisher":"Clanrye International","ISBN":"1-63240-725-6","author":[{"family":"Wayne","given":"Jason"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Wayne, 2018). To this end, sometimes, the authorities have to acquire the services of a third party to solve the cases. The third party's role is usually to decode sensitive information or investigate records of possible suspects.

Certain aspects of evidence collection by law enforcement are not restricted by the Fourth Amendment. Information that has been shared on a drive with others, or the private searches made individually and already found by other workers are not covered by the amendment as well. In a Supreme Court’s jurisdiction, it has been ordained that intrusion with the use of technology should be considered to be a search of evidence, and the protection given in the Fourth Amendment was extended to even those areas for which an individual has a reasonable expectation of privacy. The US court ruled out for complicated issues that no files would be given privacy in case a specific portion of a memory drive is under inspection, and the argument that those files are separate in their use will hold no value.

Digital forensics is the study of principles, techniques, and procedures applied in recovery and investigation of susceptible data recorded in or via the digital devices to provide evidence in criminal cases ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"JLNMpBKj","properties":{"formattedCitation":"(Sunde & Dror, 2019)","plainCitation":"(Sunde & Dror, 2019)","noteIndex":0},"citationItems":[{"id":60,"uris":["http://zotero.org/users/local/wreEcalP/items/59GJFWJU"],"uri":["http://zotero.org/users/local/wreEcalP/items/59GJFWJU"],"itemData":{"id":60,"type":"article-journal","title":"Cognitive and human factors in digital forensics: Problems, challenges, and the way forward","container-title":"Digital Investigation","page":"101-108","volume":"29","author":[{"family":"Sunde","given":"Nina"},{"family":"Dror","given":"Itiel E."}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sunde & Dror, 2019). All digital devices that can be used in digital or cyber-crimes lie within the scope of digital forensics. Mobile phones, tablets, personal computers, laptops, SIM cards, memory chips, memory cards, portable hard drives, email records, calling details, messages history, and many similar sources come in direct observation in case an incident occurs that needs to be responded by the investigating team.

Several institutions today define and exercise notable practices in forensics research and analysis. The “Scientific Working Group on Digital Evidence” emphasizes the best methods to collect, analyze, and report forensic evidence for use by a court. Another example is the "National Institute of justice," which lays a basis of principles and standards for conducting forensic research effectively. The “American Bar Association” is prominent in this respect, and it has issued a detailed guide on carrying out digital forensics efficiently.

The forensic research principles and guidelines say that the evidence must not be lost in research and investigation procedures. That is why the situations require to be handled gently that makes sure the devices involved are intact, or not damaged more in case they are already damaged. Whether the device involved is physical or digital, the evidence should be acquired with care and protocol. The handling of mobile or other electronic devices should be assigned to experienced and skillful persons because many times, certain situations arise that demand professional knowledge. For instance, a situation may arise where the digital device is programmed to destroy data actively through the disk formatting feature; it may be necessary to turn off the device immediately so that the crucial data needed for evidence can be saved from being destroyed. It can be considered alternatively, however, that the device should not be turned off at once to allow the investigating forensics research team to check the temporary run-time memory of the device.

Digital evidence has many similar issues, like those of the physical evidence. For instance, digital evidence can get contaminated by external factors. Therefore, it is recommended in forensics research practice that all digital evidence should be saved by creating digital backups, replicas, or captures. Images are usually created to save digital evidence or susceptible data. The images are very useful in this respect and provide accurate recovery of the data in case of evidence lost. Further, images are the most dependable source of data in most of the cases provided that the images indicate the required incident. The forensic information can be produced by several other useful sources such as susceptible encrypted files, deleted files, or metadata.

Analysis and Presentation of Forensic Information

It should be noted that in cases of digital crimes, most of the digital evidence is likely to be found within the file system. However, the most challenging job of a forensics research professional is to understand the file systems of digital devices. The professionals should demonstrate the ability to explore, find, and evaluate the relevant information from within the file systems existing in the electronic devices. The file system analysis entails several activities to be completed depending upon the case requirements. The researcher has to identify the crucial information on the storage device, probably a disk drive. An ability to read source data is an essential skill. The researcher has to indulge in analyzing several partitions on the hard drive employing various techniques. Further, the researcher needs to analyze the contents of disk drives. Finding relevant evidence is the outcome of all effort, and it can be accomplished by finding metadata, recovering deleted files, and identifying locations used for data handling.

Mobile devices investigation usually involves forensic tools that may be commercial or open-source. Forensic tools are used to search for data from within the internal memory of mobile devices. The content of internal memory is not changed in forensic examination. The integrity hashes also have to be calculated for the information collected. All forensic tools must adhere to the protocol and standards that have been developed for regulating communications with digital devices ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"hdzGs2tk","properties":{"formattedCitation":"(Cameron, 2018)","plainCitation":"(Cameron, 2018)","noteIndex":0},"citationItems":[{"id":58,"uris":["http://zotero.org/users/local/wreEcalP/items/LL25SXEQ"],"uri":["http://zotero.org/users/local/wreEcalP/items/LL25SXEQ"],"itemData":{"id":58,"type":"book","title":"Future of digital forensics faces six security challenges in fighting borderless cybercrime and dark web tools","publisher":"Retrieved from Computer. org: https://publications. computer. org/security …","author":[{"family":"Cameron","given":"Lori"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cameron, 2018).

When investing in digital crimes, forensic researchers should pay enough attention to locating the information storage location accurately. The investigators are confronted with immense trouble in dealing with mobile devices during forensics research. This is because mobile phone users are used to installing several applications in their devices, which are not provided by the mobile company. These applications are referred to as third-party applications. These applications include IMO, tango, KM player, and many others. The problem arises in finding out the exact location of information storage. For instance, a third-party app usually doesn't allow the user to record the file history somewhere in the mobile device; instead, the files are located in the server of the third-party app's server. When the forensic researcher tries to locate the relevant information in mobile device storage, the files are not found, and the researcher is prone to be misled.

Forensic research involves data carving that is applied in case no metadata is available. It entails fetching the data files from raw data fragments of the memory drive and reassembling them. Data carving is performed by the researcher to find out the lost or deleted data. It is carried out, for instance, when a memory drive is encountered with failure of an action. The inherent concept in this activity is that the file systems in storage devices do not delete the data in absolute terms. Certain means of extracting the deleted data do exist like the data carving technique to assist in providing evidence in digital forensics. There are four steps involved in the data carving process. A data set is needed to perform the task for testing the data carving tools and the outcomes. Producing a valid data file is also necessary for the fragmented files. The use of languages invalidating the data files often referred to as semantic validation, is essential in doing digital forensic research. The final step in data carving is to leverage the process of carving validation so that it may be enabled to identify the injected codes or potential data evidence.

A compound file is a file containing data or information, and it consists of other files or data. The ZIP compressed file is a vivid example of what a compound file can be. It is required in forensics research to expand the compound files in the early stages of a forensic research project so that the forensic researcher could explore the contents fully. Further, it is suggested that forensic research requires to perform compound file expansion before the index search is conducted.

Digital forensics research needs to be presented in a written form formally once it has been completed in every respect. These reports are probable to be reviewed by organizations, individuals, forensic researchers, lawyers, judges, and many others. Therefore, the report should comply with all the established standards for report presentation. A formal digital forensic analysis report consists of an executive summary, research findings, appendices, and a conclusion.

The introduction describes an account of the case under discussion, informing the reader about the issue of cyber-crime and outlining the steps briefly to be taken in the research. The introduction also gives details about initialization of the project, and the need for evidence to be extracted through this study. The next step is to coming in contact with the digital evidence sources and preserving digital devices with care. This section details the careful handling of digital devices. The techniques and tools to be used in the digital forensic investigation are discussed and justified in this section. The details of forensic investigation and their analysis are presented in the third section. The tools and techniques used in the research are elaborated. The analytical methods employed need to be described with a complete explanation so that the reader finds the report credible enough for referencing in several places. The findings will be presented after analysis. The findings should be based on objective judgments, and digital forensic knowledge has to be employed in deducing inferences from the analysis data. Finally, a conclusion is given based on the analysis and findings. To present report findings after giving detailed analysis is more than an art. The way these findings are inferred makes the audience persuaded.

Biggest Threat & the most promising Technology in Mobile Devices

Social engineering is likely to be the greatest threat among the cybersecurity issues in the future. It refers to the use of deceptive tactics to misuse individuals so that they leak out their personal information or confidential information related to an organization, eventually leading to identity or property damages. Social engineering can be executed through computers, mobiles, and other electronic devices. With mobile devices, social engineering can cause serious threats to users' identity or assets. Fake messages can be received by users, and they could be persuaded to share their personal information. The users may also be urged to register with some malicious application or connect with a malicious link. Further, the hacker might send spam emails or messages that can harm if opened carelessly. Sometimes, certain web links are suggested by anonymous service providers, which can harm the device potentially. Social engineering, when performed to attack corporates, can damage them considerably. To intrude an organization, social engineering geniuses find someone in the organization to get confidential information. They manipulate employees in many ways and make them divulge secret information. The hackers use this information to plan cyber-crimes.

The best solution to confront the challenge of social engineering threat is to be pro-active and think and prepare for it is one step ahead of the hackers. To this end, individuals must be educated to have the necessary cyber-awareness. In the context of a corporate, they should implement strict identification policies, security systems, and authentication procedures. Appropriate privileges must be granted to employees for accessing their relevant information within the premises of the organization. The latest software should be installed to protect any cyber-attacks. This software should comprise antivirus as well as anti-phishing. The organizations should classify their information and take protective measures by granting controlled access to all employees. In an individual context, it is important to beware of unknown identities. Android scanners need to be used and updated regularly. Any unknown or suspicious email, message, or call should be avoided. It is most dangerous to do as advised in a fake message. The connections on social media should be monitored and verified.

Works Cited

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Cameron, L. (2018). The future of digital forensics faces six security challenges in fighting borderless cybercrime and dark web tools. Retrieved from Computer. org: https://publications. computer. org/security ….

Fu, Q.-K., & Hwang, G.-J. (2018). Trends in mobile technology-supported collaborative learning: A systematic review of journal publications from 2007 to 2016. Computers & Education, 119, 129–143.

Heflin, H., Shewmaker, J., & Nguyen, J. (2017). Impact of mobile technology on student attitudes, engagement, and learning. Computers & Education, 107, 91–99.

Lai, C.-L. (2019). Trends of mobile learning: A review of the top 100 highly cited papers. British Journal of Educational Technology.

Losavio, M. M., Chow, K. P., Koltay, A., & James, J. (2018). The Internet of Things and the Smart City: Legal challenges with digital forensics, privacy, and security. Security and privacy, 1(3), e23.

Ooi, K.-B., & Tan, G. W.-H. (2016). Mobile technology acceptance model: An investigation using mobile users to explore smartphone credit card. Expert Systems with Applications, 59, 33–46.

Sunde, N., & Dror, I. E. (2019). Cognitive and human factors in digital forensics: Problems, challenges, and the way forward. Digital Investigation, 29, 101–108.

Wayne, J. (2018). Cybercrime and Digital Forensics. Clanrye International.

Subject: IT

Pages: 19 Words: 5700

Read

MPW-108958

The Effects of the Quantum Computing on Improving the Performance of Artificial Intelligence

Author

Institution

The Effects of the Quantum Computing on Improving the Performance of Artificial Intelligence

Quantum computing is the field that focuses on quantum computation, information processing, and the mathematical and physical theory for which different circuits and algorithms must be integrated into hardware performance. Computational science incorporates artificial intelligence, and there is a strong engineering component attached to computational science. The basic purpose served by artificial intelligence coupled with computational science is to formalize intelligence and analyzing that knowledge. Analysis of the knowledge is performed by building software and/or hardware systems that are able to perform intelligent operations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"hI9CmLka","properties":{"formattedCitation":"(Manin, n.d.)","plainCitation":"(Manin, n.d.)","noteIndex":0},"citationItems":[{"id":1373,"uris":["http://zotero.org/users/local/jsvqEXt1/items/JPVLQXAJ"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/JPVLQXAJ"],"itemData":{"id":1373,"type":"article-journal","title":"Classical computing, quantum computing, and Shor's factoring algorithm","page":"31","source":"Zotero","language":"en","author":[{"family":"Manin","given":"Yuri I"}]}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Manin, n.d.). Machine learning and deep learning, nowadays, can be pragmatic with the help of simulating physics, generating art, voice recognition, computer vision, autonomous robotics, and through genomic data. However, these approaches take a very data-centric approach to classify and navigate complex data spaces.

Simple and small rule/units in large number, when combined, end up in the conclusion of big complex systems. Besides, for better calculations and smart intelligence operations, efforts are being made to build optimized and custom hardware via gates and arithmetic/logic units, and small memory units; a deep neural net accessible for programming via low-level capable languages like C or go the hardware description route such as VHDL.

Problem to be Solved

Quantum computers have the ability to solve complex problems that are, to some extent, are impossible to solve using conventional computers. In addition, the quantum states, i.e. "qubits" are exceedingly unstable while interacting with interference environment because each interaction leads to a state function collapse, ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"FEw78SqB","properties":{"formattedCitation":"(Ying, 2010a)","plainCitation":"(Ying, 2010a)","noteIndex":0},"citationItems":[{"id":1364,"uris":["http://zotero.org/users/local/jsvqEXt1/items/IBWHW9NS"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/IBWHW9NS"],"itemData":{"id":1364,"type":"article-journal","title":"Quantum computation, quantum theory and AI","container-title":"Artificial Intelligence","collection-title":"Special Review Issue","page":"162-176","volume":"174","issue":"2","source":"ScienceDirect","abstract":"The main purpose of this paper is to examine some (potential) applications of quantum computation in AI and to review the interplay between quantum theory and AI. For the readers who are not familiar with quantum computation, a brief introduction to it is provided, and a famous but simple quantum algorithm is introduced so that they can appreciate the power of quantum computation. Also, a (quite personal) survey of quantum computation is presented in order to give the readers a (unbalanced) panorama of the field. The author hopes that this paper will be a useful map for AI researchers who are going to explore further and deeper connections between AI and quantum computation as well as quantum theory although some parts of the map are very rough and other parts are empty, and waiting for the readers to fill in.","DOI":"10.1016/j.artint.2009.11.009","ISSN":"0004-3702","journalAbbreviation":"Artificial Intelligence","author":[{"family":"Ying","given":"Mingsheng"}],"issued":{"date-parts":[["2010",2,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ying, 2010a). One way of combating the error-correction is through artificial neural networks. Artificial neural networks are computer programs that replicate the behaviour of interrelated neurons. So, how artificial neural networks will devise error-correction strategies? Quantum computers, unlike conventional computers, use quantum bits or qubits that superimpose the two states – zero and one – of the qubit. Besides, the processor of quantum computers superimposes multiple qubits in a single joint state. So, the entanglement of multiple qubits enhances the processing power of a quantum computer for solving complex tasks. The algorithms based on quantum bits, capable of dealing with multiple states can be interfaced with artificial intelligence to achieve more speed and to install decision-making capabilities in AI machine models.

Another problem that can be solved through quantum computing is; revealing defects in the quantum computer using auxiliary qubits. By positioning additional qubits – auxiliary qubits – that store the actual information, the defects in quantum computers are not only revealed but also ratified. Auxiliary bits will allow the controller of quantum computers not only to locate the fault but also perform operations on the qubits that carry information in such areas. The idea of using auxiliary bits is to train the quantum network so efficiently that it outstrips the correction strategies designed by human minds. These trained networks can be interfaced with artificial intelligence to train deep learning models to obtain greater computational power. The main area of focus in QC is optimization, and optimization problems are undoubtedly a real challenge to artificial intelligence. In optimization problems, the aim is to make the best decision out of a very large number of possibilities. QC will allow for much faster and better answers. More often than not DSMC (Direct Simulation Monte Carlo) methods are used for the sampling of the research space in conventional computers. It has been witnessed that search space is huge most of the times thus, for the initiation of the process initial guesses of the starting points are used. Quantum computing gives you the choice of running all possible choices and all possible permutations of decisions simultaneously ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"wjkRM9mH","properties":{"formattedCitation":"(Aaronson & Ambainis, 2018)","plainCitation":"(Aaronson & Ambainis, 2018)","noteIndex":0},"citationItems":[{"id":1369,"uris":["http://zotero.org/users/local/jsvqEXt1/items/CWCP7JZX"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/CWCP7JZX"],"itemData":{"id":1369,"type":"article-journal","title":"Forrelation: A Problem That Optimally Separates Quantum from Classical Computing","container-title":"SIAM Journal on Computing","page":"982-1038","volume":"47","issue":"3","source":"epubs.siam.org (Atypon)","abstract":"We achieve essentially the largest possible separation between quantum and classical query complexities. We do so using a property-testing problem called Forrelation, where one needs to decide whether one Boolean function is highly correlated with the Fourier transform of a second function. This problem can be solved using 1 quantum query, yet we show that any randomized algorithm needs $\\Omega(\\sqrt{N}/\\log N)$ queries (improving an $\\Omega(N^{1/4})$ lower bound of Aaronson). Conversely, we show that this 1 versus $\\widetilde{\\Omega}(\\sqrt{N})$ separation is optimal: indeed, any $t$-query quantum algorithm whatsoever can be simulated by an $O(N^{1-1/2t})$-query randomized algorithm. Thus, resolving an open question of Buhrman et al. [SIAM J. Comput., 37 (2008), pp. 1387--1400] from 2002, there is no partial Boolean function whose quantum query complexity is constant and whose randomized query complexity is linear. We conjecture that a natural generalization of Forrelation achieves the optimal $t$ versus $\\Omega(N^{1-1/2t})$ separation for all $t$. As a bonus, we show that this generalization is ${BQP}$-complete. This yields what is arguably the simplest ${BQP}$-complete problem yet known and gives a second sense in which Forrelation “captures the maximum power of quantum computation.”","DOI":"10.1137/15M1050902","ISSN":"0097-5397","title-short":"Forrelation","journalAbbreviation":"SIAM J. Comput.","author":[{"family":"Aaronson","given":"Scott."},{"family":"Ambainis","given":"Andris."}],"issued":{"date-parts":[["2018",1,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Aaronson & Ambainis, 2018). Even choices of models are often simplified to make the problem tractable in a given time. If this is less of an issue, more robust models can be run; however, there is a need to caution against new over-promising techniques.

Literature Review

Quantum computing’s applications in AI extend from learning algorithms to decision problems and quantum research. Besides, AI researchers can design algorithms of quantum computing to solve complex problems efficiently ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"rvoywu0q","properties":{"formattedCitation":"(Ying, 2010b)","plainCitation":"(Ying, 2010b)","noteIndex":0},"citationItems":[{"id":1367,"uris":["http://zotero.org/users/local/jsvqEXt1/items/6LUVY44V"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/6LUVY44V"],"itemData":{"id":1367,"type":"article-journal","title":"Quantum computation, quantum theory and AI","container-title":"Artificial Intelligence","collection-title":"Special Review Issue","page":"162-176","volume":"174","issue":"2","source":"ScienceDirect","abstract":"The main purpose of this paper is to examine some (potential) applications of quantum computation in AI and to review the interplay between quantum theory and AI. For the readers who are not familiar with quantum computation, a brief introduction to it is provided, and a famous but simple quantum algorithm is introduced so that they can appreciate the power of quantum computation. Also, a (quite personal) survey of quantum computation is presented in order to give the readers a (unbalanced) panorama of the field. The author hopes that this paper will be a useful map for AI researchers who are going to explore further and deeper connections between AI and quantum computation as well as quantum theory although some parts of the map are very rough and other parts are empty, and waiting for the readers to fill in.","DOI":"10.1016/j.artint.2009.11.009","ISSN":"0004-3702","journalAbbreviation":"Artificial Intelligence","author":[{"family":"Ying","given":"Mingsheng"}],"issued":{"date-parts":[["2010",2,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ying, 2010b). Quantum computing will allow AI researchers to borrow ideas from quantum computing and devise methods of formalizing problems in AI. AI and QC researchers can develop new AI techniques to solve the problems in the quantum world. Quantum computers are able to solve the problems that are impossible for classical computers to solve. However, there is a limitation to QC, i.e. it is highly sensitive to interference from the environment. One of the first-order tasks for AI researchers is to analyze visual information, however, owing to the complex algorithms it is high time that AI and QC researchers develop better ways to store, retrieve, and process image processing ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"6Q69E8fM","properties":{"formattedCitation":"(Miakisz, Piotrowski, & S\\uc0\\u322{}adkowski, 2006)","plainCitation":"(Miakisz, Piotrowski, & Sładkowski, 2006)","noteIndex":0},"citationItems":[{"id":1359,"uris":["http://zotero.org/users/local/jsvqEXt1/items/FJBXALZR"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/FJBXALZR"],"itemData":{"id":1359,"type":"article-journal","title":"Quantization of games: Towards quantum artificial intelligence","container-title":"Theoretical Computer Science","page":"15-22","volume":"358","issue":"1","source":"ScienceDirect","abstract":"We discuss the impact of quantum game theory on information processing and the emerging information society. The framework, that we establish, encompasses various particular models considered in the field of artificial intelligence. This paper provides insight into the following issues: detailed analysis of a quantum algorithm solving Newcombs’ paradox, the Elitzur–Vaidman circuit breaker and the Metropolis algorithm is presented.","DOI":"10.1016/j.tcs.2005.11.003","ISSN":"0304-3975","title-short":"Quantization of games","journalAbbreviation":"Theoretical Computer Science","author":[{"family":"Miakisz","given":"Katarzyna"},{"family":"Piotrowski","given":"Edward W."},{"family":"Sładkowski","given":"Jan"}],"issued":{"date-parts":[["2006",7,31]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Miakisz, Piotrowski, & Sładkowski, 2006).

While working with these states, the responsibility of the operating system is not only limited to process them simultaneously but also to store and leave the information intact. The other issue which is also central when it comes to dealing with quantum computers is their high sensitivity to the environment. Special arrangements are to be made to preserve the system and its premises as a slight violation can result in an alteration of results. The optimization problems that interfacing neural networks with artificial intelligence are also a big concern. Quantum computers can be harnessed in some specific ways to solve sequential problems. The ability to optimize different samples and data using quantum algorithms will go handy as far as the compatibility issues are concerned.

Algorithms and Applications

The word "algorithm" is used the same in quantum computing as anywhere else. It is just that many quantum algorithms have a probabilistic step in them. The final act of instrument cannot be performed by the classical deterministic computers because they are only capable of determining final distributions while quantum computers handle probabilities of the qubits to get random output ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"FszWv2Zb","properties":{"formattedCitation":"(Ying, 2010a)","plainCitation":"(Ying, 2010a)","noteIndex":0},"citationItems":[{"id":1364,"uris":["http://zotero.org/users/local/jsvqEXt1/items/IBWHW9NS"],"uri":["http://zotero.org/users/local/jsvqEXt1/items/IBWHW9NS"],"itemData":{"id":1364,"type":"article-journal","title":"Quantum computation, quantum theory and AI","container-title":"Artificial Intelligence","collection-title":"Special Review Issue","page":"162-176","volume":"174","issue":"2","source":"ScienceDirect","abstract":"The main purpose of this paper is to examine some (potential) applications of quantum computation in AI and to review the interplay between quantum theory and AI. For the readers who are not familiar with quantum computation, a brief introduction to it is provided, and a famous but simple quantum algorithm is introduced so that they can appreciate the power of quantum computation. Also, a (quite personal) survey of quantum computation is presented in order to give the readers a (unbalanced) panorama of the field. The author hopes that this paper will be a useful map for AI researchers who are going to explore further and deeper connections between AI and quantum computation as well as quantum theory although some parts of the map are very rough and other parts are empty, and waiting for the readers to fill in.","DOI":"10.1016/j.artint.2009.11.009","ISSN":"0004-3702","journalAbbreviation":"Artificial Intelligence","author":[{"family":"Ying","given":"Mingsheng"}],"issued":{"date-parts":[["2010",2,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ying, 2010a). The randomness is an input resource for a lot of algorithms, simulations and cryptography so quantum technologies have their own methods of generating randomness. Also, there aren't an infinite number of solutions; quantum computers have a finite number of qubits which, when read out produce finite-length bit-strings.

Quantum search algorithm is used to avoid quantum parallelism using quantum entanglement. It is a representation of the power of quantum. Let suppose we have a function ‘f’. We know that there is a unique input ‘x’ which satisfies the function such as f(x) = 1. To find the function ‘f’, we put this into the quantum circuit to make it reversible. This search process inserts value 1 to the function at point ‘x’, what we want to compute. The big O analysis of quantum search suggests that it finds the list of black-box containing functions (like f) in O(√N) (in comparatively very less time) instead of O(N) (number of inputs) in classical search because of no information of function ‘f’.

Shor’s algorithm has a probabilistic approach having two distinguished sources of randomness. One observes quantum memory and generate random results while other works by reducing the factors to find the function’s period.

Forrelation is one technique which extensively distinguishes quantum computing with that of classical. It is actually an algorithm that is used to test the properties while comparing Boolean functions and Fourier transform of the second function. To analyze the time required to perform a function ‘f’, we have a query model to determine how much time an algorithm takes. So instead of time complexity, a query complexity is measured and this query is called t-query. As in forrelation “This problem can be solved using 1 quantum query, yet we show that any randomized algorithm needs Ω (√ N / log N) queries (improving a Ω (N1/4 ) lower bound of Aaronson). Conversely, we show that this 1 versus Ω( e √ N) separation is optimal: indeed, any t-query quantum algorithm whatsoever can be simulated by an O N1−1/2 t-query randomize.” ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"McTr22W3","properties":{"formattedCitation":"(Aaronson & Ambainis, 2018)","plainCitation":"(Aaronson & Ambainis, 2018)","noteIndex":0},"citationItems":[{"id":24,"uris":["http://zotero.org/users/local/5OlhLovK/items/JGWSEZPQ"],"uri":["http://zotero.org/users/local/5OlhLovK/items/JGWSEZPQ"],"itemData":{"id":24,"type":"article-journal","title":"Forrelation: A problem that optimally separates quantum from classical computing","container-title":"SIAM Journal on Computing","page":"982–1038","volume":"47","issue":"3","source":"Google Scholar","title-short":"Forrelation","author":[{"family":"Aaronson","given":"Scott"},{"family":"Ambainis","given":"Andris"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Aaronson & Ambainis, 2018). Where N is the number of input elements. It reveals that any quantum query having constant complexity does not possess partial Boolean function provided linear randomized query complexity. This work is very useful and gives an empirical basis for the maximum power of quantum computation. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"4vGc2ljc","properties":{"formattedCitation":"(Aaronson & Ambainis, 2018)","plainCitation":"(Aaronson & Ambainis, 2018)","noteIndex":0},"citationItems":[{"id":24,"uris":["http://zotero.org/users/local/5OlhLovK/items/JGWSEZPQ"],"uri":["http://zotero.org/users/local/5OlhLovK/items/JGWSEZPQ"],"itemData":{"id":24,"type":"article-journal","title":"Forrelation: A problem that optimally separates quantum from classical computing","container-title":"SIAM Journal on Computing","page":"982–1038","volume":"47","issue":"3","source":"Google Scholar","title-short":"Forrelation","author":[{"family":"Aaronson","given":"Scott"},{"family":"Ambainis","given":"Andris"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Aaronson & Ambainis, 2018)

Implementation

Games are one major display of modern technology as they have become a part of life, especially for youth. Online or video games with multiplayer where players are divided into teams. Quantum information can be incorporated in such types of games to acquire a certain level of equilibrium strategy which is not present in other games. Researchers are working on the quantum mediated framework in order to enable multiplayer with each player having more than two strategic choices. Quantization of games in artificial intelligence has now been implemented and researchers are doing extensive research and experiments in the field. The framework functions by pre-quantizing and quantizing as clear-cut modifications of classical simulation games. By quantizing, a game is redefined as a reverse operation on quantum bits to represent player’s strategies. In quantization, the number of quantum bits is reduced and resultant unitary operations preserve the features of actual classical games. A new qubit called ancillary qubits is introduced so that other quantum characteristics can be explored. Those characteristics include non-local quantum gates, entanglement, and measurements of reduced states. Quantum game theory is not very common today, but future prospects suggest that this field is one of the very crucial disciplines of the emerging information age. “Quantum game theory cannot be neglected because current technological developments suggest that sooner or later someone would take full advantage of quantum theory and may use quantum strategies to beat us at some realistic game” ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"I205cOxn","properties":{"formattedCitation":"(Miakisz, Piotrowski, & S\\\\ladkowski, 2006)","plainCitation":"(Miakisz, Piotrowski, & S\\ladkowski, 2006)","noteIndex":0},"citationItems":[{"id":27,"uris":["http://zotero.org/users/local/5OlhLovK/items/7Y96HI54"],"uri":["http://zotero.org/users/local/5OlhLovK/items/7Y96HI54"],"itemData":{"id":27,"type":"article-journal","title":"Quantization of games: Towards quantum artificial intelligence","container-title":"Theoretical Computer Science","page":"15–22","volume":"358","issue":"1","source":"Google Scholar","title-short":"Quantization of games","author":[{"family":"Miakisz","given":"Katarzyna"},{"family":"Piotrowski","given":"Edward W."},{"family":"S\\ladkowski","given":"Jan"}],"issued":{"date-parts":[["2006"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Miakisz, Piotrowski, & S\ladkowski, 2006)

Quantum computation also assists AI in the field of image processing. It is out of the scope of conventional computer systems to cater for state of the art machine and deep learning algorithms and their computational complexity. Quantum computing serves the purpose by providing solutions by superposition of qubit states in the infinite number of possibilities by changing the values of A and B (the two qubits) and entanglement. Entanglement has no basis in classical computers and is a special characteristic of quantum systems. An image is stored in a qubit array having the capability to store the information in quantum systems that are multi-particle. It also provides eavesdropping and secrecy detection services. “Entanglement is seen to be at the heart of QIP unique properties, and an example of it is its role in Quantum Teleportation” ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"IwZhsM4M","properties":{"formattedCitation":"(Venegas-Andraca & Bose, 2003)","plainCitation":"(Venegas-Andraca & Bose, 2003)","noteIndex":0},"citationItems":[{"id":29,"uris":["http://zotero.org/users/local/5OlhLovK/items/GBSPNC6N"],"uri":["http://zotero.org/users/local/5OlhLovK/items/GBSPNC6N"],"itemData":{"id":29,"type":"paper-conference","title":"Quantum computation and image processing: New trends in artificial intelligence","container-title":"IJCAI","page":"1563","source":"Google Scholar","title-short":"Quantum computation and image processing","author":[{"family":"Venegas-Andraca","given":"Salvador Elías"},{"family":"Bose","given":"Sougato"}],"issued":{"date-parts":[["2003"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Venegas-Andraca & Bose, 2003)

Advantages and Drawbacks

Advantages

Quantum computers will solve the complex problem quickly.

Quantum computers will be able to optimize the solutions to challenging problems that consist of a huge number of possible answers.

With quantum computers, it will be easy to identify and locate patterns in large data sets.

The integration of data from different data sets is also one of the great advantages that quantum computing offers.

It makes the computation easy and fast.

Drawbacks

Quantum computing is not cost-effective.

Only a limited class of algorithms can be run through quantum computing.

It is incredibly hard to program quantum computers.

There is no clarity in quantum programming so far.

Quantum computers are very sensitive to the environment and require a specially designed environmental framework which is very expensive and require a lot of maintenance.

Summary

The function of quantum computers is more erudite as subatomic particles are employed that yield processing orders, and such processing orders are more advanced when compared to simple operations performed by circuits, binary operations, gates, so on - quantum computer uses atomic spins to produce outcomes and perform operations. Intelligent systems aid in performing exponential operations, and extrapolation of such architectures is rendered by quantum orders – quantum orders extrapolate in a more efficient manner than simple computers coupled with better performance. Quantum computing promises extreme speedups for many algorithms: prime factorization, modular logarithm, maximum lag, matching substrings, matrix inversion, group commutativity, the list goes on and is growing. When quantum computing becomes increasingly powerful and ubiquitous, this could lead to some powerful applications (such as potentially breaking RSA encryption).

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Aaronson, Scott., & Ambainis, Andris. (2018). Forrelation: A Problem That Optimally Separates Quantum from Classical Computing. SIAM Journal on Computing, 47(3), 982–1038. https://doi.org/10.1137/15M1050902

Manin, Y. I. (n.d.). Classical computing, quantum computing, and Shor’s factoring algorithm. 31.

Miakisz, K., Piotrowski, E. W., & Sładkowski, J. (2006). Quantization of games: Towards quantum artificial intelligence. Theoretical Computer Science, 358(1), 15–22. https://doi.org/10.1016/j.tcs.2005.11.003

BIBLIOGRAPHY \l 1033 Bose, S. V.-A. (January 2003). Quantum Computation and Image Processing: New Trends in Artificial Intelligence..

Ying, M. (2010a). Quantum computation, quantum theory and AI. Artificial Intelligence, 174(2), 162–176. https://doi.org/10.1016/j.artint.2009.11.009

BIBLIOGRAPHY \l 1033 Bose, S. V.-A. (January 2003). Quantum Computation and Image Processing: New Trends in Artificial Intelligence.

Subject: IT

Pages: 1 Words: 300

Read

Ms

SIT703-Advanced Digital Forensics

Assignment 2

Student’s Name

Institution

Introduction

Rapid growth of information technology has developed several challenges related to cyber crime. Globally, the rate of cyber crime targeting financial institution, learning institution, government and even personal information are high. A study conducted by Appudurai (2007), concluded that the rate of cyber crime has increased due to advanced technology and interest of people to access information both for personal and political gain. It is also stated that most hackers or other cyber crimes activities targeted government and financial institution to leak information to the public and for financial gain. A survey conducted by the Massachusetts Institutes of technology pointed that the increased cyber crime related activities are driven by intense to cause financial and political harm to institutions and government CITATION Shi151 \l 1033 (Shinder & Michael, 2015). It is therefore, evident that 90% of cyber crime related activities target institution. This paper therefore, represent an investigate result of a cyber crime which occur at university where an account was created on one of the employees with her consent. It report procedure of investigation, tools or equipment used to conduct the analysis or investigation of the cyber attack, and how the problem was addressed. It also illustrates the detailed findings, and review and reflection of the finding.

Overview of computer crime case

Computer crime case is referred as illegal activities which are perpetrated through the use of a computer. The activities include hacking, attacks, denial of service and unauthorized access and use of services and cyber vandalism. In this case, a staff computer was accessed and an account created without her consent. Amy an employee with a University called their IT administrator to inform him that her suspicious account has been created in her laptop without her consent. The IT administrator is also not allowed to transfer any file from Amy computer because of the top secret information Amy is working on for the government and therefore, the policy does not allow Arif the IT administrator to transfer any file registry from her computer. It is also established that Arif requested Amy to export the Window file registry and copy few windows log files of her laptop from the directory. It is therefore, important to scan the computers including the investigator computer to ensure that they are safe from any spy programs before conducting the analysis and investigation of the attack.

Resources of forensic investigation

In order to ensure that the investigator computers are safe, several tools were used to scan the computer. Appudurai (2007) pointed out that it is important to ensure that a computer intended to be used for forensic analysis is secure and there is no rootkit installed. Rootkit is regarded as the computer program installed in a computer to provide privilege access to a computer while in hiding. Therefore, BitDefender Rootkit Remover was used to scanner computer being used by the investigators. The computer was scanned completely to ensure that there is not any application running in the background which can compromise the investigation of the cyber crime activity.

Besides BitDefender Rootkit Remover and window defender other resources which were used to conduct the investigation of the cyber crime activities to protect Amy files and computer are SANS SIFT, ProDiscover Forensic, Computer Aided Investigation Environment (CAINE), Xplico, X-Wys forensic and the sleauth kit. In this case, after the scanning of the investigator computer, procedures were followed to back up the files. It is pointed that before backing up of file, the window registry files were exported. The window registry files are exported to make sure that files can be access later when the investigation is done. This ensure the data are secure from any access from unauthorized perform. According Tron (2015), it is the first procedures necessary to be taken when any violation or hacking is detected.

Computer Aided Investigation Environment (CAINE) was used to analyze all the files in the hard disk and windows registry for any unauthorized access CITATION Tra18 \l 1033 (Rosenberger, 2018). Since the investigator computer had been scanned and free from any attack, the desktop zip file was unzip and the windows log file was analyzed and repaired. The analysis of the log files indicates that Amy computer was accessed and account created without her knowledge. Hacking can be done to create an account without the knowledge of the computer users and mostly can be used to monitor the activities of an individual and transfer files as well.

Description of information stored in the log files

There are four log files backed up for investigation of what occurred. The log files are AppEvent, SecEvent, Internet and SysEvent.

AppEvent log file

Analysis of the AppEvent log file indicates a unique trend with several warnings, and errors originated from different applications which attempted to access or were used in the computer CITATION Ric151 \l 1033 (Michael, 2015). There is also evident of attempted data corruption which occurred several occasions. The AppEvent indicates that ESENT error occurred several times randomly. Most errors are originated from the disks and ESENT. But errors from the disks performed no tasks which mean that these are normal errors generated by the computer. However, the error occurred from ESENT performed data corruption. As show in the diagram 1 (one), below, there were several errors encountered from AppEvent.

Diagram 1: AppEvent View

Diagram 2: AppEvnt overview Summary

Internet log file

The analysis of the internet log files indicates there are several errors originated from account WUSA and information. It is established that WUSA access the computer on May 26, 2019 at 2:15:53 PM, and no task was done. Internet log file could not be viewed on the event view, it indicates error consistent.

Diagram 3: Event View of Internet log file

Diagram 4: Event property of WUSA

There is evident of warning all Events in SysEvent, AppEvent, Internet and secEvent. The errors activities are also reported originated from different sources. Most errors are warning occurred between the period of May 23, 2019 and August 29, 2019. This can indicate the period, which Amy’s computer was accessed by a third party.

The analysis established that WUSA is the accounted which was created without the consent of Amy, and therefore, Arif, IT Administrator should look for WUSA account with Event ID 2. This will help the Arif to troubleshoot and solve the problem related to security related issues. The diagram 5 below indicates some of the activities which occurred using the account WUSA.

One of the staffs called Amy who worked for University complaint to the IT administrator that a suspicious account has been created on her laptop. Suspicious account is WUSA was created accessed mostly doc.

TASK 6:

The bogus account was used to log into Amy’s computer at 2:15:53PM on May 26, 2019. The account was logged thrice at different rimes. The computer can therefore, be protected using window defender and an anti-virus to protect any future entry.

Task 7

The information obtained from the system indicates that bogus account was used to access doc document. The analysis indicates WUSA accessed several information and more so performance data corruption. In this case, it means there was an attempt to obtained data from the computer several times. The attempt was made between 2:15:53 PM to 4:14:23PM and then logged off.

Diagram 6: logged time

Task 8

The events on Amy account lasted for days. After the creation of bogus account, the user access Amy’s computer three times and visited used several applications and files. First, the account was used to conduct data corruption and also to access information from the hard disk several times. It therefore, can be concluded that the bogus account was used to access and files from the computer.

Task 9

The analysis indicates that several activities took place in the system. It is identified that the installation of application occurred from the device manager. It is more likely that the installed application was used to access the files and other documents from the computer. However, other events identified are Event ID 47, Event ID 10024, Event 6005, 6006, and Event 7003 as some of the events which will be visible.

Analysis of finding

The investigation revealed that Amy’s computer was accessed several times between 2:25:53 PM on May 23. Amy computer was accessed and other account created used to access and transfer information from the laptop. Though there is no proof of any file transferred, the account created in the name of WUSA was used to access data file. There was evident of data corruption and several attempts and logged in which violated the privacy of information Amy is working. The attack was done through installation of an application which made it easily to create and access the laptop remotely. Moreover, it is important to point that CAINE was used to investigate the attack but before the investigation started Arif computer was scanned to ensure that any attack is avoided from the system or log files to be analyzed. Therefore, the result obtained result what happened.

Reflection of findings

The findings indicate that Amy computer was hacked and account created. The creation of an account gave unauthorized person the right to access Amy’s computer and make some changes and copy data from the hard disk. The investigation revealed that there are several errors originated from the hard disk of the laptop. The error could be as a result of access to the hard disk from the account created.

Recommendation

It is necessary to take strict action to avoid the repeat of what happened to Amy and to secure all the files and information of the company. Therefore, it would be important to install and update windows defender in all the computers being used in the university. It would also be advisable to installed anti-virus and keep updating its database to ensure that it remains updated to scan system continuously. The network of the university should also be protected from the backbone of the structure to prevent any attack to the system. It is evident that the attacked managed to log into the system and access the information. Without strong protection from the backbone, it would be difficult for any hacker to access the system or any computers on the network.

References

BIBLIOGRAPHY Appudurai, J. (2007). Computer Crimes: A Case Study of What Malaysia Can Learn from Others? Journal of Digital Forensics, Security and Law , 2 (2), 2-15.

Shinder, L., & Michael, C. (2015). Understanding E-mail and Internet Crimes. https://www.sciencedirect.com/topics/computer-science/cybercrime-case , 2-15.

Tron, M. (2015). Computer Forensics: An Inseparable Part of Criminal Investigations. Journal of forensic Analysis , 2-15.

Subject: IT

Pages: 6 Words: 1800

Read

MULTI THREADED PROCESSING

Your Name

Instructor Name

Course Number

Date

Multi-threaded processing

Multithreading is a process that allows several threads to use a single processor's functional units in an overlapped fashion. Multithreading allows improved utilization of resources by allowing a ready thread to work and avoid these free resources. In order to understand multithreading, we must know about the difference between thread and a process. A process is an occurrence of a program executing on a computer. Thread is a dispatchable unit of effort within a process. A single-threaded application is which uses only one thread, and at a time, it is able to perform a single task. Context switching between threads and processes is the same, but for the thread, it is easier, faster, and cheaper as compared to a process. Every process allocates its own address space, but a thread within a process shares the same address space and other resources. It means to share data between threads is easy.

Multithreading works on thread-level parallelism (TLP). Parallelism denotes the concept of simultaneously executing multiple threads CITATION Akh06 \l 1033 (Akhter and Jason). It duplicates the architectural state on every processor and shares only a single set of processor resources for implementation CITATION Edb12 \l 1033 (Ed by Iannucci, Gao, and Halstead Jr.). The operating system schedules threads by treating different architectural positions as discrete logical processors. Logical processors provide support for sharing practical units of a single processor among different threads. Different architectures are using different sharing mechanisms. The kind of state a structure store chooses what sharing mechanism is required by this. The resources can be of replicated, partitioned, and shared type. A similar resource partitioning system is used in all multithreading methods, but difference occurs in their implementation in two cases, i.e., pipeline partitioning and thread scheduling policy. The main approaches to multithreading that TLP uses to improve resources utilization are CITATION Nem13 \l 1033 (Nemirovsky and Tullsen):

Coarse-grained multithreading (CGMT)

Fine-grained multithreading (FGMT)

Simultaneous multithreading (SMT)

Coarse-grained multithreading (CGMT)

It is also known as switch-on-event or block multithreading. In this type of multithreading, each core processor is attached to multiple hardware contexts. CGMT occurs on a switch of an event like cache miss, synchronization, FP operations, or quantum/timeout.

Fine-grained multithreading (FGMT)

It is also known as interleaved multithreading; each processor is attached with multiple hardware contexts but can switch between them without any delay. Therefore, it can execute an instruction or a set of instructions from different threads in a cycle. In this multithreading, two instructions from thread cannot be in a pipeline simultaneously. FGMT switches to another thread cycle by cycle, and it improves pipeline consumption because of multiple threads. Moreover, in every cycle processor executes a different input/output thread. The example of FGMT is CDC 6600’s peripheral processing unit.

Simultaneous multithreading (SMT)

In SMT, instructions are executed concurrently from multiple threads in the same cycle in order to keep multiple execution units operated. SMT share functional units flexibly and dynamically between numerous threads.

Multi-threaded technique is used to run numerous applications concurrently with enhanced speed. The multi-core processors, by using on-chip multithreading deliver better performance to cost ratios. Multiple threads can access common memory structures by using suitable synchronization mechanisms. For example, a program that downloads few documents simultaneously, then for each separate download thread is allocated. CPU-bound tasks utilize multithreading, which is beneficial for all core processors in modern computer world. Furthermore, there are many advantages of multi-threaded programming like:

If a part of program is performing a extensive operation, or blocked due to some reason, by multitasking program can continue its running.

Processes may share resources through shared memory and message passing; these techniques are prepared by programmer. However, by default, resources and memory of the process are shared by threads, which permits an application to have numerous threads of activity within identical address space.

In processes, memory and resources need reasonable time and space due to which cost increases. On the other hand, threads share a memory of that process in which they are residing, so it is cheaper.

Multi-programming system having multiprocessor architecture, where threads are running parallel, is more beneficent than a single threaded process. The multithreading technique divides a process in modules of small tasks performed by different processors.

Works Cited

BIBLIOGRAPHY Akhter, Shameem and Roberts. Jason. Multi-Core Programming: Increasing Performance through Software Multi-threading . Intel Corporation, 2006.

Ed by Iannucci, Robert A., et al. Multi-threaded Computer Architecture: A Summary of the State of the ART. Springer Science & Business Media, 2012.

Nemirovsky, Mario and Dean Tullsen. Multithreading Architecture. Morgan & Claypool Publishers, 2013.

Subject: IT

Pages: 2 Words: 600

Read

Multiple Assignments In One Order

Abstract

In todays era, data is retrieved at a very fast speed, it is fetched and stored at the destination known as database. Database allows data to be stored and managed in a very efficient way. Data manipulation and maintenance are performed through the database management systems. Data is very important for any organization, so it is important to secure data stored in the database. Database security is the one that allows data to be protected from all possible database attacks. It is very important to develop security models to apply database security very effectively. There are different security models, as they deal with different aspects of security problems in the database systems. Security models may be different as they follow different rules, regulations and assumptions about what creates a secure database. It is very challenging for the database security personals to select appropriate or most relevant database models according to their organizations requirements. In the paper, we have reviewed about the database security attacks and their countermeasures and their relevant control methods. To plan an explicit and directive based database security, it is very critical to adopt approaches related to securing database. It is one of the most important or critical issues of any organization to secure their data stored in the database. There can be more complex security problems of database, as the data increases in the database along with its complexity.

1. INTRODUCTION

We can define database as a collection of data stored in computer’s hardware. Databases facilitated authenticated or authorized users to access, store and examine or analyze data efficiently and easily. Database is a collection of different tables. Each table has unique columns and rows. A user construct queries to fetched stored information according to the requirements in the form of views. Views are tables constructed through queries; they can have data from more then one table. The data in the database is stored in a way to effectively supports the process of information or data retrieval and storage. The repository in which the major chunk of data is stored in known as database. The user interface facilitate users to effectively manage data store in database by providing many functionalities. The user interface for databases is known as database management systems. Database management systems are applications software that allows authorized users, other applications to interact with the database and capture and analyze data. It assists companies to store and organize data for high quality performances and maintaining indices allows fast retrieval.

Database management systems provides the function of concurrency control. Data recovery operations are also provides by database management systems. In recent times, organizations require databases to save any type of data required. It is because of the fast retrieval of data and it is very affordable to create and maintained for any organization. Database is advantageous because it automates different business processes, it saves other resources and man hours required to do lot of manual or paper work. Without databases, users are required to manually track and verify various business transactions, that can be costly and prone to many human errors. But database management systems provides effective way to generate various reports. Entering warehouse stock information manually was time consuming and provides less accuracy, but hand held scanners can be used to store information directly in the database. It is concluded that database can provide speed and accuracy for the businesses processes. The other question arises that whether the data stored in the database is secured. In this era, security is most critical and challenging issue for any organization. Data is one of the most important asset of any organization. Databases can be complex and requires full understanding of security risks and issues by security professionals to secure database effectively.

After consulting many database experts and database administrators, many organization’s database administrators are now fully informed about which database, tables and columns have critical information. It is because they are working with legacy application and there are no proper database documentation and data models. Even if any expert have full database knowledge, it is difficult to protect database because of its unique implementation and database procedures. Database security can be implemented by using wide range of database security controls that can be implemented to secure database from various possible attacks, against database confidentiality compromises, against its integrity and availability. The security controls are technical, administrative and physical. Database security is protecting the data stored in a repository. In database environment, there are different security layers: database administrator, system administrator, security officer, developers and employee. Security can be compromise at any of these layers.

2. LITERATURE REVIEW

In this field, a significant amount of work has been done. Following references are used to review the work done by various authors to described the database security risks and threats and provide effective counter measures and their controls.

Mr. Saurabh Kulkarni, Dr. Siddhaling Urolagin

It is very obvious, that database acts as a backbone of any application. Database has organization’s critical and important data and there are lot of chances that it can be attacked. In this paper, authors have discussed various database attacks. In this paper, authors have reviewed important database security methods such as “access controls”,”methods against SQLIA”. The paper also has techniques such as encryption and data scrambling. This paper has also provides details about the furture research areas in the database security.

Mr. Sohail Imran, Dr. Irfan Hyder

Mr. Sohail Imran and Dr. Irfan hyder have discussed various database security problems and their related security models suitable for different database management systems. They have proposed various important and distinct security models to secure relational databases and object oriented databases. There are no proper standards or rules to design or develop these security models. Different security issues has been identified in this paper. Through this paper, one can construct and implement effective security policy in any organization.

Shelly Rohilla and Pradeep kumar Mittal

As it contains the most important and critical assets of any organization i.e. Data. It is most favorite target of any attackers. Database can be compromised in different ways. This paper, discussed about various database security threats and risks from which database should be secured or well protected. This paper provides solutions to most of the security threats and problems, most of the solutions are very effective but some are ordinary.

Shivandan Singh, Rakesh Kumar Rai

Database is used by many applications. Without databases, these applications cannot work properly, hence database acting as backbone to these applications. Database are the main data storage for many organizations. Databases attacks are increasing as more organizations tends to store data in the database. These attacks, if successful can expose most important and critical data to the attackers. This paper includes the description and review of the most important database security techniques and methods such as “access control” techniques to prevent SQLIA. Data encryption and scrambling is also discussed in this paper. The paper also includes the future works related to the database security. This paper is useful to give more concrete database security solutions.

3. DATABASE THREATS

Today database systems are experiencing different types of attacks. It is important to review database attacks first , then discuss database security techniques.

3.1 Excessive Privileges

Authorization is the procedure that awards a client endorsement to make certain move in the assigned frameworks whether it is to see, adjust, share, or erase data. Authorization is worried about what the client is permitted to do.

The granularity of approval is just tantamount to the modernity of the framework which supports the entrance endorsement basic leadership procedure and requirement of affirmed get to.

The entrance endorsement procedure is intended to give access dependent on the client's job and occupation obligations which is alluded to the guideline of least benefit, which states clients, gadgets, projects, and procedures which are interconnected or should get to one another to impart and take certain activities, ought to be conceded simply enough consents to do their required capacities.

The danger of unreasonable and pointless access just as the danger of deficient access to play out a specific assignment to achieve an objective ought not be neglected. Extreme access rights past somebody's ordinary occupation capacities make an open door for blunders, mishaps, and endeavors which can influence the privacy, trustworthiness, and accessibility of data and frameworks. Inadequate access or access rights not gave in an auspicious way can likewise adversely influence business tasks.

A much extreme case is the point at which a client is conceded director or a root access to a framework with no support. The exceptionally special access ought to be constrained to only a couple of people in an association in such a case that the record is contaminated with malware or access accreditations are stolen, the interloper can cause a lot more noteworthy harm than with much restricted benefits.

At the point when somebody's entrance is past that individual's expected access to play out their activity obligations, at that point that entrance is viewed as past the standard of least benefit.

Indeed, get to rights might be heightened for certain people to achieve certain errands, for example, when supplanting someone else who has higher benefits, in any case, the raised access may must be specific and impermanent.

Countermeasures of privilege abuse includes the development of access control policy. It is very critical to provide unnecessary privileges to the user. Good audit trail can be a very effective to prevent legitimate privilege abuse.

3.2 SQL INJECTION

A portion of the client information sources may be utilized in confining SQL articulations that are then executed by the application on the database. It is workable for an application NOT to deal with the sources of info given by the client appropriately. If so, a malignant client could give surprising contributions to the application that are then used to outline and execute SQL explanations on the database. This is called SQL injection. The outcomes of such an activity could be disturbing.

SQL injection is a code injection strategy that endeavors the vulnerabilities in the interface between web applications and database servers. The defenselessness is available when client's sources of info are not effectively checked inside the web applications before being sent to the back-end database servers. Many web applications take contributions from clients, and after that utilization these contributions to build SQL inquiries, so the web applications can get data from the database. Web applications likewise use SQL questions to store data in the database. These are basic practices in the advancement of web applications. At the point when SQL questions are not deliberately developed, SQL injection vulnerabilities can happen. The SQL injection assault is one of the most widely recognized assaults on web applications.

Countermeasures for sql injection includes the usage of stored procedures instead of using direct queries. Implementing MVC architecture is another important factor in avoiding sql injection.

3.3 MALWARE

The size and unpredictability of the current working frameworks also, applications is persistently expanding and it isn't a simple assignment to guarantee the safe activity of such frameworks. Despite the fact that there are a few devices, for example, interruption location frameworks, nectar pots, and antivirus the dynamic nature of the assaults makes it hard to distinguish also, avoid assaults. Then again, it is straightforward undertaking for the aggressor to bargain such frameworks and produce various kinds of assaults. Subsequently we are seeing an expanding number of multi day assaults once a day. Multi day assaults are the assaults which are beforehand not known. So as to manage the malware the security apparatus merchants investigate the malware and create assault marks to manage the malware. In any case, in the vast majority of the cases the examination is done physically and this requires impressive time before a mark can be created for malware. What's more, mechanized devices, for example, ADMmutate empower the aggressor to naturally produce varieties to the malware for every contamination; making it very hard for the security experts to recognize and create appropriate assault marks.

Advanced attacks are conducted by cybercriminals, state-hired criminals and spies. They used different types of attacks includes spear phishing emails and malware to reach inside the organizations and get access to the critical data or information. Organizations are unaware about the malware attacks, authorized users are accessed by these cyber criminals to access organization’s networks and sensitive information or data.

Counter measures for malware can using firewalls and installing antivirus in the system.

3.4 Weak audit trail

Powerless Audit Trail is another risk for database security. Most review instruments have no consciousness of who the end client is on the grounds that all action is related with the web application record name. Plus, clients with managerial access to the database can mood killer local database examining to shroud their fake movement. A legitimate review trail should gather and file point by point records of the data put away inside your databases, especially those putting away touchy data like monetary or wellbeing records. The error that most associations make is expecting that their worked in review trails are adequate enough to enable them to remain agreeable and secure.

A large portion of the Organizations utilize local review instruments given by their database sellers or depend on impromptu and manual arrangements. Be that as it may, this procedure don't record subtleties important to help evaluating, assault recognition, and crime scene investigation. Aside from this, local database review instruments are amazingly infamous for expending high CPU throughput and plate assets driving numerous associations to quit evaluating. As per another whitepaper by Imperva, "most local review systems are exceptional to a database server stage. For instance, Oracle logs are not the same as MS-SQL, and MS-SQL logs are diverse structure DB2. For associations with heterogeneous database situations, this forces a noteworthy deterrent to executing uniform, adaptable review forms. At the point when clients get to the database through big business web applications, (for example, SAP, Oracle E-Business Suite, or PeopleSoft) it tends to challenge comprehend which database get to action identifies with a particular client." It is seen that review components have no attention to who the end client is on the grounds that solitary record name is related with the web applications. Moreover, local Database Auditing can be mood killer by the clients with Administrative Privilege to shroud any sorts of false action. To guarantee solid detachment of obligations approaches, the Audit capacities and duties must be isolated from both database directors and the database server stage.

Countermeasures for weak audit trail includes the usage of audit appliances related to network. These appliances should not affect database performances. These audit trail appliances should perform and operate independently and provides effective data or information collection.

3.5 Backup Exposure

The storage media used for backing up information is usually not protected from the unauthorized attacks. Due to this vulnerability, many information securities breaches has been experienced that involved backup storage media such as disks and tapes. Also, organizations do not focus on auditing and examine the activities of database administrators and who have access to the low-level data, this can result in the information stealing and misusing. It is very important for any organization to take care of their backup storage devices and also control and monitor the activities of database administrator, this is not only including in database security best practices but also it is one of the most important database security regulations.

Countermeasures for backup exposure includes the database encryption. The stored information should be encrypted , it will secures both production and backup duplicates of databases. Also audit the sensitive data control access and activities of database administrators.

3.6 Weak Authentication

Weak authentication refers to the authentication pattern that is weak and can be easily assumed or identify by the attackers. The weak authentication allows attackers to perform brute force attack, social engineering etc. It is very important to implement strong password patters or two factor authentication. The Authentication procedures should be linked with organizations user management infrastructures.

3.7 Database vulnerabilities and Misconfigurations

It is very usual to identify or detect vulnerable and unpatched databases.

Each Software Strive to be without blunder of bug free. Tragically, till date no one at any point prevailing to convey blunder free programming. Whatever might be the financial limit of the product, whatever might be the experience levels of the product improvement group, it's not possible for anyone to guarantee that the product they constructed is without bug! Bugs can be all over the place, regardless of whether its an Operating System (OS) or Database Management Systems (DBMS). Regardless of whether minor or major, These bug can have extreme effect on an Organization's System. In this way, database sellers discharge fixes occasionally to guarantee touchy data in databases is shielded from dangers. For example, Oracle gives a basic fix update (CPU) each quarter.

Fixing a Database takes a very long time to an association. During this time the Database stays powerless. Programmers are sufficient to misuse un-fixed Database that still have default records and arrangement parameters. The initial step to be performed for ensuring your database is deciding how the databases are as of now designed from a security viewpoint. Most sellers give fix reports on a genuinely normal premise. When they discharge the fix, the assailant promptly and its welcome from them to discover the powerlessness and assault for doing hurt. Their discharge and fix levels will be distinguished and contrasted with seller security fix disseminations. An examination of ought to be done at this phase to locate the degree of seriousness of the vulnerabilities. The sorts of vulnerabilities will extend the range, from powerless and default passwords to unpatched database programming shortcomings. So the following stage is that at whatever point these patches are discharged they ought to be fixed – at any rate the most basic vulnerabilities. In the event that it is left unpatched, assailants can figure out the fix and endeavor the vulnerabilities, leaving the DBMS considerably progressively helpless that before the fix was discharged. The greater part of the Organization postponement even year to actualize the fix to decide whether it influences the entire system. At this point the Database stays helpless.

Counter measures for unpatched and misconfigured databases includes some precautions such as no default accounts should be there, and every account should be created by using unique username and passwords.

3.8 Unmanaged Sensitive Data

Many organizations failed to maintain accurate database inventory and the sensitive information objects placed in them. Database that are forgotten may contain critical information. These forgotten database must not have any proper controls and permissions and may get in control of unauthorized access.

Countermeasures of unmanaged databases includes the encryption of sensitive data, that if any forgotten database exists, but information cannot be used by unauthorized user as the data is already encrypted. It is very important to implement needed controls and permissions to database systems.

3.9 Denial of Service

A denial of service assault is a security risk where aggressors shell a system (for the most part an online system) with phony solicitations for service thus deny access to approved clients. along these lines, the assault bargains the accessibility of the system.

The thought process in DoS assaults is once in a while an abhorrence of the association running the system at the same time, more normally, it is utilized as a methods for extortion. Destinations are compromised with a DoS assault, which will make them inaccessible, except if they make an installment to the criminal who is undermining them.

Denial of service assaults are moderately simple to identify and kill in the event that they originate from a solitary PC so the most usually utilized DoS assault currently is a purported Distributed Denial of Service assault where a system of PCs send a huge number of solicitations to the system that is being assaulted. These systems are typically people groups' PCs that have been tainted with malware.

Countermeasures for denial of service attacks include the stiffening of TCP/IP container by implementing the accurate settings to maximize the capacity of the TCP connection pool. Minimize the TCP connection time period. Implement dynamic and automated backlog methods to confirm that connection queue is not haulted.

4. CONTROL METHODS FOR DATABASE THREATS

To get rid of database security threats every organization should have developed security policy and it should be implemented. Authentication is very important in security policy, because if there is strong authentication procedure then there will be less likelihood of any kind of threat. Different rights have been granted to different users in database systems. Access control methods are used to deal with different access rights and controls of different users. It is one of the basic method or technique to protect data objects in the database. The control access methods is supported by many database management systems.

4.1 Access Control

It is one of the important and basic functionality that should be provides by any database management system. It is used to protect data from the unauthorized access and blocking the read and write operations. The access controls allows entire communication should be conducted within the mentioned limitations of security policies. Errors can create huge problems in organizations. By controlling the access rights, likelihood of risks are minimized that affects the database security on the main servers. For example, if any table is modified or deleted unintentionally then the changes can be roll back. The mistaken deletion of tables can be restricted by applying access controls.

Access controls includes File, program permissions and rights to fetch and modify information in the database.

4.2 Inference Policy

It is very important to secure data at particular level. This protection can be implemented when certain data is required as facts and it is needed to be prevented at a particular level of higher security. It assists in identifying and determining how to secure information from being released. The main goal of the inference policy is to restrict the disclosure of information indirectly. Unauthorized data disclosure can be achieved by three ways: Correlated data, missing data and statistical inference.

4.3 User Identification/Authentication

The most important and basic security requirement includes that one must know about their own users. Users should be identified before privileges and rights have been assigned. It is important so that organization can audit about the users actions and data activities.

Before users can create any database, there are various ways through which users can be authenticated. Database systems provides facility to authenticate and identify users. Operating system can perform the external authentication. Secure socket layer is also responsible for identification of users through middle tier servers. This type of authentication is known as proxy authentication.

It is very important requirement of database security as identification of users shows the type of users that are allowed to interact with the database systems. To confirm the security, users are identified and authenticated, and sensitive and critical data is stored by using encryption techniques preventing from being modified by unauthorized access.

4.4 Accountability and auditing

Auditing includes the monitoring and recording the database activities performed by both database users and non database users. Accounting is a process that allows to maintain the audit trail of users activities on the system. To confirm and ensure physical integrity of data, accounting and auditing is very important. If the user has logged in the system successfully and if he tries to access resource, the system should be able to monitor and record successful and unsuccessful attempts. The activity and its status should be recorded and stored in the audit trail.

4.5 Encryption

Encryption is a process to convert valuable information into a form that is not readable by a person. The information can be converted in the readable form to only those authorized people who have a key of encrypted cipher text. The data in the form of cipher text is known as encrypted data. There many encryption methods and techniques available to protect data from unauthorized access.

5. CONCLUSION

Access security is a way that allows who can access data and what kind of data attackers are trying to access the database. There are many methods and techniques to improve the database security. This paper includes the review of the work done by various authors in the database security field. It includes various mandatory and discrete security models to secure the relational as well as object oriented database. The paper includes the information that can be used to develop effective database security policies. The paper focused more about the recent database threats and countermeasures and their control methods.

6. REFERENCES

Mr. Saurabh Kulkarni, Dr. Siddhaling Urolagin. (2012). Review of Attacks on Databases and Database Security Techniques. Facility International Journal of Engineering Technology and Database Security Techniques Research.

Sohail IMRAN, Dr Irfan Hyder, Security Issues in Database. (2009). Second International Conference on Future Information Technology and Management Engineering.

Shelly Rohilla, Pradeep Kumar Mittal.(2013). Database Security: Threats and Challenges, International Journal of Advanced Research in Computer Science and Software Engineering.

Shivnandan Singh, Rakesh Kumar Rai. (2014). A Review Report on Security Threats on Database, International Journal of Computer Science and Information Technologies.

Debasish Das, Utpal Sharma, D.K. Bhattacharyya.(2010). An Approach to Detection of SQL Injection Attack Based on Dynamic Query Matching, International Journal of Computer Applications.

Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978 0). Upper Saddle River (NJ: Pearson Education.

Shulman, A., & Co-founder, C. T. O. (2006). Top ten database security threats. How to Mitigate the Most Significant Database Vulnerabilities.

Khanuja, H. K., & Adane, D. S. (2011). Database security threats and challenges in database forensic: A survey. In Proceedings of 2011 International Conference on Advancements in Information Technology (AIT 2011), available at http://www. ipcsit. com/vol20/33-ICAIT2011-A4072. pdf.

Farahmand, F., Navathe, S. B., Sharp, G. P., & Enslow, P. H. (2005). A management perspective on risk of security threats to information systems. Information Technology and Management, 6(2-3), 203-225.

Denning, D. E. R. (1999). Information warfare and security(Vol. 4). Reading, MA: Addison-Wesley.

Ghorbanzadeh, P., Shaddeli, A., Malekzadeh, R., & Jahanbakhsh, Z. (2010, June). A survey of mobile database security threats and solutions for it. In the 3rd International Conference on Information Sciences and Interaction Sciences(pp. 676-682). IEEE.

Sharma, R. K., & Rawat, D. B. (2014). Advances on security threats and countermeasures for cognitive radio networks: A survey. IEEE Communications Surveys & Tutorials, 17(2), 1023-1043.

Crites, J. G., Tor, D., & Gickler, C. (2006). U.S. Patent No. 7,085,359. Washington, DC: U.S. Patent and Trademark Office.

Bertino, E., & Sandhu, R. (2005). Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and secure computing, (1), 2-19.

Rawat, D. B., & Bajracharya, C. (2015, April). Cyber security for smart grid systems: Status, challenges and perspectives. In SoutheastCon 2015 (pp. 1-6). IEEE.

Subject: IT

Pages: 30 Words: 9000

Read

My Major

[Author Name(s), First M. Last, Omit Titles and Degrees]

My Major

For many, stepping into professional life and selecting which career to adopt next is worrisome and overwhelming. It is very important first to find one's passion and evaluate skills. Many people regret choosing a job later or find it monotonous. Living in the 21st century, career options are diverse but demanding as well and related to Information Technology in one or another.

The term ‘Information Technology’ encircles every field where data is obtained to process and extract useful information. There exist diverse ways to collect and process data. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"k35bW0y2","properties":{"formattedCitation":"(Apel, 2003)","plainCitation":"(Apel, 2003)","noteIndex":0},"citationItems":[{"id":112,"uris":["http://zotero.org/users/local/YgsdZK9k/items/7BGL2QAT"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/7BGL2QAT"],"itemData":{"id":112,"type":"book","title":"Careers in Information Technology: Second Edition","publisher":"The Rosen Publishing Group, Inc","number-of-pages":"132","source":"Google Books","abstract":"The information revolution is upon us, and new technologies for both storing and organizing this information have opened up new careers in the information sciences, from computer system analysts and librarians to archivists and Web site managers. This book explains what teens will have to know to enter these exciting new fields.","ISBN":"978-0-8239-4085-1","note":"Google-Books-ID: 2bCg0m4yLHIC","title-short":"Careers in Information Technology","language":"en","author":[{"family":"Apel","given":"Melanie"}],"issued":{"date-parts":[["2003",12,15]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Apel, 2003). In the late 1940s, Information Technology was first introduced to the world through scientific research and applications. Information technology means scientific knowledge or technique linked to computing like the internet, software, and hardware.

Careers in Information Technology

In many successful companies and organizations, a separate IT Department is established which is responsible for dealing with the network, computer and connected devices, and other technicalities. An IT employee is an expert in computer engineering and knows how to manage networking and computer administration.

Sectors Revolutionized by IT

Information technology has offered a revolution in almost all sectors of life. Information technology has served the purpose of making lives easier. It has positively impacted on following sectors and more:

Healthcare

The progress of 5G technology has enabled a revolution in different fields like locomotive, transport, and health. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"CRScSzpl","properties":{"formattedCitation":"(Thuemmler, Paulin, Jell, & Lim, 2018)","plainCitation":"(Thuemmler, Paulin, Jell, & Lim, 2018)","noteIndex":0},"citationItems":[{"id":116,"uris":["http://zotero.org/users/local/YgsdZK9k/items/MH9IQLBK"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/MH9IQLBK"],"itemData":{"id":116,"type":"paper-conference","title":"Information Technology – Next Generation: The Impact of 5G on the Evolution of Health and Care Services","container-title":"Information Technology - New Generations","collection-title":"Advances in Intelligent Systems and Computing","publisher":"Springer International Publishing","publisher-place":"Cham","page":"811-817","source":"Springer Link","event-place":"Cham","abstract":"As more and more details of 5G technology specifications unveil and standards emerge it becomes clear that 5G will have an enabling effect on many different verticals including automotive, mobility and health. This paper gives an overview about technical, regulatory, business and bandwidth requirements of health care applications including e-connectivity in the pharmaceutical domain, medical device maintenance management, hospital at home, supply chain management, Precision and Personalized medicine, robotics and others based on latest research activity in the field.","DOI":"10.1007/978-3-319-54978-1_100","ISBN":"978-3-319-54978-1","title-short":"Information Technology – Next Generation","language":"en","author":[{"family":"Thuemmler","given":"Christoph"},{"family":"Paulin","given":"Alois"},{"family":"Jell","given":"Thomas"},{"family":"Lim","given":"Ai Keow"}],"editor":[{"family":"Latifi","given":"Shahram"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Thuemmler, Paulin, Jell, & Lim, 2018). Development in MRI, fitness watches, Rehabilitation, digital treatment equipment, and techniques is because of the progress in Information Technology. The infant mortality and risk of diseases has declined. With the use of Big Data, the conditions of a patient are monitored. The system can now efficiently diagnose and suggest medicine or treatment.

Food Industry

The lifestyle of a common man, who doesn't even know much about technology, has been transformed completely. A few years back, no one thought, they would be able to buy the food they like online at any time and get it delivered within a few minutes. The restaurants and food places have introduced websites, mobile applications and digital systems to order, track and receive food. On locations, the food companies provide tablets and digital screens to order food and pay through them. The experience is convenient as well as quick for the customers. Moreover, it has boosted sales.

Transport

This aspect of Information technology is not much discussed in everyday life, however. The transport sector has developed since the introduction of IT practices. Transport services depend on analytics and Big Data to analyze the travelling pattern and difficulties faced by passengers. With this information, better strategies are implemented to facilitate passengers. Booking can be made online through the application, without delays. Likewise, the user is informed immediately through application in case of delays.

Finance

The finance sector is also benefiting from IT; however, it is not much highlighted like other sectors. Mobile banking, online international transfer, and performing the financial analysis is common practice in every business today.

Business Intelligence

Business benefits immensely by data generated by users, processes, and tools in bulk. It has become obvious that traditional business methodology is not enough to compete with companies who are adopting new technologies, and the use of technology has become inevitable in business. The data was first analyzed from spreadsheets and old tools. Nowadays, the process is automated, and the person only needs to input data which is analyzed by the smart system automatically. The chances of error are reduced significantly.

New and Upcoming Trends in IT

IT is fetching new technologies here are some of the new trends of IT that will become vital in every sector soon enough.

Internet of things(IoT)

If one analysis the use of devices in everyday life, it will clear that many of them are IoT based. Internet of things (IoT) is based on the concept that all technical devices are connected to the internet in such a way that physical and digital systems are merged. IoT can be a hub of all information about any person based upon the usage and consumption tracking through devices they use. This data can be used in studies, analysis and to improve the marketing strategies. It can provide new and improved business models.

Machine Learning

Computers are becoming smart and developing the capability to learn through patterns and information fed to it. It is because of an evolving technology 'Machine learning'. The analysis data available on social media leads to an elevated understanding of consumer's likeness and the ability to purchase. Not only this, Machine learning has various other applications like brain-controlled devices and bionic limbs. They provide people with disabilities a chance to live better. With this technology, other technologies and devices are becoming smart. In the future, almost everything will be automated, and even less effort will be required by humans to perform tasks.

Virtual Reality

Another technology of IT, Virtual Reality (VR) was developed in the 1950s; today, it has expanded to another level. It delivers the entirely indulging digital experience to the users. This innovation because of advancements in both hardware and software. Until now, VR was only used in games and movies, but now it has expanded to other fields like healthcare. Many scientists utilize this technique to study and teach biological anatomy. It has also impacted the business setups greatly as they have a new methodology to attract more customers.

E-Commerce

In the present world, anyone can buy anything over the internet, even from farthest regions of the world with only a touch of a finger; likewise, money is transferred worldwide. In this year alone, online shopping has increased by 150%, and it enhances the sales rate directly. The use of mobile devices to buy anything ranging from edibles to furniture has become way easier. It has not only helped individuals buy effortlessly, but also helped the business to obtain resources and raw material comfortably and at a low cost.

Augmented Reality (AR) Technology

Augmented Reality superimposes an image generated through a computer over a real-world view. It combines the real-life view and computer-generated view to produce an image with factors from both realities. Many companies like Google, Samsung, Amazon, and Apple have launched applications of AR. It helped application developers to make apps with better quality and more functions. These applications have become popular among users, and they are curious to know what more AR can offer.

Chatbots

The compound annual growth of chatbot technology is 37.11%, and by the end of 2023, this industry is to reach a value of $6 Billion. Communicating via chatbot is highly preferable among people shopping online. This feature is used in mobile applications as well as websites. It is not possible for a human to be always available for a chat with a customer, and this can result in loss of sales. However, with the use of a chatbot, customers can ask their queries or get guidelines within no time. Chatbots used in the business application provides customers with an interactive experience as same as that with a human.

Cognitive Technology

Another remarkable evolution of IT is Cognitive technology which functions just like a human brain in several ways. It can perform natural language processing, pattern and speech recognition, and data mining. It carries out an automated analysis of data from human experiences and reactions to evaluate and learn. Cognitive technology is like VR, ML, and AI, but its spectrum is even broader.

Reasons to choose IT as Major

The major student takes in college, most likely becomes a career for that student. One who takes IT as a major paves for an IT career which has every right reason to be one of the best careers nowadays.

Job Growth

With the advancement in technologies, more jobs are available in the market for those with technical skills. Jobs opportunities like Web developers, Network architects, Lead generator, Information Security Analysts, and SEO Experts have doubled every year. New research areas like cybersecurity, cloud computing, health informatics, and data processing, etc. have brought new job openings.

Industry and Job Diversity

Jobs available for IT students are not just mainstream. Every industry, company, and the sector has incorporated IT in its core. Every organization requires a team that designs and develops multimedia, software, hardware, and social media presence to enhance productivity and sales. People who are passionate to innovate and have knowledge of technology have an incredible chance to join the company of their choice. Moreover, business-IT jobs are not merely office jobs facing the computer all day long; rather, it demands social as well as business skills.

Strong Income

IT experts earn a handsome amount for the innovative task they do and the technical problems they solve. The salary also depends upon the complexity and innovation level of work. An IT expert can always learn more skills and advance in their careers. It is because IT is an everchanging field and brings something new every day.

Lesser Education expenses

Many careers require higher education and many years' experience and not even pay much. However, the field of IT may not require masters or PhD IT jobs generally require skills, certifications, basic technical education (bachelors) and experience from internships.

Entrepreneurial Training Ground

The combination of IT with business has created a concept of never-ending advancement. The new products to improve life must be available commercially for consumption. Hence it rises a need to provide the great idea of a business platform. It is observed that technology businesses like Facebook, Google, Twitter, and Apple, etc. are setting a new dimension for the market. This practice is not only beneficial for the investors and stakeholders, but it also provides life-improving facilities to society.

Personal Ambition

Information technology has diverse aspects and new fields evolving out of it, providing a range of fields as research and career. Because of my research-oriented and investigated personality, I will choose IT and Cyber Security as a specialization course. The need for cybersecurity has grown today more than ever. Information technology has made data accessible to many, but it is crucial to keep the confidentially of data intact.

Conclusion

The main purpose of choosing a major is to align interests and skills with education, which will benefit student as well as the community. Numerous technologies and applications have emerged in the past few years. They have changed their lifestyle and made every task easier. Information technology is advancing and developing other fields as well. People involved in IT are aware of every new evolving trend in the world of science. Thus, I have chosen my major 'information technology' as it interests me greatly, and it has astounding prospects.

References

Apel, M. (2003). Careers in Information Technology: Second Edition. The Rosen Publishing Group, Inc.

IBM - Analytics: The real-world use of big data in retail - United States. (2016, April 5). Retrieved November 12, 2019, from https://www.ibm.com/services/us/gbs/thoughtleadership/big-data-retail/

Thuemmler, C., Paulin, A., Jell, T., & Lim, A. K. (2018). Information Technology – Next Generation: The Impact of 5G on the Evolution of Health and Care Services. In S. Latifi (Ed.), Information Technology—New Generations (pp. 811–817). https://doi.org/10.1007/978-3-319-54978-1_100

Subject: IT

Pages: 6 Words: 1800

Read

Name It

Installation of Apache

Student’s Name

Institution

Date

Introduction

Apache is one of the widely used web browser application. It is a HTTP web server open source application. It means that the web server application can be download freely from the internet and used. It is also being managed by Apache Software Foundation, which is the main developer of the web server application. The advantage of the Apache is that it runs in several applications and can be downloaded, edited without any fee. The software is completely free. The application in used in several servers across the globe to host web sites and other important hosting sites. The Apache must be installed into the system for it to be used efficiently and therefore, the procedure of installation of the Apache is as followed.

First, it is required to download the application over the internet. The Apache can be downloaded from over the internet. You can Google Apache and get a link for downloading the application for free. Once the downloading link has been obtained, you click the download button and follow the procedure until the application is completely downloaded and saved into the computer hard drive. Apache can also be downloaded from the internet using Apache web site (httpd.apache.org). Immediately you click the download link, the file will redirect you to the to the Microsoft Window kink, you can then select one of the web site, which provide link to the binary diffusion and then you will get a direct link to the Apache download where the Apache will automatically download itself. After downloading the Apache, you can unzip the file and then procedure to install the Apache into the server for use.

Step 1:

The installation process of the Apache begins immediately you click the installation button of the application. When installing the Apache application, you double click the application and procedure to install it. First, open a command prompt of the Apache and run it as an administrator. After that you can navigate to get the directory (c: /Apache24/bin), which is the directory for installation of the Apache Application CITATION Ume19 \l 1033 (Dubey, 2019). Once you have the directory of the application, it is require to run the command prompt (httpd.exe -k install -n "Apache HTTP Server), this will add the address as the window server. However, in case the error is received, it means the program cannot restart because of VCRUNTIME140.dll cannot be found, it means it is missing from the computer or the server where it is being installed. It is advisable to try to reinstall the Apache to fix the problem.

Step 2

At this point it is required to lounge Apache Website and the check the section “Apache 2.4 VC15” windows binaries and Modules” which is on the main page of the page. It is then required to download the file from link vc_redist_x64 (https://aka.ms/vs/15/release/VC_redist.x64.exe ). It is then required to install C++ 2017 files, which supports the operations of Apache and then install into the system. According to McLean (2014), the apache requires C++ 2017 files for it to operate well and therefore, it is important to download and install the application before the completion of the installation CITATION Moo19 \l 1033 (Moodle , 2019). The installation of Apache requires the installation of MSQL as well to be able to operate efficiently and therefore, the MSQL is installed as well before the Apache application is installed into the server or a computer where the application is going to be used.

Step 3:

After the completion of the installation of the required applications, you can open the Windows Services and start the Apache HTTP server. One the HTTP server is open, open the browser and then type in the IP address of the machine either the computer or the server’s IP address and then execute Enter. Once this has been done, the Apache would be able to run comfortably with the system and support various website functions without any problem.

Image 1: the installation process of the Apache

Image 2: the installation process of the Apache

Experience with Apache

My experience with Apache is very interesting. I love Apache out of the web server application, which I have used in my area of web site and internet. Apache has little errors during downloading and installation. It takes little time to download when I compare with other web server application like IIS and therefore, I would rather prefer apache as my choice for web server application. The apache is also very easy to install into the system. It does not require a lot of supporting file for it to be able to operate and therefore, this make it the widely used web server application. The Apache also requires very little support and it works comfortably with other application. It is being installed into several operating systems easily and faster when compared to other web server applications.

In conclusion, I would recommend the Apache for anyone planning to install we server, it is one of the best and provide efficient and easy navigation and therefore, Apache is one of the applicable web server in many environment. Because it is free, it can be used at will and get the updated copy without paying for a single license not like IIS where windows license is required for users to get the application. Apache and IIS are good web server applications and used by different developers. However, Apache is completely free and IIS is free but bundled by Microsoft, which means it is not completely free as Apache.

References

BIBLIOGRAPHY Dubey, U. (2019). How to install Apache, PHP and MYSQL on Windows 10 Machin. https://www.znetlive.com/blog/how-to-install-apache-php-and-mysql-on-windows-10-machine/ , 2-15.

Leon, N. (2015). Difference between IIS and Apache. Internationa Journal of Information and Web manage , 21-35.

McLean, P. (2014). IIS vs Apache. International Journal of Information System , 2-15.

Moodle . (2019). Manual install on Windows 7 with Apache and MySQL. https://docs.moodle.org/36/en/Manual_install_on_Windows_7_with_Apache_and_MySQL , 2-15.

Ptterson, P. (2014). Web hosting and developement Applications . Information security and management , 2-14.

Subject: IT

Pages: 3 Words: 900

Read

Narrative Analysis Of Systematic Literature Review

Narrative Analysis of Systemic Literature Review

[Author Name(s), First M. Last, Omit Titles and Degrees]

[Institutional Affiliation(s)]

Author Note

[Include any grant/funding information and a complete correspondence address.]

Al-Rawas and Easterbrook (1996) concluded and indicated three major communication barriers in the requirement engineering phase of software development. These are ineffectiveness of the communication channels, organizational and social barriers and restrictions imposed by notations on expressiveness. The study completed in two stages by gathering information through questionnaires and interviews. The research method adopted for the resources were empirical and literature study. The research’s practical implications include an indication of how and where organizational power is used. The research also outlined the extent to which software practices are dependent on documentation as a communication medium suggesting the threats of the gap between two communities and suggests that informal communication should also be used to bridge that gap.

Bjarnason, Wnuk and Regnell (2011) conducted a study to identify factors that affect the communication requirements and concluded four factors namely, temporal aspects, scale, decision structures and common views. The case study was performed at a large software development company where nine practitioners were interviewed. The results obtained in the study were based on empirical data collected from industrial projects at a big company that uses the product line approach. The challenges faced during the research, mainly, were the communication of incorrect requests, E8 wasted efforts and over scoping. It is required to increase the understanding of gaps between causes and risks in requirements to easily point out potential gaps in the communication. Future research on the topic suggests an investigation of different aspects including software development models (waterfall and agile) and different organizational setups to reduce the challenging factors for effective communication.

Calafate and colleagues (2007) published a paper based on a study that uses synchronous text-based communication to study requirement engineering for effective communication. The study concluded that CMC (computer-mediated communication) elicitation is better technology than CMC negotiation. The research method consisted of an empirical study of six groups of academics as stakeholders who attended the requirement engineering activity at the University of Victoria. Each group of a project team (graduates) had to make a document on requirement specifications as a contract between the client team and the developer team. The study suggested that in order to assess the effectiveness of using text-based communication more accurately for requirement engineering, further analysis of the data should be performed.

Damian and Lanubile (2008) carried out research on the effect of computer-mediated communication techniques on the requirement engineering and concluded that requirement negotiations are more effective by conducting discussions related to asynchronous structures prior to synchronous negotiation meeting. In a case study, six academic teams were selected with a total of 32 students of masters and doctoral level to analyze SRS (software requirements specification), considering it as a negotiated software contract between an outsourcing company and a software group. The study indicates that there is a lack of research in the collaborative development of the software, and further studies must be conducted to get more results in improving communication techniques for software development.

Informal and oral communication is very important in requirements engineering, as indicated by the study of Schneider and colleagues (2008). The study provided a comparison of documented and informal approaches of communication and explored new opportunities for process improvement, requirement awareness and innovation of techniques and tools. The focus of the study approach was on quantitative flow models related to requirements flow in both solid and fluid representation while analyzing core aspects of visualization. Fluid information, using new FLOW model, displayed desirable outcomes regarding visualization aspects of informal communication to improve requirements engineering.

Stapel and colleagues (2011) published a paper regarding managing and planning communication channels in distributed development. The research proposed FLOW mapping systematic approach for managing and planning in distributed frameworks and concluded that FLOW management is desirable and sufficient to measure conformance and to plan communication strategy. The study discusses 3 areas of research including Managing communication in GSE, media choice and visual notations. The conformance analysis indicated that the applied strategy had compliance levels from 79% to 88% and it is manageable to plan the communication one day. The study proposes that future research must incorporate the analysis to improve the efficiency of conformance to reduce human efforts.

Coughlan and Macredie (2002) came up with the literature regarding effective communication in requirements elicitation and compared different methodologies. The proposed four-dimensional framework containing four different methodologies to promote a closer relationship among designers and users. These methodologies include MUST, Joint Application Design, ULRC (User-Led Requirements Construction) and SSM (Soft System Methodology). The research method was based on an analysis of several literature reviews related to elicitation requirements. The main challenge for engineers in requirements engineering is the struggle to bridge the gap between explicit and tacit requirements suitable for design. The adoption of a more collaborative view to requirements elicitation embodies increased involvement and contact with users, however, further research work is needed in this field for improvement.

Plachkinova and colleagues (2015) published the study aimed at improving communication about requirements engineering. The study introduced approaches to meet RE communication by a design science perspective and prevented the requirement slipping by adding two transitional phases. The research conducted interviews with three members of a public university in the United States. Two projects that were studied include the use of a peer-to-peer network for copyright violations and related e-mail notifications to the students. There are many factors that lead to the selection of the appropriate artifacts for requirements engineering, which are organizational culture and to match the frequency and intensity of the communication. The future study on this topic must be focused on the technological perspective of RE for efficient communication.

Nurmuliani and colleagues (2004) studied characterization and identification of causes of requirements volatility while focusing on change analysis. The findings of the research revealed that variation in customer needs, increased understanding of the product by developers and changes in the policies of organizations are the main causes of requirements volatility. The cases study was performed at GDS (global development systems). Analysis methods applied for the research were qualitative and descriptive. The limitation of the study is that only a single case study is used to apply change analysis to observe its impacts on requirements volatility. In future studies, taxonomy is required to be validated and to collect more information about requirements volatilities.

Liskin (2015) studied many aspects related to requirements communication including diagrams, user stories, and specifications to support several activities related to requirements. The research reflected that many artifacts are used to support different activities. The method used for research is to use clickable links that can add more content from concerning artifacts, and also, two artifacts are used together to operate with the same content. 21 practitioners from about six organizations were interviewed and they stated that some of the user representatives are observed to experience struggle while thinking in an abstract way. In future, it is proposed that work should be done in order to improve the facilitation of requirements mapping by taking understanding and insight from the study.

Bjarnason and Sharp (2017) studied the role of space and distances in requirements communication. They presented a case study of a project of software development and proved that RE distances impact project coordination and requirements communication. In the research method, they measured 13 requirements engineering distances between project members and also distances between testing artifacts and requirements. The results identified three categories of distances which include distances that can affect requirements communication, those which can indicate strong and weak alignment and those that characterize development models. Future work includes measurement of distances related to the artifacts and further finding ways to explore iRE profiles and visualization of the distances.

Fricker and Glinz (2010) analyzed the comparison of requirements related to negotiation and hand-off. The research paper measured requirements and design volatility and understanding of the architect’s requirements during hand-off and negotiation. The study methods include answering the questions regarding the influence of requirements design and the usefulness of measuring how much requirements are understood by the receiver. The limitation of the study is that it does not consider the understanding of product manager regarding requirements that evolved through design exposure. The future research must generalize the already obtained knowledge by measurement evaluation and to address the understanding of requirements by evolving requirements of the manager.

Marczak and colleagues (2008) investigated information brokers related to requirements in social media and discussed a number of patterns of flow of information and many implications for requirements processes. The research questions related to research methods are related to different types of brokers, their consulting flows and dependent and independent requirements. A Brazilian software development center of a big IT company was used to conduct the case study. The study investigated the presence of brokers and many ways in which these brokers influence information flow.

Niinimaki and colleagues (2010) studied usage and choices of various communication tools in projects with the theory of Media Synchronicity. They found many pieces of evidence that support the applicability of media synchronicity in choosing communication tools for GSD projects. Limitation in using these tools is the language used for practitioners as the most workplaces use the English language as a medium while the majority of the practitioners do not use the English for communication. Further research aspects in this area include the study of the effects of these techniques and tools such as collaborative text editing and microblogging services in more detail.

Few challenges are often observed in the global distribution of software projects. It has been observed that communication gaps such as bad management and inflexible software along with inappropriate communication modes can significantly affect the performance of software projects. The study was conducted by Stapel and the colleagues in the year 2009 to check the flow used for the improvement of communication requirements ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2f98te7j19","properties":{"formattedCitation":"(Stapel, Knauss, & Schneider, 2009)","plainCitation":"(Stapel, Knauss, & Schneider, 2009)"},"citationItems":[{"id":942,"uris":["http://zotero.org/users/local/p8kwKNoG/items/L54DLGQ7"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/L54DLGQ7"],"itemData":{"id":942,"type":"paper-conference","title":"Using flow to improve communication of requirements in globally distributed software projects","container-title":"2009 Collaboration and Intercultural Issues on Requirements: Communication, Understanding and Softskills","publisher":"IEEE","page":"5-14","ISBN":"1-4244-7692-5","author":[{"family":"Stapel","given":"Kai"},{"family":"Knauss","given":"Eric"},{"family":"Schneider","given":"Kurt"}],"issued":{"date-parts":[["2009"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Stapel, Knauss, & Schneider, 2009). The perspective specifically gives importance to communication gaps as it should be redressed through flow theory. Eventually, the study evaluated approaches to measure and evaluate the suggestions for future implications. The testing of these projects was completed in three zones, therefore, new strategies and implications should be introduced in globally distributed software projects

The article has evaluated that text-based communications methodology is preferably used among team members of non-technical departments. The research was conducted by Niinimaki and colleagues in the year 2009 to identify the factors that influence communication media ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1ifffbv8rr","properties":{"formattedCitation":"(Niinimaki, Piri, & Lassenius, 2009)","plainCitation":"(Niinimaki, Piri, & Lassenius, 2009)"},"citationItems":[{"id":929,"uris":["http://zotero.org/users/local/p8kwKNoG/items/IRNQ36K5"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/IRNQ36K5"],"itemData":{"id":929,"type":"paper-conference","title":"Factors affecting audio and text-based communication media choice in global software development projects","container-title":"2009 Fourth IEEE International Conference on Global Software Engineering","publisher":"IEEE","page":"153-162","ISBN":"0-7695-3710-3","author":[{"family":"Niinimaki","given":"Tuomas"},{"family":"Piri","given":"Arttu"},{"family":"Lassenius","given":"Casper"}],"issued":{"date-parts":[["2009"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Niinimaki, Piri, & Lassenius, 2009). Communication tools are used to access to communication media that is essentially helpful because of facilities of many to many and one to one communication modes. It has been evaluated that self-conception of bad language skills points to the inclination to practice text-based communication source. The study has explored multiple case study methodology researching eight developmental industries in software projects in two companies working in software industries, that is, Alpha and Beta. The results have suggested that text-based and audio associated communication media are preferably used.

The study conducted by Gallivan and the colleagues in the year 2003, considered a critical case study for user-developer communication process ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"aert9e99op","properties":{"formattedCitation":"(Gallivan & Keil, 2003)","plainCitation":"(Gallivan & Keil, 2003)"},"citationItems":[{"id":930,"uris":["http://zotero.org/users/local/p8kwKNoG/items/I5YX4DNI"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/I5YX4DNI"],"itemData":{"id":930,"type":"article-journal","title":"The user–developer communication process: a critical case study","container-title":"Information Systems Journal","page":"37-68","volume":"13","issue":"1","author":[{"family":"Gallivan","given":"Michael J."},{"family":"Keil","given":"Mark"}],"issued":{"date-parts":[["2003"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Gallivan & Keil, 2003). The case study has identified how the project failed despite the availability of user involvement at a higher level. Case study results have suggested researchers that potential benefits of consumer participation should be leveraged instead of taking it for granted. There are communication lapses that can significantly influence user-developer communication procedures. It is suggested for practical implications, to recognize user needs and requirements to prioritize models accordingly in order to reduce communication gaps. Understanding participants and their needs to discuss designs of the models and how it will influence users, should be considered.

A study was conducted by Abelein and Peach, in the year 2012, to evaluate the proposal used in IT projects for the enhancement of user-developer communication ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1754bv6squ","properties":{"formattedCitation":"(Abelein & Paech, 2012)","plainCitation":"(Abelein & Paech, 2012)"},"citationItems":[{"id":931,"uris":["http://zotero.org/users/local/p8kwKNoG/items/4AN4EMQX"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/4AN4EMQX"],"itemData":{"id":931,"type":"paper-conference","title":"A proposal for enhancing user-developer communication in large IT projects","container-title":"2012 5th International Workshop on Co-operative and Human Aspects of Software Engineering (CHASE)","publisher":"IEEE","page":"1-3","ISBN":"1-4673-1824-8","author":[{"family":"Abelein","given":"Ulrike"},{"family":"Paech","given":"Barbara"}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Abelein & Paech, 2012). The research has suggested that user-developer communication approaches can significantly improve system quality and user acceptance. As it is understood that IT projects that are working on a large scale need essentially increased participation and high complexity, therefore, software development and technical specifications are required. The study has identified several trigger points to communicate, such as, variations in primary user needs as a means of communication. Models are significantly required to be developed, to improve user requirements.

It has been observed that user participation is important in effective software systems. Disturbed and altered communication among developers and users is essentially important for the functioning of systems. Better communication can enhance large scale production and project achievement(s). Certain factors can significantly influence communication such as weak interactions among developers and users, coordination among workers and experts to promote a large-scale IT project. These communication gaps were identified through surveys and interviews to improve developer-user interactions. The interviews identified certain factors that are helpful in applying approaches and methodologies to improve user-developer interactions and communication for the promotion of large-scale IT projects.

Collaboration among team members is essentially required to be maintained in a project. The requirements should be developed in accordance with the user and project needs. The research was conducted by Marczak and Damian in 2011, to identify the structure of need-driven interaction in shaping communication strategies ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a21gvcr8qqd","properties":{"formattedCitation":"(Marczak & Damian, 2011)","plainCitation":"(Marczak & Damian, 2011)"},"citationItems":[{"id":933,"uris":["http://zotero.org/users/local/p8kwKNoG/items/R3X6NKR6"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/R3X6NKR6"],"itemData":{"id":933,"type":"paper-conference","title":"How interaction between roles shapes the communication structure in requirements-driven collaboration","container-title":"2011 IEEE 19th International Requirements Engineering Conference","publisher":"IEEE","page":"47-56","ISBN":"1-4577-0924-4","author":[{"family":"Marczak","given":"Sabrina"},{"family":"Damian","given":"Daniela"}],"issued":{"date-parts":[["2011"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Marczak & Damian, 2011). The study has analyzed that better communication and interaction between necessities and workers can significantly improve goal achievement processes of engineering projects. The study has evaluated that network analysis and better identification of needs and requirements are also helpful in shaping communication strategies. Experts are needed to identify and evaluate the needs of users and projects to effectively develop communication approaches for a successful project.

Various studies have found that handshaking can identify effective requirements for communication and implementation of proposals. Requirements engineering emphasize on better description practices, however, it has been found that effective strategies are essentially dependent on it. Ineffective communication can significantly influence customers’ wishes and it would be hard to run a project without proper assent. It has been found from a study conducted by Fricker and colleagues in the year 2010, that handshaking can significantly improve proposal agreements, and negotiation can also outcome in better and effective communication ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"amd8pcrogk","properties":{"formattedCitation":"(Fricker, Gorschek, Byman, & Schmidle, 2010)","plainCitation":"(Fricker, Gorschek, Byman, & Schmidle, 2010)"},"citationItems":[{"id":934,"uris":["http://zotero.org/users/local/p8kwKNoG/items/NW4BEEDI"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/NW4BEEDI"],"itemData":{"id":934,"type":"article-journal","title":"Handshaking with implementation proposals: Negotiating requirements understanding","container-title":"IEEE software","page":"72-80","volume":"27","issue":"2","author":[{"family":"Fricker","given":"Samuel"},{"family":"Gorschek","given":"Tony"},{"family":"Byman","given":"Carl"},{"family":"Schmidle","given":"Armin"}],"issued":{"date-parts":[["2010"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Fricker, Gorschek, Byman, & Schmidle, 2010). The best working solutions should be reliable, cooperative and effective through handshaking and negotiation to get approvals and agreements for a project.

It is significantly important for an engineering project to be managed, especially software development systems. If system requirements specification will fulfil its roles and collaboration would be effective, then interest and input from stakeholders would be greater. Collaborative and effective management is required for a commercial project as well as a tool that enables software requirements. The chief requirement of a highly dynamic software is its support and flexibility. The article published in 2001 and conducted by M. Lang to describe that collaborative software is essentially required for the requirements engineering ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2d53lg113e","properties":{"formattedCitation":"(Lang & Duggan, 2001)","plainCitation":"(Lang & Duggan, 2001)"},"citationItems":[{"id":935,"uris":["http://zotero.org/users/local/p8kwKNoG/items/FTAP6QRZ"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/FTAP6QRZ"],"itemData":{"id":935,"type":"article-journal","title":"A tool to support collaborative software requirements management","container-title":"Requirements Engineering","page":"161-172","volume":"6","issue":"3","author":[{"family":"Lang","given":"Michael"},{"family":"Duggan","given":"Jim"}],"issued":{"date-parts":[["2001"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Lang & Duggan, 2001). Collaborative tools along with an effective design for the management of software is practically important for the engineering projects.

Agile development is specifically dependent on effective communication and feedback. For a project, it is significantly important to note and improve their projects according to the need of users and therefore goals and objectives are dependent on their feedback. The study has utilized an impact on user communication on problems in software of Agile development and was conducted by Korkala in the year 2006 ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1umsgc3r4q","properties":{"formattedCitation":"(Korkala, Abrahamsson, & Kyllonen, 2006)","plainCitation":"(Korkala, Abrahamsson, & Kyllonen, 2006)"},"citationItems":[{"id":937,"uris":["http://zotero.org/users/local/p8kwKNoG/items/5DH3EPMC"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/5DH3EPMC"],"itemData":{"id":937,"type":"paper-conference","title":"A case study on the impact of customer communication on defects in agile software development","container-title":"AGILE 2006 (AGILE'06)","publisher":"IEEE","page":"11 pp.-88","ISBN":"0-7695-2562-8","author":[{"family":"Korkala","given":"Mikko"},{"family":"Abrahamsson","given":"Pekka"},{"family":"Kyllonen","given":"Pekka"}],"issued":{"date-parts":[["2006"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Korkala, Abrahamsson, & Kyllonen, 2006). Three case studies were analyzed and have evaluated that selection of communication methods is essentially important for the development of Agile software. Face-to-face communication methods and effective and flexible software managements are crucial for better performance. It has been observed that increased pliability on less enlightening communication channels outcomes in greater defect rates.

In worldwide dispersed software plans, the expansion and analysis are frequently distributed through numerous places, starting simulated groups. Additionally, the dispersed plans are so intricate that nobody from team associates can perhaps own all the information about the plan, independently. The study was conducted by Daniela and colleagues in the year 2016 to identify the means of communication among developers and testers ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a6m5bipaj8","properties":{"formattedCitation":"{\\rtf (Cruzes, Moe, & Dyb\\uc0\\u229{}, 2016)}","plainCitation":"(Cruzes, Moe, & Dybå, 2016)"},"citationItems":[{"id":938,"uris":["http://zotero.org/users/local/p8kwKNoG/items/X56BP63T"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/X56BP63T"],"itemData":{"id":938,"type":"paper-conference","title":"Communication between developers and testers in distributed continuous agile testing","container-title":"2016 IEEE 11th International Conference on Global Software Engineering (ICGSE)","publisher":"IEEE","page":"59-68","ISBN":"1-5090-2680-0","author":[{"family":"Cruzes","given":"Daniela S."},{"family":"Moe","given":"Nils B."},{"family":"Dybå","given":"Tore"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cruzes, Moe, & Dybå, 2016). Various companies have observed several global software problems particularly in agile testing. Depending upon the task and target, means of communication need to be changed as present communication among testers through written communication ways are not found as effective.

The most communication, highly critical between software engineering requirements, is software development and communication among workers. An empirical analysis was performed by Rodina and the colleagues in the year 2012 to assess means of communication for negotiation ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"alodtfac1e","properties":{"formattedCitation":"(Rodina, Amjed, & Zarinah, 2012)","plainCitation":"(Rodina, Amjed, & Zarinah, 2012)"},"citationItems":[{"id":939,"uris":["http://zotero.org/users/local/p8kwKNoG/items/B5W4Y8UF"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/B5W4Y8UF"],"itemData":{"id":939,"type":"paper-conference","title":"An empirical assessment of the use of different communication modes for requirement elicitation and negotiation using students as a subject","container-title":"2012 IEEE Symposium on Computers & Informatics (ISCI)","publisher":"IEEE","page":"70-74","ISBN":"1-4673-1686-5","author":[{"family":"Rodina","given":"Ahmad"},{"family":"Amjed","given":"Tahir"},{"family":"Zarinah","given":"Mohd Kasirun"}],"issued":{"date-parts":[["2012"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Rodina, Amjed, & Zarinah, 2012). Students were used as subjects for software requirements engineering and the study evaluated that three main communication modes are effective in satisfaction of consumers. Communication mode, face-to-face, was the most effective way to satisfy customers and to negotiate among consumers. The practical implication for better performance needs to be updated as good communication mode, such as, one-to-one communication.

The product management collaboration and assess concerns of market and product development are the essentials of software development. The technological aspects should be considered for the growth of requirements engineering. New models and communication means should be addressed, evaluated and assessed to see how collaborative an organization is to promote its products. The article was published in the year 2008 and was conducted by Fricker and the colleagues ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1g8n58vfap","properties":{"formattedCitation":"(Fricker, Gorschek, & Glinz, 2008)","plainCitation":"(Fricker, Gorschek, & Glinz, 2008)"},"citationItems":[{"id":940,"uris":["http://zotero.org/users/local/p8kwKNoG/items/BQ6DS7MC"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/BQ6DS7MC"],"itemData":{"id":940,"type":"paper-conference","title":"Goal-oriented requirements communication in new product development","container-title":"2008 Second International Workshop on Software Product Management","publisher":"IEEE","page":"27-34","ISBN":"1-4244-4083-1","author":[{"family":"Fricker","given":"Samuel"},{"family":"Gorschek","given":"Tony"},{"family":"Glinz","given":"Martin"}],"issued":{"date-parts":[["2008"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Fricker, Gorschek, & Glinz, 2008). It is important for practical implications to orient and establishes goal-oriented and effective communication modes. The project of software and IT significantly depend on effective and efficient engineering knowledge and communication.

The software requirements need change, such as, requirements-associated network to create information and knowledge among developmental team members. It has been observed that providing developmental feedbacks and visions to the team associates can significantly improve requirements engineering. The project plans and creating awareness among developers and users can improve performance as well. Awareness change is essentially important, as it was conducted by Kwan and the colleagues in the year 2006 ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1mrmeh12f4","properties":{"formattedCitation":"(Kwan, Damian, & Storey, 2006)","plainCitation":"(Kwan, Damian, & Storey, 2006)"},"citationItems":[{"id":941,"uris":["http://zotero.org/users/local/p8kwKNoG/items/D8AS8J2N"],"uri":["http://zotero.org/users/local/p8kwKNoG/items/D8AS8J2N"],"itemData":{"id":941,"type":"paper-conference","title":"Visualizing a requirements-centred social network to maintain awareness within development teams","container-title":"2006 First International Workshop on Requirements Engineering Visualization (REV'06-RE'06 Workshop)","publisher":"IEEE","page":"7-7","ISBN":"0-7695-2711-6","author":[{"family":"Kwan","given":"Irwin"},{"family":"Damian","given":"Daniela"},{"family":"Storey","given":"Margaret-Anne"}],"issued":{"date-parts":[["2006"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kwan, Damian, & Storey, 2006). Social network and associations among developers are required to be developed to improve communication and collaboration. Practical implications should be emphasized through awareness and requirement variations among contributors and developers.

Subject: IT

Pages: 6 Words: 1800

Read

Network And Server Security

[Your Name]

[Instructor Name]

[Course Number]

[Date]

Network and Server Security

A Denial-of-Service (DoS) attack is a term used to define a cyber-attack that intends to halt a network, rendering it inaccessible to the legitimate users (Rengaraju, 2). A DoS attack is initiated by sending a flood of traffic to the target or giving it any information that causes it to crash (Rengaraju, 2).

For years, DoS attacks have been witnessed. However, some of the DoS attacks that did the rounds on the media are discussed ahead. In February 2018, GitHub fell victim to the DoS attack. GitHub is a famous platform where individuals share open-source editable source code. The recorded traffic was 1.35 terabits per second. In 2014, another massive attack rocked Occupy Central; a Hong Kong based democratic movement (Rengaraju, 2). The traffic that was recorded peaked to 500 gigabits per second. During the same year, a famous security provider, CloudFlare, was attacked with the incoming traffic recorded at 400 gigabits per second. During the year 2012, a chain of banks in the US was attacked. There were 5 banks were targeted in this attack with 60 gigabits of traffic per second flooding hundreds of servers of these banks.

There are certain ways through which a DoS attack can be prevented. The primary step that any organization can undertake to secure itself from the DoS attacks is to buy more bandwidth (Rengaraju, 3). It will help in comfortably handling the increased traffic sent from hackers. Another way to prevent DoS is to ensure that all the information of an organization does not reside on a single server (Rengaraju, 4). Furthermore, organizations can configure their network hardware to put up a strong resistance against the DoS attacks. Furthermore, specific web application firewalls can be used by organizations to make it tougher for hackers to breach in their systems.

Works Cited

BIBLIOGRAPHY Rengaraju, Perumalraja, V. Raja Ramanan, and Chung-Horng Lung. "Detection and prevention of DoS attacks in Software-Defined Cloud networks." 2017 IEEE Conference on Dependable and Secure Computing. IEEE, 2017.

Subject: IT

Pages: 1 Words: 300

Read

Network Architecture

Chimene Tchokoko Diboma

Name of Institution

Network Architecture

Introduction:

Advancements made in the information and communication technology have changed the way people do business. Information systems and computer networks play the role of utility in modern businesses. No business is imaginable without the implementation of computer networks. Financial institutions such as banks are among the businesses most affected by the exponential penetration of information and communication technologies. Before the advent of internet technologies, banks used to maintain financial records manually. But with the advancements and miniaturizations introduced in computer networking technologies have completely changed the operations of banks from manual to digital. All banking institutions offer a plethora of online banking services. People rely on such services for their financial transactions.

All the services provided via online banking systems are based on the existing infrastructure of the internet. The Internet itself was not designed with much security in mind. Therefore, any service using the underlying network architecture of the internet will be inherently insecure. Banking systems use the internet to transfer and maintain sensitive information records making their infrastructure a potential target of cyber-criminals. Banks deal with the personally identifiable information and compromising such information can be very fruitful for criminals ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"XddV3TpL","properties":{"formattedCitation":"(Martin et al., 2017)","plainCitation":"(Martin et al., 2017)","noteIndex":0},"citationItems":[{"id":2,"uris":["http://zotero.org/users/local/BeyJjeak/items/YJKXQLN3"],"uri":["http://zotero.org/users/local/BeyJjeak/items/YJKXQLN3"],"itemData":{"id":2,"type":"paper-conference","title":"OpenFog security requirements and approaches","container-title":"2017 IEEE Fog World Congress (FWC)","publisher":"IEEE","page":"1-6","ISBN":"1-5386-3666-2","author":[{"family":"Martin","given":"Bridget A."},{"family":"Michaud","given":"Frank"},{"family":"Banks","given":"Don"},{"family":"Mosenia","given":"Arsalan"},{"family":"Zolfonoon","given":"Riaz"},{"family":"Irwan","given":"Susanto"},{"family":"Schrecker","given":"Sven"},{"family":"Zao","given":"John K."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Martin et al., 2017). Criminals and hackers all over the world are trying to make their cyber espionage weapons more sophisticated and difficult to detect. The primary motive of 90% of cyber attacks on financial institutions is to harvest monetary benefits by sabotaging the information technology infrastructure of such financial institutions.

A most important factor in banking services is the trust of the customers. People do use banking systems due to the trust they have in such financial institutions globally. Therefore, the protection of digital records and financial systems from cyber-criminals is the responsibility of the bank. If a bank is going to suffer a data breach, then along with financial implications of that breach there will be severe reputation loss as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"guKf1yFg","properties":{"formattedCitation":"(Jungwirth & La Fratta, 2016)","plainCitation":"(Jungwirth & La Fratta, 2016)","noteIndex":0},"citationItems":[{"id":4,"uris":["http://zotero.org/users/local/BeyJjeak/items/UPJVDHNX"],"uri":["http://zotero.org/users/local/BeyJjeak/items/UPJVDHNX"],"itemData":{"id":4,"type":"paper-conference","title":"OS friendly microprocessor architecture: Hardware level computer security","container-title":"Cyber Sensing 2016","publisher":"International Society for Optics and Photonics","page":"982602","volume":"9826","author":[{"family":"Jungwirth","given":"Patrick"},{"family":"La Fratta","given":"Patrick"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Jungwirth & La Fratta, 2016). Banks use network infrastructure to handle communications and financial actions linked to the internet known as the network infrastructure. The report analyzed the network architecture of a bank to look for possible risks of data loss and their mitigation techniques.

Overview of Network Architecture:

Banks use several information and communication technology components to govern their operations. All the components are collectively known as the network architecture of a particular bank. The details of various components in the network architecture of a bank are given as under. Banks use end computers also known as hosts that are used by the employees. Hosts are typical computers found everywhere. All these computers are connected to the main central computer of the bank known as the server that hosts the database of all financial records of the bank. Communication between the host and server computer is accomplished via internet connectivity ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"JEzl6lnX","properties":{"formattedCitation":"(Mbelli & Dwolatzky, 2016)","plainCitation":"(Mbelli & Dwolatzky, 2016)","noteIndex":0},"citationItems":[{"id":5,"uris":["http://zotero.org/users/local/BeyJjeak/items/ASJVBQSX"],"uri":["http://zotero.org/users/local/BeyJjeak/items/ASJVBQSX"],"itemData":{"id":5,"type":"paper-conference","title":"Cyber security, a threat to cyber banking in South Africa: An approach to network and application security","container-title":"2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud)","publisher":"IEEE","page":"1-6","ISBN":"1-5090-0946-9","author":[{"family":"Mbelli","given":"Thierry Mbah"},{"family":"Dwolatzky","given":"Barry"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Mbelli & Dwolatzky, 2016). As the internet is a public network and banks cannot afford to use a public network for sensitive financial information transfer, therefore, all banks use specialized components to secure the transactions. Host computer sending any request message to the server is known as the client and the main computer serving the requested information is known as the server. Banks use the client-server paradigm of computer networking.

Message sent from the bank to the server is known as the source message and the message received as a result of the source message is known as the destination message. Different protocols can be used for source and destination messages. Information is transferred in the network in the form of network packets. User datagram also known as UDP protocol is a protocol used for network packet transfer in environments where low latency is required such as domain name resolution services. UDP does not guarantee that the packet sent from the source will reach the destination. It is the simplest network communication protocol. However, as it does not provide guaranteed packet delivery it cannot be used in banking systems. Banks use transmission control protocol (TCP) also known as internet protocol (IP) ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Au3WeJX9","properties":{"formattedCitation":"(Spiers, Halas, Schimmel, & Provencher, 2015)","plainCitation":"(Spiers, Halas, Schimmel, & Provencher, 2015)","noteIndex":0},"citationItems":[{"id":6,"uris":["http://zotero.org/users/local/BeyJjeak/items/LXCBX6U4"],"uri":["http://zotero.org/users/local/BeyJjeak/items/LXCBX6U4"],"itemData":{"id":6,"type":"book","title":"Secure network cloud architecture","publisher":"Google Patents","author":[{"family":"Spiers","given":"Bradford T."},{"family":"Halas","given":"Miroslav"},{"family":"Schimmel","given":"Richard A."},{"family":"Provencher","given":"Donald P."}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Spiers, Halas, Schimmel, & Provencher, 2015). TCP is a network communication protocol that guarantees the packet delivery to the destination. It uses acknowledgment packets so that source is aware of the fact whether the packet has been transferred successfully or not.

Each computer in the network including the server is identified by a unique numerical address known as the IP address. Ip address is used to send the messages across the network. An IP address in the network serves the same purpose as the physical address of a person. There are two versions of the IP addresses currently available. The first is known as the IPv4 and the second is IPv6. IP version 4 is a 32-bit address that is used to identify a unique computer on the network. Many applications may be running on the computer connected to a network. All of the applications may be using network resources and a single IP address will be shared by the applications ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"VfLN8o4e","properties":{"formattedCitation":"(Hyun, Kim, Hong, & Jeong, 2017)","plainCitation":"(Hyun, Kim, Hong, & Jeong, 2017)","noteIndex":0},"citationItems":[{"id":7,"uris":["http://zotero.org/users/local/BeyJjeak/items/LC46TTC7"],"uri":["http://zotero.org/users/local/BeyJjeak/items/LC46TTC7"],"itemData":{"id":7,"type":"paper-conference","title":"SDN-based network security functions for effective DDoS attack mitigation","container-title":"2017 International Conference on Information and Communication Technology Convergence (ICTC)","publisher":"IEEE","page":"834-839","ISBN":"1-5090-4032-3","author":[{"family":"Hyun","given":"Daeyoung"},{"family":"Kim","given":"Jinyoug"},{"family":"Hong","given":"Dongjin"},{"family":"Jeong","given":"Jaehoon Paul"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hyun, Kim, Hong, & Jeong, 2017). To differentiate between different applications different ports are used for data transmission. Each application protocol may have a different designated port. For example, the typical web traffic of HTTP protocol uses port number 80. The same port cannot be used by any other application. Email applications use port number 109 or 110 or both in some cases depending on the protocol used for email message transfer. Most the banks use a wired medium such as Ethernet cables for connectivity. However, for intra-branch connectivity wireless network can be used as well.

Bank uses a combination of technologies to protect network architecture from cyber-attacks. The purpose of these technologies is to ensure the confidentiality, integrity, and availability of the information. One such system implemented by the evaluated bank was the intrusion prevention and intrusion detection system. An intrusion detection system is a hardware component that protects the internal network of the bank against unauthorized access. Intrusion prevention system, on the other hand, prevents any attempts to compromise the network traffic. It monitors each and every transmitted packet against predefines set of rules to check malicious characteristics present in the packet. If a packet shows certain characteristics of the malicious packets it will be dropped by the intrusion prevention system. Intrusion prevention system plays its role when a computer with different destination address tries to maneuver a packet destined to some other host in the network.

A hardware-based firewall is used to protect the internal resources from hacking attempts. When an application on the host machine is closed, the corresponding network port opened by that application may remain open potentially turning it into a security hole. Hackers can use port scanning techniques to look for unused open ports in the network and then exploit them for financial benefits or to deliver malicious code to network nodes. A firewall is a crucial component in the network architecture of the bank because it blocks port scanning attempts and various other attack vectors as well ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"flyrlleE","properties":{"formattedCitation":"(Kate, 2016)","plainCitation":"(Kate, 2016)","noteIndex":0},"citationItems":[{"id":8,"uris":["http://zotero.org/users/local/BeyJjeak/items/WRNCBD4E"],"uri":["http://zotero.org/users/local/BeyJjeak/items/WRNCBD4E"],"itemData":{"id":8,"type":"paper-conference","title":"Introduction to credit networks: security, privacy, and applications","container-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","publisher":"ACM","page":"1859-1860","ISBN":"1-4503-4139-X","author":[{"family":"Kate","given":"Aniket"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kate, 2016). IDS and IPS systems are used to aid the functionality of the firewall system as the firewall only consider the traffic from outside of the network Any attack initiated from within the network such as an insider attack can easily bypass the firewall defense system. As all of the communication is done using the network addresses known as the IP addresses banks use network address translation routers to hide internal network addresses. Only a single IP address of the NAT router is used to identify a whole branch of the bank and its network.

Network Attacks:

There are a plethora of attacks against any networked environment. In recent decades computer threats have not only grown in numbers but in the complexity of their operation as well. When a message is transmitted from a source for the destination, the contents of the message can be intercepted and modified in transit. Which is something that cannot be afforded in banking systems? A network attack in which network packets can be captured and modified by unauthorized parties is known as man in the middle attacks. Confidentiality of the information, as well as the integrity of the network packets, is compromised in these attacks. Along with the man in the middle attacks, attackers can use several other methods to sabotage the network of the bank. Cache poisoning attacks are utilized by the attackers to redirect legitimate applications to compromised services. There is no way for the operator to know whether the application is contacting to a legitimate server or a compromised server deployed by the attacker ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"oyjMuHlc","properties":{"formattedCitation":"(White, Fisch, & Pooch, 2017)","plainCitation":"(White, Fisch, & Pooch, 2017)","noteIndex":0},"citationItems":[{"id":9,"uris":["http://zotero.org/users/local/BeyJjeak/items/IH5AEXMR"],"uri":["http://zotero.org/users/local/BeyJjeak/items/IH5AEXMR"],"itemData":{"id":9,"type":"book","title":"Computer system and network security","publisher":"CRC press","ISBN":"1-351-45872-8","author":[{"family":"White","given":"Gregory B."},{"family":"Fisch","given":"Eric A."},{"family":"Pooch","given":"Udo W."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (White, Fisch, & Pooch, 2017). Most of the banks use cache servers to lower the latency and round-trip time of the requests in the network. The cache server can be compromised by the attackers in cache poisoning attacks. Vulnerabilities are the security holes in the installed architecture either software or hardware that are known to the attackers and can be used to exploit the network. Vulnerabilities in the network architecture serve a similar purpose for the attackers as an open window in a locked house for the thief.

Banks utilize the concept of honey pots to trap network attacks such as cache poisoning and exploitation of the security holes. A honeypot is a network device that looks like the network of the bank to the traffic from the outside of the network. A honeypot effectively mimics the network of the bank and deflect the attacks from the original network. Attackers attempt to compromise honeypots and security officers of the bank will learn about the tactics used to compromise the network. The knowledge gained from the attacks in honeypots will be utilized to strengthen the actual system defenses in the long run. Traffic monitoring and analysis tools can help in determining whether a honeypot is trapping the cyberattacks or not. If there are visible anomalies in network traffic being monitored for the honeypot then it is obvious that the attacks are being deflected form original system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"dYHWwsKp","properties":{"formattedCitation":"(Ekberg, 2016)","plainCitation":"(Ekberg, 2016)","noteIndex":0},"citationItems":[{"id":10,"uris":["http://zotero.org/users/local/BeyJjeak/items/JBZHXZ4L"],"uri":["http://zotero.org/users/local/BeyJjeak/items/JBZHXZ4L"],"itemData":{"id":10,"type":"book","title":"Partially virtualizing PCR banks in mobile TPM","publisher":"Google Patents","author":[{"family":"Ekberg","given":"Jan-Erik"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ekberg, 2016). If no new connections are being observed in the honeypot network, then it may not be functioning as intended and attackers may have visibility into the actual network of the bank. False positives are files or attacks that are blocked by the honeypots or other defense application in the bank while they are benign. If a legitimate activity is blocked by the defense systems of the bank the event is considered to be false positive. When an actual threat is not blocked by the defenses then the event is known as the false negative. A false negative is more dangerous than a false positive event because a missed threat can compromise the entire network of the bank whereas a false positive can be easily whitelisted by the security teams.

Network Traffic Analysis and Results:

Various tools can be used to monitor the network traffic of the banks. Popular network monitoring tools include Wireshark, packet tracer and tcpdump. TCP dump tool was used to analyze the traffic on the network of the bank. In normal condition, the traffic was analyzed and logged for reference. The step is necessary for differentiating the abnormal traffic on the network from the normal traffic in the network. Captured packets revealed the source and destination addresses of the packets as well as the port numbers of the destination application. Although the actual payload of the packets was not revealed in the analysis, the address revelation can also be used for targeted attacks such as the denial of service attacks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"eZHHvdTm","properties":{"formattedCitation":"(Kennedy et al., 2016)","plainCitation":"(Kennedy et al., 2016)","noteIndex":0},"citationItems":[{"id":11,"uris":["http://zotero.org/users/local/BeyJjeak/items/G6VBDWHG"],"uri":["http://zotero.org/users/local/BeyJjeak/items/G6VBDWHG"],"itemData":{"id":11,"type":"book","title":"Systems and methods for implementing and scoring computer network defense exercises","publisher":"Google Patents","author":[{"family":"Kennedy","given":"Scott"},{"family":"Ayers","given":"II Carleton Rose"},{"family":"Banks","given":"Susan"},{"family":"Allison","given":"Ian Carroll"},{"family":"Spencer","given":"Myoki Elizabeth"},{"family":"Diaz","given":"Michael Anthony"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kennedy et al., 2016). The fact was also verified by running a denial of service attack against the destination address found in the captured packets. In denial of service attack, fake requests are generated to the target causing congestion on the network link. Legitimate connections to the destination server were blocked as a result of the attack.

A successful attack on the destination server revealed the vulnerabilities in the defense mechanism of the destination server that is also a crucial component of eth overall network infrastructure of the bank. The attack revealed that the outside traffic is not blocked properly from reaching the destination service ports. A misconfigured firewall can be a cause of the problem. However, efficient intrusion detection system may have flagged the abnormal traffic at any stage of the attack. The revelation of port numbers in the packets analyzed using the packet capturing tool is dangerous and it can allow the compromise of the entire network environment of the bank.

Recommended Remediation Strategies:

The discovered vulnerabilities in the network of the bank and associated risks can be mitigated by deploying a comprehensive logging and auditing server at each branch of the bank. A logging system will log all network traffic activity and will help in the reconstruction of the events in case of a successful breach. The logging server must be protected by deploying a reverse proxy solution because in most of the targeted attacks the criminals also try to remove the traces of their actions from logging server. The reverse proxy will not allow incoming connections to the logging server. The auditing applications will provide granular visibility into the network activities performed by the employees and criminals as well. All of the opened ports must be closed immediately as soon as the application is closed. All of the application not being used in the network must be removed completely from all of the endpoints to reduce the attack surface of the bank. These measures will help in protecting the confidentiality, integrity, and availability of the vital information required for business continuity.

Joint Network Defense Bulletin

Attacks on financial institutions are increasing at an exponential rate. Hackers are employing sophisticated encryption algorithms to encrypt critical information files on targeted machines and then demand the ransom money for the decryption key. Even if the ransom amount is paid to the criminals there is no guarantee that the files will be decrypted. Therefore, network protection is inevitable in banking environments. All of the bank branches in the United States must install logging servers and protect them with reverse proxies as well. Logging and auditing of the logs collected are inevitable to identify criminal activity in the network.

Firewalls must be configured appropriately to block all of the unwanted connections and port scanning attacks. The data must be transmitted using secure sockets layer protocol to avoid damage caused by the man in the middle attacks. If the network packets are end to end encrypted then the integrity will be ensured. It will be ensured that the payload of an IP packet is not tampered with by any unauthorized party. Security training of the employees must be an essential requirement for all banks and financial institutions. Employees must be aware of social engineering attacks such as phishing and spam email attacks. Almost 65% of attacks investigated in the banking sector were initiated from within the network of the bank by the employees. By following the recommended security standards, we will be able to create a secure digital banking ecosystem not possible otherwise.

References

ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Ekberg, J.-E. (2016). Partially virtualizing PCR banks in mobile TPM. Google Patents.

Hyun, D., Kim, J., Hong, D., & Jeong, J. P. (2017). SDN-based network security functions for effective DDoS attack mitigation. 2017 International Conference on Information and Communication Technology Convergence (ICTC), 834–839. IEEE.

Jungwirth, P., & La Fratta, P. (2016). OS friendly microprocessor architecture: Hardware level computer security. Cyber Sensing 2016, 9826, 982602. International Society for Optics and Photonics.

Kate, A. (2016). Introduction to credit networks: security, privacy, and applications. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 1859–1860. ACM.

Kennedy, S., Ayers, I. C. R., Banks, S., Allison, I. C., Spencer, M. E., & Diaz, M. A. (2016). Systems and methods for implementing and scoring computer network defense exercises. Google Patents.

Martin, B. A., Michaud, F., Banks, D., Mosenia, A., Zolfonoon, R., Irwan, S., … Zao, J. K. (2017). OpenFog security requirements and approaches. 2017 IEEE Fog World Congress (FWC), 1–6. IEEE.

Mbelli, T. M., & Dwolatzky, B. (2016). Cyber security, a threat to cyber banking in South Africa: An approach to network and application security. 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud), 1–6. IEEE.

Spiers, B. T., Halas, M., Schimmel, R. A., & Provencher, D. P. (2015). Secure network cloud architecture. Google Patents.

White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC press.

Subject: IT

Pages: 8 Words: 2400

Read

Network Engineer

Student’s Name

University |Affiliation

Abstract

A network engineer is a technology professional who possesses the required skills to plan, implement and supervise computer network activities to encourage the success of some activities such as in-house voice, video, and wireless services (Erstad, 2018). A network engineer performs different tasks that tend to improve the connection between various computer networks. Even though in most instance, the job title of network engineers and network administrators are used interchangeably, network engineer performs more advanced responsibilities than network administrators (Erstad, 2018). The concept of engineering primarily focusses more on planning, designing, and technical provisions, which are more advanced compared to the activities of a network administrator.

Job description

Responsibilities of a network engineer

Typically, network engineers perform various activities that directly relate to their professional qualifications. A network engineer is concentrating on maintaining and administering computer systems and networks, among other computing components such as application software, network configuration, system software, and hardware maintenance (Erstad, 2018). Besides, network engineers perform disaster management and recovery operation of significant data components. This helps to backup lost data that might cause considerable losses to organizations if not recovered. Network engineers engage in protecting organizational data, hardware, and software by initiating proper planning, coordination, and implementation of network security measures.

Specific tasks performed by network engineer

Despite the duties assigned to network engineers, many responsibilities are performed by a network engineer that does not appear in their job description lists (Network Engineer, 2019). Most of these tasks help in improving the smooth running of engineering activities within the organization to achieve organizational goals.

Supervision of network connection

First, network engineers engage in general supervision of network connection between different units in an organization to facilitate good coordination between various departments (Network Engineer, 2019). Besides, a network engineer engages in work closely with project managers to running different projects that aim at managing capacity and carrying out on-site support.

Configuring of firewalls

Network engineer performs configuration of firewalls rerouting of different network channels to switch to maximum network efficiency that supports the achievement of various organizational goals and objectives (Network Engineer, 2019). Rerouting of network channels helps in creating better channels that can create smooth running of all organizational activities to achieve efficiency.

Reporting vital network status to key stakeholders

Network engineers are mandated by the management of a company to report all network conditions to critical stakeholders (Network Engineer, 2019). Reporting of network status to stakeholders help to help to come up with appropriate solutions to various network challenges.

Contents of network engineer advert content

Usually, a job advert for a network engineer contains various components. First, job qualification is one of the critical elements contained in a job advert (Network Engineer, 2019). Also, the responsibilities and duties of qualified personnel are highlighted to give applicants brief ideas of what they should do if selected to serve as a network engineer.

Qualification for a network engineer

Generally, for an individual to become a network engineer, various requirements must be met. Many colleges and universities offer engineering courses which equip engineering students with skills to perform network engineering roles (Network Engineer, 2019). As such, a qualified network engineer needs to have an associate degree to access entry-level into the job market as well as performing engineering roles effectively. Besides, a network engineer may be required to hold a bachelor's degree in computer science and any other additional experience and qualifications that can enable them to perform their roles.

Furthermore, a network engineer may also be required to possess some technical skills such as analytical skills, organizational skills, and leadership skills to help run various organizational activities (Network Engineer, 2019). Such skills can help network engineer to solve multiple organizational problems that good performances of some critical actions.

Career possibilities of network engineer

Salary compensation of network engineers varies depending on factors such as academic level, work experience, and performance of network engineers at workplaces (Network Engineer, 2019). As such, network engineer earns salaries that range between $ 46,500 to more than $ 115,000 yearly depending on their skills and abilities to perform duties assigned to them. On top of t basic salaries, a network engineer can also earn bonuses, and the extra employer offers that which may arise to increase in organizational performance (Network Engineer, 2019). Lastly, a network engineer is required to work a minimum of 40 hours a week to receive reasonable compensation.

Types of industries where network engineer is found

Network engineer serves in different sectors of the economy depending on the nature of work performed in those in those sectors. There are various fields where network engineers are found (Network Engineer, 2019). The manufacturing industry is one of the departments in an organization where network engineers are found because of the roles they perform. Network engineers perform connections work in such a department to connect different activities with personnel to facilitate the smooth running of organizational actions (Network Engineer, 2019). Besides, the network engineer is found in telecommunication department sectors where they perform different activities. In most cases, they connect different units using computer networks to facilitate good coordination. As such, it is essential to have qualified professionals to serve in different positions.

Preparation for being a network engineer

Qualifications for a network engineer depends on the type of activities that are performed in an organization. Overall, various requirements must be met to personnel to become a network engineer. Some of the necessary qualifications that must be met by an individual to become network engineers are as discussed below.

First, one should hold CCIP Cisco qualifications. Cisco qualification comprises of technical skills that enable a professional to perform various activities that cannot be achieved by other professionals (Network Engineer, 2019).

In addition to CCIP Cisco qualification, a network engineer should possess Network + (CompTIA) qualifications (Network Engineer, 2019). Such skills help network engineers to perform various computer network activities to enable them to achieve their goals. Therefore, network engineers need to pursue such courses to equip them with skills and knowledge (Network Engineer, 2019).

WCNA (Wires hark is another required professional course that should be pursued by network engineers to acquire particular skills and knowledge that can help perform different tasks in an organization.

Network engineers gain experience at workplaces based on the type of activities they perform in their line of duties (Network Engineer, 2019). The number of years a network engineer works to make them gain more experience to perform various activities.

Fulfillment of gifting

Employers give network engineers gifts based on the type of activities they do in their daily activities. In most instances, engineers are gifted based on their performance and contribution to the organization (Mccauley, 2019). For example, in many companies in different sectors in the United States, network engineers are given extra pay based on the number of additional hours worked for apart from their regular working hours. Gifts given to employees motivate them to work hard to achieve organizational objectives because they feel like part of the company. Besides professional qualifications, network engineers should have some technical skills such as analytical skills, organizational skills, and leadership skills to help run various organizational activities (Mccauley, 2019). Such skills can help network engineers to solve multiple organizational problems that good performances of some critical actions. Such skills can enable network engineers to perform technical roles that do not acquire through professional training.

Conclusively, network engineer performs various activities that are directly linked with their professional training and qualifications. Some of the operations performed by network engineers include supervision of network connection between different units in an organization to facilitate good coordination between different departments. Secondly, Network engineer shows a configuration of firewalls rerouting of different network channels to switch to maximum network efficiency that supports the achievement of various organizational goals and objectives (Hamilton, 2015). Also, network engineers perform reporting of network status to stakeholders help to help to come up with appropriate solutions to various network challenges. Besides duties for a person to be a network engineer, different professional qualifications must be met. Some of these qualifications include: Having an associate degree to access entry-level into the job market as well as performing engineering roles effectively. Besides, a network engineer may be required to hold a bachelor's degree in computer science and any other additional experience and qualifications that can enable them to perform their roles (Hamilton, 2015).

References

Erstad, W. (2018). What Does a Network Administrator Do? A Behind-the-Scenes Look. Retrieved from https://www.rasmussen.edu/degrees/technology/blog/what-does-a-network-administrator-do/

Hamilton, J. (2015). Day in the Life of a Cleared Network Engineer. Retrieved from https://news.clearancejobs.com/2015/01/23/day-life-cleared-network-engineer/

Mccauley, G. (2019). What is a Network Engineer or Network Administrator? Retrieved from https://www.extnoc.com/blog/what-is-a-network-engineer/

Network Engineer. (2019). Retrieved from https://www.fieldengineer.com/skills/what-is-a-network-engineer

Rouse, M. (2019). Network Engineer. Retrieved from https://searchnetworking.techtarget.com/definition/network-engineer

Subject: IT

Pages: 5 Words: 1500

Read

Network Requirement Analysis And Plan

Project Scope

The scope of the project is to provide a wireless connectivity throughout the Calasanz School to enable following features:

Internet access

Data and information sharing

Improved learning capability

Remote access to documents and resources for students as well as teachers.

The aim of this project is to provide a wireless network for the school. The wireless network needs to be scalable and secure. It should ensure data transmission efficiency with improved reliability. Furthermore, the project will also ensure that the network must not succumb due to traffic congestion and must keep out malicious intruders.

Challenges

Some of the challenges that the school face and needs to be addressed are:

Lack of reliable and secure networking

Lack of centralization of resources

Scalability issues.

User Centric Design Concept and Logic Design

Rationale

As already stated, the basic objectives of the respective LAN design is the integration of the efficiency, functionality, scalability, adaptability, and manageability. Moreover, the elements of cost efficiency and the effectiveness are also considered greatly when opting for certain devices and components such as the wiring options, hubs, and switching choices.

The devices used for the designing of the LAN are also readily available, easy to deploy, convenient to configure and inexpensive to be used at the larger scale, in case the LAN is to be enhanced in the future. The later factor will also be true for the Hybrid topology, i.e. the enhancement of the LAN in the future. Furthermore, it has already been stated that how the respective LAN design offer considerable extent of the reliability, sharing options, robustness, troubleshooting, debugging, management, etc.

Recommendation

Critically analyzing the LAN design, it is observable that following weaknesses exist, such as in case any fault occurs in the main bus topology line, it can halt the entire associated start LAN. Therefore, in the proposed solution, the respective weakness has to be addressed. Enhancing the available resources, the respective objective can be achieved by granting the exclusive as well as dependent autonomy to each of the star topology associated by the bus topology connection. In this way, in case of a failure of connectivity with the central server, the start server can act as an exclusive and independent LAN sub-unit.

Required Hardware

Following are the enlisted specifications of the devices to be purchased for the deployment of the LAN design:

1841 model Router is purchased;

Generic – PT hubs and the servers are purchased;

Hub 3Com Dual having 8 auto sensing ports10/100 Mbps was obtained;

2950 – 24 switches are obtained;

The PC’s and the Printers are also of Generic – PT type.

As per the price details provided by the online Cisco dealer and with respect to the number of devices deployed, following cost were spent over the respective LAN design:

Switches 2950 – 24 => $1048 x 6 = $6288

Hub 3Com=> $67 x 4 = $536

1000 ft Cat 5 100mHz PVC 4 – pair solid UTP => $33

4’’ Patch Cable => $5 x 7 = $35

Network Devices

Network devices can include a wide range of the devices such as the printers, PC’s, etc. Analysts also describe the network devices as the communication devices involving the deployment of the connection devise such as the switches, routers, hubs and the gateways. These devices are more likely to be associated with the Physical and the Data Link layers of the OSI model.

References

Kovacs, J., Bokor, L., Kanizsai, Z., & Imre, S. (2013). Intelligent Multimedia Technologies for Networking Applications: Techniques and Tools, chapter Review of Advanced Mobility Solutions for Multimedia Networking in IPv6. Number Hershey, PA, USA. IGI Global, 25-47.

Ding, A. Y., Korhonen, J., Savolainen, T., Kojo, M., Tarkoma, S., & Crowcroft, J. (2013). Bridge Networking Research and Internet Standardization: Case Study on Mobile Traffic Offloading and IPv6 Transition Technologies. In IAB Workshop on Internet Technology Adoption and Transition (ITAT’13), Internet Architecture Board.

Retana, A., White, R., & Slice, D. (2000). EIGRP for IP: Basic Operation and Configuration. Pearson Education.

Subject: IT

Pages: 4 Words: 1200

Read

Networking And Operating System

RUNNING HEAD: NETWORKING AND OPERATING SYSTEM

Networking and Operating Systems

Stevie

[Name of the institution]

Networking and Operating System

Investigate and describe some new technical developments in operating systems?

Operating system (OS) is a piece of software responsible for appropriate functioning of hardware components. It can be considered as a set of instructions to be executed on the computer hardware. The operating system provides a framework for other applications that run on the hardware ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1at73dstu2","properties":{"formattedCitation":"(Silberschatz et al., 2018)","plainCitation":"(Silberschatz et al., 2018)"},"citationItems":[{"id":2041,"uris":["http://zotero.org/users/local/gITejLE9/items/X7S29MYE"],"uri":["http://zotero.org/users/local/gITejLE9/items/X7S29MYE"],"itemData":{"id":2041,"type":"book","title":"Operating system concepts","publisher":"Wiley","ISBN":"1-119-43925-6","author":[{"family":"Silberschatz","given":"Abraham"},{"family":"Gagne","given":"Greg"},{"family":"Galvin","given":"Peter B."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Silberschatz et al., 2018). It provides a particular environment for applications to use hardware resources. Hardware resource management is performed by an operating system component known as the kernel. With the miniaturisation of computing technologies, operating system technologies are also evolving continuously. Some latest developments include containerization of programs, cloud integration, and mobile device support.

As computer systems are continuously targeted by cyber-criminals, modern operating system developers are introducing new technologies to prevent cyber-attacks. One of the technologies implemented in modern operating systems is known as containerization. In which each program running on the operating system is provided with an isolated environment, where the interaction with other processes and applications is highly restricted ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1tjmbr0k1i","properties":{"formattedCitation":"(Hunt et al., 2018)","plainCitation":"(Hunt et al., 2018)"},"citationItems":[{"id":2044,"uris":["http://zotero.org/users/local/gITejLE9/items/BFENFSFL"],"uri":["http://zotero.org/users/local/gITejLE9/items/BFENFSFL"],"itemData":{"id":2044,"type":"book","title":"Application compatibility with library operating systems","publisher":"Google Patents","author":[{"family":"Hunt","given":"Galen C."},{"family":"Olinsky","given":"Reuben R."},{"family":"Fortin","given":"Michael R."}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hunt et al., 2018). As a result, if the application is compromised by cyber-attacks, the operating system will remain intact. Cloud computing has changed the way people do business. Even small to medium sized organisations rely on cloud computing resources for their operations. Operating systems are also adapting to the cloud computing paradigm by powering significant functionalities of the operating system from cloud such as Chrome OS ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1j63r6g2i1","properties":{"formattedCitation":"(Javed et al., 2018)","plainCitation":"(Javed et al., 2018)"},"citationItems":[{"id":2047,"uris":["http://zotero.org/users/local/gITejLE9/items/YU38R3W9"],"uri":["http://zotero.org/users/local/gITejLE9/items/YU38R3W9"],"itemData":{"id":2047,"type":"article-journal","title":"Internet of Things (IoT) Operating Systems Support, Networking Technologies, Applications, and Challenges: A Comparative Review","container-title":"IEEE Communications Surveys & Tutorials","page":"2062-2100","volume":"20","issue":"3","author":[{"family":"Javed","given":"Farhana"},{"family":"Afzal","given":"Muhamamd Khalil"},{"family":"Sharif","given":"Muhammad"},{"family":"Kim","given":"Byung-Seo"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Javed et al., 2018). Computers are getting smaller and smaller in size. Modern devices are powered by mobile hardware that provides flexibility and usability as compared to mainframe computing systems. Operating systems are adapting to mobile environments by moving critical components into the cloud. Lightweight mobile operating systems are being developed to utilise resources efficiently.

Approaches to providing broadband internet to remote regions in Australia?

Exponential penetration of information and communication technologies in daily life requires high-speed broadband internet for appropriate functioning. While broadband internet is available in most of the developed areas, there are many challenges in providing broadband connectivity to remote areas. Given to the diversity of Australian land that contains deserts, rugged mountains, and grassy landscapes no single technology can cover all these geographical situations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a1lspm7pga2","properties":{"formattedCitation":"(Boulogeorgos et al., 2018)","plainCitation":"(Boulogeorgos et al., 2018)"},"citationItems":[{"id":2050,"uris":["http://zotero.org/users/local/gITejLE9/items/V9LPGRL6"],"uri":["http://zotero.org/users/local/gITejLE9/items/V9LPGRL6"],"itemData":{"id":2050,"type":"article-journal","title":"Terahertz technologies to deliver optical network quality of experience in wireless systems beyond 5G","container-title":"IEEE Communications Magazine","page":"144-151","volume":"56","issue":"6","author":[{"family":"Boulogeorgos","given":"Alexandros-Apostolos A."},{"family":"Alexiou","given":"Angeliki"},{"family":"Merkle","given":"Thomas"},{"family":"Schubert","given":"Colja"},{"family":"Elschner","given":"Robert"},{"family":"Katsiotis","given":"Alexandros"},{"family":"Stavrianos","given":"Panagiotis"},{"family":"Kritharidis","given":"Dimitrios"},{"family":"Chartsias","given":"Panteleimon-Konstantinos"},{"family":"Kokkoniemi","given":"Joonas"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Boulogeorgos et al., 2018). Mountains and grassy landscapes cannot be covered with a single network topology or technology. Therefore, two of the broadband technologies known as optical fibre and wireless communications can be used in providing broadband connectivity to remote areas ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a15vb7egm34","properties":{"formattedCitation":"(Salamin et al., 2018)","plainCitation":"(Salamin et al., 2018)"},"citationItems":[{"id":2053,"uris":["http://zotero.org/users/local/gITejLE9/items/6QLRC6HU"],"uri":["http://zotero.org/users/local/gITejLE9/items/6QLRC6HU"],"itemData":{"id":2053,"type":"article-journal","title":"Microwave plasmonic mixer in a transparent fibre–wireless link","container-title":"Nature photonics","page":"749","volume":"12","issue":"12","author":[{"family":"Salamin","given":"Yannick"},{"family":"Baeuerle","given":"Benedikt"},{"family":"Heni","given":"Wolfgang"},{"family":"Abrecht","given":"Felix C."},{"family":"Josten","given":"Arne"},{"family":"Fedoryshyn","given":"Yuriy"},{"family":"Haffner","given":"Christian"},{"family":"Bonjour","given":"Romain"},{"family":"Watanabe","given":"Tatsuhiko"},{"family":"Burla","given":"Maurizio"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Salamin et al., 2018). Optical fibre networks using technologies such as fibre to the home (FTTH) provides high-speed broadband connectivity to home users as well as businesses. Optical fibre communications are less prone to electromagnetic interferences as the signals are transmitted as pulses of light as compared to electric pulses used in copper wire communications.

Although fibre optical networks provide high-speed broadband internet connectivity, they require extended fibre cable networks to be installed. Installation of delicate fibre cables may not be possible in areas having rugged mountains. To overcome such situations, broadband services can be provided using wireless communication technologies such as the fourth generation of cellular networks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a2fh69himu2","properties":{"formattedCitation":"(Koonen, 2018)","plainCitation":"(Koonen, 2018)"},"citationItems":[{"id":2056,"uris":["http://zotero.org/users/local/gITejLE9/items/EUI84DD3"],"uri":["http://zotero.org/users/local/gITejLE9/items/EUI84DD3"],"itemData":{"id":2056,"type":"article-journal","title":"Indoor optical wireless systems: technology, trends, and applications","container-title":"Journal of Lightwave Technology","page":"1459-1467","volume":"36","issue":"8","author":[{"family":"Koonen","given":"Ton"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Koonen, 2018). Wireless networks can eliminate the need for long wires but may introduce different types of issues. Such as in the case of wireless communications there are electromagnetic interference effects. It is hard to maintain the quality of service in wireless broadband networks due to channel interference. Radio frequency channels used in wireless communications are prone to higher interference effects deteriorating the signal quality. Signal to noise ratio in such networks can be minimised by using specialised modulation techniques; the quality may not surpass optical fibre communications. However, in remote areas such as the Bush area in Australia, wireless broadband communication networks can serve the purpose.

References

ADDIN ZOTERO_BIBL {"custom":[]} CSL_BIBLIOGRAPHY Boulogeorgos, A.-A.A., Alexiou, A., Merkle, T., Schubert, C., Elschner, R., Katsiotis, A., Stavrianos, P., Kritharidis, D., Chartsias, P.-K., Kokkoniemi, J., 2018. Terahertz technologies to deliver optical network quality of experience in wireless systems beyond 5G. IEEE Commun. Mag. 56, 144–151.

Hunt, G.C., Olinsky, R.R., Fortin, M.R., 2018. Application compatibility with library operating systems. Google Patents.

Javed, F., Afzal, M.K., Sharif, M., Kim, B.-S., 2018. Internet of Things (IoT) Operating Systems Support, Networking Technologies, Applications, and Challenges: A Comparative Review. IEEE Commun. Surv. Tutor. 20, 2062–2100.

Koonen, T., 2018. Indoor optical wireless systems: technology, trends, and applications. J. Light. Technol. 36, 1459–1467.

Salamin, Y., Baeuerle, B., Heni, W., Abrecht, F.C., Josten, A., Fedoryshyn, Y., Haffner, C., Bonjour, R., Watanabe, T., Burla, M., 2018. Microwave plasmonic mixer in a transparent fibre–wireless link. Nat. Photonics 12, 749.

Silberschatz, A., Gagne, G., Galvin, P.B., 2018. Operating system concepts. Wiley.

Subject: IT

Pages: 2 Words: 600

Read

Networking Essentials And Security

Networking Essentials and Security

Your Name (First M. Last)

School or Institution Name (University at Place or Town, State)

Networking Essentials and Security

Part 1

Mission Statement

This CSIRT provides assistance and information to the staff of iFinance for reducing the computer security incidents risk as well as responding to these incidents on their occurrence.

Vision Statement

This CSIRT will work to help for creating reliable, clean, and safe cyberspace in the Banking operations of iFinance.

Key Stake Holders

IT Service Providers is one of the significant stakeholders for the CISRT. As it requires for establishing with all the significant parts of iFinance IT services. Internal stakeholders include developers, network engineer, and database teams.

Security Management team is another stakeholder require for CSIRT. The security manager as an incident responder can be expected to own every security aspect. So he should ensure that he has a route for engaging other team members of security management as well.

Legal Team is another stakeholder for CSIRT as cybersecurity breach incidents can open the door for several legal considerations. Security managers have to make a decision that what to report and how significant the incident may be. For this purpose, he requires guidance from the real lawyers.

Human Resource team is another important stakeholder require for CSIRT. As most of the security incidents happen due to users in the company so, security manager needs to be able to handle such in the right way. For this purpose, the security manager requires engaging with HR.

The last important Stakeholder require for CSIRT is Public Relations Team who should be expert in ensuring that the response message of the incident is the right one. If the security manager needs to communicate with the public and there is no response (Mohd, et, al., 2016).

Personnel, Equipment, and Infrastructure

This model of CSIRT utilizes some existing personnel like administrators of the system, administrators of local area network or wide area network, administrators of security, administrators of the database, personnel of help desk, and developers of software for supporting any handling activity of incident at the local level. Outside resources for CSIRT can include some outsource employees which may be both partially outsourced and fully outsourced employees. In case of partially outsourced employees, the iFinance will outsource only certain elements of its CSIRT activities to the external parties while in case of fully outsourced employees the iFinance will outsource all the elements of its CSIRT to external parties. iFinance needs some managed security services provider which monitors intrusion sensors of detection, other security devices and firewalls to an offsite. They analyze and identify suspicious activities and also reports every detected incident to the iFinance's incident response team. As the internal team may not possess the essential intrusion detection system knowledge, management of vulnerability, and techniques of cybersecurity for responding properly to a security incident. Some external security facilities state of the art infrastructure of Information Technology like SOCs (Security Operations Centers) in several areas (Pfleeger, 2017).

In this case, the existing equipment of a computer, pages, telephones, and peripheral will be used. If some extra equipment will be required for the particular analysis work, it may be possible for negotiating with the other enterprises part in order to borrow or utilize the equipment like facilities of software development or lab for testing in a non-productive environment while investigating the activity of the incident. In order to support the activities of CSIRT which are based on the information security technology, network specialists are required for systems of network monitoring or scanning, installation of filters, firewalls, wrappers, virtual private network or authentication mechanism. Such services are considered to be the most significant part of the CSIRT. Some other information security technical staff required for this CSIRT include IT Team Lead or Manager, IT Assistant Managers or groups of leaders, triage or help desk staff, handlers of the incident, handlers of vulnerability, the staff of artifact analysis, trainers, platform specialist, and technology watch. Some software engineers are also required for maintaining and configuring personal digital assistants, laptops, desktop, servers, and some wireless devices on the basis of guidelines of security. Existing resources such as laptops, desktops, routers, switches, cables, and some other technical and networking devices will be needed for the support of CSIRT (Valladares, et, al., 2017).

Mostly the CSIRT will utilize the existing infrastructure which will provide the security features of computer like firewalls and separate networks, baseline configuration of the computer, guidelines of the security for administrators of the system and acceptable policies for the users.

Policies

One of the most significant policies of CSIRT, in this case, is considered to be the Network Connection Policy which describes the constraints and requirements for attaching a computer to the work of iFinance. All the computers installed on the network of iFinance fall under the responsibility and authority of the DPICSO (Data Processing Installation Computer Security Officer. In this, they can meet the minimum requirement of security of the company's policies and regulations.

Acceptable Encryption Policy is another efficient policy in this case which can provide guidance that limits the utilization of encryption to those algorithms which have received a substantial review of public and have also be proven for working effectively. Moreover, this policy also gives direction for ensuring that Federal regulations are followed and legal authority is granted for the dissemination and utilization of encryption technologies.

Information Sensitivity Policy is given for helping employees which determine what type of information can be disclosed to non-employees as well as the information relative sensitivity which must not be disclosed outside of iFinance without any proper authorization.

Another important policy of server security is used for establishing standards for the configuration of the base of the equipment of internal server which is owned or operated by iFinance. The efficient implementation of such policy will decrease the unauthorized access to the proprietary technology and information of iFinance.

Virtual Private Network Policy is used for providing guidelines for the Remote Access or Virtual Private Network of L2TP connections to the iFinance corporate network.

Procedures

Escalation Procedures for Security Incidents is considered to be one of the most significant procedures in this case which describes the steps that should be taken for computer and physical security incidents that occur within the facility of iFinance. The physical events of security which can be covered in this procedure include illegal access of organization, theft or destruction of property.

Incident Handling Procedure generates the document which provides some general procedure and guideline for dealing with the incidents of computer security. The purpose of this document is for providing iFinance support with some significant guidelines on discovering the incident of the security.

ASP Security Standards procedures is another document which defines the criteria of minimum security which an ASP (Application Service Provider) must meet to be considered for utilization by iFinance.

Password procedures are considered to be the most important factor of any computer security. They are front protection line for the accounts of the user. The wrongly chosen password can result in the iFinance compromise of the whole network of corporate. As such the employees of iFinance that includes vendors and contractors with access to the system of iFinance are considered to be responsible for taking the correct steps for selecting and securing their passwords.

The procedure of third party connection agreement is used for completing agreement between the parties for concerning the subject matter of such agreement and also replaces any written communication among the parties (Meiia, et, al., 2016).

Reporting Structure

The support members who are from different departments including IT, Management, PR, and Legal will report to the Assistance information security manager who coordinates with the responses of an individual and is an expert on the equipment or area where the event occurred. The CSIRT manager who is the information security manager of the iFinance will report to the management of high-level like chief security officer (Mena, et, al., 2018).

Organization Model

Organization Model of Internal Centralized CSIRT will be used which is considered to be completely staffed and dedicated which provides the services of incident handling for any organization. In this case, team members will spend a hundred percent of their time in order to work for this CSIRT while such model type can also be provided utilizing the staff of part-time on the basis of rotation.

Authority

In this case, the CSIRT has the shared authority which participates in the process of decision regarding what actions should be taken during the incident of the computer security but cannot make the decision but only influence it. It can only provide influence on the outcomes of the decision but it is the participant in the process of decision making rather than the maker of the decision. In the following case, the CSIRT can only recommend that the system can be disconnected from the network at the time of an attack and discusses the action which needs to be taken.

Additional Cost

This CSIRT requires ninety employees and more than five hundred employee hours for resolution and investigation which will cost more than fifty-nine thousand dollars. It will also require a hundred additional Linux Computers as well which will cost an average of fifteen hundred dollars per host. The average cost per investigation will be turned out to be more than two thousand dollars (Fuertes, et, al., 2017).

Communication

The communications plan is necessary for making security a priority for iFinance's employees in different offices which are distributed throughout twenty-five states. It is considered to be the most critical factor in determining whether the CSIRT is successful or not. So, in this case, setting the expectations at the top and communicating the progress with team members, constituents, peers, and supervisors are of utmost significance. The supervisors need for understanding the rewards and challenges so that they can continue to justify the assigned resources. Team members can get courage if they feel like they are making progress. Moreover, Peers need to understanding service value and expectation. Similarly, constituents also need for knowing the available service., when they can expect for receiving them, and knowing about the situation for which they are receiving it (Reyes, et, al., 2018).

Scope

The Scope of this CSIRT is that it is applicable to all technology and information resources, at all the level of sensitivity and operated on the behalf of the Information Security Department. Additionally, employees, outside workers of the agency, volunteers assume the reporting responsibilities of the department employee which is established within this CSIRT. It also establishes minimum standards for the iFinance functions of CSIRT

Level of Services

The important step after establishing the CSIRT is to define its level of services according to available resources. This CSIRT will provide a proactive level of services. It consists of post reports of the incident from constituency or other incidents which are related to attacks or threats like vulnerabilities, malware, compromised hosts or other kinds of similar incidents. It is designed for preventing and detecting the attacks before there is any impact on the system of production. In this level of services, the information generated by the CSIRT gets dispersed to their partners and constituency for protecting the assets avoiding it from any target. This level provides the services of an announcement, security pentests/audits, detection of intrusion, development of the tool, and intelligence sharing of threat (Skierka, et, al., 2015).

Timeline

Depending on the resources which are provided from its necessary constituency and stakeholders, CSIRT can take almost eighteen to twenty-four months in order to become completely operational. The timeline of CSIRT for iFinance can be compressed or extended that depends on several factors and decision point which are made. The availability of the number of resources will determine how swiftly the project of CSIRT can move to the starting stage from planning and then into the operations and implementations stages. There are also possibilities to overlap some of the operational and implementation components that depend on the project implementation and planning. According to an estimate for this CSIRT, the process of planning will take almost five months. The process of implementation can take nine to twelve months and the process of operations may be expected to be completed in six months. This timeline usually focuses on the initial four development stages. It does not include collaborative development phase of maturation during the activities of operation. Training and education requirements will also be scheduled at every Friday for supporting the activities of CSIRT that include information security team, incident handlers, administrative staff, support staff, and analysts. Such mentoring and training activities can affect the range and service level which are provided and implemented to the constituency. In order to make CSIRT successful, it is necessary to have a firm commitment to the project throughout every development stages as well as to have plans of long range for sustaining and operating the team over time (Lord, Rush, & Massa, 2018).

Establishing ROI

Establishing the ROI (Return on Investment) has several benefits related to incident management. The most significant benefit is considered to be the reduction of the volume of the incident. The reduction of handling time of the elapsed incident by the agreements of improvement between the first and second level of support teams is another benefit of ROI. It can also help in maintaining IT services quality. It can increase communication and visibility of incidents to CSIRT. Moreover, it can also increase the confidence of business in the capabilities of IT.

In order to identify the total cost of an incident, CSIRT needs to consider the direct costs of manpower, equipment, and lost production time, and also other indirect costs, such as the potential cost of lost business and damage to the company's reputation and brand image. The incident of handle time, a resolution rate of the first call is also required for this incident management ROI. Assumptions for this ROI include:

Incidents per month= 5000

Cost of Manpower, equipment =$8167

Potential Cost of Lost Business = $150

Damage to the Reputation of Company= $40

Average time in Initial Contact= 12 minute

Average time in escalated incident= 18 minute

IT headcount =100

First Call Resolution = 40%

So estimated Incident management ROl is given as below:

consider the direct costs of manpower, equipment, and lost production time, and also other indirect costs, such as the potential cost of lost business and damage to the company's reputation and brand image.

Part 2

After the resource commitment from the CTO, iFinance is ready for starting the process of designing and planning their CSIRT. The CSIRT manager has several tasks that start with documenting the goals, vision, and mission of the CSIRT. Some government regulations which would be required in this CSIRT include Taxes such as estimated tax, employment tax, and excise taxes, Labor and Employment Law such as wages and hours, workplace health and safety, equal opportunity, benefit security of employee, antitrust laws, advertising, environmental regulations, and privacy. Freedom of Information Act is also another government regulation which gives the right to the iFinance for accessing to the federal agency information or records. Organizationally the CSIRT of iFinance staffing structure have a full-time manager of CSIRT, members of the core team, extended team, and a representative from distributed teams. The core-team members and managers are responsible for daily operation of the core team and coordinating the efforts of CISRT across the functional areas and business units within iFinance.

The manager of CSIRT has agreements with the supervisors in the department of technology in which during the incident they will assign temporarily experts of needed subject matter without any question to CSIRT. These commitments and agreements demonstrate the importance that iFinance has placed upon the CSIRT. It also ensures that the impact of the incident on iFinance can be minimized. The security manager is responsible for the implementation of issues at a certain location. They are required for following the policies and procedures of iFinance's CSIRT. The CSIRT monitors all the activities at affiliate sites which help them for identifying potential problems at one site and spread guidance and information to the security mangers so that they can address and assess any potential or real threats which may arise quickly or proactively. In order to provide regular updates with to the senior managers, iFinance established the Information committee of security which is comprised of a security team.

The CSIRT budget of iFinance includes the cost of the salary of existing and additional employees, rates of offered services, and the support provided by other departments of iFinance. The total budget cost for CSIRT includes five hundred thousand dollars. This budget includes both long-term and short-term cost. The short term cost includes the cost of infrastructure, equipment, and staff while the long term cost keeps on growing with the passage of time. It also includes base funding for supporting the initial activities and services. Some basic costs may also include incident tracking and reporting system, mechanism of communication which include helpdesk, mailing lists of distribution, pagers, and cell phones. Some cost of the security mechanism of communications includes extranets or intranets (Reyes- Mena, et, al., 2018).

The average cost of several incidents and attack include more than one hundred dollars. The compromise attack will cost more than five thousand dollars, the harmful code will cost three thousand dollars, denial of service will cost more than thirty thousand dollars, hacker attacks will cost more than ten thousand dollars, and violations of copyright cost thousand dollars. The estimated established ROI shows that this CSIRT can save more than one hundred thousand dollars per month. By fulling, the cost required for these attacks CSIRT will reduce the rate of incidents to large extent. Depending on the resources which are provided from its constituency and key stakeholders. CSIRT for iFinance requires almost twenty-four months for becoming fully operational. The timeline can be compressed or extended that depends on several factors Organization Model of Internal Centralized CSIRT will be used which is considered to be completely staffed and dedicated which provides the services of incident handling for any organization. In this case, team members will spend a hundred percent of their time in order to work for this CSIRT while such model type can also be provided utilizing the staff of part-time on the basis of rotation. This model can easily help the team to manage both the internal and external employees required for CSIRT. This CSIRT is expected to the reduced response time of the incident by more than fifty percent.

References

Mohd, N., Yunos, Z., Ariffin, A., Nor, A., & Malaysia, C. (2016, September). CSIRT Management Workflow: Practical Guide for Critical Infrastructure Organizations. In Proceedings of the 10th European Conference on Information Systems Management, ECISM.

Pfleeger, S. L. (2017). Improving Cybersecurity Incident Response Team (CSIRT) Skills, Dynamics and Effectiveness. Trustees of Dartmouth College Hanover United States.

Valladares, P., Fuertes, W., Tapia, F., Toulkeridis, T., & Pérez, E. (2017, July). Dimensional data model for early alerts of malicious activities in a CSIRT. In 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS) (pp. 1-8). IEEE.

Mejía, J., Muñoz, M., Ramírez, H., & Peña, A. (2016). Proposal of content and security controls for a CSIRT website. In New Advances in Information Systems and Technologies(pp. 421-430). Springer, Cham.

Mena, F. X. R., Díaz, W. M. F., Jaramillo, C. E. G., Estévez, E. P., Barzallo, P. F. B., & Silva, C. J. V. (2018). Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT. Facultad de Ingeniería, 27(47), 2.

Fuertes, W., Reyes, F., Valladares, P., Tapia, F., Toulkeridis, T., & Pérez, E. (2017). An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence. Systems, 5(4), 52.

Reyes, F., Fuertes, W., Tapia, F., Toulkeridis, T., Aules, H., & Pérez, E. (2018, July). A BI Solution to Identify Vulnerabilities and Detect Real-Time Cyber-Attacks for an Academic CSIRT. In Science and Information Conference (pp. 1135-1153). Springer, Cham.

Skierka, I., Morgus, R., Hohmann, M., & Maurer, T. (2015). CSIRT Basics for Policy-Makers. The History, Types & Culture of Computer Security Incident Response Teams.

Lord, J., Rush, K., & Massa, M. (2018). Security Operations Overview. Carnegie Mellon University the Pittsburgh United States.

Reyes-Mena, F. X., Fuertes-Díaz, W. M., Guzmán-Jaramillo, C. E., Pérez-Estévez, E., Bernal-Barzallo, P. F., & Villacís-Silva, C. J. (2018). Application of business intelligence for analyzing vulnerabilities to increase the security level in an academic CSIRT. Facultad de Ingeniería, 27(47), 21-29.

Subject: IT

Pages: 10 Words: 3000

Read

Networking Fundamentals

[Name of the Writer]

[Name of the Institution]

Networking Fundamentals

Main Post

Cat 5 unshielded twisted pair (UTP) cable type is a twisted pair cable for computer networks. It is used for Ethernet, FastEthernet and Token Ring. Cat 5 gives up to 100Mbps data rate and its maximum length can be 100m. It is one of the most popular cables all over the world. Cat 5 provides more reliable table and data communication networks as compared to other wires. Mostly designed Cat 5 cables used two twisted pairs for the early networks. However, in future there were some changes were brought in Cat 5 to increase the speed and length of wires in a network.

Fiber optics has made it easy to transmit data in seconds as compared to other copper cables. There are two modes in fiber optic cables which include single mode and multimode. Single mode fiber optics are used for long distance transmissions because it has a light carrying 8 to 10 microns whereas Multimode fiber optics are used for shorter distance transmissions because it has large light carrying core. Fiber optics mode must be decided after finding the transmission distance. If a distance is within a couple of miles then multimode will be preferred otherwise single mode will be preferred (Fibre optics in broadcasting, 2010).

Follow up (1)

Cat 5e is the extended version of Cat 5 twisted pair cable. It is used for Ethernet, Fast Ethernet, and Gigabit Ethernet. However, it provides a better data rate as compared to Cat 5. It gives up to 1 Gbps data rate but its length is the same as Cat 5.

Follow up (2)

Fiber optics mode is dependent on the application. Multimode is relatively inexpensive fiber optic as compared to a single mode which is very costly and is usually used for the coverage of long distance transmissions. However, the cost for replacing the single mode with the multimode can be economical.

References

Fibre optics in broadcasting. (2010). Broadcast & CableSat, Retrieved from https://search.proquest.com/docview/503265529?accountid=41759

Subject: IT

Pages: 1 Words: 300

Read

New Assignment

Subject: IT

Pages: 2 Words: 600

Read

NLP

[Name of the Institution]

Ngoc Nguyen

4 May 2019

NLP

Introduction

The consumer's demand for luxury products is increasing. With the increasing technologies developer are modifying systems in all fields. Natural Language Processing (NLP) is one of the highly demanded technology in the market. NLP is an artificial intelligence technology that consists of a blend of multiple languages. The machine knows linguistics and allows people to communicate with them. “Siri” and “Ok Google” are the products of NLP. These do not require typing the stuff rather you have to speak and the Technology will provide results with the vocal identification. Technology performs several functions in businesses today CITATION Mad19 \l 1033 (Madhavan, 2019).

Discussion

The NLP provide chatbots for interaction with the customers. They are able to handle consumers frustration and offer them personalized assistance. Many Multinational Companies are adopting the technology to deal with the real-time solutions of their customers. NLP is also efficient in targeting the right kind of customers by matching the keywords in the text. Thus, it saves time for the placement of advertisements and reaching out to the right audiences CITATION Dat17 \l 1033 (Dattaraj, 2017).

In multiple functions of the NLP, My personal favorite application is ‘Sentiment Analysis', the application analyzes the responses published on social media. It looks into the attitude of the person and realizes their emotional state. The implementation is done through assigning values of positive, negative and neutral to the responses to evaluate their performance. Thus, identify the mood of the individual due to his/her response. The application is highly successful for organizations to perform specific adjustments in the businesses according to the consumer's responses CITATION Sar18 \l 1033 (Sarazen, 2018).

Conclusion

The NLP provide humans to emotional connect to the machines. They can also be better utilized by the people who have lost their vision. The technology is also very popular among kids where, if they even can’t type, they can get their desired cartoons and games. The MNCs are constantly increasing their support for NLP due to CITATION Sar18 \l 1033 (Sarazen, 2018) its greater efficiency. The system is free of biases and better understand and analyze the demands of the human mind.

References

BIBLIOGRAPHY Dattaraj, V. (2017, November 27). The Advent of Chatbots is Creating a Stir in Social Media.

Madhavan, R. (2019). Natural Language Processing – Current Applications and Future Possibilities. Emerj.

Sarazen, M. (2018, January 12). NLP in News Feeds. Retrieved from Synced: https://medium.com/syncedreview/nlp-in-news-feeds-30f38809914e

Subject: IT

Pages: 1 Words: 300

Read

More Subjects

Education

(5614)

English

(2294)