Tuesday, December 25, 2012

Ethical Hacking


By Raul Bernardino
Introduction:
Today global communication has become an easy to communicate and become a complex to control. Moreover, it has become a huge issue on data migration whereas without any boarder. Nobodies know exactly known with whom they are connected. Either, they are connected to the right and wrong infrastructure or a person. Nobodies can guaranty, that their networks and systems are most secure than the others.

Ethical hacking is a science of the computing security in which is to test the vulnerability of his/her networks or standalone personal computer (PC). The technical person will be closing all open ports or plug all other systems holes before the bad person is trying get into system and attack the networks or the individual PCs.
Several ethical hacking whereas sometimes are hard to define. Either, they are still in an ethical corridor or they are in the hacker parts. There are several types of ethical hacking that can be explained the differences between ethical hacking and hackers.

Moreover, before we talk about the ethical hacking issues, there are several fundamental elements, that we need to know. They are: the important issue of the security in the system, several elements of the security, to see phases of the hacking, etc.

Why should we talk about the importance of the security? It is because, in today technologies are intending to be an easy for the users to be used, the technology and the complexity of the network in which we have no ideas whereas the level of the security, either it is secured or not. There is a triangle model (annex: picture 1) in which can explain about the three component of the technology. They are functionality, security, and easy to use. If the technology is focusing on “easy to use” then there would be less functionality and security. Same as if the technology is focusing on the functionality, there would be less secure and more complex of the using the technology and so on so for. 

The elements of the security are: the data integrity, the confidentiality of the information, authenticity, and availability of the data. (Annex: picture 2)

Additionally hacking phases are: starting from recognizing, scanning, gain the access, maintain the access, and clear the track.  (Annex: picture 3)

“White hat cracking”: This is a first type of ethical hacking in which is involving a security test to the network system or standalone PC with an agreement upfront or with the signed contract arrangement. This is ensured the scope of testing produce, a report, and recommendation.

“Grey hat cracking”: This is a second type of ethical hacking in which without establishing an agreement upfront before he or she is assessing the target system environment and possible to identify the vulnerability of the system. Additionally, they will be reporting or informing the facts to the system administrator or network administrator to know the status. This type sometime can be become white or black hat.

“Black hat cracking”: This is a third type of ethical hacking in which is involving to access the systems. Anyone can determine that black hat is immoral. However, it is depending on the target. If black hat is after gain the access he/she is intend delete some information or controlling the information then it should categorize as crime. The black hat has more knowledge on how to cracking a systems and find the possibility to prevent hacker then he or she doing a good job. The black hat is also able or have the ability to make counter-attack of phishing on server, spam, etc.

“Hacktivism”:  This is another type of the cracking or hacking; however, this one has higher level of purpose of cracking the system. For instance, it has political agenda behind the attack. The cracker is sending a message to target attack that they are able to do so.

“Is it possible to crack systems and still be ethical? Support your position”.
My answer would be two: Yes, if the crackers are in the corridor of white hat, grey hat with the condition of reporting to the target, and black hat with ability to counter-attack the phishing and plug all holes.
No if the crackers like grey hat is not informing the issues finding to the target and back hat use his/her ability to delete some information on the target or control the target. Whatever is the reason to gain unauthorized access is crime.

Conclusion:  As a computing professional, we have to have a responsibility in every activities of hacking. In this sense, either you are a white hat, grey hat, or black hat it does not a matter.
Annex:

Picture 1: Triangle from Module 01 v 6.1 of CEH P.12


Picture 2: Element of Security from Module 01 v 6.1 of CEH P.11


Picture 3: Phases of hacking from Module 01 v 6.1 of CEH P.14

Reference list:
·     Adams, A.A. & McCrindle, R.J. (2008) Pandora’s box: Social and professional issues of the information age. West Sussex, England: John Wiley & Sons, Ltd. Ch 11, P. 366-369

·        Hacking For Dummies: Ch 1 - Intro to Ethical Hacking  [on-line]. Available from: http://www.ethicalhacker.net/content/view/21/2/  (Accessed date: February 12, 2011)

·        Crack System [on-line]. Available from:  http://www.brainmass.com/homework-help/computer-science/other/297377  (Accessed date: February 12, 2011)

·        Introduction to Ethical Hacking [on-line]. Available from:  http://media.techtarget.com/searchNetworking/downloads/hacking_for_dummies.pdf  (Accessed date: February 12, 2011)

·        The Ethics of Vulnerability Research [on-line]. Available from: http://www.schneier.com/blog/archives/2008/05/the_ethics_of_v.html  (Accessed date: February 12, 2011)

 

 

Information Technology and Business Value


By Raul Bernardino

Introduction:
Nowadays, the computer professional does not only concentrate in the technological science. But is today’s business, it is most important for computer professionals to know additional knowledge in which is the business sector of the Information and Technology operation’s toward to the existing of the companies, institutions, and or firms.

The computer professional whereas willing to deploy any new technologies and or investment in the technology must be in line with the company, firms, and institutions business needs.  The investments have to have a positive impact in long running of the company, firm, and institution operation.
Therefore, it is a mandatory for the computer professionals to have to know several financial terms and it is statements of the financial reporting system including at least have to know a basic understanding of information technology and the business.
Terms and definition:
Asset or Assets:  In the accounting system and finance system, asset is a resource of the economic. Assets are resource of value that can be concerted in any time into the cash value and whereas cash is also seen as an asset value.

Fixed assets:  The fixed assets are namely a property that are owns by company, institution, and firms and they are use for producing other income, output, or services. It is not intending to consume and or it is not intending to be converted into the cash more quickly or in less than one year. There are two types of properties. First is a tangible asset. The tangible assets for instant land, office equipment and its own furniture’s photocopy machine, building, real state, and residence. Second is an intangible asset. In “general, the intangible long-term assets such as trademarks and patents are not categorized as fixed assets but are more specifically referred to as "fixed intangible assets".

The current Assets: The current assets are namely represents resource value that own by company, institution, and firms in which the asset will be converting into the cash among the 12 months. The current asset is usually use for funding the business operation in the daily basis. This resource is including cash itself, inventory, account receivable, market-able securities, other asset that ready for liquid into cash and prepaid-expenses. For example in the individual finance is the asset that can be liquid to pay the bills without has to sell the fixed asset.  In the United-Kingdom (UK), the “current assets are known as current accounts".
The Balance sheet: the balance sheet is namely a table summary that is shown the company, institution, and firm’s the financial statement. It is including fixed asset and current asset and liability and shareholder equities. Why is it call balance sheet? It is because the balance sheet has two sides of the total equal of the balance.

These are the three segments of the balance sheet in which are usually giving an investor’s an ideas, of what the company, firm, and institution have been invested, what are things that firm, company, and institution have been owned and what are the debts on the company, firms, and institution. For example cash, inventory, account receivable, temporary investment, prepaid expense, long term investment such as land and building, and other properties are in the assets side of the balance sheet. While account payable, tax payable, long term loan or Mortgage, interest payable, and accrued payroll are in the liabilities side of the balance sheet.
There are no exact accounts on the balance sheet that will be same from one company to another company or from one industry to the others industries. These are the huge differences of the balance sheet accounts from companies, firms, and institutions. In other word “there is no one set template on the balance sheet that is accurately accommodates for the all differences between different types of running businesses.”
The formula for balance sheet is very simple as follows:

“Assets = Liabilities + Shareholders' Equity”
Question of problem and solution in the balance sheet:
We have known that, the “company has a stock of the 500 user manuals for version 1 of the package (inventory=$25 by 500 manual version 1in which it is equal $12,500) including version 2 which is coming soon. The company paid $5,000 (Prepaid expense and cash) to owns 1,000 manuals printed and it has been selling them at $25 per copy (account receivable= $25 by 1000 manuals version 2 in which it is equal to $25,000)”
We also have informed that “the company has a file server costing $15,000 that is used by the software development teams” (long term investment ‘Server and fixes’)” and no depreciation is calculated. From these explanation above, we can now able to elaborate the balance sheet in excel sheet format in which is easily to interpret by investors.

Balance Sheet
February 14,2011
ASSETS
LIABILITIES
Current Assets
Current Liabilities
Cash
$5,000.00
Accounts payable
$5,000.00
Accounts receivable (1000 manuals)
$25,000.00
Short-term notes

(less doubtful accounts)

Current portion of long-term notes

Inventory (500 manuals in stock)
$12,500.00
Interest payable

Temporary investment

Taxes payable

Prepaid expenses
$5,000.00
Accrued payroll

Total Current Assets
$47,500.00
Total Current Liabilities
$5,000.00
Fixed Assets
Long-term Liabilities
Long-term investments

Mortgage

Land

Other long-term liabilities
$15,000.00
Buildings

Total Long-Term Liabilities
$15,000.00
(less accumulated depreciation)

Plant and equipment

(less accumulated depreciation)

Shareholders' Equity
Server and Fixes
$15,000.00
Capital stock

(less accumulated depreciation)

Retained earnings
$42,500.00
Total Net Fixed Assets
$15,000.00
Total Shareholders' Equity
$42,500.00

TOTAL ASSETS
$62,500.00
TOTAL LIABILITIES & EQUITY
$62,500.00
Conclusion:
According to the balance sheet above, the company, firms, and institution have good investment and have good profit. This can be seen on shareholders equity column of the balance sheet table. Therefore the investor will be most likely to invest in this company or firms. The industry or company will be making a lot profit from increasing the products. 

References List:
·         Chris G., Pak A. Deborah D. (2002), The Key element of introductory accounting, John Wiley & Sons Australia, Ltd. Mod. 1, P. 7-15
·         Assets   [Online] Available from:  
http://en.wikipedia.org/wiki/Asset  (accessed date: February 15,2011)
·         What does Fixed Assets Means?  [Online] Available from: http://www.investopedia.com/terms/f/fixedasset.asp  (accessed date: February 15,2011)
·         What does Current Assets Means?  [Online] Available from: http://www.investopedia.com/terms/c/currentassets.asp (accessed date: February 15,2011)
·         Balance sheet introduction for Fixed Assets  [Online] Available from: http://tutor2u.net/business/accounts/assets_fixedassets_intro.asp (accessed date: February 15,2011)
·         What does Balance sheet Means? [Online] Available from: http://www.investopedia.com/terms/b/balancesheet.asp  (accessed date: February 15,2011)

Expected Monetary Value and Project Scenario of Software Development


By Raul Bernardino
Introduction:
Today applications are designed in the flexible way such as they have a cross platform and scalable capabilities in order to accommodate or to be able to adjust and adapt according to the business requirements and needs. Therefore, to modify any existing applications, we should consider several risks, settle certain conditions and plan for non-interruption of the business operation before we are going to decide the revision of the application and implement them into the existing system.

The current application according to the scenario, it should be up and running as it is normal operation while we are going to develop the adjustment of coding of the application itself in the parallel ways.

The adjustment of the application has to be in line with the stakeholder’s demands or requests, in which is being identified during project meeting and or during the uses of the application. The request features are copping in the global sets and not to answer any individual’s needs but it should be on group level, departmental level, and or institution level.

Conditions:  First of all, the nature of the business operation, it has to remain and operating as a normal condition. Second, there is no business disturbing during the development of the coding for adjustment in the application. Third, the qualities of the adjustment features have to be tested and certified before it is implemented or integrated in to the business operation system. Finally, project manager has called the meeting, it is including the involvement the stakeholders, the business sponsors, the risk management team for identifying all risks that is may have the impact either direct and indirect to the adjustment of the features in the software application project, and the business sponsor need to signed off the project charter in order to initiate or start the project.

Some Terms and Definitions:
Business Analysis (BA): A BA is to develop business solutions which are effective and efficient for the organization’s IT system investments. The business analysis involves problem investigations, business opportunities, systematic analyses, documenting the user requirements, support throughout the development of solutions, testing the product and ensuring the implementation meets user requirements.

 System Analysis:  A systems analyst designs new IT solutions to improve business efficiency and productivity. The work might be for an external client or an internal client (such as a department within the same organization).  Working closely with the client, analysts examine existing business models and flows of data, discuss their findings with the client, and design an appropriate improved IT solution. They act as the liaison between the client and the developers.
Business sponsor:  The business sponsor is the owner or donator of the project in which is giving the maximum support and support the fund for the implementation of the project.

Project Manager: the project manager is a team lead or highest responsibility of the project whereas to make sure the success of the implementation of the project in timely manner and cost effective manner.

Stakeholder: the stakeholder is staff or individuals that use the application, department or the institution whereas have affected the implementation of the project application.
Project Charter: the project charter is a document of project initialization whereas to define the project scope, objectives, cost, and other resources that are involved, the time deliverable, and the project manager authorities and its roles. This document usual signed by business sponsors and project manager.

Risk Management: the risk management is tools that help risk manager on how to manage all risks that may be happen before, during, and after the implementation of the application adjustment project.

Management Reserve (MR): the management reserve is not an overhead cost or miscellaneous cost. It is a variance cost that can be happen in the authorized scope of the work or it is called unknown program during the implementation of the project.

Expected Monetary Value (EMV): The expected monetary value is a tool to counts the qualitative risk analysis. This is a recommended tool and technique for the risk management in the project to do a quantitative risk analysis.    How to utilize this tool? First, we have to assign the probability of risk that would be occurred. Second, estimate and assign value of monetary impact to the risk. Third, is to multiply the probability and monetary value.

One concrete example: For instance, we are planning to revise the current application and we will be doing several adjustments of coding in the application with identified risks as follows:

  • 30 percent of probability will be delaying of the resources to be received and involve the cost of $50,000
  • 20 percent of probability that the resources will be cheaper and the value is $10,000
  • 25 percent of probability that problem will be occurred during the integration of the system and value would be $3,500 for fixing
  • 30 percent of probability that will be save the money of the $2,500 during development face
  • 5 percent of probability redesign and the value of cost involvement is $5,000

The calculation of the Expected Monetary Value (EMV) as follows: 

  • 30 percent probability multiply by monetary value =0.3*(50,000) = -$15,000, the cost value is negative because it is delay of the delivery resources
  •  20 percent probability multiply by monetary value = 0.2*10,000=  $2,000, the cost value is positive because it is cheaper than it is planned or budged
  •  25 percent probability multiply by monetary value =.25*(3,500)= - $875, the cost value is negative because there is a problem of the integration system
  • 30 percent probability multiply by monetary value=.3*2,500= $750, the cost value is positive because the project has saved the money
  • 5 percent probability multiply by monetary value =.05*(5,000)= - $250, the cost value is negative because there would be redesign the system

Total EMV           = ($15,000) + $2,000 + ($875) + $750 ($250)
         = ($13,375) or -$13,375

If the initial total estimation cost for this project assumes that is $100,000 within 40 working days, then the management reserves (MR) will be 10 percent on the top of initial cost. The high risk activities would be applying another 20 percent of additional value on the top of the initial cost.
The allocation budget for this application project and without including the EMV is = 100,000 + 100,000*0.2 + 100,000*0.1 = $130,000

Therefore, total project cost is $130,000 + $13,375 (EMV) = $143,375
Annexes:

Conclusion: I do aware that from the scenario above the project application has no initial cost estimation. Base on the experience, that I have in dealing with application revision in which is taking about 30 working days to complete with the similar tasks and that is including quality test. Therefore, I am confident that this project will be success within time line and cost.

References List:
·        PMBOK® Guide – A Guide to the Project Management Body of Knowledge - Fourth Edition. (2008). Project Management Institute
·        CMPPRI_WK8_Lecture_notes
·        Calculating Expected Monetary Value (EMV)  [Online] Available from:   http://www.brighthub.com/office/project-management/articles/48245.aspx#ixzz1EpLB0HRJ (accessed date: March 2, 2011)
·        Stakeholder definition [Online] Available from:  http://www.businessdictionary.com/definition/stakeholder.html (accessed date: March 2, 2011)
·        Project charter [Online]. Available from:  http://en.wikipedia.org/wiki/Project_charter (accessed date: March 2, 2011)
·        Management Reserve (MR) [Online]. Available from:  https://acc.dau.mil/CommunityBrowser.aspx?id=241469 (accessed date: March 2, 2011)
·        Responding to Negative Risks in Risk Management Strategies [Online]. Available from:  http://www.brighthub.com/office/project-management/articles/48016.aspx (accessed date: March 2, 2011)
·        Protect Your Project Against Cost Overruns [Online]. Available from: http://www.brighthub.com/office/project-management/articles/56539.aspx  (accessed date: March 2, 2011)