Computer science

Objectives of computer security is to protect organization and people. It is weird to hear it. It possible to say that the objective of computer security is to protect computers. Protecting computers is a big part of a computer security professional, but final result of an activity of such a person needs to be protecting people and not the equipment. YouTube video

Different parts of a web site may have different versions of packages. It may lead to inconsistency of styles used. To ensure that same version of a package is used it is advisable to use the same package manager. It will download and install a package. It will also resolve dependencies. A well known package manager fore web development is Node ( or NPM - abbreviated).

One of the popular JacaScript libraries is Bootstrap. Using Bootstrap library helps to achieve the following: It shortens development time. It uses best practices for web development, so this web site can be used in mobile devices. Design of web elements is consistent from different pages. Bootstrap ensures compatibility of code between different browsers. It is not difficult to learn. It has large user base. So it is possible to get help from other people. CSS styles used in Bootstrap library are customizable.

React split sections of a web application into sections. For example the same picture can be in different parts of a web application. Same component can be reused.

Piece of code that runs on hardware is called software. Software allows typing a word document, enter data in a spreadsheet, work with graphics, enter data in a database. There are different types of software available, depending on the tasks the company performs. If your company tasks are so unique, it is possible to create custom software.

Even so it is possible to host a website on a single server, it will not provide redundancy if there is a problem with that server. To prevent this situation from happening a website need to be hosted on multiple computers, preferably in separate availability zones, so that a natural disaster or a power outage will not impact this website or a service.

Network is a connection of two or more computers together. Even so it possible to connect two computers together using a crossover network cable, more computers in a company will require a connection to a switch. Largest network that connects computers worldwide is the Internet.

Computer hardware is a physical part of a computer. Computer hardware consists of processors (yes there could be more than one processor), memory, network card, motherboard, storage drive (either hard drive or SSD drive). There can be more than one drive in a system to increase performance or reliability.

A server computer is typically a larger computer that serves other clients. A server needs to have reliable power and probably good connection to Internet. There maybe multiple servers available across the world to shorten access time. Even so access speed is usually measured in milliseconds, for some applications even milliseconds matter. Server may have good hardware resources such as processors and memory.

Even so that it is possible to connect two computers together with the use of cross-over cable, it is probably not desirable nor expandable. Network switches allow to connect multiple computers and other network devices such as printers together. Network switches can be of a different size and bandwidth. Even so it is possible to have 4 port switch for a small company, it will probably be not sufficient for a bigger company. A larger switch will be needed. Switches not only differ by number of devices that can be connected, but the differ by volume of network traffic they can pass.

It is possible to think of from-end developer role is that a person knows how to use image processing software well. Image processing takes a big part of a front-end developer time, however these are not the only tasks that such a person does. Front-end developers need to know JavaScript well. Front-end developers need to think about performance and accessibility. Good front-end engineers are not people who only work with technology. They work with other people, so good communication skills are needed for a front-end developer. A person in a role of front-end developer needs not stop learning new techniques. A person in this role may gain experience as time passes. If a person does not gain knowledge as time passes, tuff choices need to be made. Good front-end developer enjoys things which are done by that person.

Web development roles can be split into three categories. These are: front-end back-end full stack Front-end developer is responsible for how a web page looks like. Front-end developer is responsible for style of the web site, site colors, and how different elements of a web page look like. Front-end developer focuses in these three areas: HTML, CSS, JavaScript. Out of these most complex is JavaScript. It has programming logic. To create a JavaScript front-end developer must be familiar with coding. JavaScript can be paired with powerful technologies such as React or jQuery. These technologies simplify creation of common tasks and help creating a cleaner code. JavaScript helps building a feature rich front-end interface. A back-end developer works on portions of a website that user doesn’t see. A back-end developer works on functionality of a website, a database. Backend developer can influence which technology will be used and how this technology will be used. A back-end developer is ...

Agile methodology is a way of thinking what can be done in the next two weeks. An opposite to agile methodology is waterfall project model, where the whole project is planned in advance. Waterfall project model often requires a dedicated project manager to manage complexity of the project. Agile project methodology does not require a dedicated project manager, but a development team can decide what can be done in the next two weeks. If a task is so complex that it does not fit in a two weeks period, then is it possible to split this task into several tasks and only work on the subtasks that fit two weeks period. An advantage of using agile methodology is that it is more flexible than waterfall project management model. If an issue arises that prevents execution of a specific task during two weeks period, then only those two weeks are lost. A person that works on a task where issues are experienced will not need to wait for the competition of the sprint to tell about these issues, but i...

Version control is a system that records all of the changes of the software for tracking purposes. It not only records the changes, but also records who made these changes. Another term for version control is source control. Version control allows developers to go back in time and get version of software for a specific date. In addition of seeing changes to the file, version control also records data of who made the change. Often version control is tied to a system that allows for peer review of the code changes. Peer review allows developers to provide feedback on the code changes.

Linux distributions are collection of Linux software that work well with each other. Among popular Linux distributions are Ubuntu, RedHat, CentOS and Debian. Of course this is not a complete list of Linux distributions. I only mentioned Linux distributions that are meant to run on x86 compatible hardware. There are other platforms such as Raspberry Pie. This platform has it’s own Linux distributions.

More information about Linux can be obtained in the Internet or in books. These resources have a lot of information about how to run Linux or configure applications for it.

It is possible to run Windows applications in Linux using Wine emulator software, but probably a better choice is to have a Windows application in a virtual environment running Windows using virtualization software such as VirtualBox.

It is possible to have both IPv4 and IPv6 support in a Linux system. IP protocol is responsible for addressing and TCP protocol is responsible for communication between devices. Linux also has support for TCP protocol. TCP and IP protocol usually comes as a pair. It is often referred as TCP/IP protocol. I don’t know the case where these two protocols are separated. When you are reading this article in the web, or watching this video in YouTube you are using TCP/IP protocols.

It is possible to have a graphical interface in Linux. Underlying technology there is called XFree86. We probably heard of or used such graphical interfaces such as KDE or Gnome. These are built on top of XFree86 and provide much nicer look. Having a standard GUI (Graphical User Interface) it is possible to develop graphical features regardless of interface.

It is possible to install development tools in Linux. Even so it is possible to do scripting inside of Linux itself, programming tools allow for much richer capabilities. It possible to develop Linux native applications that have both command line interface or graphical interface. For applications that have graphical interface a proper graphical interface is needed in order to work. I will briefly touch on operating system scripting. Even so it is possible to create scripts inside a Linux system, more advanced features are easier done using a programming language. Opposite is also true. It is a waste of time to code a simple program in an program language if that program will do simple tasks such as being a startup script. Windows has something similar. It is possible to create a program that has a lot of functionality or it is possible to create a simple script.

There are a number of commercial paid applications for Linux. Even so Linux itself has open source mentality, it does not prevent releasing paid software for it.

The revision control has an option to save a comment along side with a code change. It is a good habit of doing so. This ensures that other people on the team know why that change was done as well that a person who made that change may read this comment later and restore reasons why a specific change was made.

It is possible to tell what changes and by whom they were done with help of a version control system. Version control system also allows to revert the change. Version control tracks the following three actions: changes, additions, deletions.

Just like input, output of a computer can be of a different form. Output can be visual. Things that a person see on a screen of a computer or a projector output that is displayed for many people to see. Output can be also a sound. It can be a spoken language, a music or a sound associated with specific actions. For example a critical sound of an invalid activity. Feedback can also be physical such as vibration that notifies a person of an invalid activity.

Interacting with a computer means sending some input to it and receiving output from it. Input can be of a different form. It can be symbols that are typed in a keyboard, movements and clicks of a mouse, sounds picked up by microphone, images detected by a camera. In case of phone or a tablet input also includes screen touches or gestures.

Development environment is a small environment that is used to develop features or functionality of the software. Development environment is usually small in size. Having a development environment that mimics production environment is not always possible due to complexity of production environment. Development environment may consists of a person’s workstation where that person makes code changes.

If multiple changes are done to the same code the process of selecting which changes to take is called merging. Change could be done to the same file, but to different parts of that file. In that case merging of these changes is an easy process. However if changes are done to the same section of code, such changes require detailed analysis. Maybe changes by one person are better that changes which had been done by another one and such changes need to be selected, however there can be a case, when one person had thought of one case and another one had thought of another case. In this case such changes need to be merged. Merging of changes means keeping both changes.

In agile software development process the work to be done is often split into sprints. A single sprint lasts from one to four weeks periods. Before starting a new sprint there is usually a sprint planning session that a person uses to define what will be done in this period. If a mistake is done, then a person looses just weeks of that person's time. Sprint planning is done by the group by asking questions of why this change is needed and what needs to be done for it to happen. Sprint session may include time to review why a specific change was not done. However, a person who experiences issues need not wait until sprint planning session to bring up these issues. These show stoppers need to be brought up much sooner. Hopefully this team has periodic meetings to discuss issues on daily basis. YouTube video

Before submitting code for peer review a person who writes a code need to come up with good and comprehensive set of tests for the new code. Tests will help this person to thinks about variations that this person did not think before. Tests will ensure that the code works properly as expected. Tests will be a good basis for code review.

Version control system records changes to files and who submitted those changes. Version control system is helpful to revert back to previous good state of the software. Often version control system is tied to change control system, where changes to the software are peer reviewed before the submission.

We live in world that is full of mobile applications. There are good chances that you have one of the smart phones such as iPhone or Android. However mobile applications are not limited to the phones, I will try to explain what are common mobile devices. Of course many of us are familiar with smartphones. Common two smart phones run Apple’s IOS or Android Operating System. There are tablets. These are much larger in size than phones. Physical keyboard is optional for these, there is on screen keyboard for typing. There are also tablets that are good for harsh use. Typically such tablets are designed with a drop in mind, and they have durable screen. Multiple companies are making tablets. Cost of a tablet is usually lower than a smartphone. There are also smart watches. These usually paired with a smartphone and display information such as text messages that are received from a phone. It is also possible to make calls from a smartwatch. There are also automobile devices. There are also ...

Information technology is not a field where a person interacts only with a computer, solid people skills are also needed. An IT person needs to communicate with peers, management and often to clients, communication to clients depend on the role a person executes in IT field. Solid communication skills are required from an IT person. It includes verbal and written communication.

Information technology is field of study how computers work. Information technology is not only theoretical knowledge, information technology is practical. When we use a computer or mobile phone we use information technology. Information technology uses data and makes sense out of it. For example self driving cars process information about driving conditions and select best route to take. A lot of people work in information technology field. There are developers who develop software, there are quality assurance people that verify functionality of software, there are system administrators that deploy software in production environment and support it. I know that I listed just a few positions. There are a lot more people involved in information technology. Information technology is brain activity, therefore if you are not one of these people than information technology field is probably not for you. Information technology tasks are similar to solving puzzles.

Logic bombs are harmful software that awaits for a specific condition to be executed. A computer will run normally until a specific date and all of the sudden it will be acting up.

There are four basic things that a computer does. These are: Receive input Store data Process it Output the result Input can vary. It can be keystrokes on a keyboard or a mouse movements. However it can also be sound that microphones pick up, or objects that a camera sees. Storing data can be either short term or long term. Short term storage is usually done with the data that will be processed. Long term storage is done to the data that will be used at a later time. Process the data is next step of what a computer does. It can be a keystroke in a personal computer that will end up in a text document, or it can be an object that seen by a camera of a self driving vehicle. The final action in this process is to provide output based on the input. Output can be visual, or things that we see in the monitor of a computer. But output can also be a sound. For example if a computer is tasked to generate a melody, then this melody will become an output. In case of self driving vehicles output w...

A purpose of a keylogger is to capture and send to its owner sensitive user information from a computer. This information usually includes passwords used to access different computer resources. A good protection against keyloggers is to use multi-factor authentication. Multi-factor authentication requires a password and a hardware that a person has. Even so the password maybe known, it will be useless without hardware. More sensitive data may require multi-factor authentication using biometrics of a person. Having MFA that requires biometrics is more expensive than having a physical device.

A botnet can be used to send a lot of traffic to a victim website or a computer. A botnet is controlled by a command center, however the message is usually is send from one node to another one. It makes it difficult to control the traffic by the firewall. SEIM (Security Information and Event Management) systems can be used to identify such traffic by correlating data from multiple sources.

A bot is the software that allows executing a command that issued by software that controls it. A single bot is installed in one computer, multiple bots form a collection known as a botnet. Botnets can be used to perform denial of service attacks or sending spam messages. A bot can be controlled by a single server, or by accepting messages from other bots, therefore making it difficult to control this network traffic. Systems like IDS and IPS can help detecting bot traffic and prevent further communication.

Backdoor software is a malicious software that allows access to a system without normal authentication and authorization mechanisms. Trojans and rootkits often include backdoor software. Often presence of a backdoor can be revealed by presence of listening port at an unusual port number.

A rootkit is a type of software that allows remote access to a computer where it is installed. It is unknown what else a rootkit allowed to install in the system, therefore a best practice to deal with a rootkit is to reinstall operating system in a computer infected with a rootkit.

Unlike Trojans worms don’t require a person intervention. Worms exploit known software vulnerabilities. Probably the most known recent worm is Stuxnet, which was used to exploit a vulnerability in Iranian software used in enriching uranium, it had caused to damage centrifuges that were used in enrichment of Uranium.

Trojans is type of malware that make appearance that their are useful software, but in reality system can be used by an attacker. Many trojans include remote access software allowing an attacker to use the system remotely. The name Trojan horse comes from Greek mythology, where city of Troy was concurred by soldiers that hid inside giant wooden horse. This city was concurred this way.

Version control is a critical functionality for the developers. Version control allows software to be see who made the changes, what had been changed, if there are comments associated with the changes it is possible to tell why this specific change was made. Often version control system is tied to peer review process. Other developers may provide feedback to the new or changed code. New or changed code needs to have good tests coverage. The key here is good. Tests will fail if the code does not satisfy requirements or requirements are outright flawed. Tests need to pass before code is submitted to version control.

We don’t live in isolation and collaboration with other tech people is a key skill. Of course if it is very small company and there is only one developer there, there is nobody eke to communicate to, however if it is a larger company than collaboration is crucial. Collaboration informs other people what you are working on. It is very crucial to inform others, because somebody else maybe working on the same feature, or this functionality is going to be deprecated and effort that is put into development will be wasted. Collaboration maybe in person or it could be comments in code. Comments will explain logic of the code and possibly will explain why this specific logic is used.

Ransomware is a type of dangerous software that locks a computer demanding a payment to be paid in order to unlock the computer. If ransom is paid then there is no guarantee that computer will be unlocked. Ransomware may threaten a computer user to report this user computer activity to authorities.

There are different types of malware depending of what they do and how they spread. I will try to explain each type separately. Purpose of malware is to cause harm to computing devices, networks or the users.

Equipment usually comes from various sources and it is very small chance that it is developed in house. In such case security team must verify how trustworthy that source is. If it has reputation of having computer security issues then such a vendor may put your company at risk.

There are a few options that needs to be considered when software threat intelligence gathered: Is it timely? Information about software vulnerability from five years ago will probably be no relevant. Is it accurate? Can the information be trusted? Is it relevant? You may get accurate information, but do you utilize such software in your environment? All these result in confidence level that you will have.

Open source threat intelligence is an information that can be obtained from public sources. For example it is possible to obtain records if a person was sued or served jail sentence. Regarding software: it is possible to learn from public sources if there is an exploit for the software.

Threat intelligence is information about a computer product of how it can be exploited. A person who is responsible for that software is likely to be responsible for the security of it. It may be needed to install updates to resolve security related issues, however it is difficult to expect that such a person will pay attention to security related issues. There may be totally different team that is responsible for security scanning, or the system administrator of that system will point out issues with that software, of software owners will identify the problem. It is needed to define who is responsible to identify security related issues to prevent blaming one person of another one.

If a device from a third party is installed in the network, then such a device may become a security risk. It is hard to manage third party device if the company that provided it has full control over such a device. Nevertheless ensuring security of network is responsibility of the company that owns the network, it is regardless of who owns a device.

Companies must pay attention what type of information is saved online. If such information contains passwords or other sensitive information than such data can be used by an attacker. If the information about this incident becomes public or private information is leaked, then reputation of that company will be damaged.

Removable media such as flash drives is inexpensive, but flash drives may represent great danger to a company. A flash drive may contain a backdoor allowing an attacker to gain access to a computer. Such a flash drive may be left on a company’s parking lot, and inexperienced user may plug it in to his or her computer, by doing so the access may be given to a ch an attacker.

Wireless networks may represent great security risk, because a person that will use a wireless network will not need physical access to the network. A person maybe sitting in a parking lot and with the laptop can access company’s network resources. Wireless networks need to have proper security in place. A person that authenticates to a wireless network needs to have proper access to network resources.

One of the ways to gain more access is direct access to a network. A person may plug in his or her laptop to a network jack or use unprotected Wi-Fi to gain network access. Network jacks need to have proper supervision and network there needs to have limited access to resources. A person may decide to enter premises of the company directly, in such case. entry to the company's premises must be properly secured via technical devices or by people that guard this access.

Email can be used to send phishing messages with the intent to get a person interested and gain access or to get more information from that person. There is no technical fool proof prevention to phishing emails. Spam filters are good, but still a few messages go through. It is enough for a single message to cause a lot damage. A person that receive such messages needs to be diligent.

A threat vector is a way for an intruder to gain access to an organization. There are several common threat vectors. Among which are email and social media, direct access, wireless networks, removable media, cloud computing services. I will cover details of each one separately.

less command in Linux will display one page of a file at a time.

head command in Linux will display top n lines. By default it will display top 10 lines, however it is possible to overwrite this configuration with -n option.

It is possible to find test in a file with grep command.

cat command in Linux will output the content of the file to screen.

In Linux it is possible to create soft and hard links. Links are created with ln command. Hard links point to the data in disk. If first file is deleted, then this link will still point to this data. Soft links point to the file. If this file is deleted, then this link does not know where to point to. A soft link can point to file which is located in a different physical disk, but hard links can't. It is possible to link both files and folders.

Typical directories in Linux include the following: / - beginning of the file and folder structure. /root - home directory of root user. /etc - this folder contains configuration files of the application. Configuration files maybe split into subdirectories. /hone - the location of user folders. /mnt - location of filesystem files. /media - location of media files such as DVD ROM drive. /bin - location of application files. /lib - location of library files, these files are similar to DLL files in Windows OS.

In Windows operating system root of the file system is a drive which is identified by a letter. Normally first hard drive in a Windows system is identified with a letter C follower by a column. In a Linux system root of the file system is identified with a forward slash.

shell is an environment and an interpreter to run Linux commands. There are different shells in Linux. A popular shell in Linux is bash shell. bash stands for Borne-again shell.

shell is an interpreter of Linux commands. shell is also used to run applications in Linux environment

root user has a lot of permissions to do things with a Linux system. For example root user has ability to install software that will be available globally to all users, make applications configurations changes, this user is able to add, modify or remove users from that system. Since root user has a lot access to system resources therefore or everybody needs to have access to root account, some people needs to have just regular system access.

Virtualization technology allows a user to get familiar with other operating systems. A software is installed in host OS that allows installation of other operating systems there reduces costs needed to obtain hardware, it also reduces power needs. It comes at the expense of each virtual machine uses only a portion of hardware resources.

There are a few reasons why hackers prefer to use Linux over other operating systems. I will list these: Linux is open source. What it means that there is no single company that is in charge of how Linux runs. It is possible to make changes to Linux yourself. These changes can be very simple as configuration changes, or changes can be more complex as making changes to existing software or even by writing your own. Linux is transparent. With Linux it is possible to know exactly what is going on. Closed source software may hide this information by making software that runs in these more user friendly. User friendly software may be needed by novice users but not by hackers. Linux offers much control over Windows. In Windows a person can modify only parameters that this person is allowed to modify. With Linux a person can modify a lot more options. Most hacking tools are written for Linux. About 90 percent of hacking tools are written for Linux. Of course there are exceptions to this rule....

Penetration testing is done by an independent company that has no knowledge of systems, software or configuration in the environment. Penetration testing is lot deeper than just vulnerability testing. Vulnerability testing must be done prior to penetration testing to resolve potential issues that can be exploited during it. Penetration testing needs to focus on issues a regular vulnerability scan cannot find. Penetration testing is a lot more expensive then vulnerability scan.

Ethical hacking is a process to find out about issues in the software or the way how that software is configured before bad guys find out about it. Once an issue is found something needs to be done with it, or this issue can be exploited by bad guys. An issue can be patched by installing new version of the software, or reconfigure it. If the software was developed internally, then internal team needs to come up with a patch. To Ing to fix this issue will depend on two things: How easy to exploit it. What damage can be done, if this issue is left unpatched. Maybe before a complete patch is released it is possible to release a quick fix that addresses only this specific issue.

It is needed to understand that bad guys will have different intends for bad computing activity. If non-sophisticated attackers may have motivation of their activity a fame associated with their activity, more advanced attackers may be motivated by financial gain.

Level of computer threats will also depend on amount of money or recourses available to bad guys. Inexperienced hackers may have limited availability of funds and/or computing resources, where experienced attacker will have more.

Level of expertise in computer security activity greatly varies from the knowledge such a person has, A person may execute somebody else's code hoping that it will work. In some cases it will, however such a person may not know what it does and how. Such people are called script kiddies. More sophisticated people will do their own research and such people more dangerous. I am not saying that script kiddies are not dangerous, they are, but they simply execute somebody else's code often without complete understanding of what that code does and why it does so.

Threats can divided onto two categories: internal and external threats. Internal threats are more dangerous because a person that is inside of the network already has access to network and computing resources. A person that is outside the network, may have better skills or may have access to additional software tools, but the access to that person is limited. Hardware / software tools such as firewalls limit that person's actions. Often network computers that are inside of the network have private IP addresses and access to these computers is limited. Such a person has access to public information only, such as public web sites. In order to gain inside access such a person needs to use extra effort.

Collection of data in programming can be represented with arrays or dictionaries. Arrays can be of two types, they can be indexed or named. In case of an indexed array, array elements will have a numerical index. Numeric index is usually 0 based, meaning that first element of an array will have an index of 0. Named arrays will have a word as a key of an array.

Common data types are: char - contains a singe character. string - a collection of characters. Integer - whole numbers. float - a number with decimal point. A number after decimal point is optional. Operation time and memory consumption with integer numbers will be faster and memory consumption will be lower with integers. datetime - this data type will represent date and time. Boolean - this data type has true or false values. False can be represented with 0, and True with 1.

During software development phase a developer has different data types that can be used. Data types define what can be done with that object. For example addition of two numbers will result in a sum of those numbers, However addition of two strings (even so these strings may represent numbers) is not an addition of values, but concatenation of these strings. In case of mathematical data types, different data types have different limits and precision.

Maintenance of software is next step in software lifecycle. It is impossible to expect that software will not have bugs. Maybe only simple software will not have bugs, however as complexity of software increases so increase chances for bugs. Bugs can be of several types. Bugs can be critical or not. Bug may have workarounds. Software maybe publicly accessible or maybe internal use only. All of these factors influence on how fast a bug fix needs to be made available.

Deployment of software is the last step in software development lifecycle. Software deployment need to robust, it need to be reliable, people that submit files to be deployed need to ensure that files made it to destination. Deployment maybe staged so lower traffic environment will get new files to minimize impact in production.

There three commonly used software testing types. These are: unit testing, regression testing, acceptance testing. Unit testing will ensure that functionality of modules or specific portions of code works. Regression testing ensures that new functionality does not break functionality that was working before. Acceptance testing ensures that people that develop software or who requested changes are happy with the changes.

Testing of software is an another step in software development life cycle. People may think of testing as unneeded step, after all software works. However there may be cases when it does not work at all, or does not work as expected. Testing of software can be made by a dedicated team that does testing, or software deployment can be made dependent on successful testing. If untested software is released to production than it may introduce security bugs or software issues.

Defying software requirements will drive a choice of programming language. Coding the software maybe a time consuming task. It may be a good idea to focus on important functionality, and then improve it or develop additional features. By doing so, first version of software product will be available quickly. Of course it will not have all of the bells and whistles, but at least something will be released to public. It will allow public to use it, as well as it will allow team to think about what is needed to be released next.

The next step in SDLC process is to identify software requirements. Will the software that you develop will be Microsoft Windows specific, or it will require Apple OS, or maybe it will be web based and platform agnostic.

It is needed to list what are hardware requirements. Is your product going to run on a tiny computer or on a mighty server?

Design is a second step in SDLC. Initial draft can be just a drawing on a napkin, but it will be almost impossible to develop something from a napkin drawing. Of course many of software engineers are bad at drawing. It is completely different skill set. Unless the design does not require artistic skills a person that is good at drawing is needed to be involved.

Requirements gathering is the first stage of SDLC process. At this stage is needed to be defined what software will do. There are different way to make this decision of what software is going to do. A manager may make a decision, or it could be a team decision. It is a good idea to focus on incremental changes. Release first version and then improve it. In this case the first version will not have all of the features, but at least it will spark an interest of users. At the same time it is needed to think about competitors, they can release something similar or even better. The development which was started by the team should not finish unless the goal is met. The goal may change during the development based on the factors such as understanding a need in the service, features of a similar product available from competitors. Even if competitors may have more features, it does not mean that what you develop will be a throw away. Your product may not have all of the features of a competito...

SDLC (Software Development Life Cycle) specifies six stages of life of a software. I will cover each stage of SDLC separately.

Databases keep the information in tables. Such data is organized in rows and columns. It is possible to filter data in a table by specifying a column condition. For example if a table contains data about cars, then it would be possible to filter cars with specific color. It would also be possible to specify multiple conditions such as color and number of doors. There may be more than one table in a database. In fact only very small databases have only a single table, majority of databases have more than one table. There could be NoSQL databases. These databases are more simpler than regular SQL databases. Relationship between tables is offloaded from database engines to servers that retrieve data. Relationship between data is not done by a database engine, but relationships is done by servers that retrieve this data. It removes relationships between the data from a database server and offloads it to the layer that retrieves such data. The advantage of doing so is the speed gain of retr...

Many of the computer related issues can be resolved by his or her own and don’t require assistance from a live person technical support. Such issues are typically not serious and are described in FAQs section. FAQs stands for Frequently Asked Questions. If such a question was asked before, then it will take a time of person who tries to resolve an issue. It will take time from other probability more serious problems.

Technical support helps with issues that a person cannot resolve on his or her own. There maybe several levels of technical support. Lower levels will resolve simple issues and the higher level support will resolve more serious issues.

There maybe a time when a computer may not start up normally or turn on completely. If a computer doesn’t turn on completely it is an indication of a power issue. Maybe power cable is disconnected from a computer, or maybe a breaker had tripped, or maybe there is a power outage that impacts the entire building. In order to minimize impact of power issues at the workstation level it is possible to have an uninterrupted power supply. It allows to work for a few minutes, maybe it is just an electrical fluke and electricity will be restored shortly. For more quantity of computers it is possible to have a power generator. Power generator needs to be tested regularly. If a computer turns on, but fails to start-up it maybe an induction of a hardware failure.

Stationary computers don’t get much damage, but portable devices do, because they are carried and have a potential for more severe conditions. Some of the portable devices are made “rugged” to minimize impact of severe usage conditions. Of there is a physical damage of a computer then this damage may prevent this computer to function properly.

One of the common computer problems is that a computer does not have power. There are couple of ways to troubleshoot this issue: First of all make sure that the power cable is plugged in. Second option is to check if it is the only device that is impacted. Maybe more than a single computer is impacted. It may indicate that a breaker tripped or there is power outage. To avoid power issues for a workstation it is possible to have a UPS (Uninterrupted Power Supply) device. For more load it is possible to have a generator. If generator is in place, than it is needed to test it periodically to ensure that it works when needed.

Disaster recovery plans are detailed steps of what needs to be done in a specific situation. It will be difficult to come up with a list of steps to do in such a situation, therefore disaster recovery plans needed to be prepared in advance. Yes, disaster recovery plans are in plural form, because different events may happen and steps in case of a flooding will be different from steps in case of a fire. Of course it is difficult or even impossible to think through every situation, but it is a good idea to prepare these in advance, before such an event happens. If it happens and nothing is prepared, than it would be difficult to come up with the list of steps to do during an event.

Incident response plan list the people to contact in a specific situation and what those people will do.

Bad things happen, it is difficult to prevent these from happening. Disaster recovery plans will happen in case one happens. It is too bad to be unprepared.

A computer firewall is a software or hardware product that blocks internet traffic and only allows certain traffic through. For example email or web traffic may be allowed. Firewall can redirect traffic based on traffic patterns. For example mail traffic will go to a mail server and web traffic will go to a web server.

Web sites can try to collect personal identifiable information. This information may include date of birth, place of birth, phone number, etc. In many cases this information is not needed. For example doctor’s office may need date of birth, but a survey site doesn’t need it. If such information is asked, then think hard so you need to deal with this business, do you need to provide them this information? Such information is very personal and can reveal much about yourself.

By location of a forward slash it is possible to tell if the real website or a fraudulent one will be opened. Forward slash will follow the domain name. Just indication that domain names of the website and the certificate match do not guarantee that data will be transmitted to a correct website. Not only certificate must say that it was issued to a specific website, but the name of website must match to the website you wish to access and this information needs to match name on the security certificate.

Security certificates don’t mean that you can blindly trust websites that utilize security certificates. One of the messages that it is possible to get when visiting a suspicious website is that website name of security certificate does not match this website domain name. A user needs to pay extra attention to such messages because they could mean that the data will be transmitted to a totally different place than security certificate claims it to be.

Having a secure connection via HTTPS protocol does not guarantee that connection is established to a website you wanted to reach. SSL certificate may claim that it is for one website, however a totally different website is accessed. Such a website can steal personal information.

Transmission that is done securely will be send over HTTPS protocol. Such a transmission ensures that a secure channel is established between a server and a client. It also ensures validation of the server. Secure web pages often will have a lock icon in the browser. Encryption of data comes at a cost of higher processing usage, so personal that is responsible for computer equipment need to pay close attention to CPU usage.

There couple of principles a person needs to follow when private information is submitted over the internet. First principle is that a website a person uses needs to be trustworthy. Second principle is that data which transmitted needs to be encrypted. Even if this traffic is intercepted, the data will not make sense.

Libraries or hotels may offer computers for public use. Such computers may be infected with key loggers, therefore a person who uses them needs to pay extra attention to what is being typed there to prevent sending this information to wrong people.

When a single system sends a specially crafted network message with a purpose of overwhelming destination system or an application in it, is called a Denial of Service attack, When multiple systems participate in such an attack it is called a Distributed Denial of Service attack.

When a person put a device in between two devices communicating with each other it is called man-in-the-middle attack. Even so it is possible to capture SSL encrypted communications this way, the captured data will not make sense because it is encrypted. It also true for other types of communications where traffic is encrypted. For example VPN traffic data will not make sense.

Eavesdropping is the process of capturing and analyzing network traffic. Adequate access to networking equipment and knowledge of it is required to configure a port in a switch to capture all of the traffic there. For large networks where more then a single switch is used to handle network traffic, there may be a need to have a special switch that is will handle this sort of traffic. In addition of configuring a switch a specialized software needs to be used to analyze the traffic.

The network needs to be properly protected. It is a good idea to have private IP space inside the local network, it will ensure that local companies are not available to the outside world. Another thing to think about are firewall rules. It is possible to have private IPs assigned to computers, but if firewall redirects traffic to a certain computer then it is a risk to deal with. For example if firewall redirects HTTP traffic to a web server, than it is expected, however if redirects Windows traffic to a specific computer, than it is very suspicious.

Here are five step plan of how to deal with malware. Recognize. This is the essential step in order to know what you are dealing with and which actions need to be taken. You may need to read information in the Internet in order to know what is it and how to deal with it. Quarantine. If system is infected then discounting it from network is a good second step. By doing so it will not infect other systems in the network and will not receive commands from the manager of malware. It is needed to find all infected or dangerous files. It can be done via updating antivirus software or by reading information about this malware. Next step is to prevent this activity from happening again. Educate other users of what has happened and why. What needs to be done differently next time to prevent this issue from happening again.

First line of defense is to install software updates. Outdated software may have vulnerabilities that can be exploited to elevate access. Install antivirus software. Second line of defense is to install antivirus software. I am not recommending one, please do your own research which antivirus software is good for your computer or your company. Antivirus software not only needs to be installed, but updated on regular basis, because new malware appears daily and old antivirus signatures will not be good for the new malware.

Ransomware when active displays a message that a payment needs to be made in order that computer becomes available again, without this payment this computer is not operational. There are several types of ransomware: Scareware. For example shareware may display a message that certain antivirus product must be bought and installed in the system. Without it this computer will become inoperable or information in it maybe damaged. Lock screen. This type of scareware does not allow anything to do unless payment is made. Encryption. It is the worst type of ransomware. It encrypts files and demand a payment for files to be decrypted. Even if this payment is made, then there is no guarantee that files will be decrypted.

Computer worms travels from machine to machine, this process is done without a person interaction. Computer warns can be launch point for other malware types or they can create a backdoor for hackers.

A name “Trojan horse” comes from Greek mythology, when city of Troy was defeated by soldiers that hid inside of a big wooden horse that was rolled inside by the citizens of the city. Once inside, these soldiers were able to open gates and allowed more soldiers to come in. Computer Trojan horses represent something useful however these allow access to computer resources by other programs once the Trojan horse is running.

Computer viruses infect computers with a purpose of harming your computing environment. Computer viruses can erase mailbox or entire hard drive. We tend to use a generic name - a computer virus, however there are several types of malware depending of what type of harm they cause and the way they propagate.

One of the tactic that an attacker may use is to display fake security messages. The web pages that display fake error messages may actually be collecting login information. This information can be used to further elevate privileges.

Email messages can be used to retrieve sensitive information. For example a person may get email message saying to change password. A web page that pretends to be a valid internal page to reset password is actually hosted elsewhere. Once login credentials are obtained it can be used to further elevate access or pretending being that person.

Phone scams are used to obtain network privileges. Phone scams may look like calls to help desk to reset a password. If password is obtained it can be used to further elevate privileges or to access private information.

Following someone that has an access to a building is called “tailgating”. Once inside the building an unauthorized person maybe looking for personal information which will give that person more access to company’s resources.