IT Governance is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization.
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc.
IT Gov is responsible for all the activities of IT. They are responsible for creating policies and procedures of IT, creating templates for various IT activities and processes.
There are quite a few supporting references developed to guide the implementation of information technology governance. Some of them are:
Control Objectives for Information and related Technology (COBIT) is regarded as the worlds leading IT governance and control framework. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. Originally created by ISACA, The ITGI (IT Governance Institute) is now responsible for COBIT.
The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.BS7799 - focus on IT security
Six Sigma - focus on quality assurance
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
Recently, ISACA has released Val IT, which correlates the COBIT processes to senior management processes required to get good value from IT investments
COBIT 4.1 has 34 high level processes that cover 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring and Evaluation. COBIT provides benefits to managers, IT users, and auditors.
COBIT covers four domains:
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
Sarbanes-Oxley Act of 2002 are encouraged to adopt COBIT and/or the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
COBIT approaches IT control by looking at information — not just financial information — that is needed to support business requirements and the associated IT resources and processes. COSO control objectives focus on effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations. The two frameworks have different audiences. COSO is useful for management at large, while COBIT is useful for IT management, users, and auditors. COBIT is specifically focused on IT controls. Because of these differences, auditors should not expect a one-to-one relationship between the five COSO control components and the four COBIT objective domains.
http://en.wikipedia.org/wiki/COBIT
Monday, September 21, 2009
Where does ITIL fit? It's alternatives & certifications
Organizational policies, practices and procedures tells us how should we do it in our organization. Applied Framework tells us how should we do it in a particular context, like in IT. Best practices tells how should we do it. Standards tells us that what should be done.
HP ITSM and Microsoft Operating Framework(MOF) and Cobit are the examples of applied framework. ITIL is an example of best practices.
Models are like tools: not the goal, just the means to achieve the goals(goals of IT towards business). If you needed to implement IT control, CobiT is the answer; if you were working on operational IT processes/services, ITIL is the answer. Unfortunately, things are not that simple. With Cobit 4 and ITIL 3, n number of things are overlapping. ITIL going in the arena of Cobit and vice versa.
ITIL Alternative:
COBIT is perceived as an audit framework but the supporting body of knowledge (such as COBIT's books Control Practices, IT Assurance Guide, IT Governance Implementation Guide, and User's Guide for Service Managers) has grown to offer a credible alternative to ITIL.
Organizations that need to understand how ITIL processes link to a broader range of IT processes or need task level detail to guide their service management implementation can use the IBM Tivoli Unified Process (ITUP). Like MOF, ITUP is aligned with ITIL, but is presented as a complete, integrated process model.
ITIL Certification:
ITIL v2 offers 3 certification levels: Foundation, Practitioner and Manager. These should be progressively discontinued in favor of the new ITIL v3 scheme.
ITIL v3 certification levels are: Foundation, Intermediate, Expert and Master.
Link:
http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library
http://www.computerworlduk.com/community/blogs/index.cfm?blogid=30&entryid=2249
Tuesday, August 25, 2009
ITIL Version 2 & Version 3
IT Services to Business and ITIL:
Objective of IT is to support and deliver business focussed IT services.
ITIL Obj:
Reduce cost, Improve availability, Tune capacity, Increase throughput, Optimize resource utlization and Improve scalability.
ITIL version 2 and ITIL version 3 overview:
ITIL was developed by Office of Govt Commerence(OGC), an Office of UK Treasury.
ITIL version 2 has 8 books.
The eight ITIL version 2 books and their disciplines are:
The IT Service Management sets
1. Service Delivery
2. Service Support
Other operational guidance
3. ICT Infrastructure Management
4. Security Management
5. The Business Perspective
6. Application Management
7. Software Asset Management
To assist with the implementation of ITIL practices a further book was published providing guidance on implementation (mainly of Service Management):
8. Planning to Implement Service Management
And this has more recently been supplemented with guidelines for smaller IT units, not included in the original eight publications:
9. ITIL Small-Scale Implementation
IT Service management consisted of 10 processes and 1 function(service desk)
The far more widely used, circulated, and understood of ITIL v2 publications is IT Service Management.
In May 2007, this organization issued the version 3 of ITIL (also known as the ITIL Refresh Project) consisting of 26 processes and functions, now grouped under only 5 volumes, arranged around the concept of Service lifecycle structure.
1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service Improvement
For more detailed information, please visit-
http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library
ITIL version 2 and version 3 difference:
For more detailed information on the difference, please visit
http://wiki.en.it-processmaps.com/index.php/Comparison_between_ITIL_V3_and_ITIL_V2_-_The_Main_Changes
Objective of IT is to support and deliver business focussed IT services.
ITIL Obj:
Reduce cost, Improve availability, Tune capacity, Increase throughput, Optimize resource utlization and Improve scalability.
ITIL version 2 and ITIL version 3 overview:
ITIL was developed by Office of Govt Commerence(OGC), an Office of UK Treasury.
ITIL version 2 has 8 books.
The eight ITIL version 2 books and their disciplines are:
The IT Service Management sets
1. Service Delivery
2. Service Support
Other operational guidance
3. ICT Infrastructure Management
4. Security Management
5. The Business Perspective
6. Application Management
7. Software Asset Management
To assist with the implementation of ITIL practices a further book was published providing guidance on implementation (mainly of Service Management):
8. Planning to Implement Service Management
And this has more recently been supplemented with guidelines for smaller IT units, not included in the original eight publications:
9. ITIL Small-Scale Implementation
IT Service management consisted of 10 processes and 1 function(service desk)
The far more widely used, circulated, and understood of ITIL v2 publications is IT Service Management.
In May 2007, this organization issued the version 3 of ITIL (also known as the ITIL Refresh Project) consisting of 26 processes and functions, now grouped under only 5 volumes, arranged around the concept of Service lifecycle structure.
1. Service Strategy
2. Service Design
3. Service Transition
4. Service Operation
5. Continual Service Improvement
For more detailed information, please visit-
http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library
ITIL version 2 and version 3 difference:
For more detailed information on the difference, please visithttp://wiki.en.it-processmaps.com/index.php/Comparison_between_ITIL_V3_and_ITIL_V2_-_The_Main_Changes
Thursday, May 14, 2009
Encryption, SSL/TLS, Secure Browsing
TLS runs on layers beneath application protocols such as HTTP, FTP, SMTP and above a reliable transport protocol, TCP . While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS.
SSL/TLS works on the basis of public key cryptography.In “public key cryptography”, each person has two keys — a “public” key and a “private” key. Anything encrypted with the user’s public key can only be decrypted with the private key and vice versa. Each person then tells the world what his public key is and keeps his private key safe and secure, and private.
Once the connection is established between client and server, public key cryptography may not be used for actual information transmission.
Types of threat:
Eavesdropping(in transit)-- Encryption SSL/TLS will take care.
Re-routing for website-- Encryption SSL/TLS will take care.
Sending mail impersonating someone else-- Encryption SSL/TLS will not take care.
I am looking at TLS/SSL for secure messaging and for HTTPS.
SSL and TLS
1. Over HTTP(you and your mail server website, you and your bank website etc, where you are using browser)becomes HTTPS
2. Over SMTP(server to server like in case of Bank and other Bank)server to server SMTP.
3. Encrypted email even if I am using gmail or yahoo...how to do? client to server SMTP, server to server SMTP, Server to client POP3 or IMAP. Client here is email client(like outlook, thunderbird and Lotus Notes), not the browser client as in example 1, otherwise it will fall in example number 1 category.
For example 2 and 3:Secure messaging has two options- S/MIME and TLS. S/MIME involves users and is more reliable end to end sucure messaging. TLS does not involve users but is not ensured for secure messaging. If any chennel or server or client does not support TLS, message is insecure there. Moreover, TLS uses symmetrical key pair.
There are different types of authentication. HTTPS is example of unilateral authetication where server is autheticated but the client is not authenticated. There are certain transactions which happens between organisations where both client and server (server and server)are authenticated.
How example number 1(HTTP) works: http://en.wikipedia.org/wiki/Secure_Sockets_Layer TLS involves three basic phases:1. Peer negotiation for algorithm support 2. Key exchange and authentication 3. Symmetric cipher encryption and message authentication Typical algorithms are:
• For key exchange: RSA, Diffie-Hellman, ECDH, SRP, PSK
• For authentication: RSA, DSA, ECDSA
• Symmetric ciphers: RC4, Triple DES, AES, IDEA, DES, or Camellia. This clearly shows that different type encryption algorithm is in use. Symmetrical cipher(where same key is used to encrypt and decrypt), asymmetrical ciphers(a combination of public key and private keys) or both.Ciphers are the techniques for encryption. Asymmetrical cyphers or asymmetrical encryption uses only one key for encryption and decryption.
A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.
• The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported ciphers and hash functions.
• From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
• The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key. The client may contact the server that issued the certificate (the trusted CA as above) and confirm that the certificate is authentic before proceeding.
• In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server. Only the server can decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The client knows PbK and RN, and the server knows PvK and (after decryption of the client's message) RN. A third party may only know PbK, unless PvK has been compromised.
• From the random number, both parties generate key material for encryption and decryption. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes.If any one of the above steps fails, the TLS handshake fails, and the connection is not created. Let’s see another more comprehensive example on how SSL actually works for securing your communications over the Internet. Before the communications occur, the following takes place:http://luxsci.com/blog/how-does-secure-socket-layer-ssl-or-tls-work.html
• A company wishes to secure communications to their server company.com.
• They create a public and private key for company.com (this is also known as a “certificate”).
• They go to a trusted third party company such as Thawte or Verisign: Thawte makes the company prove its identity and right to use the company.com domain. This usually involves a lot of paperwork and paying a hefty fee.
• Once the verification is complete, Thawte gives the company a new public key that has some additional information in it. This information is the certification from Thawte that this public key is for the company and company.com and that this is verified by Thawte. This certification information is encrypted using Thawte’s private key… we will see why below. Then, when Client wishes to communicate with the company at company.com,
• Client makes a connection to company.com with its computer. This connection is made to a special “port” (address) on company.com that is set up for SSL communications only.
• When Client connects to company.com on its SSL-secured port, the company sends back its public key.
• Client gets the public key and decides if it is OK…
• If the public key has expired, this could be a problem
• If the public key claims to be for some domain that is not company.com that could be a problem.
• Client has the public key for Thawte (and many other third party companies) stored in its computer — because these come with the computer. Thus, client can decrypt the validation information, prove the validation is from Thawte and verify that the public key is certified by Thawte. If Client trusts Thawte, then Client can trust that he/she is really communicating with Company. If Client doesn’t trust Thawte, or whatever Third Party company is actually being used, then the identity of who is running the computers to which Client is connecting is suspect.
• If client decides to trust the public key, then Client will send to the company the Client’s public key.
• The company will then generate a “password” and encrypt it using both Client’s public key and Company’s private key, in succession, and send it back to the client.
• Client will decrypt the password. This process proves that the company sent the password and that only Client was able to read it.
• Client will start communicating with the company by encrypting data using this password. Normal “symmetric” (password-based) encryption takes place from this point forward because it is much faster than using the public and private keys for everything. These keys were needed to enable the company to prove its identity and right to domain.com and to give client the password in a safe way.
Difference between SSL and TLS: http://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html TLS allows both secure and insecure connections over the same port, whereas SSL requires a designated secure-only port. For users connecting to an email server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily switch to insecure connections if necessary without needing to change ports. This is not possible with SSL. Remember your settings of Thunderbird where SSL port 995 is used for POP3 connection and not TLS.
TLS/SSL for secure messaging(SMTP)One way to secure SMTP is to require the use of Secure Sockets Layer (SSL) for SMTP connections. However, that approach raises a problem. By default, all SMTP servers use port 25. But if you use SSL on port 25, non-SSL servers won't be able to connect through that port. And if you use a nonstandard port number, other servers won't be able to find your servers.Here is the key difference between HTTPS and SMTP. HTTP and HTTPS works on different ports- 80 and 443 whereas SMTP with or without TLS, works on port 25 only.You can work around this problem. The STARTTLS verb (part of the Extended SMTP—ESMTP—command set) lets an SMTP client and server negotiate the use of Transport Layer Security (TLS) for an SMTP connection. Each end of the connection can choose to authenticate the other, or the TLS connection can be used purely for privacy. Either way, this approach offers three important advantages.
• It doesn't interfere with other servers and clients. Clients that support STARTTLS can use it; those that don't can continue to use unencrypted SMTP.
• It's opportunistic. When you enable the use of TLS with SMTP, your server automatically requests TLS when communicating with other servers, and it accepts TLS connections when requested. Assuming the other server completes the negotiation process, mail flow is automatically protected. (You'll generally need to tell your users to enable SSL/TLS in their Internet mail clients, though.)
• TLS-encrypting the SMTP stream also protects message headers, giving you an additional degree of protection against traffic analysis, which can tell network intruders who you're communicating with, and how often. You must remember one important caveat, however: TLS doesn't protect messages from end to end. In other words, it doesn't protect messages that are in storage or traveling from client to server (unless the client also supports TLS). TLS protects the message only as it passes between two servers that both support TLS.
Digital Signature:Digital signature is encrypting the mail using private key. Since the public is available publicly, it can be decrypted by anyone. But one thing is sure that the mail is sent by the intended sender only.This is one way to ensure the identity of the sender.
Classes for the certificates of various CAClass 1 for individuals, intended for email Class 2 for organizations, for which proof of identity is required Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority This is used for google account/banks etcClass 4 for online business transactions between companies Class 5 for private organizations or governmental security.
SSL/TLS works on the basis of public key cryptography.In “public key cryptography”, each person has two keys — a “public” key and a “private” key. Anything encrypted with the user’s public key can only be decrypted with the private key and vice versa. Each person then tells the world what his public key is and keeps his private key safe and secure, and private.
Once the connection is established between client and server, public key cryptography may not be used for actual information transmission.
Types of threat:
Eavesdropping(in transit)-- Encryption SSL/TLS will take care.
Re-routing for website-- Encryption SSL/TLS will take care.
Sending mail impersonating someone else-- Encryption SSL/TLS will not take care.
I am looking at TLS/SSL for secure messaging and for HTTPS.
SSL and TLS
1. Over HTTP(you and your mail server website, you and your bank website etc, where you are using browser)becomes HTTPS
2. Over SMTP(server to server like in case of Bank and other Bank)server to server SMTP.
3. Encrypted email even if I am using gmail or yahoo...how to do? client to server SMTP, server to server SMTP, Server to client POP3 or IMAP. Client here is email client(like outlook, thunderbird and Lotus Notes), not the browser client as in example 1, otherwise it will fall in example number 1 category.
For example 2 and 3:Secure messaging has two options- S/MIME and TLS. S/MIME involves users and is more reliable end to end sucure messaging. TLS does not involve users but is not ensured for secure messaging. If any chennel or server or client does not support TLS, message is insecure there. Moreover, TLS uses symmetrical key pair.
There are different types of authentication. HTTPS is example of unilateral authetication where server is autheticated but the client is not authenticated. There are certain transactions which happens between organisations where both client and server (server and server)are authenticated.
How example number 1(HTTP) works: http://en.wikipedia.org/wiki/Secure_Sockets_Layer TLS involves three basic phases:1. Peer negotiation for algorithm support 2. Key exchange and authentication 3. Symmetric cipher encryption and message authentication Typical algorithms are:
• For key exchange: RSA, Diffie-Hellman, ECDH, SRP, PSK
• For authentication: RSA, DSA, ECDSA
• Symmetric ciphers: RC4, Triple DES, AES, IDEA, DES, or Camellia. This clearly shows that different type encryption algorithm is in use. Symmetrical cipher(where same key is used to encrypt and decrypt), asymmetrical ciphers(a combination of public key and private keys) or both.Ciphers are the techniques for encryption. Asymmetrical cyphers or asymmetrical encryption uses only one key for encryption and decryption.
A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.
• The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported ciphers and hash functions.
• From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
• The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key. The client may contact the server that issued the certificate (the trusted CA as above) and confirm that the certificate is authentic before proceeding.
• In order to generate the session keys used for the secure connection, the client encrypts a random number (RN) with the server's public key (PbK), and sends the result to the server. Only the server can decrypt it (with its private key (PvK)): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data. The client knows PbK and RN, and the server knows PvK and (after decryption of the client's message) RN. A third party may only know PbK, unless PvK has been compromised.
• From the random number, both parties generate key material for encryption and decryption. This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes.If any one of the above steps fails, the TLS handshake fails, and the connection is not created. Let’s see another more comprehensive example on how SSL actually works for securing your communications over the Internet. Before the communications occur, the following takes place:http://luxsci.com/blog/how-does-secure-socket-layer-ssl-or-tls-work.html
• A company wishes to secure communications to their server company.com.
• They create a public and private key for company.com (this is also known as a “certificate”).
• They go to a trusted third party company such as Thawte or Verisign: Thawte makes the company prove its identity and right to use the company.com domain. This usually involves a lot of paperwork and paying a hefty fee.
• Once the verification is complete, Thawte gives the company a new public key that has some additional information in it. This information is the certification from Thawte that this public key is for the company and company.com and that this is verified by Thawte. This certification information is encrypted using Thawte’s private key… we will see why below. Then, when Client wishes to communicate with the company at company.com,
• Client makes a connection to company.com with its computer. This connection is made to a special “port” (address) on company.com that is set up for SSL communications only.
• When Client connects to company.com on its SSL-secured port, the company sends back its public key.
• Client gets the public key and decides if it is OK…
• If the public key has expired, this could be a problem
• If the public key claims to be for some domain that is not company.com that could be a problem.
• Client has the public key for Thawte (and many other third party companies) stored in its computer — because these come with the computer. Thus, client can decrypt the validation information, prove the validation is from Thawte and verify that the public key is certified by Thawte. If Client trusts Thawte, then Client can trust that he/she is really communicating with Company. If Client doesn’t trust Thawte, or whatever Third Party company is actually being used, then the identity of who is running the computers to which Client is connecting is suspect.
• If client decides to trust the public key, then Client will send to the company the Client’s public key.
• The company will then generate a “password” and encrypt it using both Client’s public key and Company’s private key, in succession, and send it back to the client.
• Client will decrypt the password. This process proves that the company sent the password and that only Client was able to read it.
• Client will start communicating with the company by encrypting data using this password. Normal “symmetric” (password-based) encryption takes place from this point forward because it is much faster than using the public and private keys for everything. These keys were needed to enable the company to prove its identity and right to domain.com and to give client the password in a safe way.
Difference between SSL and TLS: http://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html TLS allows both secure and insecure connections over the same port, whereas SSL requires a designated secure-only port. For users connecting to an email server via POP or IMAP, this means that using TLS will allow you to opt for secure connections but easily switch to insecure connections if necessary without needing to change ports. This is not possible with SSL. Remember your settings of Thunderbird where SSL port 995 is used for POP3 connection and not TLS.
TLS/SSL for secure messaging(SMTP)One way to secure SMTP is to require the use of Secure Sockets Layer (SSL) for SMTP connections. However, that approach raises a problem. By default, all SMTP servers use port 25. But if you use SSL on port 25, non-SSL servers won't be able to connect through that port. And if you use a nonstandard port number, other servers won't be able to find your servers.Here is the key difference between HTTPS and SMTP. HTTP and HTTPS works on different ports- 80 and 443 whereas SMTP with or without TLS, works on port 25 only.You can work around this problem. The STARTTLS verb (part of the Extended SMTP—ESMTP—command set) lets an SMTP client and server negotiate the use of Transport Layer Security (TLS) for an SMTP connection. Each end of the connection can choose to authenticate the other, or the TLS connection can be used purely for privacy. Either way, this approach offers three important advantages.
• It doesn't interfere with other servers and clients. Clients that support STARTTLS can use it; those that don't can continue to use unencrypted SMTP.
• It's opportunistic. When you enable the use of TLS with SMTP, your server automatically requests TLS when communicating with other servers, and it accepts TLS connections when requested. Assuming the other server completes the negotiation process, mail flow is automatically protected. (You'll generally need to tell your users to enable SSL/TLS in their Internet mail clients, though.)
• TLS-encrypting the SMTP stream also protects message headers, giving you an additional degree of protection against traffic analysis, which can tell network intruders who you're communicating with, and how often. You must remember one important caveat, however: TLS doesn't protect messages from end to end. In other words, it doesn't protect messages that are in storage or traveling from client to server (unless the client also supports TLS). TLS protects the message only as it passes between two servers that both support TLS.
Digital Signature:Digital signature is encrypting the mail using private key. Since the public is available publicly, it can be decrypted by anyone. But one thing is sure that the mail is sent by the intended sender only.This is one way to ensure the identity of the sender.
Classes for the certificates of various CAClass 1 for individuals, intended for email Class 2 for organizations, for which proof of identity is required Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority This is used for google account/banks etcClass 4 for online business transactions between companies Class 5 for private organizations or governmental security.
Friday, May 8, 2009
CDMA and GSM Networks
CDMA and GSM are two different technology(rather network) altogether. Very
fundamentally different.Normally GSM networks operate in 900 MHz or 1800 MHz
using frequency division multiplexing. Another important feature of GSM is
Subscriber Identity Module or SIM Card. It is a small smartcard which contains
subscriber information and phonebook. Basically SIM card is the part of the
network. For higher speed data transmission either GPRS or EDGE can be used in
GSM phones.
CDMA is a form of multiplexing which divide signals by random pseudo codes
instead of conventional multiplexing methods like dividing by time or frequency.
CDMA is widely used in cellular networks and global positioning systems
(GPS).CDMA, a proprietary standard designed by Qualcomm in the United States.
CDMA is traditionally faster than GSM, providing better use in data transfer.
But usage of GPRS and EDGE on GSM network filled the gap. These two technologies
are basically used for data transfer in GSM network.
Both the technologies are moving ahead towards 3G standard or technology.
CDMA cell phones and CDMA carriers do not support SIM cards in most parts of the
world, though this is changing. A CDMA SIM card called the R-UIM (Re-Useable
Identification Module) was made available in China in 2002, and will eventually
be available worldwide. Expectations for the future include a cell phone market
that supports both SIM (GSM) and R-UIM (CDMA) cards by default.http://www.wisegeek.com/what-is-a-sim-card.htm
There are phones which are made for CDMA or GSM networks or both with two slots
of SIM. But if the phone is built for CDMA, it will only support CDMA SIM or R-
UIM. Similarly, if the phone is built for only GSM, it will support all GSM SIM
cards. This means that not only SIM or R-UIM plays the role in the network, but
also the phone circuitary. Now the phone having both the circuitary are available
in the market.http://www.techlivez.com/2007/08/wanna-have-gsm-and-cdma-both-in-a-single-
handset/
Also, one of the largest adv of GSM phones are having the capacity of world
roaming. CDMA have very poor in world roaming.
If your SIM card enabled phone(GSM) is quad band (850/900/1800/1900 MHz)this
means, if you travel to other countries you can even use your GSM cell phone
abroad, providing it is a quad-band phone (850/900/1800/1900 MHz).These are 4
bands which are used in GSM network all over the world.For other difference
between CDMA and GSM, please click on below link.http://www.wisegeek.com/what-is-the-difference-between-gsm-and-cdma.htm
Mobile Service Provider in india:CDMA service provider are Reliance and Tata Indicom. All others are GSM. Reliance
have both type of network in India. In Bihar, Assam and other eastern and central
India, Reliance have GSM network. In remaining parts of India, Reliance has CDMA
nework.http://www.tamilnow.com/articles/india-cellular-network.htm
Last piece of information, in india, CDMA service providers are lobbying number
protability while GSM service providers are against it.
fundamentally different.Normally GSM networks operate in 900 MHz or 1800 MHz
using frequency division multiplexing. Another important feature of GSM is
Subscriber Identity Module or SIM Card. It is a small smartcard which contains
subscriber information and phonebook. Basically SIM card is the part of the
network. For higher speed data transmission either GPRS or EDGE can be used in
GSM phones.
CDMA is a form of multiplexing which divide signals by random pseudo codes
instead of conventional multiplexing methods like dividing by time or frequency.
CDMA is widely used in cellular networks and global positioning systems
(GPS).CDMA, a proprietary standard designed by Qualcomm in the United States.
CDMA is traditionally faster than GSM, providing better use in data transfer.
But usage of GPRS and EDGE on GSM network filled the gap. These two technologies
are basically used for data transfer in GSM network.
Both the technologies are moving ahead towards 3G standard or technology.
CDMA cell phones and CDMA carriers do not support SIM cards in most parts of the
world, though this is changing. A CDMA SIM card called the R-UIM (Re-Useable
Identification Module) was made available in China in 2002, and will eventually
be available worldwide. Expectations for the future include a cell phone market
that supports both SIM (GSM) and R-UIM (CDMA) cards by default.http://www.wisegeek.com/what-is-a-sim-card.htm
There are phones which are made for CDMA or GSM networks or both with two slots
of SIM. But if the phone is built for CDMA, it will only support CDMA SIM or R-
UIM. Similarly, if the phone is built for only GSM, it will support all GSM SIM
cards. This means that not only SIM or R-UIM plays the role in the network, but
also the phone circuitary. Now the phone having both the circuitary are available
in the market.http://www.techlivez.com/2007/08/wanna-have-gsm-and-cdma-both-in-a-single-
handset/
Also, one of the largest adv of GSM phones are having the capacity of world
roaming. CDMA have very poor in world roaming.
If your SIM card enabled phone(GSM) is quad band (850/900/1800/1900 MHz)this
means, if you travel to other countries you can even use your GSM cell phone
abroad, providing it is a quad-band phone (850/900/1800/1900 MHz).These are 4
bands which are used in GSM network all over the world.For other difference
between CDMA and GSM, please click on below link.http://www.wisegeek.com/what-is-the-difference-between-gsm-and-cdma.htm
Mobile Service Provider in india:CDMA service provider are Reliance and Tata Indicom. All others are GSM. Reliance
have both type of network in India. In Bihar, Assam and other eastern and central
India, Reliance have GSM network. In remaining parts of India, Reliance has CDMA
nework.http://www.tamilnow.com/articles/india-cellular-network.htm
Last piece of information, in india, CDMA service providers are lobbying number
protability while GSM service providers are against it.
Friday, May 1, 2009
Integrity & Security, Normalization, Transaction Management and Concurrent Execution
Constraint can be at column level, table level and even at database level. Examples of column level are not null, check constraint, foreign keys. Example of table level constraint is primary key.
Triggers:
Authorization in SQL:
GRANT ONTO
user list may be a user-id or public-which allows all valid users the privilege granted.
Granting a privilege on a view does not imply granting any privilege on the underlying relations.
Privileges in SQL are the following: select, update, delete, references, usage, all privileges.
REVOKE ONFROM[restrictcascade]
REVOKE SELECT ON branch FROM u1,u2,u3 cascade;
Revocation of a privileges from a user may cause other users also to lose that privilege. This is called cascading of revoke. With restrict REVOKE command fails if cascading revokes are required.
Normalization:
key idea is to reduce the level of redundancy of data, since there are chances to have the multiple version of same data. There is method of quantifying 'how normalized a database is'- Normal Forms(NF).
Any increase in normalization generally involves splitting existing tables into multiple new table, which must be rejoined at the time of query. This can sometime leads to performance issues. So, intentional denormalization is used in some application. Note that these are not the improvements in the relational model, rather they borrow aspects of navigational database and hierarchical database that are speedier than their relational counterparts.
First Normal Form(1NF): A database is said to have in 1NF if no record(row) is repetitive, no field is blank and there is no multiple data in one field.
Second Normal Form(2NF): A database is said to have in 2NF if it is in 1NF and every non key attribute is dependent on primary key. If any column does not dependence on primary key, it should not in that table, rather new table may contain it.
Third Normal Form(3NF): A database is said to have in 3NF if and only if it is in 2NF and transitive dependency is removed.
3NF is widely considered to be sufficient for many application. Most tables reaching 3NF also reaches BCNF.
Steps to perform normalization:
1. Eliminate repeating groups
2. Eliminate redundant data
3. Eliminate columns not dependent on key
4. Isolate independent multiple relationships.
Transaction Management:
TM begins with BEGIN and ends with SQL COMMIT. ROLLBACK is used to rollback to previous consistent state.
Transaction State-
Active- transaction is being executed.
Partially Committed- after the final statement is executed.
Failed- normal execution can no longer proceed.
Aborted-Transaction is stopped and database is being restored to previous consistent state.
Committed- after successful completion.
Recovering from crash:
Steps- Analysis, Redo and Undo(working backwards in the log)
Concurrent Execution:
Problems in concurrent execution
1. Lost Update Problem
2. Temporary Update(or dirty read) Problem
3. Incorrect summary problem
In the precedence graph of any schedule has a cycle then the schedule is not conflict serializable. If it is acyclic then we declare that the schedule is conflict serializable.
Triggers:
Authorization in SQL:
GRANT
user list may be a user-id or public-which allows all valid users the privilege granted.
Granting a privilege on a view does not imply granting any privilege on the underlying relations.
Privileges in SQL are the following: select, update, delete, references, usage, all privileges.
REVOKE
REVOKE SELECT ON branch FROM u1,u2,u3 cascade;
Revocation of a privileges from a user may cause other users also to lose that privilege. This is called cascading of revoke. With restrict REVOKE command fails if cascading revokes are required.
Normalization:
key idea is to reduce the level of redundancy of data, since there are chances to have the multiple version of same data. There is method of quantifying 'how normalized a database is'- Normal Forms(NF).
Any increase in normalization generally involves splitting existing tables into multiple new table, which must be rejoined at the time of query. This can sometime leads to performance issues. So, intentional denormalization is used in some application. Note that these are not the improvements in the relational model, rather they borrow aspects of navigational database and hierarchical database that are speedier than their relational counterparts.
First Normal Form(1NF): A database is said to have in 1NF if no record(row) is repetitive, no field is blank and there is no multiple data in one field.
Second Normal Form(2NF): A database is said to have in 2NF if it is in 1NF and every non key attribute is dependent on primary key. If any column does not dependence on primary key, it should not in that table, rather new table may contain it.
Third Normal Form(3NF): A database is said to have in 3NF if and only if it is in 2NF and transitive dependency is removed.
3NF is widely considered to be sufficient for many application. Most tables reaching 3NF also reaches BCNF.
Steps to perform normalization:
1. Eliminate repeating groups
2. Eliminate redundant data
3. Eliminate columns not dependent on key
4. Isolate independent multiple relationships.
Transaction Management:
TM begins with BEGIN and ends with SQL COMMIT. ROLLBACK is used to rollback to previous consistent state.
Transaction State-
Active- transaction is being executed.
Partially Committed- after the final statement is executed.
Failed- normal execution can no longer proceed.
Aborted-Transaction is stopped and database is being restored to previous consistent state.
Committed- after successful completion.
Recovering from crash:
Steps- Analysis, Redo and Undo(working backwards in the log)
Concurrent Execution:
Problems in concurrent execution
1. Lost Update Problem
2. Temporary Update(or dirty read) Problem
3. Incorrect summary problem
In the precedence graph of any schedule has a cycle then the schedule is not conflict serializable. If it is acyclic then we declare that the schedule is conflict serializable.
Thursday, April 30, 2009
Basics of Database System & DBMS
The DBMS is an interface between DB and users.
User<---->DBMS<---->OS<---->Database.
Database System vs File System
Disadv of file system includes-
1. Dependency of file system on program and vice-versa.
2. Data Redundancy- same piece of data may be stored at more than one place or file.
3. Difficulty in accessing data
4. Data Isolation- data issolated in different file system, may not be retrieved by other programs.
5. Data Integrity issue-
6. Atomicity Problem- It is crucial that whenever a failure occurs, data be restored at consistent state that existed prior to the failure. It is difficult to ensure atomicity on conventional file system.
7. Security Problem- Not much security option is available for conventional file system.
Database system and DBMS overcomes all the above limitations and also allows data abstraction. Data abstraction can be done on physical, logical and view level.
Database Instance- The collection of information at any given point in time is called instance of the database.
The overall design of a database is called Database Schema. Each database may have several schemas that are partitioned according to the level of abstration.
Data Models-It is defined as the structure of the database. It is collection of conceptual tools like for describing data, data relationships, data semantics and consistancy constraints.
Type of data models:
ER Model(Entity relationship), Relational model, object oriented, network data model are few to name.
Database users and administrators-
Users type are naive, application programmers, sophisticated users and specialized user.
Sophisticated users interacts with system without writing application programs. Specialized users are sophisticated users who write specialized DB program that do no fit into tradional data processing framework.
Roles of DBA:
Schema definition, Storage structure and access method definition, Granting of authorization for for data access and Routine management like regular DB backup, ensuring enough free space, monitoring jobs running and ensuring the performance of the database.
Transaction Management:
Transaction management forms the main component of DBMS since each and every query is considered to be a transaction.
User<---->DBMS<---->OS<---->Database.
Database System vs File System
Disadv of file system includes-
1. Dependency of file system on program and vice-versa.
2. Data Redundancy- same piece of data may be stored at more than one place or file.
3. Difficulty in accessing data
4. Data Isolation- data issolated in different file system, may not be retrieved by other programs.
5. Data Integrity issue-
6. Atomicity Problem- It is crucial that whenever a failure occurs, data be restored at consistent state that existed prior to the failure. It is difficult to ensure atomicity on conventional file system.
7. Security Problem- Not much security option is available for conventional file system.
Database system and DBMS overcomes all the above limitations and also allows data abstraction. Data abstraction can be done on physical, logical and view level.
Database Instance- The collection of information at any given point in time is called instance of the database.
The overall design of a database is called Database Schema. Each database may have several schemas that are partitioned according to the level of abstration.
Data Models-It is defined as the structure of the database. It is collection of conceptual tools like for describing data, data relationships, data semantics and consistancy constraints.
Type of data models:
ER Model(Entity relationship), Relational model, object oriented, network data model are few to name.
Database users and administrators-
Users type are naive, application programmers, sophisticated users and specialized user.
Sophisticated users interacts with system without writing application programs. Specialized users are sophisticated users who write specialized DB program that do no fit into tradional data processing framework.
Roles of DBA:
Schema definition, Storage structure and access method definition, Granting of authorization for for data access and Routine management like regular DB backup, ensuring enough free space, monitoring jobs running and ensuring the performance of the database.
Transaction Management:
Transaction management forms the main component of DBMS since each and every query is considered to be a transaction.
SQL
SQL has two streams: DML-Data manipulation language and DDL-Data definition language.
A database may have many tables. These tables may be interlinked with each other using some KEY field, which must be unique, and should not be left blank.This linking has given birth to RDBMS. Other characteristics of RDBMS are Normalization, Concurrent execution of transactions etc.
Data Manipulation Language
The basic structure of SQL contains three clauses: SELECT, FROM and WHERE
Examples:
SELECT fieldname1, fieldname2, fieldname3 FROM tablename;
SELECT * FROM tablename;
For all columns * is used, there should not be any space in tablename and fieldname. They are typed as one word.
SELECT employeeidno FROM employeestatisticstable WHERE salary >=5000;
SELECT employeeidno FROM employeestatisticstable WHERE position='manager';
Text are given in single quotes ' '.
SELECT employeeidno FROM employeestatisticstable WHERE salary >=5000 AND position='staff';
SELECT employeeidno FROM employeestatisticstable WHERE position='manager' OR (salary>50000 AND benefit>10000);
OR is performed before AND. Use paraenthesis if you want otherwise.
IN and BETWEEN are used for range. NOT IN and NOT BETWEEN are also used for opposite result of IN and BETWEEN.
SELECT employeeidno FROM employeestatisticstable WHERE position IN('manager','staff');
SELECT employeeidno FROM employeestatisticstable WHERE position NOT IN('manager','staff');
SELECT employeeidno FROM employeestatisticstable WHERE salary BETWEEN 30000 AND 50000;
SELECT employeeidno FROM employeestatisticstable WHERE salary NOT BETWEEN 30000 AND 50000;
Using LIKE and underscore(_)
SELECT ssn FROM employee WHERE lastname LIKE 'L%';
This gives all names starting with L. If you want names ending with L, use'%L'. If you want R anywhere in the name use '%R%'.
_ matches any character. '___' will match any string with exactly 3 chars. '___' will match any string with at least 3 chars.
SELECT ssn FROM employee WHERE lastname LIKE '___%';
Ordering the display in ascending or descending order.
SELECT fieldname1, fieldname2, fieldname3 FROM tablename ORDER BY fieldname1;
SELECT fieldname1, fieldname2, fieldname3 FROM tablename ORDER BY fieldname1 DESC;
Joins:
A database may have many tables. These tables may be interlinked with each other using some KEY field, which must be unique, and should not be left blank.This linking has given birth to RDBMS. Primary Key is a column or set of columns that uniquely identifies the rest of the data in any given row. A Foriegn Key is a colum in a table where that column is primary key for another table, which means that any data in a foreign key column must have a corresponding data in the other table where that column is primary key. In DBMS speak-this correspondence is known as referential integrity.
For example, there are three tables. AntiqueOwners, Orders and Antiques.
AntiqueOwners
OwnerID OwnerLastName OwnerFirstName
Orders
OwnerID ItemDesired
Antiques
SellerID BuyerID Item
SELECT antiqueowners.ownerlastname, antiqueowners.ownerfirstname FROM antiqueowners, antiques WHERE antiques.buyerid=antiqueowners.ownerid AND antiques.item='chair';
Aggregate Functions- gives sum average min etc for the entire column for matching condition.
SELECT SUM(salary), AVG(salary) FROM employeestatiscticstable;
SELECT MIN(benefits)FROM employeestatiscticstable WHERE position='manager';
SELECT COUNT(*)FROM employeestatiscticstable WHERE position='staff';
A database may have many tables. These tables may be interlinked with each other using some KEY field, which must be unique, and should not be left blank.This linking has given birth to RDBMS. Other characteristics of RDBMS are Normalization, Concurrent execution of transactions etc.
Data Manipulation Language
The basic structure of SQL contains three clauses: SELECT, FROM and WHERE
Examples:
SELECT fieldname1, fieldname2, fieldname3 FROM tablename;
SELECT * FROM tablename;
For all columns * is used, there should not be any space in tablename and fieldname. They are typed as one word.
SELECT employeeidno FROM employeestatisticstable WHERE salary >=5000;
SELECT employeeidno FROM employeestatisticstable WHERE position='manager';
Text are given in single quotes ' '.
SELECT employeeidno FROM employeestatisticstable WHERE salary >=5000 AND position='staff';
SELECT employeeidno FROM employeestatisticstable WHERE position='manager' OR (salary>50000 AND benefit>10000);
OR is performed before AND. Use paraenthesis if you want otherwise.
IN and BETWEEN are used for range. NOT IN and NOT BETWEEN are also used for opposite result of IN and BETWEEN.
SELECT employeeidno FROM employeestatisticstable WHERE position IN('manager','staff');
SELECT employeeidno FROM employeestatisticstable WHERE position NOT IN('manager','staff');
SELECT employeeidno FROM employeestatisticstable WHERE salary BETWEEN 30000 AND 50000;
SELECT employeeidno FROM employeestatisticstable WHERE salary NOT BETWEEN 30000 AND 50000;
Using LIKE and underscore(_)
SELECT ssn FROM employee WHERE lastname LIKE 'L%';
This gives all names starting with L. If you want names ending with L, use'%L'. If you want R anywhere in the name use '%R%'.
_ matches any character. '___' will match any string with exactly 3 chars. '___' will match any string with at least 3 chars.
SELECT ssn FROM employee WHERE lastname LIKE '___%';
Ordering the display in ascending or descending order.
SELECT fieldname1, fieldname2, fieldname3 FROM tablename ORDER BY fieldname1;
SELECT fieldname1, fieldname2, fieldname3 FROM tablename ORDER BY fieldname1 DESC;
Joins:
A database may have many tables. These tables may be interlinked with each other using some KEY field, which must be unique, and should not be left blank.This linking has given birth to RDBMS. Primary Key is a column or set of columns that uniquely identifies the rest of the data in any given row. A Foriegn Key is a colum in a table where that column is primary key for another table, which means that any data in a foreign key column must have a corresponding data in the other table where that column is primary key. In DBMS speak-this correspondence is known as referential integrity.
For example, there are three tables. AntiqueOwners, Orders and Antiques.
AntiqueOwners
OwnerID OwnerLastName OwnerFirstName
Orders
OwnerID ItemDesired
Antiques
SellerID BuyerID Item
SELECT antiqueowners.ownerlastname, antiqueowners.ownerfirstname FROM antiqueowners, antiques WHERE antiques.buyerid=antiqueowners.ownerid AND antiques.item='chair';
Aggregate Functions- gives sum average min etc for the entire column for matching condition.
SELECT SUM(salary), AVG(salary) FROM employeestatiscticstable;
SELECT MIN(benefits)FROM employeestatiscticstable WHERE position='manager';
SELECT COUNT(*)FROM employeestatiscticstable WHERE position='staff';
Data Definition Language:
CREATE TABLE tablename (column definition list);
CREATE TABLE airport (airport char(4) not null, aname varchar(20), checkin varchar(50));
Copying table:
CREATE TABLE ticket2(ticketno, ticketdate, pid) AS SELECT ticketno, ticketdate, pid FROM ticket;
CREATE TABLE ticket3 AS SELECT * FROM ticket;
DROP TABLE table2;
INSERT INTO is used to insert new rows into a table.
INSERT INTO tablename VALUES(value1, value2,...);
You need to provide value for all columns. If you do not want to then see below.
INSERT INTO tablename (cloumn1, column2,...)VALUES(value1, value2,...);
UPDATE tablename SET columnname=newvalue WHERE columnname=somevalue;
UPDATE person SET lastname='Ratna' WHERE firstname='Anupama';
UPDATE person SET address='ancd', city='Mumbai' WHERE lastname='sharma';
Delete is used to delete the rows from the table.
DELETE FROM tablename WHERE columnname=somevalue;
To delete all the rows in a table
DELETE * FROM tablename;
Friday, April 24, 2009
Unified Communication: Tele-Presence
Unified Communication: Tele-Presence
Video Conference: Audio and video conference over not a very good bandwidth network.
Tele-Presence: Using a very high definition video conferencing with excellent quality of sound and video. Also, the positioning of chairs and tables in the room is taken into consideration. Virtual presence can also be felt on the right or left side of you. Yes, very advance form of video conference.
Types of Tele-Conference:
1. Personal- where a person on laptop or television is available.
2. Room tele-presence- A large television in the room and more than 1-2 person having on tele-presence with similar group on the other side.
3. Immersive tele-presence- Is advanced form of tele-presence, where people of different location comes on different TV in a large room, may be.
4. Fully immersive tele-presence- Is where alignment of table and chairs are also taken into consideration. TV or other screens are placed in such a manner that it feels like round table conference or similar. Audio is stereo and can be felt as if person from right and left is speaking.
All tele-presence uses SIP or H.323 as the standard prtocol for audio-visual communication. Of these SIP is mostly used these days.
Minimum bandwidth required for tele-presence is not less than 15-20mbps.
Implementation cost of tele-presence may vary from $9000 to $500000 depending on the type of tele-presence is being used.
**Source: PC World- April 2009
Tuesday, April 14, 2009
BOOTMGR Image
All of a sudden my PC, while booting said- “BOOTMGR image is corrupt. The system can not boot”
I came to know the following. PC startup comes in the following order.
1. POST- Power on self test- Press tab to see the details. This takes care of all the basic things- including basic hardware in place.
2. Booting Preocess: Boot sector keeps all the details of booting. If more than one OS is present then, dual booting will also keep such information in boot sector. It keeps the address of the operating system. This is most imp part of Hard disk. All sector can be repaied or set aside if got damaged, but if boot sector is damaged, HDD can not be used for booting anymore. Data however, can still be recoved from the HDD.
I came to know the following. PC startup comes in the following order.
1. POST- Power on self test- Press tab to see the details. This takes care of all the basic things- including basic hardware in place.
2. Booting Preocess: Boot sector keeps all the details of booting. If more than one OS is present then, dual booting will also keep such information in boot sector. It keeps the address of the operating system. This is most imp part of Hard disk. All sector can be repaied or set aside if got damaged, but if boot sector is damaged, HDD can not be used for booting anymore. Data however, can still be recoved from the HDD.
Any embedded technology like HCL EC2. Have to find out if RAID controller acts at this place.
OS loads in memory and computer starts.
If boot sector gets damaged (not physically), may be because of some virus etc, you have the following options:
1. Re-install OS from scratch, format or may not format the C drive. All data will be lost of C drive. Other drive data will remain intact. C drive format is advisable if you are going for OS reinstall. This process overwrites boot sector as well.
2. However, option1 is not advisable to try at first. If you have OS recovery CD(usually comes when you buy a new PC), you can boot from the disc and repair the damage. Please note if the repair option is not coming, your disk may be OS reinstall disk but not the recovery disk. OS disk and recovery disk are different.
Choose Startup Repair
BOOTMGR(MBR) are the same.
When I got rid of damaged BOOTMGR, and my PC started, my HCL EC2 automatically got un-installed. This means, it also wrote something in boot sector.
Also after that, I turned on boot sector virus protection as ENABLED in the BIOS. This will protect any changes being done in boot sector. I also think, this will not let you do any further change like- dual boot, any RAID etc, because it will change the boot sector.
Friday, April 10, 2009
Security Basics
Usually all the components of security basics- with respect to the non technical language are:
- Block hackers from entering your PC Firewall
- Prevent unknown threats from entering your PC Firewall
- Virus AntiVirus & Antispyware
- Worm AntiVirus & Antispyware
- Spyware from tracking you online AntiVirus & Antispyware
- Spyware from hijacking your computer AntiVirus & Antispyware
- Guard against online identity theft IE Security, Cookies, Philishing
- Inspect websites to make sure they are not fakes IE Security, Cookies, Philishing
- Block suspecious programs UAC of Vista, AV
- Allow only authorised programs to connect to Interent
- Backup of imp files
- Tuneup your PC and optimize its performance
Most Imp of these are those which any good AntiVirus provides. Rest can be used with some OS features like firewall, UAC, PEC(Program execution Control), Windows Defender, Automatic Updates.
- Guard against online identity theft IE Security, Cookies, Philishing
- Inspect websites to make sure they are not fakes IE Security, Cookies, Philishing
- Block suspecious programs UAC of Vista, AV
- Allow only authorised programs to connect to Interent
- Backup of imp files
- Tuneup your PC and optimize its performance
Most Imp of these are those which any good AntiVirus provides. Rest can be used with some OS features like firewall, UAC, PEC(Program execution Control), Windows Defender, Automatic Updates.
Automatic updates is something which is not covered in any of the security software. It is actually a fix in the base, the OS.
Security of browser also play a very imp role in providing these securities. Features like phishing filter, protected mode etc provides those securities.
Based on the combination of these security threats, different security softwares are packaged.
e.g Nortan AV provides the securities as mentioned in the AV section. Nortan Internet Security provides the service of Firewall and other browser security options. It also provides some other OS security features; whereas Nortan 360 provides all the features of Nortan Internet Security as well as backup and performance tuning of your machine.
Using the good AV and using security feature of browser and OS, can serve the purpose of Nortan Internet Security or any similar Internet security suite.
For backup and performace enhancement, some other utility may be used like Vista's backup feature for backup and Disk cleanup and disk defrag for performance. Other OS feature for performance may also be used. Other freeware can also be used for antivirus, firewall and antispyware.
Freeware utility for backup (backup for all) and disk degrament is also available.
Security Administration address on Windows machine:
Control Panel-->Security Center
Windows Firewall-If more than one firewall running then there are chances of conflict.
Automatic Updates
Malware and spyware protection
Anti-Virus
Windows Defender
Other Security Settings
Internet Security Settings(for IE security settings)
User Account Control.
Control Panel-->Security Center
Windows Firewall-If more than one firewall running then there are chances of conflict.
Automatic Updates
Malware and spyware protection
Anti-Virus
Windows Defender
Other Security Settings
Internet Security Settings(for IE security settings)
User Account Control.
However different icon for firewall and defender is also there in control panel. You can switch on and switch off from there. Security center is only for consolidated view.
Internet Explorer security tools:Tools ->Internet Options -> Securities Tab
Plishing(Tools--> Advanced Tab)
Web sites list on your computer
Characteristics
Online chekcing if enabled.If not enabled manual checking is also possible.
Protected Mode
Addon or ActiveX Controls
Open browser with all addons disabled. Can also use add on manager.
Certificate:
SSL, Secure connection, Encryption
Lock
Meaning of colour
Management of Cookies
Web Technologies
Scope of this notes:
webpage design, upload the wesite at some shared webspace available from some ISP. Simple form and multimedia in your website.
Out of scope:
Web server itself, webserver programs like Apache and IIS, web sevrer interaction with DB server. User interation with forms etc. Database query.
Website construction tool:
Adobe Photoshop:
used for photo and images. Like cut a plane from somewhere and put it in other image of cloud etc. File type .psd. This file type contains diiferent layers and other characteristics of Photoshop. Therefore, before using that as an image, one must save it as .jpg.
Micromedia Dreamweaver or Adobe Go Live or Microsoft FrontPage:
Used to create a webpage. Also called as website construction tool. They generate the correct code for the table.Similarly, they will generate code for rollover, image maps etc. Therefore, each line of HTML code writting is not required. Wasting hours in aligning is also not required. These tools do the reverse job. Create table- they will create code automaticlly. Other thing that Dreamweaver do is placing the images made by photoshop at the right aligment, adding text and hyperlink on it, etc.
Web design combines number of disciplines:
Graphics design
Interface design- method of doing things. How page works etc.
Prgramming and scripting- Forms and interactivity. Writing scripts, programs and application for working with database, servers and so on.
Information design- organisation of content and you get it.flowchart and diagram.
HTML Production- using Dreamweaver or Golive.
Multimedia- Using Micromedia Flash and Director
ISP and buy space on the web server:
Hosting / FTP user name: Testing
Hosting / FTP password: password
Website URL: http://www. Testwebsite.com
FTP Site URL: ftp://www. Testwebsite.com
FTP site, username and password are used for site admin. You will have to use FTP client like SmartFTP or Internet explorer for uploading content to the site.
Sound and video clips are stored in one folder. Images are stored in other folder. Other HTML pages are stored in mail folder.
Some Technicalities:
HTMLcodetutorial.com
yourhtmlsource.com
webopedia.coma.ratna
DHTML: eg- changing of image on mouse rollover. Life and fun on the webpage. Supported only on version 4 and above browser.
Javascript: Scripting language developed by Netscape. Client side programming language. Used for form validation etc. Can not be used for anything else outside browser.Can be embedded in the webpage.
ASP:
Active Server pages
Runs inside IIS
IIS is free component of W2k and above.
PWS is a smaller but fully functional version of IIS
Chili and Instant ASP runs without Windows
ASP file is just same as the HTML file except it has .asp extension.
ASP file contains- HTML, XML and scripts. Scripts on ASP file runs on server.
How ASP different from HTML?
When browser requests an HTML file, server returns HTML file. When browser requests ASP file, IIS passes the request to ASP engine. ASP engine reads the ASP file line by line, executes the script in the file. Finally ASP file is retured to the browser as a plain HTML file.
PHP:
Again a scripting language, especially suited for web development and can be embedded into HTML.It is HTML embedded scripting language.
What it does?
Anything! Other CGI program can do. However there are three main things where PHP is used.
Server side scripting
Command line scripting
Writing desktop applications
webpage design, upload the wesite at some shared webspace available from some ISP. Simple form and multimedia in your website.
Out of scope:
Web server itself, webserver programs like Apache and IIS, web sevrer interaction with DB server. User interation with forms etc. Database query.
Website construction tool:
Adobe Photoshop:
used for photo and images. Like cut a plane from somewhere and put it in other image of cloud etc. File type .psd. This file type contains diiferent layers and other characteristics of Photoshop. Therefore, before using that as an image, one must save it as .jpg.
Micromedia Dreamweaver or Adobe Go Live or Microsoft FrontPage:
Used to create a webpage. Also called as website construction tool. They generate the correct code for the table.Similarly, they will generate code for rollover, image maps etc. Therefore, each line of HTML code writting is not required. Wasting hours in aligning is also not required. These tools do the reverse job. Create table- they will create code automaticlly. Other thing that Dreamweaver do is placing the images made by photoshop at the right aligment, adding text and hyperlink on it, etc.
Web design combines number of disciplines:
Graphics design
Interface design- method of doing things. How page works etc.
Prgramming and scripting- Forms and interactivity. Writing scripts, programs and application for working with database, servers and so on.
Information design- organisation of content and you get it.flowchart and diagram.
HTML Production- using Dreamweaver or Golive.
Multimedia- Using Micromedia Flash and Director
ISP and buy space on the web server:
Hosting / FTP user name: Testing
Hosting / FTP password: password
Website URL: http://www. Testwebsite.com
FTP Site URL: ftp://www. Testwebsite.com
FTP site, username and password are used for site admin. You will have to use FTP client like SmartFTP or Internet explorer for uploading content to the site.
Sound and video clips are stored in one folder. Images are stored in other folder. Other HTML pages are stored in mail folder.
Some Technicalities:
HTMLcodetutorial.com
yourhtmlsource.com
webopedia.coma.ratna
DHTML: eg- changing of image on mouse rollover. Life and fun on the webpage. Supported only on version 4 and above browser.
Javascript: Scripting language developed by Netscape. Client side programming language. Used for form validation etc. Can not be used for anything else outside browser.Can be embedded in the webpage.
ASP:
Active Server pages
Runs inside IIS
IIS is free component of W2k and above.
PWS is a smaller but fully functional version of IIS
Chili and Instant ASP runs without Windows
ASP file is just same as the HTML file except it has .asp extension.
ASP file contains- HTML, XML and scripts. Scripts on ASP file runs on server.
How ASP different from HTML?
When browser requests an HTML file, server returns HTML file. When browser requests ASP file, IIS passes the request to ASP engine. ASP engine reads the ASP file line by line, executes the script in the file. Finally ASP file is retured to the browser as a plain HTML file.
PHP:
Again a scripting language, especially suited for web development and can be embedded into HTML.It is HTML embedded scripting language.
What it does?
Anything! Other CGI program can do. However there are three main things where PHP is used.
Server side scripting
Command line scripting
Writing desktop applications
Test Your PC
HDD:
Altrixsoft.com
Gives everything about your hard drive. Also identifies 20+ potential probelm spots. Not free, but 15 days trial version of Hard Drive Inspector is available.
Datacent's Hard Drive Sounds:
datacent.com
Broadband speed test:
dslreports.com/tools
speedtest.net
Internet Connection Quality:
VoIP test- voipreview.org
Down for everyone or just me- downforeveryoneorjustme.com
Inside your PC:
SIW- System Information for Windows- gtopala.com
Altrixsoft.com
Gives everything about your hard drive. Also identifies 20+ potential probelm spots. Not free, but 15 days trial version of Hard Drive Inspector is available.
Datacent's Hard Drive Sounds:
datacent.com
Broadband speed test:
dslreports.com/tools
speedtest.net
Internet Connection Quality:
VoIP test- voipreview.org
Down for everyone or just me- downforeveryoneorjustme.com
Inside your PC:
SIW- System Information for Windows- gtopala.com
BugMeNot
Get into free sites without registering:
www.bugmenot.com
It provides username and password to enter into free sites without giving your personal information. This prevents spams and SMS on your mobile phones.
www.bugmenot.com
It provides username and password to enter into free sites without giving your personal information. This prevents spams and SMS on your mobile phones.
PC Security, AV, AntiSpyware, Firewall, Suite
Build your own security suite for free:
Clearing doubts:
1. Many security companies use the same signature base for paid as well as free version. Paid version may have some more feaures.
2. Two antivirus may not conflict always, if they are compatible and light on PC resourse.
Make suite:
Use AVG 8.0 free version for base antivirus. Light on system resourse. Anti spyware also.
AVG does not detect a rootkit if already entered in the PC.
Use ThreatFire 4.0 in association with AVG. ThreatFire removes already entered rootkit also. Also has behavioural analysis and identify Trojan Horse based on that.
Use OnLine Armor 3.0 as a Firewall. Limit on XP firewall- only prevent incoming connection. Vista prevents out connection also but not ON by default. Be sure to turn off Windows firewall. Both can not work together.
Use Super Antispyware 4.25 - Acts as a supplement to antispyware of AVG. Handles stubborn spyware and adware.
Alternatevely, a free all in one security suite is COMODO Internet Security. This does not include antispyware.
If you are a little bit techy, you shoud use the combination of all 4 components.
Clearing doubts:
1. Many security companies use the same signature base for paid as well as free version. Paid version may have some more feaures.
2. Two antivirus may not conflict always, if they are compatible and light on PC resourse.
Make suite:
Use AVG 8.0 free version for base antivirus. Light on system resourse. Anti spyware also.
AVG does not detect a rootkit if already entered in the PC.
Use ThreatFire 4.0 in association with AVG. ThreatFire removes already entered rootkit also. Also has behavioural analysis and identify Trojan Horse based on that.
Use OnLine Armor 3.0 as a Firewall. Limit on XP firewall- only prevent incoming connection. Vista prevents out connection also but not ON by default. Be sure to turn off Windows firewall. Both can not work together.
Use Super Antispyware 4.25 - Acts as a supplement to antispyware of AVG. Handles stubborn spyware and adware.
Alternatevely, a free all in one security suite is COMODO Internet Security. This does not include antispyware.
If you are a little bit techy, you shoud use the combination of all 4 components.
Saturday, April 4, 2009
Disk Defragmentation
AbelsSoft- 'JetDrive 2009 Professional' is a freeware disk defrag utility. This is available free with PC World's March-09 issue. You need to obtain keys online to activate.
My Windows Vista Home Premium disk defrag does not work properly. Scheduled defrag should have PC powered on. 'Defrag now' does not give any result and is over in few seconds.
Using AbelsSoft- 'JetDrive 2009 Professional' - do not defrag memory or registry. It is not recommended.
My Windows Vista Home Premium disk defrag does not work properly. Scheduled defrag should have PC powered on. 'Defrag now' does not give any result and is over in few seconds.
Using AbelsSoft- 'JetDrive 2009 Professional' - do not defrag memory or registry. It is not recommended.
Subscribe to:
Posts (Atom)