Exam 4 Mega Set

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are the purpose of the email message headers? (Lab K)

"They include information like who the message is to/from, either the message was identified as SPAM, the date/time is was sent, and the message id. All this stuff helps the mail client determine what to do with this message and how to display it to us."

Why must we include the bearer token with every API call? How come there is no short-cut method where we login one and it persists for the entire session? (Lab L)

"Why must we include the bearer token with every API call? Is this really necessary? Isn't there a way to save the token so we don't have to keep sending it? The answer is no! The HTTP protocol is stateless. This means that the requests do not know about each other. Because each request is completely isolated from the other we must include our credentials with every request. That's right. When you "log on" to a website, it saves a similar token and that token goes back to the server on every request to make sure "its really you" and that you are still "logged in." Such is the way of the web!"

What is an API? (online slides)

- API Stands for Application Programming Interface - It is a means to execute code other people wrote in our own programs. - API's provide abstractions. You don't have to know how it works only how to use the API. (Think driving a car versus being a mechanic.) - Without API's we would have to write all our code from scratch every time. - Imagine building a house but first you must build your own tools, cut your own wood from trees, make your own nails!

Email service monitoring (Online Slides)

- Are the servers/services alive? (ping, telnet, nmap) - Disk space (size of disks, volumes, and mailbox databases) - Disk activity (read/write times) - Usage (user mailbox sizes and message counts) - Network traffic (response times for various methods or protocols used to access email by clients) - CPU utilization (both for the server as a whole and the individual services running within) - Delivery failures (both internal and external)

Software Defined Product (online slides)

- As Roomba vacuum is just a vacuum with a self propelled motor and wheels. That is the device. - What makes a Roomba a "Roomba" is the Software Defined Product, consisting of consists of - The software application this could be on device or in the cloud, but should be be programmable and updatable - The cybermodel is a statistical model which assists the software application with decision making. - Software defined product - the code which interacts with the device.

How the web works (online slides)

- Clients make requests to web servers, typically using a browser. - The client provides a request method and a URL - The web server send a response to the client. In the response is the content based on the URL - The client renders (draws) the content in the web browser

Email Namespaces (Online Slides)

- Companies should use consistent email namespaces, so internal and externally bound mail should have the same address. - Try using a namespace that is unique, company-wide (Ex:tajorgen, mafudge, relstad) - Namespaces should be relatively difficult to change - Tokens should not be reused for a period of time, if at all. - The full email address is a global namespace: [email protected] or [email protected]

Reliability of Email (Online Slides)

- Email is a utility, a constant, and therefore it's come to be expected to just work at all times. - Unlike many other IT services, inaccessible or missed email will cost a company money. - Outages should be almost non-existent. - If architected properly, mail should never be lost in delivery. - Email services are complex and require many servers/services to operate properly. - Centralization of email services is a must for any modern organization.

ECPA - Electronic Communications Privacy Act (class slides)

- Employee privacy is protected - Consent must be given - agreeing to the AUP use can be considered consent - SA's can see all communications (due to how the technology works), so this is why policy is so important.

TLS - Transport Layer Security (online slides)

- Encrypts traffic over the wire - Protects against "Man in the Middle" attacks (sniffing data in transmission) - Organizations acquire a certificate from an Authority - Browsers "Trust" the Authority and encrypt the traffic - Clients request https:// instead of http:// to get the TLS encrypted site - Moral: Just because a site uses TLS doesn't mean its "secure" it only means the traffic between you and the server is encrypted!!!!

Web API Content formats (online slides)

- HTML is not a desired content format for Web API's because another computer is the recipient of the output (as opposed to a user). - While HTML **is** machine readable, it mixes data with layout and formatting making it difficult to find the information we wish to extract from the content. - In the example there is HTML layout mixed in with the data, making the extraction of data difficult.

HTTP (online slides)

- HTTP, or the Hypertext Transport Protocol is the data transfer protocol of the web. - It consists of requests, which contain a verb and URL and a response, which contains a status code and content type. - HTTP is a stateless protocol, which means the current request knows nothing of the previous requests. - The well-known port for HTTP is TCP/80

Hybrid App Development (online slides)

- Hybrid App development uses a single language to target both iOS and Android. The application runs in its original language (typically JavaScript) but is wrapped in a native code shell for deployment in the app stores. - Layouts are designed in HTML and CSS - Examples: Cordova / Phonegap, Ionic, Google Flutter, React Native, Nativescript

The World-Wide Web (online slides)

- Information System on the Internet for displaying content resources. - The world wide web is not the Internet; it is part of it! - Built upon open standards

Protecting data (online slides)

- Limited the potential damage. - Connect to databases with read-only permissions if you are not updating or inserting data. - Validate form fields: verify the data the user typed before proceeding - Run web services with only the minimal level of permissions that is needed. - Use logging so if something does happen. - Use change control - ASSUME EVERYONE IS A BAD ACTOR!

Push Notifications (online slides)

- Messages that pop up on a mobile device. - Each mobile operating system, including iOS, Android, Fire OS, Windows, and BlackBerry, has its own OS push notification service (OSPNS). - App publisher. The app publisher enables their app with an OSPNS. - Client app. In installed on your device and receives incoming notifications. - Not the same as SMS/TXT

Take these things into consideration when planning to scale up or out your email service: (Online Slides)

- Number of users - Amount of mail sent by users - Size of messages sent - Large bursts of traffic (promotions, bulk emails, etc..) - Number of clients connecting (web, outlook, iMail, mobile) - (Mobile clients can equal 2 traditional mail clients in terms of there demands on email servers.)

How is mobile different from web? (online slides)

- Phones have a browser, but most of our experiences use native apps downloaded from application stores. - Native offers advantages: 1. Push Notifications 2. Offline data 3. Access to hardware features, camera, microphone, GPS, accelerometer 4. Better performance!!! - That is true today, but the gap is closing.

Audio / Video Conferencing (Online Slides)

- Real-time audio / video communications. - Can also share screen and files - Again! Not a global namespace. - Proprietary protocols. Applications do not integrate! - Skype, Google Hangouts, Zoom, Facebook workplace, WebEx, Gotomeeting

• List at least 3 things required to secure a website? (participation)

- Secure communication with TLS (Transport Layer Security) - Protect the server by service Hardening on the Web server. Only run the services that are required - nothing more. - Protect the web service itself - Secure the application running over the web

Chat / Instant Messaging (Online Slides)

- Send messages to people in real-time - Share information and files - Not a global namespace for all users like email! - Proprietary protocols. Applications do not integrate - Examples: Yammer, Chatter, Slack, MS Teams, Facebook Messenger, Skype, etc..

Web Servers (online slides)

- Serve up static content over HTTP, or execute code and return a response as content. (This is called CGI - Common Gateway Interface) Popular Web Servers: • Apache - Open source web server. Most Popular. • IIS - Microsoft's web server • NGINX - Engine X Open source webserver, commonly used for: • Load balancing • Reverse proxies

What should we not automate in an email system: (Online Slides)

- Setting up away messages for users that are out of the office for extended periods (should always be setup by the user) - Setting up mail forwarding rules (should always be configured by the user or someone with rights to their account)

Spam/Virus Blocking (Online Slides)

- Spam and Viruses are normal occurrences in email, so a filtering service for both should exist in ALL email systems. - Filtering of Spam and Viruses should be done on a server, not at the email client. - Servers can be upgraded to handle increased load, clients are unpredictable. - If messages are filtered for spam or viruses, logging should also be implemented. - Sometimes false-positives can occur, which is why logging becomes important.

IoT is a combination of: (online slides)

- The device - Software in the device and in the back end for data processing - The network to connect the devices to each other and the software back end - An external interface to interact with the data and system

Web Services (online slides)

- The most important service in any organization. - Beyond a company's website, other business processes get "webified" --> Webmail, Customer Relationship Portals, E-Commerce - To support these same services outside the browser we "webify" the business logic into an API (Application Program Interface)

Data Services (online slides)

- There are Web API's which can enhance our analytics (Weather Data, Geocoding, Product Pricing, Utility Rates) - The Software defined product can call these APIs to enhance our IoT analytics.

Webmaster vs. Web Administrator (online slides)

- Two major roles in the web - Generally the same person for small companies - But NOT the same person for midsized or larger companies. Webmaster (a very outdated term) --> Person responsible for content, graphics, usability, etc - What is classically thought of when creating websites / webpages. Web Administrator --> Person responsible for administering webserver (machine or VM), create virtual directories, virtual sites, patching, backups, etc. - Basic skills required in administering any server•

The Value of IoT (online slides)

- Value Proposition - What will the IoT application do (Determine whether a conference room is occupied) - Quantify the Value Proposition - How can you determine if the conference room is occupied? (Which sensors are required?) - Value Modeling through Analytics - Can you derive a cybermodel to address the value proposition?

Message Queuing Telemetry Transport (MQTT) (online slides)

- a protocol for IoT - Messages are categorized by topics. - The MQTT Broker collects messages from publishers and

Three Rules of Privileged Access (3 rules) (online slides)

1. Be careful. Think before you type. 2. Be mindful of and respect the privacy of others. 3. If you mess up, let your supervisor know right away. • It is better to be honest and up front about any situation. • "Honesty is the best policy."

TLS - how it works on the web (online slides)

1. Client request 2. Server response 3. Key exchange 4. Cipher negotiate 5. Client http get 6. Data transfer

What are the 5 types of analytics? (participation)

1. Retrospective Analytics - What Happened? 2. Diagnostic Analytics - Why did it Happen? 3. Descriptive - What is happening now? 4. Predictive Analytics - What will happen? 5. Prescriptive Analytics - What should I do about it?

HTTP Response Status Codes (online slides)

1xx - Informational 2xx - Success - 200 - OK - 201 - Created - 202 - Accepted 3xx - Redirection - 301 - Moved Permanently - 304 - Not Modified Error - 307 - Redirect 4xx - Client error - 400 - Bad Request - 401 - Unauthorized - 403 - Forbidden - 404 - Not Found 5xx - Server Error - 500 - Internal Server - 501 - Not Implemented - 502 - Bad Gateway

Which HTTP Status code explains the requestor made the error? (participation)

4xx - Client error (400 level = user request error (you typed a URL that doesn't exist))

Which protocol(s) are used to list messages in a folder? (Lab K)

A LIST

What is email? (Online Slides)

A means to exchange electronic messages and data on the internet

What is a software defined product? What are the two components of it? (participation)

A software defined product represents products where the software is the focus and provides the solution to the problem, rather than the hardware (the code which interacts with the device). Two components: 1. software application - should be programmable and updatable (could be in device or in the cloud) 2. cybermodel - a statistical model which assists the software application with decision making

This is the set of guidelines that outline what employees should and should not use company computing resources for. (quiz)

Acceptable use policy

What is an HTTP reverse proxy? Why is it common in cloud environments? (participation)

An HTTP server which retrieves resources from one or more servers on behalf of a client. It is common in cloud environments because it is used to limit exposure of the web application.

Mobile Operating Systems (online slides)

Apple iOS • iPhone and iPad • AppStore • Code written in Objective-C or Swift Google Android • Google Phones, Samsung Phones/Tablets and Many More • Google Play• Code written in Java

Which programming languages would one need to know to write mobile apps on Android and iOS? (participation)

Apple: Objective-C or Swift Google Android: Java

What are some concerns which need to be addressed in a production mail setup? (Lab K)

Authentication, encryption, having junk mail/antispam, scaling strategies, etc.

How much should we automate in an email system? (Online Slides)

Automate as much as possible in an email system. - Account creation - Account changes (smtp address, display name, etc..) - Moving accounts between email servers - Access removal for employees who leave the company (depending on the company policy on this)

Define a strategy for scaling an MTA like SMTP horizontally? (participation)

Build multiple Mail Transfer Agents and have them load balance.

What about a strategy for scaling an Access Agent like IMAP horizontally? (participation)

Close it off and say only the Access Agent can talk to the transfer and delivery agent.

List 4 Types of IoT. (participation)

Consumer --> Smart thermostats like Nest Commercial --> Pro Sports teams use data collection techniques to monitor the health of its players. Industrial --> Amazon uses robots to locate items on shelves Infrastructure --> Smart Cities

Policy Issues with email (Online Slides)

ECPA compliance- email requires consent, being employed is consent Archival policy Subpoenas - pulling emails from backups for a court order Employees use company property

List 3 logistical / policy issues of email service? (participation)

ECPA compliance- email requires consent, being employed is consent, Archival policy, Subpoenas - pulling emails from backups for a court order, Employees use company property

For each of the following commands explain what they do and which protocol they are part of: all a part of the mailing process (SMTP or IMAP) (Lab K)

EHLO - an Extended Simple Mail Transfer Protocol (ESMTP) command sent by an email server to identify itself when connecting to another email server to start the process of sending an email A LIST - lists the available mailboxes for this account (SMTP) MAIL - Not a command used in lab A FETCH - allows you to see your test email that you sent through the server (IMAP) Telnet - connecting to the service directly

Email Service Dependencies (Online Slides)

Email --> Application IMAP4, POP3, SMTP --> Network / Transport DNS, DHCP, LDAP --> Core Infrastructure

Ethics vs. Morals (online slides)

Ethics = group/professional standards Morals = personal standards Ethics are not morals. Morals are the proclamation of what is right and good.

Ethics (online slides)

Ethics are the principles of conduct that govern a group of people. The boundary between what is and is not ethical is usually blurry.... • Not because people lack a moral compass • But because the organization does not have clear policies

What are ethics? How they different from Morals? (participation)

Ethics are the principles of conduct that govern a group of people...Morals are the proclamation of what is right and good. They are not the same.

HTTP Request Verbs (online slides)

GET - Request a resource. Most common POST - Add to a resource. Used when sending data to the website, like submitting a form. Other Verbs: PUT - Update a resource DELETE - Remove a resource PATCH - Update part of a resource HEAD - No Response Body OPTIONS - Reserved.

Which HTTP verbs did we demonstrate as part of the calling the API as the client? - unsure about this one (Lab L)

GET - we initiate a GET request to the beers endpoint using our token POST - execute an HTTP POST to the beers endpoint

What is the common HTTP request verb used to request a resource? (quiz)

Get

What is an MQTT Topic? (participation)

How messages are categorized in the Message Queuing Telemetry Transport a protocol for IoT.

Getting caught in the middle of an unethical activity (online slides)1.When requested to do something illegal or unethical by a manager at your company, which of the following should do first?Complete the requestVerify the request, get it in writing

In all cases - Verify the request. Get clarification - Keep written records of all your activity - When in doubt, get clarification. From HR, your supervisor, a lawyer. - Change names to protect the innocent when discussing the situation with others. - Try to convince people doing unethical activity to confess.

A cue from the Medical Community: "Informed Consent" (online slides)

Informed • Knowing your options • Knowing the benefits and drawbacks of those options Consent • Getting permission from the user or granting body Bottom line: • Inform the users affected then ask for consent, if required. • Example: Doctor asks a patient whom they can share their medical records with, inform them that they are granting consent to pass along ANY information to these individuals.

What is OAuth 2? (Lab L)

Internet - "OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords" Lab - use the Oauth2 industry-standard protocol for authenticating to a Web API

What is the difference between smart / connected devices and the IoT? (participation)

IoT is more than just a smart / connected device. IoT encapsulates the entire process detailing the combination of the device, the software in the device, the network to connect the devices, and the external interface to interact with the data and the system.

What is the value of using Telnet to connect to any TCP protocol? (Lab K)

It's a great way to see how the SMTP sends email (visually)

HTTP Protocol in Action (online slides)

Like SMTP and IMAP, you can use the HTTP protocol directly with telnet:

MBaaS Features (online slides)

MBaaS can save you significant development and administrative resources in your mobile app initiatives. - Data storage with Web API's - Push Notifications - Auto-Scalability - grows with demand - Client device analytics and usage statistics - Handles Identity Management and Social Authentication

What is MDM and why is it important in an organization? (participation)

MDM stands for Mobile Device Management. It is important because it allows MSP's to monitor and manage their clients devices.

What are the 4 components of email? (participation)

MUA - Mail user agent. This is usually a client like Outlook, Thunderbird, or a web browser (in the case of gmail, for instance) MTA - Message transfer agent. Sends mail around the internet, from domain to domain. (Eg. Sendmail, exim, exchange, postfix,) MDA - Mail Delivery agent. Writes mail to the mail message from the MDA to the message store. (Eg. procmail, exchange) AA - Access agent. Exposes a protocol so users can read mail from the message store. Access protocols are POP3 and IMAP4 (Eg. ews, imaps, mapi)

How does email scale vertically (different than traditional vertical scaling)? (participation)

Making the service bigger. You don't want all those components running on the same box. Separate the message store from mail box delivery agent.

MBaaS Providers (online slides)

Microsoft Azure Mobile Services, Google Firebase, AWS Mobile, Apple Cloudkit, Kinvey

MDM Systems (online slides)

Mobile Device Management Systems • Remotely install apps on devices • Run separate internal "App Stores" • Control which apps can be launched / accessed. • Locate lost devices / Remote Wipe (Erase) • Examples:• IBM Maas 360, MDM for Office 365 (Intune), VMWare AirWatch

Which method performs the best? Which is easiest to maintain and why? (participation)

Native performs the best because it grants you access to all hardware features. A progressive web app is probably the easiest to maintain because it grants you the least access to hardware.

What are the three methods of developing mobile apps? (participation)

Native, Hybrid, and Progressive Web App

Mobile Application Architecture (class slides)

Need to write the mobile app and the back-end API's which support the app

Is it wise to assume a code of ethics? Why or why not? (participation)

No, because you never know what is going to be in the fine print and you could be putting your private information at risk (in a way that you weren't aware).

What is the difference between a PATCH and a PUT? (Lab L)

PUT is for replacing the entire record, and PATCH is for partial updates

What is NOT one of the top three rules of privileged access? (quiz)

Protect yourself, remove audit logs to cover up traces of tasks you perform.

Anatomy of Email - components (Online Slides)

Protocols IMAP4, POP3,SMTP, IMAPS APIs SMTP, MIME, Various RFC's, http://www.ietf.org Components MUA, MTA, Delivery Agent (MDA), Access agent (AA), Message Store.

What is a REST API and what are the common HTTP verbs used in REST? (Lab L)

REST (Representational State Transfer) API --> architectural style by which URL's and HTTP verbs are used to initiate operations on data. Common HTTP verbs used in REST: GET: Retrieves or gets data POST: Creates data PUT: Updates data DELETE: Deletes data

When you send an email from an actual mail client, which protocol(s) are used and why? (Lab K)

Receiving: IMAP - needed in order to receive an email on a remote web client Sending: SMTP And HTTP - needed in order to send an email from a remote web client

Acceptable Use Policy (class slides)

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet - The company owns / pays for the technology - Do they own the message?

IoT Analytics (rated from least difficult to most difficult) (online slides)

Retrospective Analytics - What Happened? Diagnostic Analytics - Why did it Happen? Descriptive - What is happening now? Predictive Analytics - What will happen? Prescriptive Analytics - What should I do about it?

Reverse Proxies at work (online slides)

Reverse Proxy Server dispatches requests to the correct server based on configured rules.

What is SMTP? IMAP? Which one sends mail and which retrieves it? (Lab K)

SMTP: Simple Mail Transfer Protocol is a communication protocol for electronic mail transmission IMAP: Internet Message Access Protocol is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection.

Give an example of a sensor and an Actuator. (participation)

Sensor - used to detect if car is waiting for a traffic light Actuator - switch which changes the light from red to green

What is Squidex? What is the goal of Squidex? (Lab L)

Squidex - an open-source, content-as-a-service platform Goal for our lab: Use squidex to build out the back tiers

3 Types Of Web Service Architectures (online slides)

Static, Dynamic CGI / Platform, Dynamic Data /Driven

HTTP Response (online slides)

Status Code - What happened? Content Type - The actual content

What is Swagger? (Lab L)

Swagger - an API documentation tool which automatically generates sample instructions for how any API can be consumed

Mobile Back Ends (online slides)

The Mobile Back End contains the Web APIs required by the application and other services like push notifications.

Mobile Apps and Web API's (online slides)

The Phone App is responsible for calling the API (requesting content) and drawing the API output on the screen

Why Web API's (online slides)

The Web is transitioning: • From direct user-based consumption of data • To indirect user-based consumption of data through devices and also direct device-to-device consumption. Examples: • Do you read news in your browser or on your phone? • Do check the weather on weather.com or do you ask Alexa?

Web browsers implement the client version of the HTTP protocol. Based on what you did in this lab, what do you think the browser is doing with respect to the HTTP protocol when we as it to load a website? (Lab K)

The browser communicate with web servers through HTTP to receive information relating to the web pages which they display.

What is IoT? (online slides)

The internet of thing is the extension of the internet into everyday things. • There is nothing revolutionary about the technologies used by IoT • IoT is a business disruptor as it has the opportunity redefine how we do business.

HTTP Content Types (online slides)

These are Media Types. They instruct the client (usually a browser) what to do with the content. - text/plain - plan text - text/html - HTML text - image/gif - gif image format - image/jpeg - jpeg image format - application/json - JSON data format - application/xml - XML data format - application/javascript - JavaScript

What is the point of defining a code of ethics? (participation)

To establish policies help to define the ethical boundaries of the organization.

What is a URL? What Type of namespace is it? (participation)

URL - Uniform Resource Locator. A global (hierarchal) name space which identifies a resource on the web.

Web Terminology (online slides)

URL - Uniform Resource Locator. A global name space which identifies a resource on the web. HTML - Hypertext Markup Language. A Markup language for rendering web pages. Web Server - A computer on the web which hosts resources. Web Browser - A computer on the web which consumes resources Resource - content at a URL, hosted on a web server and requested by a web browser.

List 3 technical challenges of email service? (participation)

Uses a lot of storage, Complicated service, Requires a lot of servers to operate at scale, Illegitimate email - SPAM, Not very secure, Easy to "spoof"

Technology Issues with email (Online Slides)

Uses a lot of storage. Complicated service Requires a lot of servers to operate at scale Illegitimate email - SPAM Not very secure Easy to "spoof"

HTTP Request (online slides)

Verb - Nature of the request • URL - The resource to request

When requested to do something illegal or unethical by a manager at your company, which of the following should do first? (quiz)

Verify the request, get it in writing

TLS Termination Proxy (online slides)

We can configure our reverse proxy for TLS but do not require encryption over our internal network.

How is IoT different from smart and connected products? (online slides)

While things like a washing machine which sends a txt when your clothes are dry are considered IoT, true IoT derives value from being smart and connected. Example: If it takes longer to dry clothes than what other dryers of a similar model report, perhaps the heating element is about to fail and should be replaced?

What are two machine-readable content formats for web APIs? (participation)

XML, JSON

Can you have ethics without them being defined? (participation)

You need a definition for certain things because there are grey areas (emails). Some things shouldn't have to be defined in the code of conduct such as stalking, because it is defined by law.

Which is NOT one of the benefits of using Transport Layer Security with SSL certificates on the web? (quiz)

allows users to trust the service to protect their sensitive data

Why is HTML not a suitable content format for web APIs? (participation)

because another computer is the recipient of the output (as opposed to a user). HTML requires sending a lot of data, big files.

These are principles of conduct that govern a group of people. (quiz)

ethics

What is the markup language used for rendering web pages? (quiz)

html

This is a proclamation of what is right and good. (quiz)

morals

What does it mean when we say HTTP is a stateless protocol? (participation)

the current request knows nothing of the previous requests.

What is the global name space which identifies resources on the web? (quiz)

url

Which of the following is a machine readable content format commonly used by web APIs? (quiz)

xml

To build a mobile app, you will need to write code for which two components? (participation)

you need to write the mobile app and the back-end API's which support the app

A Web API (online slides)

• A Web API is an API which is executed over the HTTP or HTTPS protocols. • This allows us to leverage services in the cloud into our own programs, such as: Weather, Text to speech, Video playback • Amazon Alexa is a simple device but seems intelligent because it simply is a voice activated means to execute Web API's in the Cloud!

HTTP Reverse Proxy (online slides)

• An HTTP Reverse Proxy is an HTTP server which retrieves resources from one or more servers on behalf of a client. • Used to limit exposure of the web application

Professional Organizations Codes of Ethics (online slides)

• Association for Computing Machinery (ACM): https://www.acm.org/code-of-ethics • League of Professional Systems Adminsitrators (LoPSA): https://lopsa.org/CodeOfEthics • American Library Association (ALA): http://www.ala.org/tools/ethics • IEEE: https://www.ieee.org/about/corporate/governance/p7-8.html • Association for Information Systems (AIS): https://aisnet.org/page/ISEthics • Academy of Management: https://aom.org/About-AOM/AOM-Code-of-Ethics.aspx

Types of IoT (online slides)

• Consumer --> Smart thermostats like Nest • Commercial --> Pro Sports teams use data collection techniques to monitor the health of its players. • Industrial --> Amazon uses robots to locate items on shelves • Infrastructure --> Smart Cities

What are some advantages of MBaaS? (participation)

• Data storage with Web API's • Push Notifications• Auto-Scalability - grows with demand • Client device analytics and usage statistics • Handles Identity Management and Social Authentication

Common methods of attacks (online slides)

• Directory Traversal: using ../../ to go up or down a directory structure. Can obtain data that is otherwise unavailable • Form field corruption: using a websites forms to enter data or purchase items via hidden data fields. If you know what variables are being used to pass data, you can change the values. • SQL injection: inject SQL statements (select * from lastnames) to add, edit, or delete data in a database or even execute applications on the webserver.

Mobile App Deployment (online slides)

• Getting apps into the app stores • Then search the app store for what you want • And install it • You know this and it works for consumers. • How is this done in the enterprise?

Hybrid-Native App Development (online slides)

• Hybrid Native allow you to use a single programming language which is transpiled (cross- compiled) into Java on Android and Objective-C on iOS. • Examples: Xamarian, Unity Gaming Engine, Titanium Mobile

JSON Content Format (online slides)

• JSON - JavaScript Object Notation is a lightweight data interchange format based on how JavaScript data is serialized to text. - The JSON format is more compact than XML and requires little effort for many programming languages to parse (convert from text back into a workable object) easily. - In the example is trivial for a machine to extract the stock information because the JSON only contains data and its structure.

Components of mail service (Online Slides)

• MUA - Mail user agent. This is usually a client like Outlook, Thunderbird, or a web browser (in the case of gmail, for instance) • MTA - Message transfer agent. Sends mail around the internet, from domain to domain. (Eg. Sendmail, exim, exchange, postfix,) • MDA - Mail Delivery agent. Writes mail to the mail message from the MDA to the message store. (Eg. procmail, exchange) • AA - Access agent. Exposes a protocol so users can read mail from the message store. Access protocols are POP3 and IMAP4 (Eg. ews, imaps, mapi)

methods to Developing Mobile Apps (online slides)

• Native - Write the app in the native language of the mobile operating system • Hybrid - Write the app in an intermediate language which then either compiles to native or • Progressive Web App - Write the app in HTML and JavasScript as you would a website.

Network Fabric (online slides)

• Network Connectivity • IoT protocols • Proprietary Protocols • Gateways to connect Proprietary Protocols to the Public Internet

Privileged Access Code of Conduct (online slides)

• People with privileged access (can see other people's otherwise private information) need a special code of conduct. • People with privileged access should be 1. trained in ethics 2. well versed in User code of conduct, policy and procedure 3. required to accept the CoC before obtaining access

Network/Computer User Code of Conduct (online slides)

• Policies help to define the ethical boundaries of the organization. • Acceptable Use Policy • Is personal use of company equipment permitted? When? • Are there certain types of personal use that are forbidden? • Is the AUP location dependent? Time dependent? • Personal email from a company email address? • Network Monitoring Policy • Explain services are monitored and logged as part of their administration • Information in the logs might be a privacy concern.•

What's Covered in code of ethics? (online slides)

• Professionalism • Personal Integrity • Privacy • Laws and Policies • Communication • System Integrity • Education • Responsibility to Computing Community • Social and Ethical Responsibility

Progressive Web Apps (online slides)

• Progressive web apps are written in HTML, CSS, and JavaScript. • The look like native apps but run in a web browser. • They have access to most native features like the camera, GPS, and accelerometer. • They are not deployed to app stores (yet) Demos: https://pwa.rocks/

Web Service Security (online slides)

• Rule #1 ALWAYS assume the worst. There are many layers of security, use them all: • Secure communication with TLS (Transport Layer Security) • Protect the server by service Hardening on the Web server. Only run the services that are required - nothing more. • Protect the web service itself• Secure the application running over the web

Hardware Defined Product (online slides)

• Sensor - gathers data from environment • Actuator - alters environment (motors, etc) • Embedded System - Packages data and sends over the internet

Challenges of Enterprise Messaging (Online Slides)

• Similar to email! • Governing Policies • Organization owns the platform - terms of use • Additional Challenges • Services are often hosted in the cloud as SaaS • Good SLA's are necessary!

HTTP Dependent Services (online slides)

• TCPIP Networking • DNS (internal and root DNS servers) Resolve names like www.google.com to IP addresses

SA's have privileged access to this information (online slides)

• User's Email and Files • Customer financial data • Employee confidential data

RESTful API's (online slides)

• When a web API embraces the HTTP semantics, it is considered a RESTful API. • REST stands for "Representational State Transfer" and is a design pattern for API's • REST design uses URL's and HTTP Verbs to make the intent clear: • Examples: - Current Weather in Syracuse, NY: GET http://fudgeweather.com/weather/Syracuse,NY/current - Add Item to shopping cart: POST http://fudgeazon.com/cart?productid=1043

Native App Development (online slides)

• Written in Java on Android and Objective-C / Swift on iOS • You need a Mac to develop for iOS • Developer tools like Xcode and Android Studio are used to design the layouts for the application.

XML Content Format (online slides)

• XML - the Extensible Markup Language is a machine readable content format similar to HTML. • XML allows for the design of schemas so that any data format can be represented. These schemas can then be validated to ensure the content • In the example is trivial for a machine to extract the stock information because the XML only contains data and its structure.


Ensembles d'études connexes

Chapter 1 Statistics and how they are used

View Set

Astronomy Mid-term Part 4 (Chapter 1)

View Set

Business Management Final Exam Study Guide

View Set

OPMA 3306 Chapter 1-4/6-8 w/ quizzes

View Set

Chapter 12: Gender, Sex, and Sexuality

View Set

Chapter 11 Auditing the Purchasing Process

View Set

Exam #3: Renal Extra Questions to Review-Done**

View Set