Week 14 - Clear

This week's topic was about "Enterprise Computing". It included a discussion of Advanced Storage, Enterprise Storage, Virtualization, and Thin Client Computing, all of which I found really interesting. In the last topic, thin client computing, the lecture started with an explanation of a thick client, which I found very interesting as this is basically the opposite of the thin client and I have never heard this expression before. When I researched about thick clients, I found some information that they are actually increasingly used in the business environment. But let me first explain what a thick client is:

A thick client is also known as a fat client or rich client. It is a "a computer in a client server configuration that can function independent of the server". This stands in contrast to the thin client, which heavily depends on the server's applications and has to access the server anytime it wants to process or validate input data. What I now found very interesting is, that after the lecture, I thought that thin clients would be the best thing for an organization to use. However, on the two resources I cite below, it seems as if thick clients provide many potential advantages that can also be quite beneficial for companies.

1. Independence -> Probably the biggest advantage of thick clients over thin ones is that they can operate independently from the central server. Hence, as the thick client is performing a lot of tasks itself and consequently reduces the processing requirements of a central server, an organization may only need to buy a cheaper central server with less capacity.
2. Speed -> Furthermore, a thick client works faster than a thin one, since it is running applications and the like on the individual computer and hence is not influenced by other users processing data at the same time on the centralized server.
3. Offline working -> Since the applications and the like are stored on each thick client, it is possible to work and process data without being connected to the central server at all times.
4. More flexibility
5. Ability to utilize existing infrastructure -> Many people nowadays already have fast local computers, so they can be used as thick clients at no extra costs.

Thick clients have many other additional advantages, that I do not list here, as I think that these are the most important ones to be mentioned. However, because of these advantages over thin clients, fat clients are being used increasingly in today's business environment. Just think about the concept of a corporate laptop. They can be disconnected from the centralized server, you can take them anywhere you want to, and you can still perform your work (assuming that you downloaded all necessary information from the centralized server BEFORE you disconnect your corporate-laptop-thick-client).

I consider this an important topic for today's business environment, as all companies nowadays have to run large servers to store data in order to successfully compete in their industries. They have to thoroughly understand the advantages and disadvantages of having a centralized server and the access methods of it. Also they have to understand what kind of clients they want their employees to use: a thick or a thin client, as this can have tremendous effects on costs, speed, reliability of the whole system and the like.

Source: http://www.wisegeek.com/what-is-a-fat-client.htm

http://en.wikipedia.org/wiki/Thick_client

Project - Secure Email

The Secure-Email Project I did this week, was a very interesting one for me, as I was not aware of the fact that sending secured e-mails would be so easy!

I found an interesting article, which was published on March 26, 2010 on www.infolawgroup.com. It deals with the current lawsuits against "Dave & Buster's", which is a restaurant chain, concerning the theft of important customer data, which resulted in large financial damage for consumers. The article describes the data security breach that dates back to the time span from April 30 to August 28, 2007, where hackers exploited vulnerabilities in the restaurant chain's system, installed unauthorized software on its system, and got access to about 130,000 credit and debit card information. Dave & Buster's collected several highly important and sensitive information from its customers, amongst which were "credit card account number, expiration date, and an electronic security code for payment card authorization". This data has been collected and stored on the in-store servers of the restaurants and was then send to a third-party credit card processing company. Hence, a lot of communication and shifting of customer information happened there. As came out later, these communications of data and information was not secured at all:

No limitation of IP addresses that can have access to the restaurants' servers, no network security at all, no authorization identification was requested for seeing and sending sensible information, no firewalls or separation of the payment card system from the rest of the company's network, and so on.

Dave & Buster's even failed to apply readily available security means, like requiring a user password before being able to get access to a wireless network, which the majority of home users today applies. Consequently, it was almost an invitation for the hackers to access Dave & Buster's system and steal customer information from its servers. Currently, the FTC required Dave and Buster's to "establish and maintain a comprehensive information security program and obtain independent audits by a qualified person", for example, a CISSP, which is a Certified Information System Security Professional. Hence, amongst other things, the restaurant chain is required to: designate an employee to oversee and coordinate the information system security; conduct risk assessments and identify possible threats to data security; apply certain means to guarantee the security of customer data; guarantee the security of customer data also in the communication and collaboration with a third-party service provider; regularly test and measure the effectiveness and update the security system.

As this article shows, data security is a highly important and sensitive topic in today's world. However, when a company even fails at the very basic data security level, like controlling the access to its wireless network, by requesting a password or the like, it is very doubtful that this company can get a step further and implement secure communication methods, like secure e-mail or the like. Consequently, preventing unauthorized access to your network and then securing the ways you communicate highly sensitive information of customers, should be a basic for conducting business in today's world.

Source: http://www.infolawgroup.com/2010/03/articles/ftc-consent-decrees-1/dave-busters-busted-another-allleged-failure-to-implement-reasonable-security/

Week 13 - Clear

The content of this week was about Computer Security, Ethics, and Privacy. The concept I found particularly interesting this week was that about biometric devices used for identification authentication. The concept simply means that a computer system stores certain attributes of a person and translates it into a digital code. As an example imagine that a fingerprint of person A is being scanned into a computer and stored on its user database in form of a digital code. Then, in order to get access to certain information or buildings, or the like, the person presses her finger on a screen that reads her fingerprint, compares it to the digital code, then validates the identity of the person and consequently gives access to the requested things. Currently, such a method is planned to also be used for payments, travel-purposes and so on.

On June 17, 2008, supermarket giant Albert Heijn (Netherlands) introduced a payment system linked to the customers' fingerprints, debit card information, as well as their loyalty cards. However, only weeks after its initial introduction, the fingerprint system has been cracked by a security researcher, who crafted a copy of a fingerprint out of rubber, which was accepted by the authentication devices Albert Heijn used. The retailer first did not react on this detection but rather remained positive about a full rollout of the fingerprint-as-payment program. Nevertheless, after a renewed analysis of this concept, the devices, and customer feedback, Albert Heijn discovered that this program would not be worth pursuing as its customers were too concerned about the security of their data.

Recently however, the German retailer Rewe announced a pilot test of some of its stores in and around Cologne for the cash- and cardless payment method with a fingerprint as personal identification. There is a positive example of a more secure fingerprint technology used by the German retailer Edeka that already implemented and currently also uses fingerprints as payment methods in some of its stores in southern Germany. Edeka uses machines that detect blood circulation and hence, is said to be able to differ between a fake and a real fingerprint. In spite of this claim by Edeka and the collaborating biometric firm, there is a large debate about the accuracy and security of this system.

I deem biometric devices as proof of identification a highly interesting and important topic, as in our world today, more and more transactions are being made over the Internet, credit cards and so on, and hence many more opportunities have been opened up to criminals to betray, steal, and rob people. In our digitalized world, it is of utmost importance to provide the highest security as is possible to reduce the amount of fraud, robbery and protect people from identification theft and the like. So, though these systems with fingerprints as identification means might sound great at the beginning, also with this technology it is easy for criminals to conduct their evil works.

Sources:

http://www.paymentsnews.com/2008/06/fingertip-payme.html, http://www.techworld.com.au/article/251568/researcher_cracks_fingerprint_payment_system,http://www.monstersandcritics.com/lifestyle/life/news/article_1531028.php/German-grocery-stores-experiment-with-payment-by-fingerprint