Moving On and Moving Forward

What a nice semester it’s been. A quick one too. But thankfully, for the first time in my life, I had the opportunity to take a class covering a subject that has fascinated me ever since I was young enough to click a mouse – computer science. Classes like these were never taught in my school, and the closest I came to understanding computers was learning all of the functions of Microsoft Word^® (the registered trademark symbol that I just typed was the culmination of all of my learning).

Here, though, my mind has been opened up to many different topics, some of which I hadn’t even considered until going over it in class. I will say that this semester has definitely made me realize that I have a passion for computer science, and I will find a way to use my skills in the future. Since a few years ago, when I had first decided that I wanted to go into the computer science field, I had told myself to try and earn a position in one of the largest computing businesses in the world. This meant that I had my sights set on Microsoft, Apple, and Google. How cool would it be to work for someone that was known all around the globe? But what was then a dream, is now a determined goal. I want to learn every application of computer science that would make me a strong candidate.

Of course, even if I fall short when I shoot for the moon, I’ll land among the stars. My true interest lies in programming. Programming what, exactly, I’m not sure. What I do know is that the languages created for the sake of creating a program fascinate me. How one small error could put it all in shambles, or one small edit could make the result exponentially better. Whether this path takes me down the path of software development, or a more operating systems-related field, I am sure that I would take great interest and put a lot of effort into whatever I do.

If I had to look for one thing that I desired more of in CIS 115, it would have to be basic programming skills. Yes, I know, that’s what the upper level CIS courses are for, but like I said if I had to pick one thing. Programming using Scratch was very useful for understanding the basics of logic and the like, and it is great to have that background to build off of. I just hoped that there would be more words than blocks at the end of the day.

Overall, I had a blast. I’m glad that I got my college career off to a good start, and that CIS 115 helped that feeling. I can’t wait to take more classes, and learn more about this field that will help shape society for many, many years to come.

For the Safety of the Network

“With great power comes great responsibility.”

Aunt Mae said it best when talking to Peter Parker, and believe it or not this phrase can mean more than “be careful swinging from webs in New York.” When thinking of large corporations such as Sony, Apple, or Google, it’s not hard to believe that there is a lot of work that goes into keeping them afloat. One of the large ways that corporations strive to stay safe in this day and age is cyber security. With the threat of viruses and hackers constantly looming, businesses try to make sure that their data is safe, as well as their employees.

Now, if I was a leader of one of these multinational, multibillion dollar organizations….well, first off, I wouldn’t be in school. More realistically (and hopefully) I might be employed by a large corporation in their IT department. One of the duties of this position would more than likely involve protecting the business’s network and data from attacks.

Sadly a team of trained ninjas only physically protects the business. Digitally, malicious users are always looking for different ways to steal data or hack into a system. Of course, there are a few measures I would take to try and prevent such attacks. The first and most important protection would be to install antivirus software on any workstation affiliated with the company. This basic precaution provides a nice, starting level of defense. It does not wholly protect the machine, however. Another tactic of mine would involve login information. Certain restrictions and criteria would be placed on the creation of passwords, so as to make sure that passwords that are created are not blatantly obvious, like “password”. I would also employ a web filter, making sure that potentially harmful websites cannot be accessed through the company’s network.

While protecting data is important, it is also a major factor of how you store it, since this too can affect its safety. I would store the data on local servers. A user would have access to their personal files as well as shared company resources, while administrators of the network can monitor others’ file systems on the network. By having the servers stay local, they can be monitored while at work, and also immediately taken down if something were to go wrong. I would also employ backup data servers for archival purposes, so that in the event something goes wrong with the primary data servers, all is not lost.

Of course what one man might see as impenetrable, another might be able to break with his finger. Along with all of the measures I would put into place, I would want to make sure that they work. This might involve hiring a team of penetration testers to find holes in the system. I would want to know where the major flaws in the network’s security are, and how they can be fixed. In the long run this could really pay off by ensuring the safety of the network and the business.

Now while I might have this fortress of defense built around my network, there will always be one variable that can send the whole thing crumbling down: humans. More specifically, employees. One person brings in a flash drive riddled with viruses and the next thing we know the network becomes sicker than Bill Murray in Osmosis Jones. There is a way to prevent, or at least impede, this: knowledge. By training employees and making them aware of the dangers that are present to the company, they can lead a safer, more productive career. This training would involve seminars and training sessions, to make sure that employees don’t just know what not to do, but they understand it. Anyone who joined the company would go through these training sessions to ensure that the company’s and their own data remains safe and secure.

Now we have a solid security, backed up data, and employees that will stay off of random game websites in the middle of the day. What am I missing? Oh yeah…people in the outside world. The con artists, the real life hackers – social engineers. These people will set up complex schemes and frauds to worm their way in to the company and gain access to its information. This not only requires the work of the IT department, but the communications department. Social engineering might be through phone calls, phishing emails, or a variety of others. Part of this, sadly is unavoidable. On the other hand, much of it can be prevented through the aforementioned training. Making sure employees never give out their password is one of the key concepts that should be understood. Employees should also make sure to always know who they are speaking to if it is over the phone or in an email, to make sure that they are a trusted source. Employees must also be trained to avoid being “baited”. Plain and simple, you might see a nice shiny object, but that does not mean that the shiny object is “nice”. Often times, people with malicious intent will load a flash drive or CD with malware and leave it in a public place, such as a bathroom or parking lot. An unknowing person will come along, pick it up, and decide to load it on their computer right away. This might install the malware on the machine, giving it the ability to roam around and access whatever it wants. Employees of a company, and computer users in general, should be sure to never load a disk that they have found randomly lying around.

Since everything seems to be taken care of, I’m done now, right? WRONG. Just because someone has a secure network does not mean that it will deter attackers. Attacks happen from many different locations, several times a day. The larger the corporation, the more likely it is to be targeted. The only thing to do in case of an attack is to just be smart about the situation. This isn’t a kindergarten playground; just because someone hits you does not mean that you have to hit them back. If you know you are being attacked, the best plan is to make sure that your security can withstand it. If necessary, have a team that is trained in white-hat hacking that will make sure that the network can be defended. Let authorities know of the incident. If you don’t know who to contact, the first place to look is the Department of Justice. As a large company it is not worth the risk to perform cyber-vigilante justice, not to mention it would fall outside of legal boundaries.

Who’s to say that I wouldn’t make a bad cyber security consultant? It’s an interesting thing to consider, especially with the digital age only moving forward. Maybe one day, I’ll take all of this information that I started learning in CIS 115 and put it to some really good use (which means really good money, I think). 

Head of the IT department of some multinational corporation…what ARE the chances?