jump to navigation

Systems Development Lifecycle (SDLC) January 6, 2009

Posted by timsteiner in Research.
Tags: , , , ,
add a comment

Systems Analysis and Design in the Systems Development Life Cycle

Timothy W. Steiner

Wilmington University

The Systems Development Life Cycle (SDLC), sometimes also referred to as the Software Development Life Cycle, is the logical process used to develop an information system. In its simplest form SDLC is a project management method that breaks complex projects into smaller manageable phases. Segmenting projects enables management to verify the success of one phase before moving to the next. The SDLC is closely related to systems analysis and design and is an invaluable tool for systems analysts (“Systems Development Life Cycle from FOLDOC,” 2000).

To address the increasing complexity and size of IT projects, a wide range of SDLC models have been developed. Some models scale better to large long-term development projects while others scale better to smaller more rapid development. Agile SDLC models are used to combine the benefits from several models to fit specific project requirements. Models include the Waterfall, Fountain, Spiral, Build and fix, Rapid prototyping, incremental, synchronize and stabilize. The most well know SDLC model is the waterfall model (“Quick Study: SDLC,” 2002).

The Waterfall model consists of a sequence of phases in which the output of each phase becomes the input for the next (“Quick Study: SDLC,” 2002). The Waterfall model that will be analyzed includes 7 phases. These phases are the initiation phase, the planning phase, the design phase, the development phase, the testing phase, the implementation phase, the maintenance phase. Each phase lays the foundation for the subsequent phases and each plays an important role in the SDLC (“Systems Development Life Cycle,” n.d.).

Initiation begins when a need is identified and a system is requested through the presentation of a business case. Management will decide to either reject the proposal or accept it and proceed to a formal feasibility study. Issues to consider when compiling a feasibility study include Strategic goals, expected benefits, organizational changes, budget, scheduling, regulatory or legal issues, end-user functional requirements, security requirements, backup requirements, and network support requirements. Along with the feasibility study a cost/benefit analysis should be done to analyze alternative solutions, expected useful life of product, nonrecurring/recurring project costs, tangible benefits, and intangible benefits (“Systems Development Life Cycle,” n.d.).

The Federal Financial Institutions Examination Council (n.d) states that, “The planning phase is the most critical step in completing development, acquisition, and maintenance projects. Careful planning, particularly in the early stages of a project, is necessary to coordinate activities and manage project risks effectively. The depth and formality of project plans should be commensurate with the characteristics and risks of a given project” (Planning Phase section, para. 1). The project plans essentially refine the information that was gathered during the initiation phase into defined functions. Formal project plans will typically include project overview, roles and responsibilities, defined deliverables, control requirements, risk management, change management, standards, documentation, scheduling, budget, testing, and staff development (“Systems Development Life Cycle,” n.d.).

In the system design phase the requirements from previous phases are transformed into design specifications that developers will use to script programs during the development phase. The design specifications describe desired features and operations in detail, including screen layouts, business rules, process diagrams, pseudocode and other documentation. Good documentation enhances a programmer’s ability to write code and helps management to ensure the original goals and specifications are consistent with the design specifications (“Systems Development Life Cycle,” n.d.).

Once the design specifications are approved by management the development phase can begin. This phase involves converting design specifications into executable programs. Typically, individual programmers develop program modules which are small parts of the program that perform a specific task. These modules are integrated with other components and reviewed, often by a group of programmers, to ensure correct interaction and functionality. Documentation in the development phase should include system documentation, application documentation and a complete testing plan (“Systems Development Life Cycle,” n.d.).

The testing phase is crucial as it ensures the accuracy of the programmed code expected functionality and interoperability. Thorough testing will ensure that systems meet organizational and end-user requirements. Testing groups are typically comprised of technicians and end users who are responsible for identifying program defects or weaknesses during the testing process. Procedures should be in place to ensure programmers correct defects quickly and document all corrections. Moreover, correcting problems quickly increases efficiency by decreasing testers’ downtime. Primary testing includes acceptance testing, end-to-end testing, functional testing, integration testing, parallel testing, regression testing, stress testing, string testing, system testing, and unit testing (“Systems Development Life Cycle,” n.d.).

The implementation phase involves deploying approved applications to run the actual business. This phase includes training end users, installing the product, testing system and security parameters, and conducting post-implementation reviews. Post-implementation reviews should be conducted by management to validate the completion of project objectives. All personnel involved in the operational use of the product should be interviewed to identify and document any problems. New systems are often run in parallel with the old system until the accuracy and reliability of the new system can be verified (“Systems Development Life Cycle,” n.d.).

The maintenance phase involves the ongoing effort to constantly improve the product by making changes to the hardware, software, and documentation in order to support its operational effectiveness. Maintenance includes major modifications, routine changes, emergency changes, and software patches. All major modifications should be implemented by management using a well-structured process, such as an SDLC methodology (“Systems Development Life Cycle,” n.d.).

The SDLC methodology is the oldest methodology used for building information systems. It is a proven method but some would argue that the SDLC increases development time and cost. There are alternative approaches such as the Rapid Application Development (RAD) method which combines prototyping, Joint Application Development and CASE tools. RAD has some advantages over SDLC including reduced development cost, speed, and active user involvement (Post and Anderson, 2006). The maturity of an organization is a major determinate in implementing a methodology.

The CMM capability maturity model (Whitten, Bentley, & Dittman, 2004) is “A standardized framework for assessing the maturity level of an organization’s information systems development and management processes and products. It consists of five levels of maturity” (p. 84). In the CMM each level builds and expands on the level preceding it.

Most organizations start at Level 1. At this level projects don’t follow a consistent process. They may be unpredictable and tumultuous. Each team follows its own methods without regard for other teams. Projects typically encounter crises, are over budget, and behind schedule. Documentation is inconsistent which creates problems for anyone trying to manage the system (Whitten, Bentley, & Dittman, 2004).

In Level 2 the focus is on project management. Project management procedures are established to track project functionality, schedules, and cost. The system development process may vary from project to project but a process is always followed. Level 2 develops the foundation for the standardization that occurs in Level 3 (Whitten, Bentley, & Dittman, 2004).

Level 3 develops the system development process into a standard. All projects use the standard process to develop and maintain information systems and software. Consistently using standards will result in high-quality documentation and deliverables. The process is repeatable, stable, and predictable (Whitten, Bentley, & Dittman, 2004).

Measurable goals are set for quality and productivity in Level 4. The measures are collected routinely and stored in a database. This data is used to improve project management. Whenever a project encounters a problem, the process can be adjusted based on predictable and measurable impacts (Whitten, Bentley, & Dittman, 2004).

Level 5 consists of continually monitoring and improving based on the measures and data analysis that was developed in Level 4. Technology is changed as needed and the process itself can be adjusted to meet requirements. Lessons learned are shared across the organization with emphasis on eliminating inefficiencies while sustaining quality (Whitten, Bentley, & Dittman, 2004).

The CMM shows that organizational maturity is essential for development of processes and products. It follows that organizational maturity would be essential to any SDLC model. Using the two models together can develop standardization within an organization that will stimulate growth, increase operational efficiency, allow effective management, and ensure quality. Usually a few models are combined into a hybrid methodology to remain versatile and make the best fit for the project (“SDLC Resources from MKS,” n.d.).

References

(2000). Systems development life cycle from FOLDOC. Retrieved December 3, 2008, from Foldoc Web site: http://foldoc.org/foldoc.cgi?Systems+Development

+Life+Cycle

(2002, May 14). Quick study: systems development life cycle. Retrieved December 1, 2008, from http://www.computerworld.com/developmenttopics/development/

story/0,10801,71151,00.html

(2008). Systems development life cycle (SDLC) resources from MKS. Retrieved December 1, 2008, from http://www.mks.com/sdlc

(n.d.). Systems development life cycle. Retrieved December 1, 2008, from Federal Financial Institutions Examination Council : http://www.ffiec.gov/ffiecinfobase/booklets/d_a/08.html

Post, G., & Anderson, D. (2006). New York, NY: McGraw-Hill Companies, Inc.

Whitten, J. L., Bentley, L. D., & Dittman, K. C. (2004). New York, NY: McGraw-Hill Companies, Inc.

Cisco CCIE Project Part 3 – Configure EoMPLS Pseudowire September 11, 2008

Posted by timsteiner in Information Security, Projects, Tutorials.
Tags: , , , , , , , , , , ,
add a comment

Cisco EoMPLS Pseudowire configuration

This document provides step-by-step instructions for setting up MPLS forwarding on an IP network.

Prerequisites

See Cisco CCIE Project Part 1- Configure the ATM Switched Virtual Circuit (SVC)

See Cisco CCIE Project Part 2 – Configure OSPF over ATM

See Cisco CCIE Project Part 3 – Configure MPLS Forwarding

Procedure

  1. Complete all tasks in Cisco ATM lab configuration
  2. Complete all tasks in Cisco routing OSPF over ATM configuration
  3. Complete all tasks in Cisco MPLS Forwarding

  1. Power on devices

  1. Connect to Cisco 7200A via console cable

7200A#

conf t

pseudowire-class atom

encap mpls

7200B#

conf t

pseudowire-class atom

encap mpls

7200A#

conf t

int fa 2/0.1

encap dot1q 100

xconnect 10.10.10.101 123 pw-class atom

7200B#

conf t

int fa 2/0.1

encap dot1q 200

xconnect 10.10.10.102 123 pw-class atom

Verify

Issue command “show mpls l2transport vc” on both routers to ensure the layer 2 tunnel exists and make sure the status is up.

Cisco CCIE Project Part 3 – Configure MPLS Forwarding September 11, 2008

Posted by timsteiner in Information Security, Projects, Tutorials.
Tags: , , , , , , ,
add a comment

Cisco Network Configuration for MPLS Forwarding

This document provides step-by-step instructions for setting up MPLS forwarding on an IP network.

Prerequisites

See Cisco CCIE Project Part 1- Configure the ATM Switched Virtual Circuit (SVC)

See Cisco CCIE Project Part 2 – Configure OSPF over ATM

Procedure

  1. Complete all tasks in Cisco ATM lab configuration
  2. Complete all tasks in Cisco routing OSPF over ATM configuration

  1. Power on devices

  1. Connect to Cisco 7200A via console cable

7200A#

conf t

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0 force

!

Int loopback0

ip address 10.10.10.101 255.255.255.255

!

int fa 2/0

ip address 10.10.1.1

mpls ip

7200B#

conf t

mpls label protocol ldp

mpls ldp discovery targeted-hello accept

mpls ldp router-id Loopback0 force

!

Int loopback0

ip address 10.10.10.102 255.255.255.255

!

int fa 2/0

ip address 10.20.1.1

mpls ip

Verify

A message should pop-up stating that the LDP link is up. To verify this issue command “show mpls ldp neighbor.”

Cisco CCIE Project Part 2 – Configure OSPF over ATM September 4, 2008

Posted by timsteiner in Information Security, Projects, Tutorials.
Tags: , , , , , ,
add a comment

Cisco routing OSPF over ATM configuration

In part 1 of this project we set up an ATM VC and we were able to ping from one router to the other. Now we will set up OSPF routing so that we can share routes between the 2 7200 routers over the ATM link.

This document provides step-by-step instructions for setting up OSPF to connect over an ATM VC

Prerequisites

See Part 1 Configure the ATM Switched Virtual Circuit (SVC)

Procedure

  1. Complete all tasks in Configure the ATM Switched Virtual Circuit (SVC)

  1. Power on devices

  1. Connect to Cisco 7200A via console cable

7200A#

conf t

interface fa2/0

ip address 10.10.1.1 255.255.255.0

no shut

!

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

neighbor 10.1.1.2

*NOTE THE NEIGHBOR COMMAND MUST BE DONE MANUALLY FOR 7200A TO BE ABLE TO FIND AND ROUTE TO 7200B.

7200B#

conf t

interface fa2/0

ip address 10.20.1.1 255.255.255.0

no shut

!

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

neighbor 10.1.1.1

Verify

Both routers should now list remote routes. This can be verified using the “show ip route” command. You should be able to ping 10.20.1.2 from 10.10.1.2, and be able to ping 10.10.1.2 from 10.20.1.2.

IP over ATM Network Diagram

IP over ATM Network Diagram

CCIE Project Part 1- Configure the ATM Switched Virtual Circuit (SVC) September 4, 2008

Posted by timsteiner in Information Security, Projects, Tutorials.
Tags: , , , , , , , , , ,
add a comment

Cisco ATM lab configuration

This document provides step-by-step instructions for setting up an ATM switched virtual circuit (SVC) using Cisco static mapping. This configuration will allow the router of one end to ping the router of the other end over an ATM Virtual Circuit.

Requirements

· (2) console cables

· PC with serial connection

· (3) bidirectional multi-mode fiber cables

· (2) Cisco 7200 routers (with ATM module installed)

· (2) Cisco LightStream 1010 switches (with ATM module installed)

Network Diagram

See “ATM Network.vsd”

Procedure

  1. Connect network devices as described in diagram.

Cisco 7200A => Cisco 1010A => Cisco 1010B => Cisco 7200B

  1. Power on devices

  1. Connect to Cisco 7200A via console cable

Router> en

Router# conf t

Router# hostname 7200A

7200A#

  1. Connect to Cisco 7200B via console cable

Router> en

Router# conf t

Router# hostname 7200B

7200B#

  1. Connect to Cisco 1010A via console cable

Switch> en

Switch# conf t

Switch# hostname 1010A

1010A#

  1. Connect to Cisco 1010B via console cable

Switch> en

Switch# conf t

Switch# hostname 1010B

1010B#

Configure Static Mapping on Cisco 7200 router A

7200A#

conf t

interface ATM4/0

no ip address

no atm ilmi-keepalive

pvc 0/5 qsaal

!

pvc 0/16 ilmi

!

!

interface ATM4/0.1 multipoint

ip address 10.1.1.1 255.255.255.0

atm esi-address 111111111111.11

!

svc SVC1 nsap 47.00918100000000b06494ee01.222222222222.22

protocol ip 10.1.1.2

broadcast

encapsulation aal5snap

***PLEASE NOTE – the first part of the number after nsap is going to be different for you. This is unique for each router.

7200A# show atm ilmi-status

Interface : ATM4/0 Interface Type : Private UNI (User-side)

ILMI VCC : (0, 16) ILMI Keepalive : Disabled

ILMI State: UpAndNormal

Peer IP Addr: 10.118.1.166 Peer IF Name: ATM10/1/1

Peer MaxVPIbits: 8 Peer MaxVCIbits: 14

Active Prefix(s) :

47.009181000000001011bcbb01

End-System Registered Address(s) :

47.009181000000001011bcbb01.1111.1111.1111.11(Confirmed)

Configure Static Mapping on Cisco 7200 router B

7200B#

conf t

interface ATM3/0

no ip address

no atm ilmi-keepalive

pvc 0/16 ilmi

!

pvc 0/5 qsaal

!

!

interface ATM3/0.1 multipoint

ip address 10.1.1.2 255.255.255.0

no ip directed-broadcast

atm esi-address 222222222222.22

!

svc SVC1 nsap 47.009181000000001011bcbb01.111111111111.11

protocol ip 10.1.1.1

broadcast

encapsulation aal5snap

***PLEASE NOTE – the first part of the number after nsap is going to be different for you. This is unique for each router.

7200B# show atm ilmi-status

Interface : ATM3/0 Interface Type : Private UNI (User-side)

ILMI VCC : (0, 16) ILMI Keepalive : Disabled

ILMI State: UpAndNormal

Peer IP Addr: 0.0.0.0 Peer IF Name: ATM4/1/2

Peer MaxVPIbits: 8 Peer MaxVCIbits: 14

Active Prefix(s) :

47.0091.8100.0000.00b0.6494.ee01

End-System Registered Address(s) :

47.0091.8100.0000.00b0.6494.ee01.2222.2222.2222.22(Confirmed)

7200B# show atm map

Map list SVC1_ATM3/0.1 : PERMANENT

ip 10.1.1.1 maps to NSAP 4747.009181000000001011bcbb01.111111111111.11

, broadcast, connection up, VC 30, VPI 0, VCI 61, ATM3/0.1

7200B# show atm vc

VCD / Peak Avg/Min Burst

Interface Name VPI VCI Type Encaps Kbps Kbps Cells Sts

3/0 2 0 5 PVC SAAL 155000 UP

3/0 1 0 16 PVC ILMI 155000 UP

7200B# ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

2d00h: ATMSIG: Called len 20

2d00h: ATMSIG: Calling len 20

2d00h: ATMSIG(ATM1/1/0 0,0 – 0001/00): (vcnum:0) build Setup msg,

Null(U0) state

2d00h: ATMSIG(ATM3/0 0,0 – 0001/00): (vcnum:0) API – from sig-client

ATM_OWNER_SMAP

2d00h: ATMSIG(ATM3/0 0,0 – 0001/00): (vcnum:0) Input event :

Req Setup in Null(U0)

2d00h: ATMSIG(ATM3/0 0,0 – 0001/00): (vcnum:0) Output Setup msg(XferAndTx),

Null(U0) state

2d00h: ATMSIG: Called Party Addr:

4747.009181000000001011bcbb01.111111111111.11

2d00h: ATMSIG: Calling Party Addr:

47.0091.8100.0000.00b0.6494.ee01.222222222222.22

2d00h: ATMSIG(ATM1/1/0 0,0 – 0001/00): (vcnum:0) Null(U0) -> Call Initiated(U1)

2d00h: E164 NOT Converted

2d00h: ATMSIG(ATM3/0 0,0 – 0001/00): (vcnum:0) Input event : Rcvd Call

Proceeding in Call Initiated(U1)

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:0) Call Initiated(U1)

-> Outgoing Call Proceeding(U3)

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:0) Input event : Rcvd Connect

in Outgoing Call Proceeding(U3)

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:36) Input event : Req Connect

Ack in Outgoing Call Proceeding(U3)

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:36) Output Connect Ack msg,

Outgoing Call Proceeding(U3) state

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:36) Outgoing Call Proceeding(U3)

-> Active(U10)

2d00h: ATMSIG(ATM3/0 0,37 – 0001/00): (vcnum:36) API – notifying Connect event

to client ATM3/0.1

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms

7200A#

***NOTE: THE PING SUCCESS RATE IS ONLY 80% THE FIRST TIME. THIS IS DUE TO THE INITIAL SETUP OF THE LINK.

Verify

A layer 3 connection now exists between 7200A and 7200B. You should be able to ping 10.1.1.2 from 7200A and be able to ping 10.1.1.1 from 7200B.

Cisco CCIE Project – EoMPLS Pseudowire over ATM September 4, 2008

Posted by timsteiner in Information Security, Projects, Tutorials.
Tags: , , , , , , , , , , , , , , , , ,
add a comment

The following 5 part series provides detailed instructions on how to set up a pseudowire over multiple ATM links to carry Ethernet traffic.

Disclaimer

Now I do not claim to be a CCIE, in fact I do not even have any Cisco certs. The following configuration has been tested to provide end-to-end layer 2 connectivity. I am aware that there may be other ways of setting this up. If you know of other better methods feel free to comment on this post.

Background info

I recently started a new job and made the mistake of including Cisco experience on my resume. Having never even finished my CCNA I am not what I would consider a Cisco expert but I am always up for a challenge. Well my first project at my new job was to set up 2 Cisco 7200 VXR routers and 2 Cisco 1010 lightStream Switches over ATM. Furthermore, this ATM link needs to be able to route IP traffic and there needs to a pseudowire that connects end-to-end and simulates an Ethernet LAN. So thats the plan. I spent the next day or two doing research and experimenting with router configs until I got something that works.

Here is basically how the devices are set up, each connected via ATM over multimode fiber.

Cisco 7200A => Cisco 1010A => Cisco 1010B => Cisco 7200B

This project will be broken down into 5 parts

  1. CCIE Project Part 1- Configure the ATM Switched Virtual Circuit (SVC)

  2. Cisco CCIE Project Part 2 – Configure OSPF over ATM

  3. Cisco CCIE Project Part 3 – Configure MPLS Forwarding

  4. Cisco CCIE Project Part 3 – Configure EoMPLS Pseudowire

  5. Configure CE (Customer Edge) Devices

Glossary

ATM – Asyncronous Transfer Mode

OSPF – Open Shortest Path First

EoMPLS – Ethernet over MPLS

Verizon Broadband Internet Sharing August 16, 2008

Posted by timsteiner in Projects, Tutorials.
Tags: , , , , ,
add a comment

Verizon Broadband Internet Sharing

I did some research and think the best solution will be to purchase an EV-DO router. It would be worth the investment and save lots of time setting the network up. There are other options but if you are planning to use the Verizon Broadband connection long term it is a great investment.

Solution #1) EV-DO Routers

http://www.dlink.com/products/?pid=524

http://www.kyocera-wireless.com/kr1-router/

Solution #2) Share the Verizon connection with a Windows XP/Vista PC and a typical 802.11x wireless router

My friend had an issue where he had a Verizon card, but was only able to get signal in one part of the house. He asked me if there was any way to hook a wireless router so that he could use the Verizon broadband connection from anywhere in the house on his laptop. This is how it works.

This solution involves using a computer that will stay on all the time and route traffic into the verizon card.

1) Share the Verizon connection -> go to the properties of the Verizon connection -> under sharing select the check box that says “allow other network users to connect through this computers internet connection.” -> Select the home network connection to be “local area connection” (the connection you will plug the wireless router into) -> Under settings select all services check boxes (advanced users select only the ones you use)

2) Open the command prompt by clicking on START -> Run -> type in “cmd” and press enter

3) Type the following command into the command prompt “ipconfig/all”

4) Get out a paper and pencil and copy down the following information from your Verizon connection:

  • default gateway =
  • dns server 1= , dns server 2 =

5) Go to the properties of your local area connection -> Select Internet protocol (IP v4) -> Select properties -> input the default gateway and dns information into the corresponding field.

6) Connect to the internet through your Verizon card. Now plug in a wireless router (with default settings) to your LAN port. If the settings are configured correctly you should have access to the internet when connected wirelessly or wired to the router.

Sample Acceptable Use Policy August 9, 2008

Posted by timsteiner in Information Security, Research.
Tags: , , , , , , , , , ,
add a comment

Acceptable Use Policy

1.0 Overview

The intention for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to LedGrafix’s established culture of openness, trust and integrity. LedGrafix is committed to protecting ’s employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of LedGrafix. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations. Please review Human Resources policies for further details.

Effective security is a team effort involving the participation and support of every LedGrafix employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines, and to conduct their activities accordingly.

2.0 Purpose

The purpose of this policy is to outline the acceptable use of computer equipment at LedGrafix. These rules are in place to protect the employee and LedGrafix. Inappropriate use exposes LedGrafix to risks including virus attacks, compromise of network systems and services, and legal issues.

3.0 Scope

This policy applies to employees, contractors, consultants, temporaries, and other workers at LedGrafix, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by LedGrafix.

4.0 Policy

4.1 General Use and Ownership

  1. While LedGrafix ’s network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate systems remains the property of LedGrafix. Because of the need to protect LedGrafix ’s network, management cannot guarantee the confidentiality of information stored on any network device belonging to LedGrafix.

  2. Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their supervisor or manager.

  3. LedGrafix recommends that any information that users consider sensitive or vulnerable be encrypted.

  4. For security and network maintenance purposes, authorized individuals within LedGrafix may monitor equipment, systems and network traffic at any time.

  5. LedGrafix reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

4.2 Security and Proprietary Information

  1. The user interface for information contained on Internet/Intranet/Extranet-related systems should be classified as either confidential or not confidential, as defined by corporate confidentiality guidelines, details of which can be found in Human Resources policies. Examples of confidential information include but are not limited to: company private, corporate strategies, competitor sensitive, trade secrets, specifications, customer lists, and research data. Employees should take all necessary steps to prevent unauthorized access to this information.

  2. Keep passwords secure and do not share accounts. Authorized users are responsible for the security of their passwords and accounts. System level passwords should be changed quarterly, user level passwords should be changed every six months.

  3. All PCs, laptops and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less, or by logging-off (control-alt-delete for Win2K users) when the host will be unattended.

  4. Use encryption of information in compliance with LedGrafix Acceptable Encryption Use policy.

  5. Because information contained on portable computers is especially vulnerable, special care should be exercised. Protect laptops in accordance with the “Laptop Security Tips”.

  6. Postings by employees from a LedGrafix email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of LedGrafix, unless posting is in the course of business duties.

  7. All hosts used by the employee that are connected to the LedGrafix Internet/Intranet/Extranet, whether owned by the employee or LedGrafix >, shall be continually executing approved virus-scanning software with a current virus database unless overridden by departmental or group policy.

  8. Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan horse code.

4.3. Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services).

Under no circumstances is an employee of LedGrafix authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing LedGrafix owned resources.

The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

System and Network Activities

The following activities are strictly prohibited, with no exceptions:

  1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by LedGrafix

  2. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which LedGrafix or the end user does not have an active license is strictly prohibited.

  3. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.

  4. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

  5. Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

  6. Using a LedGrafix computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction.

  7. Making fraudulent offers of products, items, or services originating from any LedGrafix account.

  8. Making statements about warranty, expressly or implied, unless it is a part of normal job duties.

  9. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.

  10. Port scanning or security scanning is expressly prohibited unless prior notification to LedGrafix is made.

  11. Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.

  12. Circumventing user authentication or security of any host, network or account.

  13. Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack).

  14. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet.

  15. Providing information about, or lists of, LedGrafix employees to parties outside .

Email and Communications Activities

  1. Sending unsolicited email messages, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam).

  2. Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages.

  3. Unauthorized use, or forging, of email header information.

  4. Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies.

  5. Creating or forwarding “chain letters”, “Ponzi” or other “pyramid” schemes of any type.

  6. Use of unsolicited email originating from within LedGrafix ’s networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by LedGrafix or connected via LedGrafix ’s network.

  7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

4.4. Blogging

  1. Blogging by employees, whether using LedGrafix’s property and systems or personal computer systems, is also subject to the terms and restrictions set forth in this Policy. Limited and occasional use of LedGrafix’s systems to engage in blogging is acceptable, provided that it is done in a professional and responsible manner, does not otherwise violate LedGrafix’s policy, is not detrimental to LedGrafix’s best interests, and does not interfere with an employee’s regular work duties. Blogging from LedGrafix’s systems is also subject to monitoring.

  2. LedGrafix’s Confidential Information policy also applies to blogging. As such, Employees are prohibited from revealing any LedGrafix confidential or proprietary information, trade secrets or any other material covered by LedGrafix’s Confidential Information policy when engaged in blogging.

  3. Employees shall not engage in any blogging that may harm or tarnish the image, reputation and/or goodwill of LedGrafix and/or any of its employees. Employees are also prohibited from making any discriminatory, disparaging, defamatory or harassing comments when blogging or otherwise engaging in any conduct prohibited by LedGrafix’s Non-Discrimination and Anti-Harassment policy.

  4. Employees may also not attribute personal statements, opinions or beliefs to LedGrafix when engaged in blogging. If an employee is expressing his or her beliefs and/or opinions in blogs, the employee may not, expressly or implicitly, represent themselves as an employee or representative of LedGrafix. Employees assume any and all risk associated with blogging.

  5. Apart from following all laws pertaining to the handling and disclosure of copyrighted or export controlled materials, LedGrafix’s trademarks, logos and any other LedGrafix intellectual property may also not be used in connection with any blogging activity

5.0 Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

6.0 Definitions

Term Definition

Blogging Writing a blog. A blog (short for weblog) is a personal online journal that is frequently updated and intended for general public consumption.

Spam Unauthorized and/or unsolicited electronic mass mailings.

7.0 Revision History

Albert Einstein Quotes August 9, 2008

Posted by timsteiner in Uncategorized.
Tags: , ,
1 comment so far

Albert Einstein Quotes

Albert Einstein
E = M C2

Albert Einstein
The most beautiful thing we can experience is the mysterious. It is the source of all true art and all science. He to whom this emotion is a stranger, who can no longer pause to wonder and stand rapt in awe, is as good as dead: his eyes are closed.

Albert Einstein
A man’s ethical behavior should be based effectually on sympathy, education, and social ties; no religious basis is necessary. Man would indeed be in a poor way if he had to be restrained by fear of punishment and hope of reward after death.

Albert Einstein
The further the spiritual evolution of mankind advances, the more certain it seems to me that the path to genuine religiosity does not lie through the fear of life, and the fear of death, and blind faith, but through striving after rational knowledge.

Albert Einstein
Now he has departed from this strange world a little ahead of me.

That means nothing. People like us, who believe in physics, know that the distinction between past, present, and future is only a stubbornly persistent illusion.

Albert Einstein
You see, wire telegraph is a kind of a very, very long cat. You pull his tail in New York and his head is meowing in Los Angeles. Do you understand this? And radio operates exactly the same way: you send signals here, they receive them there. The only difference is that there is no cat.

Albert Einstein
One had to cram all this stuff into one’s mind for the examinations, whether one liked it or not. This coercion had such a deterring effect on me that, after I had passed the final examination, I found the consideration of any scientific problems distasteful to me for an entire year.

Albert Einstein
…one of the strongest motives that lead men to art and science is escape from everyday life with its painful crudity and hopeless dreariness, from the fetters of one’s own ever-shifting desires. A finely tempered nature longs to escape from the personal life into the world of objective perception and thought.

Albert Einstein
He who joyfully marches to music rank and file, has already earned my contempt. He has been given a large brain by mistake, since for him the spinal cord would surely suffice. This disgrace to civilization should be done away with at once. Heroism at command, how violently I hate all this, how despicable and ignoble war is; I would rather be torn to shreds than be a part of so base an action. It is my conviction that killing under the cloak of war is nothing but an act of murder.

Albert Einstein
A human being is a part of a whole, called by us ‘universe’, a part limited in time and space. He experiences himself, his thoughts and feelings as something separated from the rest… a kind of optical delusion of his consciousness. This delusion is a kind of prison for us, restricting us to our personal desires and to affection for a few persons nearest to us. Our task must be to free ourselves from this prison by widening our circle of compassion to embrace all living creatures and the whole of nature in its beauty.

Albert Einstein, Sign hanging in Einstein’s office at Princeton
Not everything that counts can be counted, and not everything that can be counted counts.

Albert Einstein
Imagination is more important than knowledge.

Albert Einstein
Gravitation is not responsible for people falling in love.

Albert Einstein
I want to know God’s thoughts; the rest are details.

Albert Einstein
The hardest thing in the world to understand is the income tax.

Albert Einstein
Reality is merely an illusion, albeit a very persistent one.

Albert Einstein
A person starts to live when he can live outside himself.

Albert Einstein
I am convinced that He (God) does not play dice.

Albert Einstein
God is subtle but he is not malicious.

Albert Einstein
Weakness of attitude becomes weakness of character.

Albert Einstein
I never think of the future. It comes soon enough.

Albert Einstein
The eternal mystery of the world is its comprehensibility.

Albert Einstein
Sometimes one pays most for the things one gets for nothing.

Albert Einstein
Science without religion is lame. Religion without science is blind.

Albert Einstein
Anyone who has never made a mistake has never tried anything new.

Albert Einstein
Great spirits have often encountered violent opposition from weak minds.

Albert Einstein
There are two ways to live your life – one is as though nothing is a miracle, the other is as though everything is a miracle.

Albert Einstein
Everything should be made as simple as possible, but not simpler.

Albert Einstein
Common sense is the collection of prejudices acquired by age eighteen.

Albert Einstein
Science is a wonderful thing if one does not have to earn one’s living at it.

Albert Einstein
The secret to creativity is knowing how to hide your sources.

Albert Einstein
The only thing that interferes with my learning is my education.

Albert Einstein
God does not care about our mathematical difficulties. He integrates empirically.

Albert Einstein
The whole of science is nothing more than a refinement of everyday thinking.

Albert Einstein
Technological progress is like an axe in the hands of a pathological criminal.

Albert Einstein
Peace cannot be kept by force. It can only be achieved by understanding.

Albert Einstein
The most incomprehensible thing about the world is that it is comprehensible.

Albert Einstein
We can’t solve problems by using the same kind of thinking we used when we created them.

Albert Einstein
Education is what remains after one has forgotten everything he learned in school.

Albert Einstein
The important thing is not to stop questioning. Curiosity has its own reason for existing.

Albert Einstein
Do not worry about your difficulties in Mathematics. I can assure you mine are still greater.

Albert Einstein
Equations are more important to me, because politics is for the present, but an equation is something for eternity.

Albert Einstein
If A is a success in life, then A equals x plus y plus z. Work is x; y is play; and z is keeping your mouth shut.

Albert Einstein
Two things are infinite: the universe and human stupidity; and I’m not sure about the the universe.

Albert Einstein
As far as the laws of mathematics refer to reality, they are not certain, as far as they are certain, they do not refer to reality.

Albert Einstein
Whoever undertakes to set himself up as a judge of Truth and Knowledge is shipwrecked by the laughter of the gods.

Albert Einstein
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones.

Albert Einstein
In order to form an immaculate member of a flock of sheep one must, above all, be a sheep.

Albert Einstein
The fear of death is the most unjustified of all fears, for there’s no risk of accident for someone who’s dead.

Albert Einstein
Too many of us look upon Americans as dollar chasers. This is a cruel libel, even if it is reiterated thoughtlessly by the Americans themselves.

Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism — how passionately I hate them!

Albert Einstein
No, this trick won’t work…How on earth are you ever going to explain in terms of chemistry and physics so important a biological phenomenon as first love?

Albert Einstein
My religion consists of a humble admiration of the illimitable superior spirit who reveals himself in the slight details we are able to perceive with our frail and feeble mind.

Albert Einstein
Yes, we have to divide up our time like that, between our politics and our equations. But to me our equations are far more important, for politics are only a matter of present concern. A mathematical equation stands forever.

Albert Einstein
The release of atom power has changed everything except our way of thinking…the solution to this problem lies in the heart of mankind. If only I had known, I should have become a watchmaker.

Albert Einstein
Great spirits have always found violent opposition from mediocrities. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence.

Albert Einstein Education Quotes

Albert Einstein
Most teachers waste their time by asking questions which are intended to discover what a pupil does not know, whereas the true art of questioning has for its purpose to discover what the pupil knows or is capable of knowing.

Albert Einstein
Never regard your study as a duty, but as the enviable opportunity to learn to know the liberating influence of beauty in the realm of the spirit for your own personal joy and to the profit of the community to which your later work belongs.

Albert Einstein
Humiliation and mental oppression by ignorant and selfish teachers wreak havoc in the youthful mind that can never be undone and often exert a baleful influence in later life.

Albert Einstein
The aim (of education) must be the training of independently acting and thinking individuals who, however, can see in the service to the community their highest life achievement.

Albert Einstein
Teaching should be such that what is offered is perceived as a valuable gift and not as a hard duty.

Albert Einstein
In the teaching of geography and history a sympathetic understanding (should) be fostered for the characteristics of the different peoples of the world, especially for those who we are in the habit of describing as “primitive.

Albert Einstein Intuition Quotes

Albert Einstein
It is better for people to be like the beasts…they should be more intuitive; they should not be too conscious of what they are doing while they are doing it.

Albert Einstein Life Quotes

Albert Einstein
Only a life lived for others is a life worthwhile.

Albert Einstein
The life of the individual has meaning only insofar as it aids in making the life of every living thing nobler and more beautiful. Life is sacred, that is to say, it is the supreme value, to which all other values are subordinate.

Albert Einstein
The most precious things in life are note those one gets for money.

Albert Einstein Peace Quotes

Albert Einstein
He who cherishes the values of culture cannot fail to be a pacifist.

Albert Einstein
The conscientious objector is a revolutionary. On deciding to disobey the law he sacrifices his personal interests to the most important cause of working for the betterment of society.

Albert Einstein
My pacificism is an instinctive feeling, a feeling that possesses me because the murder of people is disgusting. My attitude is not derived from any intellectual theory but is based on my deepest antipathy to every kind of cruelty and hatred.

Albert Einstein
There are two ways of resisting war: the legal way and the revolutionary way. The legal way involves the offer of alternative service not as a privilege for a few but as a right for all. The revolutionary view involves an uncompromising resistance, with a view to breaking the power of militarism in time of peace or the resources of the state in time of war.

Albert Einstein
It is characteristic of the military mentality that nonhuman factors (atom bombs, strategic bases, weapons of all sorts, the possession of raw materials, etc) are held essential, while the human being, his desires, and thoughts – in short, the psychological factors – are considered as unimportant and secondary…The individual is degraded…to “human materiel.

Albert Einstein
To my mind, to kill in war is not a whit better than to commit ordinary murder.

Albert Einstein
Nationalism is an infantile disease. It is the measles of mankind.

Albert Einstein
Nationalism, on my opinion, is nothing more than an idealistic rationalization for militarism and aggression.

Albert Einstein
He who joyfully marches to music rank and file, has already earned my contempt. He has been given a large brain by mistake, since for him the spinal cord would surely suffice. This disgrace to civilization should be done away with at once. Heroism at command, how violently I hate all this, how despicable and ignoble war is; I would rather be torn to shreds than be a part of so base an action. It is my conviction that killing under the cloak of war is nothing but an act of murder.

Albert Einstein Philosophy Quotes

Albert Einstein
Everything is determined by forces over which we have no control. It is determined for the insect as well as for the star. Human beings, vegetables, or cosmic dust – we all dance to a mysterious tune, intoned in the distance by an invisible piper.

Albert Einstein Science Quotes

Albert Einstein
After a certain high level of technical skill is achieved, science and art tend to coalesce in esthetics, plasticity, and form. The greatest scientists are always artists as well.

Albert Einstein
You cannot love a car the way you love a horse. The horse brings out human feelings the way machines cannot do. Things like machines may develop or neglect certain things in people … Machines make our life impersonal and stultify certain elements in us and create an impersonal environment.

Albert Einstein
I believe that the horrifying deterioration in the ethical conduct of people today stems from the mechanization and dehumanization of our lives – the disastrous by-product of the scientific and technical mentality. Nostra culpa. Man grows cold faster than the planet he inhabits.

Albert Einstein
Betterment of conditions the world over is not essentially dependent on scientific knowledge but on the fulfillment of human traditions and ideals.

Albert Einstein Youth Quotes

Albert Einstein
People do not grow old no matter how long we live. We never cease to stand like curious children before the great Mystery into which we were born.

Albert Einstein
I am content in my later years. I have kept my good humor and take neither myself nor the next person seriously.

Other Albert Einstein Quotes

Albert Einstein
Human beings can attain a worthy and harmonious life only if they are able to rid themselves, within the limits of human nature, of the striving for the wish fulfillment of material kinds. The goal is to raise the spiritual values of society.

Albert Einstein
I admit thoughts influence the body.

Albert Einstein
Nothing is more destructive of respect for the government and the law of the land than passing laws which cannot be enforced. It is an open secret that the dangerous increase of crime in this county is closely related with this.

Albert Einstein
I am absolutely convinced that no wealth in the world can help humanity forward, even in the hands of the most devoted worker in this cause. The example of great and pure personages is the only thing that can lead us to find ideas and noble deeds. Money only appeals to selfishness and always irresistibly tempts its owner to abuse it. Can anyone imagine Moses, Jesus or Gandhi with the moneybags of Carnegie?

Albert Einstein
Anger dwells only in the bosom of fools.

Albert Einstein
The tragedy of life is what dies inside a man while he lives.

Albert Einstein
A photograph never grows old. You and I change, people change all through the months and years but a photograph always remains the same. How nice to look at a photograph of mother or father taken many years ago. You see them as you remember them. But as people live on, they change completely. That is why I think a photograph can be kind.

Albert Einstein
The gift of fantasy has meant more to me than my talent or absorbing positive knowledge.

Initial Site Survey Guidelines August 9, 2008

Posted by timsteiner in Information Security.
Tags: , , , , , , ,
add a comment

Initial Site Survey

  • Are passwords difficult to crack?
  • Are there access control lists (ACLs) in place on network devices to control who has access to shared data?
  • Are there audit logs to record who accesses data?
  • Are the audit logs reviewed?
  • Are the security settings for operating systems in accordance with accepted industry security practices?
  • Have all unnecessary applications and computer services been eliminated for each system?
  • Are these operating systems and commercial applications patched to current levels?
  • How is backup media stored? Who has access to it? Is it up-to-date?
  • Is there a disaster recovery plan? Have the participants and stakeholders ever rehearsed the disaster recovery plan?
  • Are there adequate cryptographic tools in place to govern data encryption, and have these tools been properly configured?
  • Have custom-built applications been written with security in mind?
  • How have these custom applications been tested for security flaws?
  • How are configuration and code changes documented at every level? How are these records reviewed and who conducts the review?

Pre-Audit Homework

Before the computer security auditors even begin an organizational audit, there’s a fair amount of homework that should be done. Auditors need to know what they’re auditing. In addition to reviewing the results of any previous audits that may have been conducted, there may be several tools they will use or refer to before. The first is a site survey. This is a technical description of the system’s hosts. It also includes management and user demographics. This information may be out of date, but it can still provide a general framework. Security questionnaires may be used as to follow up the site survey. These questionnaires are, by nature, subjective measurements, but they are useful because they provide a framework of agreed-upon security practices. The respondents are usually asked to rate the controls used to govern access to IT assets. These controls include: management controls, authentication/access controls, physical security, outsider access to systems, system administration controls and procedures, connections to external networks, remote access, incident response, and contingency planning.

Site surveys and security questionnaires should be clearly written with quantifiable responses of specific requirements. They should offer a numerical scale from least desired (does not meet requirements) to most desired (meets requirements and has supporting documentation). Both should include electronic commerce considerations if appropriate to the client organization. For instance, credit card companies have compliance templates listing specific security considerations for their products. These measure network, operating system, and application security as well as physical security.

Auditors, especially internal auditors, should review previous security incidents at the client organization to gain an idea of historical weak points in the organization’s security profile. It should also examine current conditions to ensure that repeat incidents cannot occur. If auditors are asked to examine a system that allows Internet connections, they may also want to know about IDS/Firewall log trends. Do these logs show any trends in attempts to exploit weaknesses? Could there be an underlying reason (such as faulty firewall rules) that such attempts are taking place on an ongoing basis. How can this be tested?

Because of the breadth of data to be examined, auditors will want to work with the client to determine the scope of the audit. Factors to consider include: the site business plan, the type of data being protected and the value/importance of that data to the client organization, previous security incidents, the time available to complete the audit and the talent/expertise of the auditors. Good auditors will want to have the scope of the audit clearly defined, understood and agreed to by the client.

Next, the auditors will develop audit plan. This plan will cover how will audit be executed, with which personnel, and using what tools. They will then discuss the plan with the requesting agency. Next they discuss the objective of the audit with site personnel along with some of the logistical details, such as the time of the audit, which site staff may be involved and how the audit will affect daily operations. Next, the auditors should ensure audit objectives are understood.

http://www.securityfocus.com/infocus/1697