Hi.

Welcome.

I have documented all my discussions, projects and different trends from obtaining my Master's in Information Assurance and my Doctorate in Information Technology.

 The key is - Educate

It is crucial that people are educated about security; how to deter from intrusion at ones organization; and most importantly protecting one self.

Building systems and educating on information assurance have been my exposure more than half of my life.

This is my journey of accomplishments, even more Struggles and a few solutions.

I hope you Enjoy!
pointing the "finger"

pointing the "finger"

The following information is in regards to implement threading in a Client-Server protocol, more specifically “pointing the finger” (Shah, 2000).

The finger protocol was designed for the intent of being able to point the finger on the screen to figure out who is where, who did what and who is up next (all taken in context).  This protocol can be very helpful within an organization to determine who has a specific application up and running or who shut off a specific server -- it can be used for anything.

The information, when pointing the finger, can also be known as tattling.  The computer traces the user information.  It can determine the user’s real name, the date and time when the user logged on and off.  It “was one of the first computer network applications. It enabled people to see who else was using the computer system as well as find basic information on that user.  To find information about a specific user, it was necessary to know that person's email address (Shah, 2000)”.  This technique can be very beneficial in organizations but where there is good one will always find bad.

Security, with the finger protocol, has always been an issue and other stipulations must put in place if this protocol is going to be utilized.  The security would be due to the user’s name and it “suffered from two major security flaws.  The first was that the Finger program provided information for hackers.  The second was that some implementations of the Finger daemon were not secure as the Morris worm highlighted.  As a result of the security and privacy problems many sites began not allowing Finger requests from remote users or sites just eliminated Finger (Shah, 2000).”

Even while doing research on the finger protocol there is not much details given other than code to try and “whether anyone was still using the finger protocol”.  One might believe at one time this was a suitable technique and as it stated “this worked well in the 1970s when there were many people connected to one computer” (Shah, 2000).

The finger protocol within my program for week 7 has the following details:

System.out.println("The socket is connected the server.");

    System.out.println("... local socket address is " + socket.getLocalSocketAddress());

    System.out.println("... remote socket address is " + socket.getRemoteSocketAddress());          

My file runs but does not have an output available.  This actually
“tracks clients using IP address” and was indicated as being a “bad idea” and was suggested to go entirely different route.  The reason being is because many user’s will change “IP address due to mobile networks” (getLocal, N.d.). 

The following changes that should be implemented within my protocol will just show the user name and email address.  There is no reason to have any other information added. 

The other issues in regards to the “getting the IP address” and the exact location of the client should warrant that intrusion may occur as port 79 must be used but that is also the port that malicious behavior is implemented. 

 

“Finger Security Concerns: Provides key host info to attacker - Fingered host can be DOSd if hit with a recursive finger script till its memory and swap space fill. - Fingering clients can be DOSd if they finger a maliciously configured host.  If fingering clients allow programmable keys - a maliciously configured host (such as Trojans) can return a finger response that maps a key to rm -rf /-. Disable on all host unless finger service is stubbed to only provide scripted data response (Port 79, N.d.)”. 

data warehouse

data warehouse

CFO and Integration

CFO and Integration