The screenshots of the 1987 Mac desktop, the 2005 Mac OS X desktop and the 2010 first iPad interfaces all have different ways of manipulating objects on the interface as a mode of interaction. The 1987 Mac Desktop has a very simple GUI interface with windows, icons, and menus. Direct manipulation of these objects required a physical controller such as a mouse and keyboard to select, move, open and close objects. However, the 2005 Mac OS X desktop interface had improved features and while the user still used a mouse and keyboard to manipulate directly the interface, there were more advanced interactions such as shrinking, and stretching the icon on the icon dock, and zooming and out to automatically resize icons. In the 2010 iPad direct interaction involves touch, and here the user has more flexibility since the user can use touch gestures to manipulate the interface. The traditional move, select, open and closing of objects is done using touch actions while zooming, shrinking and resizing uses gestures such as pinch to zoom.
Comparing a paper-based vs. a shared digital calendar.
The digital calendar uses the same interface concepts and metaphors like the paper-based calendar in that it has dates, covers and the ability to mark and add events. However, there is a significant difference in terms of interaction. Information is added to the paper-based calendar by writing while the digital calendar uses different recording means such as keyboard, stylus, video, audio, and images. The digital calendar also uses gestures and buttons to navigate and manipulate objects. In terms of flexibility, a digital calendar is saved as electronic data which can easily be stored, modified and transferred. For example, it is easy to synchronize the data on a digital calendar across various devices such as smartphones and computers, and access the data anywhere via the internet. Digital calendars also have data search features that make it easy to find information accurately.
Google and Microsoft’s Bing search engine homepages found at www.google.com and www.bing.com have very simple interfaces employing user-centric designs aimed at enhancing cognition by drawing user attention to the search bars. The Google homepage had a simple interface with the Google banner, a search bar, and two buttons i.e. Search, and I’m Feeling Lucky. The presence of a single search bar on a plain white page with two buttons below it clearly communicate that the user should type in their search keywords in the search bar and use the appropriate button to search. The Bing search homepage employs a similar technique where a large search bar with a magnifying glass button to show search is presented. The search bar is white with a background image thus creating sharp contrast and clearly indicating the search bar location.
When comparing Bailey’s arguments to Miller’s findings, it appears that Bailey’s arguments are well-founded while Miller’s findings are flawed. Miller’s findings are based on theories on the Magic Number 7 where interface design decisions are made based on one absolute and generalized rule. However, Bailey points out several research outcomes where the total number of items a person can remember for a short time has been found to be 3-4 items. In this regard, the optimal number of menu items during interface design should not be based on a generally accepted rule that works for all. Based on analysis of Bailey’s arguments, it is clear that the number of menu items relies majorly on the short-term working memory which varies from person to person based on cognitive skills such as reasoning and drawing inferences from text.
SEC 420 WEEK 2:
When trying to identify the vulnerabilities that a hacker would exploit in a network, it is important to analyze the security concerns before searching for network weak spots. The greatest concerns include susceptibility to common attacks, and this requires the security analyst to know the various ways computers and networks are compromised, and this will provide a direction to proceed on. Secondly, there is need to understand the risks posed by an attack and these include financial losses, data theft, privacy infringement and legal implications. By understanding the common attacks and risks involved the security team can use vulnerability assessment and penetration testing techniques to identify actual vulnerabilities. Vulnerability assessments involve the use of automated tools that are periodically run to detect vulnerabilities which are then remediated by IT personnel. Penetration testing techniques involve the use of controlled tests that simulate actual attacks against the network and computers the same way an attacker would. This helps identify vulnerabilities and how hackers could utilize them to access critical network assets.
There are many network vulnerability assessment tools used to determine a network’s security state. On such tool is Network Map (Nmap) which is a free, open source network security auditing and exploration tool used by many network administrators to check for network vulnerabilities by scanning for open ports, network filters, firewalls, and operating system fingerprinting to identify the services it offers. Other tools include the Microsoft Baseline Security Analyzer tool that checks for Microsoft software updates and common configuration errors then applies relevant patches automatically.
SEC 435 WEEK 2:
A DMZ (Demilitarized zone) is perimeter security network that separates the intranet (internal network) from the external network i.e. Internet. The DMZ prevents external communication from getting to the intranet and in the event of a breach, no critical services are affected. The DMZ includes all systems and servers holding public information while proprietary and confidential company data is stored on the internal network.
In this regard, web servers should be placed in the DMZ to prevent external clients from gaining access to the trusted network to access a website thus protecting the intranet from external threats. Placing Directory services such as Microsoft AD on the DMZ helps authenticate external clients seeking to access domain controller services. Another instance of AD can be run behind the DMZ to handle internal requests thus ensuring security and reliability at the same time. A secure FTP server can also be deployed on the DMZ but should have the necessary security authentication such as S/Key.
However, placing the domain controller on the DMZ poses the risk of the system being hacked by exploiting domain control services. With regard to the printer and file servers, these should not be placed in the DMZ since printers are used within the internal network and are thus private, while file servers on the DMZ could lead to compromise of confidential company files.
Security Information and Event Management (SIEM) solutions are used to provide broad log management functions such as data collection from different systems such as firewalls, antivirus, proxy servers, operating systems and routers. The systems also provide data aggregation, data normalization, event correlations, alerting, reporting and forensics. Businesses using SIEM solutions benefit from better ROI on security investment, reduced operational costs, and comprehensive reporting of security issues. Other benefits include early detection of a security breach, reduced risk of non-compliance and broader organizational support of IT security.
Some limitations and concerns of SIEM include incompatibility with some systems, insufficient resource allocation, lack of expertise in SIEM, and synchronization issues across systems, and poor system performance due to misconfiguration of SIEM across different system components. SIEM is still a growing approach to event management, and it is expected that more efficient solutions that are compatible with different platforms will be designed.
