Management Information Systems - Rutgers University



Management Information Systems

Rutgers Business School / Undergraduate New Brunswick

Professor Eckstein, Fall 2004

Class Notes

The first midterm exam will be based on Chapters 1-4 of the Post and Anderson book, and on these notes. The exam will not emphasize the history material.

Class 1

Overview

• Topic: using computer and network technology to help run businesses and other organizations

• Won’t focus especially on “managers”

• Will combine “Top-down” descriptive learning (P&A book) with “bottom-up” learning by example (Microsoft Access and G&B book)

Rules and Procedures – see the syllabus and schedule

Data, Information and Knowledge (P&A chapter 1)

• Datum is singular, data is plural

• Information is data structured and organized to be useful in making a decision or performing some task

• Knowledge implies “understanding” of information

o Knowledge representation in computers is called “artificial intelligence” (AI). It got a lot of hype in the 1980’s, but it is still growing gradually. We will not discuss it much, and stick to information instead.

The organizational “pyramid”

• Strategic management/decisions at the top

• Tactical management/decisions in the middle

• Operational management/decisions and operations at the bottom

• Whether something is information or data depends on the level of the decision – something that might be information relative to an operational task could be just data relative to a strategic decision. The higher you go, the more aggregated the information needs to be

Information systems

• The ways that organizations

o Store

o Move

o Organize

o Manipulate/process

their information

• Parts of information systems

o Hardware – physical tools: computer and network hardware, but also low-tech things like pens and paper

o Software – instructions for the hardware

o People

o Procedures – instructions for the people

o Data/databases

• Information systems existed before computers and networks – they just used very simple hardware that usually didn’t need software.

• Impact of electronic hardware

o Greatly reduces cost and increases speed of storing, moving (etc.) information

o Information doesn’t have to be stuck with particular things, locations, or people

o Can increase efficiency of things you already do

o Can permit new things

• Combine scale efficiencies of a large firm with responsiveness of a small one

• Can remove middlemen or levels of inventory that shielded you from handling information

• How much processing of information?

o Many computer information systems just store and organize information and perform very simple processing tasks like

• Finding/entering/altering/deleting specific data

• Finding specific data

• Sorting

• Summarizing (adding, averaging, etc.)

o Just these simple operations can accomplish enormous amounts

o Relational Databases (RDB’s) are great at these things

o To get computers more involved in making or suggesting parts of decisions, you often need more sophisticated tools than RDB’s

• Special/custom computer programming

• Expert systems/artificial intelligence

• Decision support systems/management science/operations research

o This course focuses on how to organize information in RDB’s and perform simple forms of processing, plus a little programming (if things go on schedule)

IT Foundations – Layering and Modularity (Class 2)

Electronic computing equipment is constructed from

• Wires

• Transistors and the like

• Storage devices (such as tiny magnets) that can be in one of two possible states

Although technically possible, we do not want to think about complex systems as being made out transistors. If somebody said “make an accounts payable system, and here is a pile of transistors”, you would probably not get very far!

The keys to organizing information systems (and other computer-based systems) are

• Layering – provide foundations that do simple tasks and then build on them without worrying about how they work internally

• Modularity – divide each layer into pieces that have well-defined task and communicate with one another in some standardized way

The most basic layering distinction is hardware and software

• Hardware consists of physical devices (like PC’s) that are capable of doing many different things

• Software are instructions that tell hardware what to do

Kinds of hardware

• Processors (CPU’s = central processing units; like “Pentium IV”)

• Primary storage (RAM and ROM)

• Secondary storage (hard disks, CD’s, floppies)

• Other input/output (“I/O”) – screens, mice, keyboards etc.

• Network hardware

Standard way of arranging hardware (like PC)

• One processor and bank of memory, and everything attached to them

• Mainframes are like PC’s, but designed to do very fast I/O to a lot of places at the same time (they used to compute faster as well)

More recent things –

• 2 to 16 processors sharing memory (servers and fast workstations)

• Parallel processing supercomputers with many memory/CPU units communicating via a network

• “Disk farms” that put together 100’s-1000’s of disks and connect them to a network as a shared storage device

• Basically, networks have “shaken up” the various ways that hardware modules are connected, although the basic PC style is one of the most common patterns

• Nowadays, only a one-person company has only one computer. So all companies are doing a certain amount of “parallel” or “distributed” computing.

If you look at things at each hardware module, you’ll find layers and modules within it. For example, a CPU will have modules inside like

• ALU (“arithmetic/logical unit)

• Instruction decoder

• Memory controller

• Etc.

Software structure

• BIOS is lowest level (basic I/O system)

• Operating system on top of BIOS

o Arbitrates between tasks

o Tracks files

o Structures contents of screen

o Within an operating system, you will find modules and layers

• Application software

Application software may have layers, such as

• Relational database engine (MS Access, Oracle, Sybase, DB2, etc.)

• Specific business application built on top of engine (we will study how to do that!)

Languages for expressing software

• Lowest level = machine language – just 0’s and 1’s saying things like “add register 2 to register 5” (a “register” is a very fast piece of memory inside a processor, usually just holding a single 4- or 8-byte number)

• Assembly language – says the same thing in text, for example “ADD R2, R5”. An assembler program translates this text to machine language.

• “Higher-level” languages that look more like English or algebra

o BASIC (numerous dialects)

o C

o C++

o Java/JavaScript

o COBOL

o … many, many, more…

• Compiler and interpreter programs translate these languages into things the processor can actually do

o Compilers translate once and produce a complete machine language program (a .EXE file in Windows)

o Interpreters translate pieces of the program on an as-needed basis

o Compilers typically produce faster programs

o Interpreters make it easier to find bugs in programs and may be simpler (fine if other things are more important than speed)

Data representation (Classes 2 and 3)

(Also see the memory storage calculation handout)

Notes: computers store number in base 2, or binary. Instead of a 1’s place, a 10’s place, a 100’s place etc. each with a digit from 0 to 9, you have a 1’s place, a 2’s place, a 4’s place, an 8’s place, and so forth, each containing the digit 0 or 1.

Example: 100101 = 1 ( 20 + 0 ( 21 + 1 ( 22 + 0 ( 23 + 0 ( 24 + 1 ( 25

When bits are combined to represent a number, sometimes one bit – often called a “sign bit” – is set aside to indicate + or – . (Most computers today use a system called “two’s complement” to represent negative numbers; I will not go into detail, but it essentially means the first bit is the sign bit).

There are also formats that are the binary equivalent of “scientific notation”. Instead of 3.478 ( 105, you have things like 1.00101011 ( 213. These are called “floating point”. They are usually printed and entered in decimal notation like 3.478 ( 105, but represented internally in binary floating point notation.

Some common amounts of memory for computers to manipulate at one time:

• A single bit – 1 means “yes” and 0 means “no”

• 8 bits, also called a “byte” – can hold 28 = 256 possible values. These can represent a single character of text, or a whole number from 0 to 255. If one bit is used to indicate + or –, can hold a whole number from –128 to +127.

• 16 bits, or two bytes. Can hold a single character from a large Asian character set, a whole number between 0 and about 65,000, or (with a sign bit) a whole number between about –32,000 and +32,000.

• 32 bits, or four bytes. Can hold an integer in the range 0 to about 4 billion, or roughly –2 billion to +2 billion. Can also hold a “single precision” floating-point number with the equivalent of about 6 decimal digits of accuracy.

• 64 bits. Can hold a floating-point number with the equivalent of about 15 digits of accuracy, or some really massive whole numbers (in the range of + or – 9 quintillion).

Most processors sold today manipulate data in 32- or 64-bit chunks. The Intel Pentium class of processors can manipulate up to 32 bits per machine cycle (on a 2.4-Gigahertz processor, for example, there are 2.4 billion machine cycles per second). Other processors, like the G5 or the Athlon 64, can process up to 64 bits per machine cycle.

See the storage calculation handout for more information, especially about representing pictures, sound, and video.

One important concept is compression. Compression algorithms are mathematical algorithms that reduce the storage needed by text, pictures, sound, or video, by producing specially compacted streams of binary numbers. There are two kinds of compression:

• Lossless – the orginal data can be reconstructed perfectly by a complementary “uncompress” algorithm

• Lossy – the original data cannot always be perfectly reconstructed, but only some close approximation. Lossy compression may be tolerated for pictures, sound, or video, but not usually for text.

Compression algorithms take advantage of structure in the data

• In text, not all characters appear with the same frequency, and if you know the last few characters, you can make predictions the next one pretty accurately – for example, in a legible English text, “Z” is very unlikely to follow “BR”.

• In recognizable pictures, nearby dots are likely to have very similar colors.

• In sound recordings, consecutive air pressure readings are likely to be similar.

• In videos, successive frames are usually very similar.

The compression factor is the size of the original data, divided by its size after it has been compressed.

Text compression algorithms often work quite well on other kinds of data, such as machine language programs. Some common compression algorithms:

• Text and miscellaneous streams of bits: ZIP, BZIP, GZIP (these also have facilities for packing many source files into a single compressed files)

• Pictures: JPEG (also called .jpg)

• Sound: MP3

• Video: MPEG (also called .mpg)

Networking and Telecommunications (Classes 3 and 4)

We now discuss transmitting data between physically separated computers

• Something that connects two computers is a link

• Many computers connected by many links comprise a network.

• Each computer on the network is called a node.

• Generally speaking, data should be able to get from any network node to any other node.

• There are many different shapes (or topologies) that can be used to build a network

o Today the predominant network topology is a collection of interconnected “stars”.

o At one time, interconnected “rings” were also popular, and they are still in use.

• Some nodes on the network serve primarily as connection points or to make sure data gets sent to right place

o Switches

o Hubs

o Routers

Kinds of links

• Link speed is usually measure in bits per second (b/s), with the usual (decimal) prefixes K (kilo/1,000), M (mega/1,000,000), G (giga/1,000,000,000), etc.

• Wires (usually copper) these can be used in many ways.

o A standard wire technology these days is “ethernet”. This comes in three flavors, 10 Mb/s, 100 Mb/s, and 1Gb/s.

o Wires can carry a lot of data for short distances, but slow down for longer distances

• Optical fiber (carries light pulses)

o Invented about 30 years ago

o More economical than wire for high data rates and long distances. Links can have capacities in the many Tb/s

• Broadcast electromagnetic waves (radio/infrared/microwave) – “wireless”

o Within-building and similar distance capacities typically about 11 Mb/s right now

o Slower for wide-area coverage (cell-phone modems)

A history of computer communications:

• The first large-scale electronic networks built were telephone networks. But they were not used by computers initially (Because computers didn’t exist! In fact, “computer” was actually a job title for a person who did mathematical calculations for engineers and scientists)

• When computers started, each organization had its own computer in its own room. Data got in and out of the computer room by being physically carried as punched cards, printed reports, magnetic tape etc. (eventually floppy disks, too) – later called “sneakernet”.

• People began placing I/O devices outside the computer room, connected by wires: printers, card readers, terminals (=printer + keyboard or screen + keyboard), etc.

• Technology was invented to encode (modulate) data into sounds the telephone network could carry. The data would be “demodulated” back into bits at the other end (thus the term “modem” – modulator/demodulator).

o This allowed people to have terminals at home and work over telephone lines

o Many other business applications involving sending or receiving data from remote locations

o Early modems were slow (100 b/s = 0.1 Kb/s in the 1960’s). This gradually increased to about 56 Kb/s today.

o The technology is still widely used

• In the late 1960’s, interest was growing in large general-purpose data networks independent of the telephone network.

o Before, these existed only for specialized application (mostly military)

o ARPANET – the (defense department) Advanced Research Projects Agency NETwork was built in the early 70’s

o This became the “internet”

o The internet had a fairly small user base until the mid 80’s. Then it began to gather momentum

o In the early 90’s, the “world wide web” became very popular and drove a massive expansion of the internet (along with the “.com” boom)

o In the 90’s there was a general telecommunications boom of which the internet boom was a big part. A lot of firms tried to secure their place in the boom by building lots of network links, especially in North America

o A lot of network capacity was built. About the same time technology appeared that greatly increased the amount of data an optical fiber could carry. Things cooled off a lot, but internet use continues to climb.

How networks work: LAYERING is very important

• Bottom: physical layer – the physical workings of the links (wire, fiber, wireless, etc.)

• Network layer (typically “IP”, standing for “internet protocol”): lets the network figure out what computer the data is meant for.

o Currently, each computer has a 32 bit “IP address” (usually split into four bytes printed in decimal like 128.6.59.202).

o The addresses have structure – for example “128.6” in the first two bytes of the address means somewhere at Rutgers (although 165.230 could also be at Rutgers), the 59 designates a particular “subnet” (roughly the same as a building), and the 202 identifies which computer on the subnet.

o Note that most computers also have a “hostname” and “domain name” that is easier for humans to remember, like “business.rutgers.edu” or . While these are related to IP addresses, they aren’t exactly the same. Special computers called “name servers” provide the translation. Small organizations may not have a name server, relying on a name server elsewhere. Large organizations like Rutgers may have dozens of name servers.

o 32 bits is no longer enough space for an IP address, and we will gradually move from IPv4 (32 bits) to IPv6 (128 bit addresses). Various workarounds suffice for now:

• Dynamically allocating IP addresses only when computers are connected to the network (“DHCP” is a common way of doing this), or

• Grouping small sets of computers to share a single IP (network address translation or “NAT”)

• Transport layer (typically “TCP”). Specifies how data is split up and logically moved in the network

o TCP specifies up to 65,000 logical “ports” for each computer on the network. Each port can be used for a different application.

o For each port, than can be more than one “session” or logical connection between to computers (for example, you could have two independent web browser windows connected to the same website from your own PC)

o For each session, there may be a sequence of messages in each direction

o TCP is a “packet switched” protocol – messages are cut up into “packets” that might take different paths through the network and are reassembled at the destination. Telephone networks are “circuit switched” – the whole conversation uses the same route through the network.

• Application layer: specifies different protocols for moving data in different ways. These constitute an “alphabet soup”:

o First: TELNET (old) – run a terminal session (a text-based interaction between a person and a computer)

o FTP (old) – move files back and forth (still in some use when security isn’t an issue)

o SSH – encrypted terminal sessions and file transfers. This is how you connect to the “Eden” system to do text-based interactions

o HTTP/HTTPs – hypertext transmission. This appeared in the early 1990’s and rapidly evolved into a way of projecting a wide range of graphic user interfaces across the internet. The “s” means secure/encrypted. HTTP is a much easier and more secure way to do arbitrary things on a remote user’s screen than making them run custom software.

o SMB, NFS – file sharing. Making disks on a distant computer look like they’re on yours

o SMTP – sending e-mail to and between mail servers (computers that can route e-mail). This is a “push” protocol: the computer initiating the connection sends the messages.

o POP3, IMAP – retrieving mail from e-mail servers. These are “pull” protocols: the computer initiating the connection receives the messages (if there are any)

o And many, many, more…

• Typically, each protocol uses a single TCP port (or perhaps a few). For example, HTTP usually uses port 80, and SSH usually uses port 22.

Some more notes on layers and protocols

• The picture on P&A page 100 is quite instructive – as you move downwards in the protocol layer “stack”, more and more “bookkeeping” data, also called “headers”, get appended around the data you actually wanted to send. This means the actual number of bits transmitted can be substantially longer than the actual data you want to send. Header information may get appended to each packet, if the message is divided into packets.

• TCP and IP usually go together and are known as “TCP/IP”

• You can run more than one network layer on top of a physical layer on the same link (for example, IP and AppleTalk)

• You can run several transport layers on top of a network layer (for example, TCP and UDP on top of IP)

• And, of course, you can run many application layers on top of a transport layer

Kinds of networks

• LAN – “Local Area Network” on the level of a single building

• WAN – “Wide Area Network” a vague term for something larger than a LAN

• Enterprise network – a larger-than-LAN network dedicated to a particular company or organization

• Internet – multiple networks networked together

o The idea of an internet preceded the current notion of the internet – “the” internet happened when most things got connected!

o The “IP” network layer was specifically designed to make it easy to create internets. That is why “the” internet could grow so quickly in the 1980’s and 1990’s, and conversely why TCP/IP is now the dominant network layer.

• VPN – “Virtual Private Network” – runs over the internet but encrypted in such a way that it looks like a private WAN that outsiders can’t snoop on (we hope!)

Current network technology

• Most firms now have LANs implemented with copper wire, usually Ethernet, and now also wireless

• Many larger firms have WANs and/or enterprise networks containing wire and/or fiber and maybe some satellite/microwave (depending on the firm’s size). The longer links in these networks are typically leased from ISP’s (see the next item)

• Internet service providers (ISP’s) maintain interconnected, overlapping networks made primarily of fiber (examples: AOL, ATT, Sprint, etc.) ISP’s also lease capacity for use in enterprise networks. Large and medium firms connect directly to ISP’s.

o Also, there are some non-profit alternatives to ISP’s, like “Internet2” which serves large universities like Rutgers

• Large firms can afford to lease dedicated high speed connections to ISP’s, like “T1” lines

• The dreaded “last mile”: smaller firms and individual households connect to the ISP’s in various non-ideal ways

o By phone and modem (sometimes directly to employer instead of ISP)

o Cable modem – signals carried over cable TV wires. Capacity usually 0.5-5 MB/s, but capacity may be shared with other users in the neighborhood

o DSL – signals carried over regular phone lines, but not at audible frequencies. About 0.5-1 Mb/s, but occasionally faster. Only works if you are within 2 miles of telephone switching center, but does not have capacity sharing problems.

• Most network connections are carry a fixed charge per month, without tracking the exact number of bits sent – one reason we have so much “spam”!

Uses for networks (not covered explicitly in class)

• Sending messages and data between people by “push”: e-mail possibly with attachments, instant messaging, voice over IP (VoIP) telephone

• Sharing/disseminating information by “pull” (basic web, FTP). Computers that are “pulled” from are usually called “servers”

• Other modes of sharing data. Some (or all) computers hold data that other computers can share.

o Computers that share data on their disks are often called “servers” or “file servers”.

o An example: “network drives” disks that are not on your computer, but act like they are (if a little slowly)

• Sharing other hardware like printers, scanners (these actually contain processors)

• Combination push/pull messaging and sharing: chat rooms, newsgroups

• Specific teamwork applications

o Calendar/scheduling applications

o Joint authorship systems (Lotus Notes?)

• Gathering data and interacting with customers

o Websites that gather data or take orders

o Sensors and scanners

• Offsite backup (this used to be done with tapes, but they are so slow now compared to hard disks)

Sample file transfer calculation: Suppose we want to do “video-on-demand” downloads of 4 GB movies in DVD format (binary-style GB). How long would that take over a 1 Mb/s DSL line, or a 50 Mb/s cable modem connection? (Note that connection speeds typically use decimal-style K, M, and G prefixes, whereas memory specifications usually use binary style).

Size of movie = (4 GB)(1024 MB/GB)(1024 MB/KB)(1024 B/KB)(8 bits/B) = 3.44 ( 1010 bits

Seconds to transfer with DSL = (3.44 ( 1010 bits)/(1 ( 106 bits/sec) = 3.44 ( 104 sec

= (3.44 ( 104 sec)/(60 sec/min ( 60 min/hr) = 9.54 hours – probably not acceptable!

Seconds to transfer with cable modem = (3.44 ( 1010 bits)/(50 ( 106 bits/sec) = 687 sec

= (687 sec)/(60 sec/min = 11.5 minutes – probably OK

Note that actual transfer times would be somewhat larger due to overhead (headers) added by the application, transport, network, and physical network layers

Security (Class 5)

Computer technology has made it much faster, easier, and cheaper to

• Store

• Move

• Organize

• Manipulate/process

… information than with older “manual” technology.

Unfortunately, the same technology can also make it faster, easier and cheaper to

• Steal

• Destroy

• Corrupt

• Abuse

… that same information!

There is no such thing as total security

• Don’t think of security issues as “one-time” problems; it is an ongoing process and a portion of the workforce needs to be dedicated to it

• Need to consider these costs when looking at cost-effectiveness of computer technology

• With awareness and effective countermeasures, security can usually be manageable

Accident and disaster threats

• Accidents always were a threat to organizations’ data. Fires and hurricanes can destroy paper files just as easily as computer files

• Centralized systems can be vulnerable to problems at the central site

• Distributed systems can be vulnerable to problems at just one site (depending on their design)

• Power failures can do a lot more damage than they used to

• With the introduction of computers, there are a lot of new ways for things to go wrong

o Hard disk “crashes”

o Software “crashes”

o Software “bugs”

o Etc…

• Countermeasures:

o Backup, backup, backup, backup, backup

• Can back up data to external media (CD-R, DVD-R, tapes) – protect the media!

• Back up data to another site over a network

• Power backup devices (generators, UPS, etc.)

• Backup of software

• Have a backup plan for hardware (for example, “SunGuard”)

o For software developed in-house: proper development, maintenance, and lifecycle procedures to contain damage from bugs (covered later in course)

Internal threats and problems – employees and consultants

• The larger the organization, the larger the frequency of

o Employee mistakes or failure to follow procedures

o Dishonest employees (rarer, but still a concern)

• Shortcuts or dishonesty by MIS employees may have a lot of “leverage” and may be hard to detect (trap doors, skimming, “time bombs”, …)

• Countermeasures:

o Separate functions: for example, most programmers shouldn’t have access to real customer data

o Use data access hierarchies and rules

o Encryption?

o Monitoring (ugh – this can take many forms)

o Give employees support – make it easy (or automatic) for them to do backup, install security software etc.

Business partner and vendor threats

• If you share interact electronically with vendors, customers, and partners, you may be exposed to their security problems as well as yours

• Exacerbated by recent “outsourcing” and cooperation trends like

o EDI (Electronic Data Interchange): firms automatically share data they believe are relevant. For example, we may let our suppliers see our parts inventories so they can plan better

o ASP (Application Service Providers): outsourcing portions of your information system needs (very common for payroll)

o The growth of the web/internet gave new momentum to EDI and ASP by making it easier and cheaper, but I think many firms are reluctant to let another company control their data

• Web commerce technology can make improper/questionable monitoring of customers practical/profitable (cookies)

• In an e-business environment, it may be harder to tell legitimate vendors, customers, and partners from crooks masquerading as such

• Countermeasures?

o Limit access

o Investigate partners

o Try to use reputable vendors/partners

o Encryption

o Monitoring

o Consumer awareness

Outside threats

• Two motivations

o Personal gain – thieves

o Malice/troublemaking – hackers etc. (this I find harder to understand)

• These threats always existed, but computer technology – and especially network technology – makes attack much cheaper, faster, and easier

• Snooping: monitoring networks as others’ data passes by

o Wireless networks especially vulnerable

• Hacking: gaining access to private systems and data (and possible abusing/damaging them)

o Port scans

o Bug exploitation (usually in operating systems, browsers, and e-mail programs)

o “Social engineering” – faking messages from tempting or official sources to induce people to run booby-trapped software, reveal passwords, or disclose other confidential information

• Spam

o Time-wasting

o Nowadays, usually dishonest/fraudulent

• Annoyance/vandal attacks – denial of service (DoS)

o For example, bombard a server computer with “ping” messages so it has no time to do its real job

• Self-replicating attacks: viruses and worms

o May move via e-mail and have a social engineering aspect (like many spams)

o But may exploit security hole (like a forgotten trap door) and not require any human participation

o Can reproduce very quickly

o The more powerful software is, the more vulnerable (MS Office macros)

• Many attacks combine categories

• Hierarchy among hackers and spammers

o “Script kiddies”

o Spam pyramid schemes?

Security Technologies/Techniques

• User identification

o Passwords

▪ Make sure they are not vulnerable to guessing

▪ Have a change schedule

▪ Problems:

• You get too many of them

• Have to write them down or use one password for several systems

• Vulnerable to snooping interception with some older protocols like TELNET and FTP

o Password generators: small electronic card that combines

▪ Fixed user password

▪ Internal passcode

▪ Time

o … to produce a password with a very limited lifetime

▪ Example: “SecurID”

o Biometrics: promising, but:

▪ Expense?

▪ Reliability?

▪ Ready yet?

• Access control within a computer system (server)

o Read, write, execute, (delete) privileges for files or parts of files

o Basic levels: user/group/all

o More advanced: hierarchies and “access control lists” (ACL’s)

• Restrict physical Access

o Example – US Government systems with classified data are supposed to have no physical connection to any unclassified system.

o If a computer seems compromised by hackers or viruses, physically detach it from the network immediately

• Audits/verification

o Example – user-verified paper voting records

o IT audits

• Scanning software and hardware

o Virus scanners: scan received disk files and arriving e-mail for suspicious patterns

o Spam filters

o Watch network for suspicious packet patterns

o Spyware – this may be too intrusive?

o Firewalls (hardware and software): block traffic into your network or computer

▪ Example – for a home, do not allow any connections initiated from outside

▪ Example – for medium-sized business, block all incoming connections except SMTP and HTTP into your mail/web server.

• Virtual private networks – use encryption to simulate a private network even if parts are carried over the internet (or some less secure private net)

• Encryption!

Encryption:

• Can be applied to both files and network messages; current emphasis on network messages

• Applications:

o When sensitive data is transmitted

▪ Passwords!

▪ Credit card numbers

▪ Personal data

o VPN’s

• Basic procedure: mathematical procedure for

o Message + key = gibberish

o Gibberish + key = Message again

o Try to make it too hard just to decode by just trying all possible keys

• Cryptography predates computers, but

o Computers make code-breaking easier (“Enigma” in World War II was one of the first applications of electronic computers – the allies cracked German and Japanese codes with the help of early electronic computers)

o Computers can also create fiendishly difficult codes to crack

• Basic problem – how to send key?

• Solution – multiple keys:

o Encoding requires one set of keys

o Decoding requires another set

▪ Example: encode requires key A, decode requires key B

o Publish one key, keep the other private

o Example 1:

▪ Bob’s public key is on his personal webpage

▪ Alice encodes a file with Bob’s public key

▪ Alice e-mails the file to Bob

▪ Bob decodes with his private key

▪ Anybody intercepting the e-mail would have to break into Bob’s computer to get the key to decode the attachment

▪ Used to send data on secure web forms (and also to receive information from secure web servers)

o Example 2:

▪ Joe’s public key is on his website

▪ Joe encodes a message with his private key

▪ Sends the encrypted message to Kathy and Laura

▪ They decode it with his public key

▪ If it is intelligible, then they know it came from Joe… or whoever published his website… (safer if he gave them the public key personally or they have stored it for some time)

▪ But, anybody else can decode it

o Example 3:

▪ David encodes a message with his private key

▪ David further encodes the result with Ed’s public key

▪ Sends it to Ed

▪ Ed decodes it with his private key

▪ Ed decodes the result with David’s public key

▪ Result is intelligible only to Ed, and he’s pretty sure it came from David.

o Other/related applications

▪ If I connect to “business.rutgers.edu”, warn me if it looks like this isn’t actually the same computer that said it was “business.rutgers.edu” last week

▪ Making sure passwords can’t be snooped

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download