At present there are Four main types:
Transaction Processing Systems (TPS)
Decision Support Systems (DSS)
Executive Information Systems (EIS)
Management Information Systems (MIS
Operations Support System:
Operations Support System (OSS) performs management, inventory, engineering, planning, and repair functions.
A lot of the work on OSS has been centered on defining its architecture. Put simply, there are four key elements of OSS:
• Processes
o the sequence of events
• Data
o the information that is acted upon
• Applications
o the components that implement processes to manage data
• Technology
o how we implement the applications
1. Transaction Processing System
A transaction processing system (TPS) collects, stores, modifies and retrieves the transactions of an organization. Examples of such systems are automatic telling machines (ATMs), electronic funds transfer at point of sale (EFTPOS – also referred to as POS).
• A Transaction Processing System collects, stores, modify's and retrieves the daily transactions of a business.
• TPS systems secure and record the daily transactions of a company.
There are two types of transaction of processing:
Batch processing: where all of the transactions are collected and processed as one group or batch at a later stage.
Real-time processing: where the transaction is processed immediately
Batch Processing
In Batch processing all information that needs to be processed is collected and processed as a group at a later date.
A good example of Batch processing is Cheques, as these are collected and processed at a later date.
Three main disadvantages of batch processing are:
1. The processing schedule is pre-determined so it must wait till a set time.
2. Errors cannot be corrected during processing
3. Sorting the transaction data is expensive and time consuming.
Real time processing
Real time Processing is the immediate processing of data. It instantaneously provides confirmation of a transaction.
There are two main concerns with Real-time processing these are:
1. Concurrency, which ensures that two users cannot change the same data at any one time.
2. Atomicity, which is the ensurance that all steps in the transaction process are completed.
Real time processing is extremely expensive. Both the hardware and software.
Information systems are constantly changing and evolving as technology continues to grow. Very importantly the information systems described below are not mutually exclusive and some (especially Expert Systems, Management Information Systems and Executive Information Systems are can be seen as a subset of Decision Support Systems). However these examples are not the only overlaps and the divisions of these information systems will change over time.
Components of A Transaction Processing System:
• Users – are people who use a TPS often take the data provided by the TPS and use it in another type of information system. This is a main feature of a TPS
• Participants – are the people who conduct information processing. Success or failure of the system depends on them.
• People – people from the environment become participant when they directly enter transactions and perform validation .Eg, withdrawing money from an ATM.
Four most important characteristics of a TPS system:
• Rapid response – fast performance with rapid results
• Reliability – well designed backup and recovery with a low failure rate
• Inflexibility – treat every transaction equally
• Controlled processing – maintain specific requirements for the roles and responsibilities of different employees.
• The output from a TPS is the input to other types of information systems.
Such as:
• DSS (Decision Support Systems) can provide the information necessary to make informed decisions.
• MIS (Management Support Systems) provides information for the organisation’s managers. Presenting basic facts.
File Types in A Transaction Processing System:
• Master file - contains information about an organisations business situation.
• Transaction file - is a collection of transaction records.
• Report file - contains data that has been formatted for presentation to a user.
• Work file - is a temporary file in the system used during the processing.
• Program file – contains instructions for the processing of data.
ACID MODEL
The ACID model is one of the oldest and most important concepts of database theory. It sets forward four goals that every database management system must strive to achieve: atomicity, consistency, isolation and durability. No database that fails to meet any of these four goals can be considered reliable.
Let’s take a moment to examine each one of these characteristics in detail:
• Atomicity states that database modifications must follow an “all or nothing” rule. Each transaction is said to be “atomic.” If one part of the transaction fails, the entire transaction fails. It is critical that the database management system maintain the atomic nature of transactions in spite of any DBMS, operating system or hardware failure.
• Consistency states that only valid data will be written to the database. If, for some reason, a transaction is executed that violates the database’s consistency rules, the entire transaction will be rolled back and the database will be restored to a state consistent with those rules. On the other hand, if a transaction successfully executes, it will take the database from one state that is consistent with the rules to another state that is also consistent with the rules.
• Isolation requires that multiple transactions occurring at the same time not impact each other’s execution. For example, if Amit issues a transaction against a database at the same time that Richa issues a different transaction; both transactions should operate on the database in an isolated manner. The database should either perform Amit’s entire transaction before executing Richa’s or vice-versa. This prevents Amit’s transaction from reading intermediate data produced as a side effect of part of Richa’s transaction that will not eventually be committed to the database. Note that the isolation property does not ensure which transaction will execute first, merely that they will not interfere with each other.
• Durability ensures that any transaction committed to the database will not be lost. Durability is ensured through the use of database backups and transaction logs that facilitate the restoration of committed transactions in spite of any subsequent software or hardware failures.
Tuesday, August 24, 2010
Monday, August 23, 2010
System Development Life Cycle-4
System Development Life Cycle
The system development life cycle is the overall process of developing, implementing, and retiring information systems through a multistep process from initiation, analysis, design, implementation, and maintenance to disposal. There are many different SDLC models and methodologies, but each generally consists of a series of defined steps or phases.
The systems development life cycle (SDLC) is a conceptual model used in project management that describes the stages involved in an information system development project, from an initial feasibility study through maintenance of the completed application.
The SDLC in its Pure Form has These Phases.
1) Requirement Analysis: - This phase is also known as feasibility study. In this stage the Requirement is been gathered for the product to be developed. The gathered requirement is documented in a simple document which is known as the Software Requirement Specification.
The Requirement Analysis Phase ultimately ends up with the SRS.
2) Design Analysis: - The purpose of this phase is to plan out the solutions to develop the application that has been documented in the SRS. The design provides solutions to the problems from the Requirement Analysis Phase.
3) Coding/ Development: - This phase is where the actual coding takes place. This stage targets to develop the application using right coding standards and technology.
4) Testing: - This phase is where the code is tested and verified to match the requirement given in the SRS. The stage repeats itself until the code is ready to publish or distribute. The testing takes place in many methods which are Black Box Testing, White Box Testing, Unit Testing, and Integrated Testing etc...
5) Implementation and Maintenance: - This is a phase where the Tested code is distributed to the end user and the Application has to be maintained. This stage is the most time consuming Phase where the end user keeps on identifying bugs and the application has to be modified and updated.
The system development life cycle is the overall process of developing, implementing, and retiring information systems through a multistep process from initiation, analysis, design, implementation, and maintenance to disposal. There are many different SDLC models and methodologies, but each generally consists of a series of defined steps or phases.
The systems development life cycle (SDLC) is a conceptual model used in project management that describes the stages involved in an information system development project, from an initial feasibility study through maintenance of the completed application.
The SDLC in its Pure Form has These Phases.
1) Requirement Analysis: - This phase is also known as feasibility study. In this stage the Requirement is been gathered for the product to be developed. The gathered requirement is documented in a simple document which is known as the Software Requirement Specification.
The Requirement Analysis Phase ultimately ends up with the SRS.
2) Design Analysis: - The purpose of this phase is to plan out the solutions to develop the application that has been documented in the SRS. The design provides solutions to the problems from the Requirement Analysis Phase.
3) Coding/ Development: - This phase is where the actual coding takes place. This stage targets to develop the application using right coding standards and technology.
4) Testing: - This phase is where the code is tested and verified to match the requirement given in the SRS. The stage repeats itself until the code is ready to publish or distribute. The testing takes place in many methods which are Black Box Testing, White Box Testing, Unit Testing, and Integrated Testing etc...
5) Implementation and Maintenance: - This is a phase where the Tested code is distributed to the end user and the Application has to be maintained. This stage is the most time consuming Phase where the end user keeps on identifying bugs and the application has to be modified and updated.
Saturday, August 21, 2010
CASE STUDY On BPR-2
CASE STUDY 2
Read the following case and answer the questions at the end:
Dr. Sukumar inherited his father’s Dey’s Lab in Delhi in 1995. Till 2002, he owned 4 labs in the
National Capital Region (NCR) . His ambition was to turn it into a National chain. The number increased to 7 in 2003 across the country, including the acquisition of Platinum lab in Mumbai.
The number is likely to go to 50 within 2-3 years from 21 at present. Infusion of Rs. 28 crores for
a 26% stake by Pharma Capital has its growth strategy.
The lab with a revenue of Rs. 75 crores is among top three Pathological labs in India with Atlantic
(Rs. 77 crores) and Pacific (Rs. 55 crores). Yet its market share is only 2% of Rs. 3,500 crores market. The top 3 firms command only 6% as against 40-45% by their counterparts in the USA. There are about 20,000 to 1,00,000 stand alone labs engaged in routine pathological business in India, with no system of mandatory licensing and registration. That is why Dr. Sukumar has not gone for acquisition or joint ventures. He does not find many existing laboratories meeting quality standards. His six labs have been accredited nationally whereon many large hospitals have not thought of accreditation; The College of American pathologists accreditation of Dey’s lab would help it to reach clients outside India.
In Dey’s Lab, the bio-chemistry and blood testing equipments are sanitized every day. The bar coding and automated registration of patients do not allow any identity mix-ups. Even routine tests are conducted with highly sophisticated systems. Technical expertise enables them to carry out 1650 variety of tests. Same day reports are available for samples reaching by 3 p.m. and by 7 a.m. next day for samples from 500 collection centres located across the country. Their Technicians work round the clock, unlike competitors. Home services for collection and reporting is also available.
There is a huge unutilized capacity. Now it is trying to top other segments. 20% of its total business comes through its main laboratory which acts as a reference lab for many leading hospitals. New mega labs are being built to Encash preclinical and multi-centre clinical trials within India and provide postgraduate training to the pathologists.
Questions:
(i) What do you understand by the term Vision? What is the difference between ‘Vision’ and ‘Mission’? What vision Dr. Sukumar had at the time of inheritance of Dey’s Lab? Has it been achieved?
(ii) For growth what business strategy has been adopted by Dr. Sukumar?
(iii) What is the marketing strategy of Dr. Sukumar to overtake its competitors?
(iv) In your opinion what could be the biggest weakness in Dr. Sukumar’s business strategy?
CASE STUDY ON BPR-1
CASE STUDY 1
DD is the India’s premier public service broadcaster with more than 1,000 transmitters covering 90% of the country’s population across an estimated 70 million homes. It has more than 20,000 employees managing its metro and regional channels. Recent years have seen growing competition from many private channels numbering more than 65, and the cable and satellite operators (C & S). The C & S network reaches nearly 30 million homes and is growing at a very fast rate.
DD’s business model is based on selling half-hour slots of commercial time to the programme producers and charging them a minimum guarantee. For instance, the present tariff for the first 20 episodes of a programme is Rs. 30 lakhs plus the cost of production of the programme. In exchange the producers get 780 seconds of commercial time that he can sell to advertisers and can generate revenue. Break-even point for producers, at the present rates, thus is Rs. 75,000 for a 10 second advertising spot. Beyond 20 episodes, the minimum guarantee is Rs. 65 lakhs for which the producer has to charge Rs. 1,15,000 for a 10 second spot in order to break-even. It is at this point the advertisers face a problem – the competitive rates for a 10 second spot is Rs. 50,000. Producers are possessive about buying commercial time on DD. As a result the DD’s projected growth of revenue is only 6-10% as against 50-60% for the private sector channels. Software suppliers, advertisers and audiences are deserting DD owing to its unrealistic pricing policy. DD has three options before it.
First, it should privatize, second, it should remain purely public service broadcaster and third, a middle path. The challenge seems to be to exploit DD’s immense potential and emerge as a formidable player in the mass media.
Question:
(i) What is the best option, in your view, for DD?
(ii) Analyze the SWOT(Strengths, Weaknesses, Opportunities and Threats ) factors the DD has ?
(iii) Why to you think that the proposed alternative is the best? (20 Marks)
Advantage & Disadvantages of MIS
Advantage & Disadvantages of MIS
Modern businesses have been leveraging management information systems (MIS) to manage, order, organize and manipulate the gigabytes and masses of information generated for various purposes. MIS helps businesses optimize business processes, address information needs of employees and various stakeholders and take informed strategic decisions. However, budget allocation and monitoring issues can affect the efficacy of MIS. It has its advantages and disadvantages depending on organizational deployment and usage.
ADVANTAGES
An MIS provides the following advantages:
1. It Facilitates planning: MIS improves the quality of plants by providing relevant information for sound decision - making. Due to increase in the size and complexity of organizations, managers have lost personal contact with the scene of operations.
2. In Minimizes information overload: MIS change the larger amount of data in to summarize form and there by avoids the confusion which may arise when managers are flooded with detailed facts.
3. MIS Encourages Decentralization: Decentralization of authority is possibly when there is a system for monitoring operations at lower levels. MIS is successfully used for measuring performance and making necessary change in the organizational plans and procedures.
4. It brings Co-ordination: MIS facilities integration of specialized activities by keeping each department aware of the problem and requirements of other departments. It connects all decision centers in the organization.
5. It makes control easier: MIS serves as a link between managerial planning and control. It improves the ability of management to evaluate and improve performance. The used computers has increased the data processing and storage capabilities and reduced the cost.
6. MIS assembles, process, stores, Retrieves, evaluates and disseminates the information.
DISADVANTAGES:
1. Highly sensitive requires constant monitoring.
2. Buddgeting of MIS extremely difficult.
3. Quality of outputs governed by quality of inputs.
4. Lack of flexibility to update itself.
5. Effectiveness decreases due to frequent changes in top management
Modern businesses have been leveraging management information systems (MIS) to manage, order, organize and manipulate the gigabytes and masses of information generated for various purposes. MIS helps businesses optimize business processes, address information needs of employees and various stakeholders and take informed strategic decisions. However, budget allocation and monitoring issues can affect the efficacy of MIS. It has its advantages and disadvantages depending on organizational deployment and usage.
ADVANTAGES
An MIS provides the following advantages:
1. It Facilitates planning: MIS improves the quality of plants by providing relevant information for sound decision - making. Due to increase in the size and complexity of organizations, managers have lost personal contact with the scene of operations.
2. In Minimizes information overload: MIS change the larger amount of data in to summarize form and there by avoids the confusion which may arise when managers are flooded with detailed facts.
3. MIS Encourages Decentralization: Decentralization of authority is possibly when there is a system for monitoring operations at lower levels. MIS is successfully used for measuring performance and making necessary change in the organizational plans and procedures.
4. It brings Co-ordination: MIS facilities integration of specialized activities by keeping each department aware of the problem and requirements of other departments. It connects all decision centers in the organization.
5. It makes control easier: MIS serves as a link between managerial planning and control. It improves the ability of management to evaluate and improve performance. The used computers has increased the data processing and storage capabilities and reduced the cost.
6. MIS assembles, process, stores, Retrieves, evaluates and disseminates the information.
DISADVANTAGES:
1. Highly sensitive requires constant monitoring.
2. Buddgeting of MIS extremely difficult.
3. Quality of outputs governed by quality of inputs.
4. Lack of flexibility to update itself.
5. Effectiveness decreases due to frequent changes in top management
MIS – Introduction to management in context of Information System
MIS – Introduction to management in context of IS
Management Information Systems, which are often abbreviated to MIS, are a subdivision of internal business controls that usually refer to documents, IT, people and procedures. An MIS is usually applied by management accountants who will be trying to solve a business problem or setting a price for how much a product should cost.
MIS are actually quite different from other information systems. This is because the MIS are used primarily to analyze other information systems that are used in the operational activities of any particular organization.
So MIS is not a true information system in the sense of technology, but nor is it a true business function. In fact it straddles both these disciplines and is a way in which technology can be harnessed along with business so that people can function more effectively.
Within any given organization there may well be MIS professionals, but they are actually employed as systems analysts or even project managers. They often will act as a means of communication between management and the staff on the ground and they are actually a very valuable asset to any firm, since MIS professionals have the ability to analyze vast amounts of data.
This is the real beauty of Management Information Systems; they allow personnel to effectively and efficiently analyze huge amounts of data that would otherwise be too enormous to be analyzed by humans. This means that trends can be spotted or patterns start to emerge. The MIS systems can also show dips or peaks in performance that may not be readily available when using other information systems, so they are incredibly important.
Origins of Management Information Systems
Initially computers were used to keep finances up to date by using word processing and in many cases accounting. But then more and more applications were invented all of which were geared towards providing management with useful and relevant information that would help them to manage their business and due to the nature of the information they contained, these applications became known as Management Information Systems.
Aim of Management Information Systems
The main aim of MIS systems is to inform management and help them make informed decisions about management and the way the business is run. This highlights the difference between an MIS and other types of information systems that do not necessarily contain information that will help managers make managerial decisions.
MIS, or management information systems, are used to manage the data created within the structure of a particular business. These systems store the data and allow the business to manipulate, analyze and compile the data through the use of software applications. Reports and analysis pulled from an information system can assist in the directing, planning and decision making needs of managers.
Component of MIS in context of IS
1. Information Management
2. Structures
3. Data
4. Tools
5. Output
1. Information Management
Businesses gather information every day in the form of invoices, proposals, daily sales figures and time cards. This information can provide a business insight into their operations, create a platform for decision making and reveal ideas that feed strategic planning. Gathering the information requires a consistent and reliable process in order for the information to be useful. Information management requires a system that supports the business model the information comes from.
2. Structures
Management information structures provide a central location in which to store and manage the information from. The structure or system is fed by people (employees, vendors, suppliers, customers) who input (provide) the data and output the data (creating reports and disseminating the data). Software and hardware supply the equipment needed to process, store and control access to the data. Business rules (how production cost is figured, formulas for vacation time, how accounts payable are processed for payment) dictate how the software should operate.
3. Data
Data found in information management systems is gathered by hand or electronically. Documents can provide data that is then input into the system or data can be gathered through conversation and input directly into the system via a form. Data can also be gathered using an electronic device such as a barcode scanner that is then downloaded into the management system. Delivering data into the system can occur from outside the system via customers, vendors or suppliers. Access to data may be controlled via a separate set of rules implemented by the business.
4. Tools
Software programs designed to fit the business rules and its required documents are the entry points for an information system. Hardware is needed to operate the software and can include large computer networks or a simple single server with a small number of desktops. Each business department may have a separate software program that shares its data with other programs or all departments can enter data through a central software program. Oracle and Microsoft offer management information system software products for medium to large businesses.
5. Output
Software applications allow the sorting and analyzing of data. Output typically comes in the form of reports. Reports can be disseminated electronically or by hand. A report can provide information about sales figures, production goals or even the financial value of the business as a whole. Annual reports and quarterly sales figures are created from data located in a management information system.
Management Information Systems, which are often abbreviated to MIS, are a subdivision of internal business controls that usually refer to documents, IT, people and procedures. An MIS is usually applied by management accountants who will be trying to solve a business problem or setting a price for how much a product should cost.
MIS are actually quite different from other information systems. This is because the MIS are used primarily to analyze other information systems that are used in the operational activities of any particular organization.
So MIS is not a true information system in the sense of technology, but nor is it a true business function. In fact it straddles both these disciplines and is a way in which technology can be harnessed along with business so that people can function more effectively.
Within any given organization there may well be MIS professionals, but they are actually employed as systems analysts or even project managers. They often will act as a means of communication between management and the staff on the ground and they are actually a very valuable asset to any firm, since MIS professionals have the ability to analyze vast amounts of data.
This is the real beauty of Management Information Systems; they allow personnel to effectively and efficiently analyze huge amounts of data that would otherwise be too enormous to be analyzed by humans. This means that trends can be spotted or patterns start to emerge. The MIS systems can also show dips or peaks in performance that may not be readily available when using other information systems, so they are incredibly important.
Origins of Management Information Systems
Initially computers were used to keep finances up to date by using word processing and in many cases accounting. But then more and more applications were invented all of which were geared towards providing management with useful and relevant information that would help them to manage their business and due to the nature of the information they contained, these applications became known as Management Information Systems.
Aim of Management Information Systems
The main aim of MIS systems is to inform management and help them make informed decisions about management and the way the business is run. This highlights the difference between an MIS and other types of information systems that do not necessarily contain information that will help managers make managerial decisions.
MIS, or management information systems, are used to manage the data created within the structure of a particular business. These systems store the data and allow the business to manipulate, analyze and compile the data through the use of software applications. Reports and analysis pulled from an information system can assist in the directing, planning and decision making needs of managers.
Component of MIS in context of IS
1. Information Management
2. Structures
3. Data
4. Tools
5. Output
1. Information Management
Businesses gather information every day in the form of invoices, proposals, daily sales figures and time cards. This information can provide a business insight into their operations, create a platform for decision making and reveal ideas that feed strategic planning. Gathering the information requires a consistent and reliable process in order for the information to be useful. Information management requires a system that supports the business model the information comes from.
2. Structures
Management information structures provide a central location in which to store and manage the information from. The structure or system is fed by people (employees, vendors, suppliers, customers) who input (provide) the data and output the data (creating reports and disseminating the data). Software and hardware supply the equipment needed to process, store and control access to the data. Business rules (how production cost is figured, formulas for vacation time, how accounts payable are processed for payment) dictate how the software should operate.
3. Data
Data found in information management systems is gathered by hand or electronically. Documents can provide data that is then input into the system or data can be gathered through conversation and input directly into the system via a form. Data can also be gathered using an electronic device such as a barcode scanner that is then downloaded into the management system. Delivering data into the system can occur from outside the system via customers, vendors or suppliers. Access to data may be controlled via a separate set of rules implemented by the business.
4. Tools
Software programs designed to fit the business rules and its required documents are the entry points for an information system. Hardware is needed to operate the software and can include large computer networks or a simple single server with a small number of desktops. Each business department may have a separate software program that shares its data with other programs or all departments can enter data through a central software program. Oracle and Microsoft offer management information system software products for medium to large businesses.
5. Output
Software applications allow the sorting and analyzing of data. Output typically comes in the form of reports. Reports can be disseminated electronically or by hand. A report can provide information about sales figures, production goals or even the financial value of the business as a whole. Annual reports and quarterly sales figures are created from data located in a management information system.
Wednesday, August 18, 2010
Ethical And Social impact of Information System
Ethics
Information technology offers potent tools that can serve to fulfill an individual's life, to further organizational goals, pursue national interest, or support environmentally sustainable regional development. The same technology can also be used to infringe on property in a digital form, invade individuals' private sphere, and to hold them in fear of omnipresent surveillance. The way the technology is deployed depends on our decisions as professionals and as users of information systems. It also depends on the enacted policies and legislation. All of us, therefore, should make the relevant decisions guided not only by the economic, organizational, and technological aspects of information systems, but also in consideration of their effects on individuals. Our knowledge of ethics helps us in making such decisions. What we may call infoethics is the application of ethical thinking to the development and use of information systems.
Ethics is a study of the principles of right and wrong that ought to guide human conduct. Ethics concerns itself with what values are worth pursuing in life and what acts are right. Therefore, ethics is a study of morality.
Human behavior and decision making fall into three domains :
1. Legal Domain
The legal domain governs a variety of relatively well defined behaviors, specified by law enforceable in the courts of a given country or within a local jurisdiction. International bodies increasingly address legal issues that cross national borders. Computer crime and abuse, such as destruction of databases with the use of computer viruses or misrepresentation of electronic identity toward financial gain, are the breaches of law and fall into this domain.
2. Discretionary Domain
However, not every legal action is ethical. The domain of ethics is governed by the general norms of behavior and by specific codes of ethics. To see whether your decision-making in a given case involves an ethical issue, you may apply the “sunshine principle”: “What if I read about my decisions and subsequent actions in tomorrow's paper?” Ethical considerations go beyond legal liability, and the breach of norms not punishable by law meets with social opprobrium. Only if the action is both legal and ethical, does it fall in the discretionary domain, where we properly act entirely according to our preferences.
3. Ethical Issues
Knowledge of ethics as it applies to the issues arising from the development and use of information systems, which we may call info ethics, helps us to make decisions in our professional life. Professional knowledge is generally assumed to confer a special responsibility in its domain. This is why the professions have evolved codes of ethics, that is, sets of principles intended to guide the conduct of the members of the profession.
The principal code of ethics for information systems professionals is the Association for Computing Machinery (ACM) Code of Ethics and Professional Conduct, binding on the members of the Association for Computing Machinery (ACM). The code should be familiar also to all those whose professional life is affected by information systems.
To select a course of action in an ethical dilemma, we turn to ethical theories.
Ethical theories give us the foundation for ethical decision making. There are two fundamental approaches to ethical reasoning:
1. Consequentialist theories tell us to choose the action with the best possible consequences. Thus, the utilitarian theory that prominently represents this approach holds that our chosen action should produce the greatest overall good for the greatest number of people affected by our decision. The difficulty lies in deciding what the “good” is and how to measure and compare the resulting “goods.” The approach may also lead to sacrificing the rights of a minority. There are certain acts that are wrong in themselves and should be always avoided. The unethical acts interfere with the rights of others, the rights that may be derived from the other principal group of ethical theories.
2. Deontological theories argue that it is our duty to do what is right. Your actions should be such that they could serve as a model of behavior for others—and, in particular, you should act as you would want others to act toward you. Our fundamental duty is to treat others with respect—and thus not to treat them solely as a means to our own purposes.
Treating others with respect means not violating their rights. It is, therefore, vital that we recognize the rights of each human individual.
The principal individual rights recognized in democratic societies are:
1. The right to life and safety;
2. The right of free consent—individuals should be treated as they freely consent to be treated;
3. The right to private property;
4. The right to privacy;
5. The right of free speech, extending to the right to criticize truthfully the ethics or legality of the actions of others;
6. The right to fair treatment—individuals who are similar in regards relevant to a given decision should be treated similarly;
7. The right to due process—individuals have a right to an impartial hearing when they believe their rights are being violated.
Social and Ethical issues arise from the processing of data into information. The phrase "Social and Ethical Issues" refers to issues that affect direct and indirect users of the system. They may be legal issues but they may also be moral issues and the dangers to society from the misuse of the information. The phrase "Social and Ethical Issues" refer to a range of issues which are covered under:
Acknowledgment of data sources
The freedom of information act
Privacy principles
Accuracy of data and the reliability of data sources access to data, ownership and control of data
New trends in the organization, processing, storage and retrieval of data such as data warehousing and data-mining
The ethical issues involved are many and varied; however, it is helpful to focus on just four:
1. Privacy and Confidentiality - all web communications are subject to "eavesdropping". Browsers record your activities in history files. Cookies deposited by web sites collect information about you and your browsing. EG many online e-commerce sites use cookies to track buying habits. When these cookies are collected into a database, they may reveal identities of individuals. Some companies sell these databases.
2.Freedom and Censorship of Speech - people have to respect Copyright laws, and many of these laws are being violated, resulting in other laws being enforced banning people from downloading things like music off the Internet. It is good for musicians who don't want their music stolen, but bad for musicians who are wanting their music to be downloaded so they can become popular. There are also people who warp what other people say, or criticize it. This isn't fair because the Internet is open to anyone to say whatever they want.
3.Security - it is becoming increasingly easy to hack into people's computers and websites. This needs to be stopped because hacking into someone’s computer is the equivalent to breaking into someone’s house - it shouldn't happen.
4.Computer Crimes and Computer Related Crimes - like Security, more and more people are hacking into computers and program. A lot more crimes are being committed over and because of the Internet also. For example people can hack into bank accounts and steal money, or manipulate systems to cause destruction. A man in Australia hacked into a sewerage system and released millions of liters of raw waste into rivers and parks.
Information technology offers potent tools that can serve to fulfill an individual's life, to further organizational goals, pursue national interest, or support environmentally sustainable regional development. The same technology can also be used to infringe on property in a digital form, invade individuals' private sphere, and to hold them in fear of omnipresent surveillance. The way the technology is deployed depends on our decisions as professionals and as users of information systems. It also depends on the enacted policies and legislation. All of us, therefore, should make the relevant decisions guided not only by the economic, organizational, and technological aspects of information systems, but also in consideration of their effects on individuals. Our knowledge of ethics helps us in making such decisions. What we may call infoethics is the application of ethical thinking to the development and use of information systems.
Ethics is a study of the principles of right and wrong that ought to guide human conduct. Ethics concerns itself with what values are worth pursuing in life and what acts are right. Therefore, ethics is a study of morality.
Human behavior and decision making fall into three domains :
1. Legal Domain
The legal domain governs a variety of relatively well defined behaviors, specified by law enforceable in the courts of a given country or within a local jurisdiction. International bodies increasingly address legal issues that cross national borders. Computer crime and abuse, such as destruction of databases with the use of computer viruses or misrepresentation of electronic identity toward financial gain, are the breaches of law and fall into this domain.
2. Discretionary Domain
However, not every legal action is ethical. The domain of ethics is governed by the general norms of behavior and by specific codes of ethics. To see whether your decision-making in a given case involves an ethical issue, you may apply the “sunshine principle”: “What if I read about my decisions and subsequent actions in tomorrow's paper?” Ethical considerations go beyond legal liability, and the breach of norms not punishable by law meets with social opprobrium. Only if the action is both legal and ethical, does it fall in the discretionary domain, where we properly act entirely according to our preferences.
3. Ethical Issues
Knowledge of ethics as it applies to the issues arising from the development and use of information systems, which we may call info ethics, helps us to make decisions in our professional life. Professional knowledge is generally assumed to confer a special responsibility in its domain. This is why the professions have evolved codes of ethics, that is, sets of principles intended to guide the conduct of the members of the profession.
The principal code of ethics for information systems professionals is the Association for Computing Machinery (ACM) Code of Ethics and Professional Conduct, binding on the members of the Association for Computing Machinery (ACM). The code should be familiar also to all those whose professional life is affected by information systems.
To select a course of action in an ethical dilemma, we turn to ethical theories.
Ethical theories give us the foundation for ethical decision making. There are two fundamental approaches to ethical reasoning:
1. Consequentialist theories tell us to choose the action with the best possible consequences. Thus, the utilitarian theory that prominently represents this approach holds that our chosen action should produce the greatest overall good for the greatest number of people affected by our decision. The difficulty lies in deciding what the “good” is and how to measure and compare the resulting “goods.” The approach may also lead to sacrificing the rights of a minority. There are certain acts that are wrong in themselves and should be always avoided. The unethical acts interfere with the rights of others, the rights that may be derived from the other principal group of ethical theories.
2. Deontological theories argue that it is our duty to do what is right. Your actions should be such that they could serve as a model of behavior for others—and, in particular, you should act as you would want others to act toward you. Our fundamental duty is to treat others with respect—and thus not to treat them solely as a means to our own purposes.
Treating others with respect means not violating their rights. It is, therefore, vital that we recognize the rights of each human individual.
The principal individual rights recognized in democratic societies are:
1. The right to life and safety;
2. The right of free consent—individuals should be treated as they freely consent to be treated;
3. The right to private property;
4. The right to privacy;
5. The right of free speech, extending to the right to criticize truthfully the ethics or legality of the actions of others;
6. The right to fair treatment—individuals who are similar in regards relevant to a given decision should be treated similarly;
7. The right to due process—individuals have a right to an impartial hearing when they believe their rights are being violated.
Social and Ethical issues arise from the processing of data into information. The phrase "Social and Ethical Issues" refers to issues that affect direct and indirect users of the system. They may be legal issues but they may also be moral issues and the dangers to society from the misuse of the information. The phrase "Social and Ethical Issues" refer to a range of issues which are covered under:
Acknowledgment of data sources
The freedom of information act
Privacy principles
Accuracy of data and the reliability of data sources access to data, ownership and control of data
New trends in the organization, processing, storage and retrieval of data such as data warehousing and data-mining
The ethical issues involved are many and varied; however, it is helpful to focus on just four:
1. Privacy and Confidentiality - all web communications are subject to "eavesdropping". Browsers record your activities in history files. Cookies deposited by web sites collect information about you and your browsing. EG many online e-commerce sites use cookies to track buying habits. When these cookies are collected into a database, they may reveal identities of individuals. Some companies sell these databases.
2.Freedom and Censorship of Speech - people have to respect Copyright laws, and many of these laws are being violated, resulting in other laws being enforced banning people from downloading things like music off the Internet. It is good for musicians who don't want their music stolen, but bad for musicians who are wanting their music to be downloaded so they can become popular. There are also people who warp what other people say, or criticize it. This isn't fair because the Internet is open to anyone to say whatever they want.
3.Security - it is becoming increasingly easy to hack into people's computers and websites. This needs to be stopped because hacking into someone’s computer is the equivalent to breaking into someone’s house - it shouldn't happen.
4.Computer Crimes and Computer Related Crimes - like Security, more and more people are hacking into computers and program. A lot more crimes are being committed over and because of the Internet also. For example people can hack into bank accounts and steal money, or manipulate systems to cause destruction. A man in Australia hacked into a sewerage system and released millions of liters of raw waste into rivers and parks.
MIS Q & A
Q1. Identify and describe the four levels of the organizational hierarchy. What types of information systems serve each level?
From lowest to highest, the four levels of the organizational hierarchy are operational, knowledge, management, and strategic. Types of information systems include transaction processing systems, office systems, knowledge work systems, decision-support systems, management information systems, and executive support systems.
Transaction processing systems, such as order tracking, payroll, machine control, and compensation, serve the operational level.
Engineering workstations, word processing, graphics workstations, managerial workstations, document imaging, and electronic calendars are examples of knowledge work systems and office systems that serve the knowledge level.
Sales region analysis, cost analysis, annual budgeting, and relocation analysis are examples of decision-support systems and management information systems.
Many of these systems are programs that students learn in their management science or quantitative methods courses. Some are based on database management systems. Examples of executive support systems that serve the strategic level are sales trend forecasting, operating plan development, budget forecasting, profit planning, and manpower planning.
Q2. List and briefly describe the major types of systems in organizations.
Transaction processing systems, office systems, knowledge work systems, decision-support systems, management information systems, and executive support systems are the major types of systems in organizations. Transaction processing systems function at the operational level of the organization. Examples of transaction processing systems include order tracking, order processing, machine control, plant scheduling, compensation, and securities trading.
Knowledge work systems help create and integrate new knowledge within the organization. Examples of knowledge work systems include engineering workstations, managerial workstations, and graphics workstations. Office systems help increase data worker productivity and include word processing document imaging, and electronic calendars.
Management information systems provide managers with reports based primarily on data pulled from transaction processing systems, have an internal orientation, and have limited flexibility. Examples of management information systems include sales management, inventory control, and capital investment analysis. Decision-support systems function at the management level and provide analytical models and data analysis tools to provide support for semi structured and unstructured decision-making activities. Examples of decision-support systems include sales region analysis, cost analysis, and contract cost analysis.
Executive support systems function at the strategic level, support unstructured decision making, and use advanced graphics and communications. Examples of executive support systems include sales trend forecasting, budget forecasting, and personnel planning.
The systems form a level of systems, with all types either formatting or processing the information from a lower level. For instance, the office systems provide reports or presentations on the information or data in transaction processing systems.
Decision-support and executive support systems often use office systems in presenting information extracted from transaction processing systems and management information system. Management information systems depend on data from transaction processing systems.
Some systems, including knowledge work systems, decision-support systems, and executive support systems may use external information, such as stock market information and design information from suppliers.
Q3. What are the five types of TPS in business organizations? What functions do they perform? Give examples of each.
The five types of transaction processing systems include
1. Sales/marketing systems,
2. Manufacturing/production systems,
3. Finance/accounting systems,
4. Human resources systems, and
5. Other types.
1. Sales/marketing systems provide sales management, market research, promotion, pricing, and new product functions. Examples include sales order information systems, market research systems, and sales commission systems.
2. Manufacturing/production systems provide scheduling, purchasing, shipping/receiving, engineering, and operations functions. Examples of manufacturing systems include machine control systems, purchase order systems, and quality control systems.
3. Finance/accounting systems provide budgeting, general ledger, billing, and cost accounting functions. Examples of finance/accounting systems include general ledger, accounts receivable/payable, and funds management systems.
4. Human resource systems provide personnel records, benefits, compensation, labor relations, training, and payroll functions. Examples include employee records, benefit systems, and career path systems.
5. Other types include admissions, grade records, course records, and alumni for a university. Examples of transaction processing systems for a university include a registration system, student transcript system, and an alumni benefactor system.
Q4. Describe the functions performed by knowledge work systems and office systems and some typical applications of each.
Knowledge work systems (KWS) aid knowledge work professionals to create new information and knowledge, and ensure that new knowledge and technical expertise are properly used in their corporations. Examples of knowledge workers (and some of their software) include engineers (graphics workstations), Wall Street traders, analysts, and arbitrageurs (financial and stock market workstations), research scientists, doctors, and designers (CAD systems).
Office systems provide support for data workers, including secretaries, accountants, filing clerks, and some managers. Software examples include word processing, desktop publishing, presentation programs, electronic calendars, and document imaging.
Q5. What are the characteristics of MIS? How do MIS differ from TPS and DSS?
MIS supports the management level by providing routine summary reports and exception reports for various purposes, including planning, controlling, and decision making. Examples include sales and profit per customer and per region, relocation summary and analysis, inventory control, capital investment analysis, and even a report on students who were here in the autumn but did not to return in the spring.
MIS differs from TPS in that MIS deals with summarized and compressed data from the TPS and sometimes analysis of that summarized data.
Decision-support systems provide material for analysis for the solution of semi-structured problems, which often are unique or rapidly changing. Typically, they provide the ability to do “what if” analysis. While MIS have an internal orientation, DSS will often use data from external sources, as well as data from TPS and MIS. DSS supports “right now” analysis rather than the long-term structured analysis of MIS. MIS are generally not flexible and provide little analytical capabilities. In contrast, DSS are designed for analytical purposes and are flexible.
Q6. What are the characteristics of DSS? How do they differ from those of ESS?
DSS provide sophisticated analytical models and data analysis tools to support semistructured and unstructured decision-making activities. DSS use data from TPS, MIS, and external sources, provide more analytical power than other systems, combine data, and are interactive. ESS support senior managers with unstructured strategic-level decision making. They may be less analytical than DSS with less use of models such as linear programming or forecasting. However, they often rely on external data and rely heavily on graphics.
Q7. Describe the relationship between TPS, office systems, KWS, MIS, DSS, and ESS.
The various types of systems in the organization exchange data with one another. TPS are a major source of data for other systems, especially MIS and DSS. TPS are operational-level systems that collect transaction data. Examples of these are payroll or order processing that track the flow of the daily routine transactions that are necessary to conduct business. TPS provide data that are required by office systems, KWS, MIS and DSS, although these systems may also use other data. KWS and office systems not only use data from TPS but also from MIS. DSS not only use data from TPS but also from KWS, office systems, and MIS. MIS rely heavily on data from TPS but also use data from KWS and office systems. ESS obtain most of their internal data from MIS and DSS.
Q8. List and describe the information systems serving each of the major functional areas of a business.
Sales and marketing information systems help the firm identify customers for the organization's products and services. These systems help develop, promote, sell, and provide ongoing customer support for the firm's products and services. Specific sales and marketing information systems include order processing, market analysis, pricing analysis, and sales trend forecasting.
Manufacturing and production information systems provide information for planning, product development, production or service scheduling, and controlling the flow of products and services. Specific manufacturing and production information systems include machine control, CAD, production planning, and facilities location.
Finance and accounting information systems track the organization's financial assets and fund flows. Financial and accounting systems include accounts receivable, portfolio analysis, budgeting, and profit planning.
Human resources information systems maintain employee records; track employee skills, job performance, and training; and support planning for employee compensation, including pensions and benefits, legal and regulatory requirements, and career development. Systems include training and development, career path, compensation analysis, and human resources planning.
Q9. What is a business process? Give two examples of processes for functional areas of the business and one example of a cross-functional process.
Business processes are the ways in which organizations coordinate and organize work activities, information, and knowledge to produce their valuable products or services. Business processes for the manufacturing and production area include product assembling, quality checking, and producing bills of materials. For the sales and marketing area, business processes include identifying customers, making customers aware of the product, and selling the product. For finance and accounting, business processes includes paying creditors, creating financial statements, and managing cash accounts. For human resources, business processes include hiring employees, evaluating job performance of employees, and enrolling employees in benefits plans.
The order fulfillment process is an example of a cross-functional process.
Q10. Why are organizations trying to integrate their business processes? What are the four key enterprise applications for organization-wide process integration?
An organization operates in an ever-increasing competitive, global environment. Operating in a global environment requires an organization to focus on the efficient execution of its processes, customer service, and speed to market. To accomplish these goals, the organization must exchange valuable information across different functions, levels, and business units. By integrating its processes, the organization can more efficiently exchange information among its functional areas, business units, suppliers, and customers. The four key enterprise applications are enterprise systems, supply chain management systems, customer relationship management systems, and knowledge management systems.
From lowest to highest, the four levels of the organizational hierarchy are operational, knowledge, management, and strategic. Types of information systems include transaction processing systems, office systems, knowledge work systems, decision-support systems, management information systems, and executive support systems.
Transaction processing systems, such as order tracking, payroll, machine control, and compensation, serve the operational level.
Engineering workstations, word processing, graphics workstations, managerial workstations, document imaging, and electronic calendars are examples of knowledge work systems and office systems that serve the knowledge level.
Sales region analysis, cost analysis, annual budgeting, and relocation analysis are examples of decision-support systems and management information systems.
Many of these systems are programs that students learn in their management science or quantitative methods courses. Some are based on database management systems. Examples of executive support systems that serve the strategic level are sales trend forecasting, operating plan development, budget forecasting, profit planning, and manpower planning.
Q2. List and briefly describe the major types of systems in organizations.
Transaction processing systems, office systems, knowledge work systems, decision-support systems, management information systems, and executive support systems are the major types of systems in organizations. Transaction processing systems function at the operational level of the organization. Examples of transaction processing systems include order tracking, order processing, machine control, plant scheduling, compensation, and securities trading.
Knowledge work systems help create and integrate new knowledge within the organization. Examples of knowledge work systems include engineering workstations, managerial workstations, and graphics workstations. Office systems help increase data worker productivity and include word processing document imaging, and electronic calendars.
Management information systems provide managers with reports based primarily on data pulled from transaction processing systems, have an internal orientation, and have limited flexibility. Examples of management information systems include sales management, inventory control, and capital investment analysis. Decision-support systems function at the management level and provide analytical models and data analysis tools to provide support for semi structured and unstructured decision-making activities. Examples of decision-support systems include sales region analysis, cost analysis, and contract cost analysis.
Executive support systems function at the strategic level, support unstructured decision making, and use advanced graphics and communications. Examples of executive support systems include sales trend forecasting, budget forecasting, and personnel planning.
The systems form a level of systems, with all types either formatting or processing the information from a lower level. For instance, the office systems provide reports or presentations on the information or data in transaction processing systems.
Decision-support and executive support systems often use office systems in presenting information extracted from transaction processing systems and management information system. Management information systems depend on data from transaction processing systems.
Some systems, including knowledge work systems, decision-support systems, and executive support systems may use external information, such as stock market information and design information from suppliers.
Q3. What are the five types of TPS in business organizations? What functions do they perform? Give examples of each.
The five types of transaction processing systems include
1. Sales/marketing systems,
2. Manufacturing/production systems,
3. Finance/accounting systems,
4. Human resources systems, and
5. Other types.
1. Sales/marketing systems provide sales management, market research, promotion, pricing, and new product functions. Examples include sales order information systems, market research systems, and sales commission systems.
2. Manufacturing/production systems provide scheduling, purchasing, shipping/receiving, engineering, and operations functions. Examples of manufacturing systems include machine control systems, purchase order systems, and quality control systems.
3. Finance/accounting systems provide budgeting, general ledger, billing, and cost accounting functions. Examples of finance/accounting systems include general ledger, accounts receivable/payable, and funds management systems.
4. Human resource systems provide personnel records, benefits, compensation, labor relations, training, and payroll functions. Examples include employee records, benefit systems, and career path systems.
5. Other types include admissions, grade records, course records, and alumni for a university. Examples of transaction processing systems for a university include a registration system, student transcript system, and an alumni benefactor system.
Q4. Describe the functions performed by knowledge work systems and office systems and some typical applications of each.
Knowledge work systems (KWS) aid knowledge work professionals to create new information and knowledge, and ensure that new knowledge and technical expertise are properly used in their corporations. Examples of knowledge workers (and some of their software) include engineers (graphics workstations), Wall Street traders, analysts, and arbitrageurs (financial and stock market workstations), research scientists, doctors, and designers (CAD systems).
Office systems provide support for data workers, including secretaries, accountants, filing clerks, and some managers. Software examples include word processing, desktop publishing, presentation programs, electronic calendars, and document imaging.
Q5. What are the characteristics of MIS? How do MIS differ from TPS and DSS?
MIS supports the management level by providing routine summary reports and exception reports for various purposes, including planning, controlling, and decision making. Examples include sales and profit per customer and per region, relocation summary and analysis, inventory control, capital investment analysis, and even a report on students who were here in the autumn but did not to return in the spring.
MIS differs from TPS in that MIS deals with summarized and compressed data from the TPS and sometimes analysis of that summarized data.
Decision-support systems provide material for analysis for the solution of semi-structured problems, which often are unique or rapidly changing. Typically, they provide the ability to do “what if” analysis. While MIS have an internal orientation, DSS will often use data from external sources, as well as data from TPS and MIS. DSS supports “right now” analysis rather than the long-term structured analysis of MIS. MIS are generally not flexible and provide little analytical capabilities. In contrast, DSS are designed for analytical purposes and are flexible.
Q6. What are the characteristics of DSS? How do they differ from those of ESS?
DSS provide sophisticated analytical models and data analysis tools to support semistructured and unstructured decision-making activities. DSS use data from TPS, MIS, and external sources, provide more analytical power than other systems, combine data, and are interactive. ESS support senior managers with unstructured strategic-level decision making. They may be less analytical than DSS with less use of models such as linear programming or forecasting. However, they often rely on external data and rely heavily on graphics.
Q7. Describe the relationship between TPS, office systems, KWS, MIS, DSS, and ESS.
The various types of systems in the organization exchange data with one another. TPS are a major source of data for other systems, especially MIS and DSS. TPS are operational-level systems that collect transaction data. Examples of these are payroll or order processing that track the flow of the daily routine transactions that are necessary to conduct business. TPS provide data that are required by office systems, KWS, MIS and DSS, although these systems may also use other data. KWS and office systems not only use data from TPS but also from MIS. DSS not only use data from TPS but also from KWS, office systems, and MIS. MIS rely heavily on data from TPS but also use data from KWS and office systems. ESS obtain most of their internal data from MIS and DSS.
Q8. List and describe the information systems serving each of the major functional areas of a business.
Sales and marketing information systems help the firm identify customers for the organization's products and services. These systems help develop, promote, sell, and provide ongoing customer support for the firm's products and services. Specific sales and marketing information systems include order processing, market analysis, pricing analysis, and sales trend forecasting.
Manufacturing and production information systems provide information for planning, product development, production or service scheduling, and controlling the flow of products and services. Specific manufacturing and production information systems include machine control, CAD, production planning, and facilities location.
Finance and accounting information systems track the organization's financial assets and fund flows. Financial and accounting systems include accounts receivable, portfolio analysis, budgeting, and profit planning.
Human resources information systems maintain employee records; track employee skills, job performance, and training; and support planning for employee compensation, including pensions and benefits, legal and regulatory requirements, and career development. Systems include training and development, career path, compensation analysis, and human resources planning.
Q9. What is a business process? Give two examples of processes for functional areas of the business and one example of a cross-functional process.
Business processes are the ways in which organizations coordinate and organize work activities, information, and knowledge to produce their valuable products or services. Business processes for the manufacturing and production area include product assembling, quality checking, and producing bills of materials. For the sales and marketing area, business processes include identifying customers, making customers aware of the product, and selling the product. For finance and accounting, business processes includes paying creditors, creating financial statements, and managing cash accounts. For human resources, business processes include hiring employees, evaluating job performance of employees, and enrolling employees in benefits plans.
The order fulfillment process is an example of a cross-functional process.
Q10. Why are organizations trying to integrate their business processes? What are the four key enterprise applications for organization-wide process integration?
An organization operates in an ever-increasing competitive, global environment. Operating in a global environment requires an organization to focus on the efficient execution of its processes, customer service, and speed to market. To accomplish these goals, the organization must exchange valuable information across different functions, levels, and business units. By integrating its processes, the organization can more efficiently exchange information among its functional areas, business units, suppliers, and customers. The four key enterprise applications are enterprise systems, supply chain management systems, customer relationship management systems, and knowledge management systems.
BPR --Business Process Reengineering
Business process reengineering
The analysis and design of workflows and processes within an organization. A business process is a set of logically related tasks performed to achieve a defined business outcome. Re-engineering is the basis for many recent developments in management. The cross-functional team, for example, has become popular because of the desire to re-engineer separate functional tasks into complete cross-functional processes. Also, many recent management information systems developments aim to integrate a wide number of business functions.
Enterprise resource planning, supply chain management, knowledge management systems, groupware and collaborative systems, Human Resource Management Systems and customer relationship management systems all owe a debt to re-engineering theory.
Business Process Reengineering is also known as Business Process Redesign, Business Transformation, or Business Process Change Management.
Overview
Business process reengineering (BPR) began as a private sector technique to help organizations fundamentally rethink how they do their work in order to dramatically improve customer service, cut operational costs, and become world-class competitors. A key stimulus for reengineering has been the continuing development and deployment of sophisticated information systems and networks. Leading organizations are becoming bolder in using this technology to support innovative business processes, rather than refining current ways of doing work.
Business process reengineering is one approach for redesigning the way work is done to better support the organization's mission and reduce costs. Reengineering starts with a high-level assessment of the organization's mission, strategic goals, and customer needs.
Basic questions are asked, such as "Does our mission need to be redefined? Are our strategic goals aligned with our mission? Who are our customers?" An organization may find that it is operating on questionable assumptions, particularly in terms of the wants and needs of its customers. Only after the organization rethinks what it should be doing, does it go on to decide how best to do it.
Within the framework of this basic assessment of mission and goals, reengineering focuses on the organization's business processes—the steps and procedures that govern how resources are used to create products and services that meet the needs of particular customers or markets. As a structured ordering of work steps across time and place, a business process can be decomposed into specific activities, measured, modeled, and improved. It can also be completely redesigned or eliminated altogether. Reengineering identifies, analyzes, and redesigns an organization's core business processes with the aim of achieving dramatic improvements in critical performance measures, such as cost, quality, service, and speed.
Reengineering recognizes that an organization's business processes are usually fragmented into subprocesses and tasks that are carried out by several specialized functional areas within the organization. Often, no one is responsible for the overall performance of the entire process. Reengineering maintains that optimizing the performance of subprocesses can result in some benefits, but cannot yield dramatic improvements if the process itself is fundamentally inefficient and outmoded. For that reason, reengineering focuses on redesigning the process as a whole in order to achieve the greatest possible benefits to the organization and their customers. This drive for realizing dramatic improvements by fundamentally rethinking how the organization's work should be done distinguishes reengineering from process improvement efforts that focus on functional or incremental improvement.
Business Process Reengineering
Definition
Different definitions can be found. This section contains the definition provided in notable publications in the field:
• "... the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical contemporary measures of performance, such as cost, quality, service, and speed."
• "encompasses the envisioning of new work strategies, the actual process design activity, and the implementation of the change in all its complex technological, human, and organizational dimensions."
• "Business Process Reengineering, although a close relative, seeks radical rather than merely continuous improvement. It escalates the efforts of JIT and TQM to make process orientation a strategic tool and a core competence of the organization. BPR concentrates on core business processes, and uses the specific techniques within the JIT and TQM ”toolboxes” as enablers, while broadening the process vision."
In order to achieve the major improvements BPR is seeking for, the change of structural organizational variables, and other ways of managing and performing work is often considered as being insufficient. For being able to reap the achievable benefits fully, the use of information technology (IT) is conceived as a major contributing factor. While IT traditionally has been used for supporting the existing business functions, i.e. it was used for increasing organizational efficiency, it now plays a role as enabler of new organizational forms, and patterns of collaboration within and between organizations.
How to implement a BPR project
The best way to map and improve the organization's procedures is to take a top down approach, and not undertake a project in isolation. That means:
• Starting with mission statements that define the purpose of the organization and describe what sets it apart from others in its sector or industry.
• Producing vision statements which define where the organization is going, to provide a clear picture of the desired future position.
• Build these into a clear business strategy thereby deriving the project objectives.
• Defining behaviors that will enable the organization to achieve its' aims.
• Producing key performance measures to track progress.
• Relating efficiency improvements to the culture of the organization
• Identifying initiatives that will improve performance
BPR derives its existence from different disciplines, and four major areas can be identified as being subjected to change in BPR –
1. Organization,
2. Technology,
3. Strategy, and
4. People
where a process view is used as common framework for considering these dimensions.
2.Technology
Technology is concerned with the use of computer systems and other forms of communication technology in the business. In BPR, information technology is generally considered as playing a role as enabler of new forms of organizing and collaborating, rather than supporting existing business functions.
3.Business strategy
Business strategy is the primary driver of BPR initiatives and the other dimensions are governed by strategy's encompassing role. The organization dimension reflects the structural elements of the company, such as hierarchical levels, the composition of organizational units, and the distribution of work between them.
4. People / Human
The people / human resources dimension deals with aspects such as education, training, motivation and reward systems. The concept of business processes - interrelated activities aiming at creating a value added output to a customer - is the basic underlying idea of BPR. These processes are characterized by a number of attributes: Process ownership, customer focus, value adding, and cross-functionality.
A five step approach to Business Process Reengineering
1. Develop the business vision and process objectives: The BPR method is driven by a business vision which implies specific business objectives such as cost reduction, time reduction, output quality improvement.
2. Identify the business processes to be redesigned: most firms use the 'high-impact' approach which focuses on the most important processes or those that conflict most with the business vision. A lesser number of firms use the 'exhaustive approach' that attempts to identify all the processes within an organization and then prioritize them in order of redesign urgency.
3. Understand and measure the existing processes: to avoid the repeating of old mistakes and to provide a baseline for future improvements.
4. Identify IT levers: awareness of IT capabilities can and should influence BPR.
5. Design and build a prototype of the new process: the actual design should not be viewed as the end of the BPR process. Rather, it should be viewed as a prototype, with successive iterations. The metaphor of prototype aligns the Business Process Reengineering approach with quick delivery of results, and the involvement and satisfaction of customers
The role of information technology
Information technology (IT) has historically played an important role in the reengineering concept. It is considered by some as a major enabler for new forms of working and collaborating within an organization and across organizational borders.
Early BPR literature identified several so called disruptive technologies that were supposed to challenge traditional wisdom about how work should be performed.
• Shared databases, making information available at many places
• Expert systems, allowing generalists to perform specialist tasks
• Telecommunication networks, allowing organizations to be centralized and decentralized at the same time
• Decision-support tools, allowing decision-making to be a part of everybody's job
• Wireless data communication and portable computers, allowing field personnel to work office independent
• Interactive videodisk, to get in immediate contact with potential buyers
• Automatic identification and tracking, allowing things to tell where they are, instead of requiring to be found
• High performance computing, allowing on-the-fly planning and revisioning
In the mid 1990s, especially workflow management systems were considered as a significant contributor to improved process efficiency. Also ERP (Enterprise Resource Planning) vendors, such as SAP, JD Edwards, Oracle, PeopleSoft, positioned their solutions as vehicles for business process redesign and improvement.
Reengineering has earned a bad reputation because such projects have often resulted in massive layoffs. This reputation is not altogether unwarranted, since companies have often downsized under the banner of reengineering. Further, reengineering has not always lived up to its expectations.
The main reasons seem to be that:
• Reengineering assumes that the factor that limits an organization's performance is the ineffectiveness of its processes (which may or may not be true) and offers no means of validating that assumption.
• Reengineering assumes the need to start the process of performance improvement with a "clean slate," i.e. totally disregard the status quo.
• Reengineering does not provide an effective way to focus improvement efforts on the organization's constraint.
Other criticism brought forward against the BPR concept include
• It never changed management thinking, actually the largest causes of failure in an organization
• Lack of management support for the initiative and thus poor acceptance in the organization.
• Exaggerated expectations regarding the potential benefits from a BPR initiative and consequently failure to achieve the expected results.
• Underestimation of the resistance to change within the organization.
• Implementation of generic so-called best-practice processes that do not fit specific company needs.
• Overtrust in technology solutions.
• Performing BPR as a one-off project with limited strategy alignment and long-term perspective.
• Poor project management.
Reengineering Recommendations
1) BPR must be accompanied by strategic planning, which addresses leveraging IT as a competitive tool.
2) Place the customer at the center of the reengineering effort -- concentrate on reengineering fragmented processes that lead to delays or other negative impacts on customer service.
3) BPR must be "owned" throughout the organization, not driven by a group of outside consultants.
4) Case teams must be comprised of both managers as well as those will actually do the work.
5) The IT group should be an integral part of the reengineering team from the start.
6) BPR must be sponsored by top executives, who are not about to leave or retire.
7) BPR projects must have a timetable, ideally between three to six months, so that the organization is not in a state of "limbo".
8) BPR must not ignore corporate culture and must emphasize constant communication and feedback
The analysis and design of workflows and processes within an organization. A business process is a set of logically related tasks performed to achieve a defined business outcome. Re-engineering is the basis for many recent developments in management. The cross-functional team, for example, has become popular because of the desire to re-engineer separate functional tasks into complete cross-functional processes. Also, many recent management information systems developments aim to integrate a wide number of business functions.
Enterprise resource planning, supply chain management, knowledge management systems, groupware and collaborative systems, Human Resource Management Systems and customer relationship management systems all owe a debt to re-engineering theory.
Business Process Reengineering is also known as Business Process Redesign, Business Transformation, or Business Process Change Management.
Overview
Business process reengineering (BPR) began as a private sector technique to help organizations fundamentally rethink how they do their work in order to dramatically improve customer service, cut operational costs, and become world-class competitors. A key stimulus for reengineering has been the continuing development and deployment of sophisticated information systems and networks. Leading organizations are becoming bolder in using this technology to support innovative business processes, rather than refining current ways of doing work.
Business process reengineering is one approach for redesigning the way work is done to better support the organization's mission and reduce costs. Reengineering starts with a high-level assessment of the organization's mission, strategic goals, and customer needs.
Basic questions are asked, such as "Does our mission need to be redefined? Are our strategic goals aligned with our mission? Who are our customers?" An organization may find that it is operating on questionable assumptions, particularly in terms of the wants and needs of its customers. Only after the organization rethinks what it should be doing, does it go on to decide how best to do it.
Within the framework of this basic assessment of mission and goals, reengineering focuses on the organization's business processes—the steps and procedures that govern how resources are used to create products and services that meet the needs of particular customers or markets. As a structured ordering of work steps across time and place, a business process can be decomposed into specific activities, measured, modeled, and improved. It can also be completely redesigned or eliminated altogether. Reengineering identifies, analyzes, and redesigns an organization's core business processes with the aim of achieving dramatic improvements in critical performance measures, such as cost, quality, service, and speed.
Reengineering recognizes that an organization's business processes are usually fragmented into subprocesses and tasks that are carried out by several specialized functional areas within the organization. Often, no one is responsible for the overall performance of the entire process. Reengineering maintains that optimizing the performance of subprocesses can result in some benefits, but cannot yield dramatic improvements if the process itself is fundamentally inefficient and outmoded. For that reason, reengineering focuses on redesigning the process as a whole in order to achieve the greatest possible benefits to the organization and their customers. This drive for realizing dramatic improvements by fundamentally rethinking how the organization's work should be done distinguishes reengineering from process improvement efforts that focus on functional or incremental improvement.
Business Process Reengineering
Definition
Different definitions can be found. This section contains the definition provided in notable publications in the field:
• "... the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical contemporary measures of performance, such as cost, quality, service, and speed."
• "encompasses the envisioning of new work strategies, the actual process design activity, and the implementation of the change in all its complex technological, human, and organizational dimensions."
• "Business Process Reengineering, although a close relative, seeks radical rather than merely continuous improvement. It escalates the efforts of JIT and TQM to make process orientation a strategic tool and a core competence of the organization. BPR concentrates on core business processes, and uses the specific techniques within the JIT and TQM ”toolboxes” as enablers, while broadening the process vision."
In order to achieve the major improvements BPR is seeking for, the change of structural organizational variables, and other ways of managing and performing work is often considered as being insufficient. For being able to reap the achievable benefits fully, the use of information technology (IT) is conceived as a major contributing factor. While IT traditionally has been used for supporting the existing business functions, i.e. it was used for increasing organizational efficiency, it now plays a role as enabler of new organizational forms, and patterns of collaboration within and between organizations.
How to implement a BPR project
The best way to map and improve the organization's procedures is to take a top down approach, and not undertake a project in isolation. That means:
• Starting with mission statements that define the purpose of the organization and describe what sets it apart from others in its sector or industry.
• Producing vision statements which define where the organization is going, to provide a clear picture of the desired future position.
• Build these into a clear business strategy thereby deriving the project objectives.
• Defining behaviors that will enable the organization to achieve its' aims.
• Producing key performance measures to track progress.
• Relating efficiency improvements to the culture of the organization
• Identifying initiatives that will improve performance
BPR derives its existence from different disciplines, and four major areas can be identified as being subjected to change in BPR –
1. Organization,
2. Technology,
3. Strategy, and
4. People
where a process view is used as common framework for considering these dimensions.
2.Technology
Technology is concerned with the use of computer systems and other forms of communication technology in the business. In BPR, information technology is generally considered as playing a role as enabler of new forms of organizing and collaborating, rather than supporting existing business functions.
3.Business strategy
Business strategy is the primary driver of BPR initiatives and the other dimensions are governed by strategy's encompassing role. The organization dimension reflects the structural elements of the company, such as hierarchical levels, the composition of organizational units, and the distribution of work between them.
4. People / Human
The people / human resources dimension deals with aspects such as education, training, motivation and reward systems. The concept of business processes - interrelated activities aiming at creating a value added output to a customer - is the basic underlying idea of BPR. These processes are characterized by a number of attributes: Process ownership, customer focus, value adding, and cross-functionality.
A five step approach to Business Process Reengineering
1. Develop the business vision and process objectives: The BPR method is driven by a business vision which implies specific business objectives such as cost reduction, time reduction, output quality improvement.
2. Identify the business processes to be redesigned: most firms use the 'high-impact' approach which focuses on the most important processes or those that conflict most with the business vision. A lesser number of firms use the 'exhaustive approach' that attempts to identify all the processes within an organization and then prioritize them in order of redesign urgency.
3. Understand and measure the existing processes: to avoid the repeating of old mistakes and to provide a baseline for future improvements.
4. Identify IT levers: awareness of IT capabilities can and should influence BPR.
5. Design and build a prototype of the new process: the actual design should not be viewed as the end of the BPR process. Rather, it should be viewed as a prototype, with successive iterations. The metaphor of prototype aligns the Business Process Reengineering approach with quick delivery of results, and the involvement and satisfaction of customers
The role of information technology
Information technology (IT) has historically played an important role in the reengineering concept. It is considered by some as a major enabler for new forms of working and collaborating within an organization and across organizational borders.
Early BPR literature identified several so called disruptive technologies that were supposed to challenge traditional wisdom about how work should be performed.
• Shared databases, making information available at many places
• Expert systems, allowing generalists to perform specialist tasks
• Telecommunication networks, allowing organizations to be centralized and decentralized at the same time
• Decision-support tools, allowing decision-making to be a part of everybody's job
• Wireless data communication and portable computers, allowing field personnel to work office independent
• Interactive videodisk, to get in immediate contact with potential buyers
• Automatic identification and tracking, allowing things to tell where they are, instead of requiring to be found
• High performance computing, allowing on-the-fly planning and revisioning
In the mid 1990s, especially workflow management systems were considered as a significant contributor to improved process efficiency. Also ERP (Enterprise Resource Planning) vendors, such as SAP, JD Edwards, Oracle, PeopleSoft, positioned their solutions as vehicles for business process redesign and improvement.
Reengineering has earned a bad reputation because such projects have often resulted in massive layoffs. This reputation is not altogether unwarranted, since companies have often downsized under the banner of reengineering. Further, reengineering has not always lived up to its expectations.
The main reasons seem to be that:
• Reengineering assumes that the factor that limits an organization's performance is the ineffectiveness of its processes (which may or may not be true) and offers no means of validating that assumption.
• Reengineering assumes the need to start the process of performance improvement with a "clean slate," i.e. totally disregard the status quo.
• Reengineering does not provide an effective way to focus improvement efforts on the organization's constraint.
Other criticism brought forward against the BPR concept include
• It never changed management thinking, actually the largest causes of failure in an organization
• Lack of management support for the initiative and thus poor acceptance in the organization.
• Exaggerated expectations regarding the potential benefits from a BPR initiative and consequently failure to achieve the expected results.
• Underestimation of the resistance to change within the organization.
• Implementation of generic so-called best-practice processes that do not fit specific company needs.
• Overtrust in technology solutions.
• Performing BPR as a one-off project with limited strategy alignment and long-term perspective.
• Poor project management.
Reengineering Recommendations
1) BPR must be accompanied by strategic planning, which addresses leveraging IT as a competitive tool.
2) Place the customer at the center of the reengineering effort -- concentrate on reengineering fragmented processes that lead to delays or other negative impacts on customer service.
3) BPR must be "owned" throughout the organization, not driven by a group of outside consultants.
4) Case teams must be comprised of both managers as well as those will actually do the work.
5) The IT group should be an integral part of the reengineering team from the start.
6) BPR must be sponsored by top executives, who are not about to leave or retire.
7) BPR projects must have a timetable, ideally between three to six months, so that the organization is not in a state of "limbo".
8) BPR must not ignore corporate culture and must emphasize constant communication and feedback
Tuesday, August 17, 2010
Network Security
Network Security
The terms network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of Data Loss Prevention (DLP) techniques. One of these techniques is to compartmentalize large networks with internal boundaries.
Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one Factor Authentication.
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[ Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software help detect and delete such malware.
Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.
Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.
A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components often include:
• Anti-virus and Anti-Spyware
• Firewall, to block unauthorized access to your network
• Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
• Virtual Private Networks (VPNs), to provide secure remote access
Firewall
Basically, a firewall is a barrier to keep destructive forces away from your property. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next, that's why its called a firewall.
A firewall is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewalls use one or more methods to control traffic flowing in and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Firewall Configuration
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
• IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
• Domain Names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names.
• Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:
o IP (Internet Protocol) - the main delivery system for information over the Internet
o TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
o HTTP (Hyper Text Transfer Protocol) - used for Web pages
o FTP (File Transfer Protocol) - used to download and upload files
o UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
o ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
o SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
o SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
o Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
• Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
Intrusion prevention system
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of ‘’’intrusion prevention systems’’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
Classifications
Intrusion Prevention Systems can be classified into four different types:
Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DdoS) attacks, certain forms of malware, and policy violations.
Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analysing events occurring within that host.
Detection Methods
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
Signature-based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action..
Statistical Anomaly-based Detection: This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action.
Stateful Protocol Analysis Detection: This method indentifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of begin activity.”
Virtual Private Networks (VPNs)
Traditionally, for an organization to provide connectivity between a main office and a satellite one, an expensive data line had to be leased in order to provide direct connectivity between the two offices. Now, a solution that is often more economical is to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate.
The danger in doing this, of course, is that there is no privacy on this channel, and it's difficult to provide the other office access to ``internal'' resources without providing those resources to everyone on the Internet.
VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted), and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.
The terms network security and information security are often used interchangeably. Network security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). Information security, however, explicitly focuses on protecting data resources from malware attack or simple mistakes by people within an organization by use of Data Loss Prevention (DLP) techniques. One of these techniques is to compartmentalize large networks with internal boundaries.
Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one Factor Authentication.
Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[ Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software help detect and delete such malware.
Network security involves all activities that organizations, enterprises, and institutions undertake to protect the value and ongoing usability of assets and the integrity and continuity of operations. An effective network security strategy requires identifying threats and then choosing the most effective set of tools to combat them.
Network security is accomplished through hardware and software. The software must be constantly updated and managed to protect you from emerging threats.
A network security system usually consists of many components. Ideally, all components work together, which minimizes maintenance and improves security.
Network security components often include:
• Anti-virus and Anti-Spyware
• Firewall, to block unauthorized access to your network
• Intrusion prevention systems (IPS), to identify fast-spreading threats, such as zero-day or zero-hour attacks
• Virtual Private Networks (VPNs), to provide secure remote access
Firewall
Basically, a firewall is a barrier to keep destructive forces away from your property. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next, that's why its called a firewall.
A firewall is a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Firewalls use one or more methods to control traffic flowing in and out of the network:
• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
Firewall Configuration
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:
• IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
• Domain Names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names.
• Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:
o IP (Internet Protocol) - the main delivery system for information over the Internet
o TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
o HTTP (Hyper Text Transfer Protocol) - used for Web pages
o FTP (File Transfer Protocol) - used to download and upload files
o UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
o ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
o SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
o SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
o Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
• Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
Intrusion prevention system
Intrusion Prevention Systems (IPS), also known as Intrusion Detection and Prevention Systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of ‘’’intrusion prevention systems’’’ are to identify malicious activity, log information about said activity, attempt to block/stop activity, and report activity.
Classifications
Intrusion Prevention Systems can be classified into four different types:
Network-based Intrusion Prevention (NIPS): monitors the entire network for suspicious traffic by analyzing protocol activity.
Wireless Intrusion Prevention Systems (WIPS): monitors a wireless network for suspicious traffic by analyzing wireless networking protocols.
Network Behavior Analysis (NBA): examines network traffic to identify threats that generate unusual traffic flows, such as distributed denial of service (DdoS) attacks, certain forms of malware, and policy violations.
Host-based Intrusion Prevention (HIPS): an installed software package which monitors a single host for suspicious activity by analysing events occurring within that host.
Detection Methods
The majority of intrusion prevention systems utilize one of three detection methods: signature-based, statistical anomaly-based, and stateful protocol analysis.
Signature-based Detection: This method of detection utilizes signatures, which are attack patterns that are preconfigured and predetermined. A signature-based intrusion prevention system monitors the network traffic for matches to these signatures. Once a match is found the intrusion prevention system takes the appropriate action..
Statistical Anomaly-based Detection: This method of detection baselines performance of average network traffic conditions. After a baseline is created, the system intermittently samples network traffic, using statistical analysis to compare the sample to the set baseline. If the activity is outside the baseline parameters, the intrusion prevention system takes the appropriate action.
Stateful Protocol Analysis Detection: This method indentifies deviations of protocol states by comparing observed events with “predetermined profiles of generally accepted definitions of begin activity.”
Virtual Private Networks (VPNs)
Traditionally, for an organization to provide connectivity between a main office and a satellite one, an expensive data line had to be leased in order to provide direct connectivity between the two offices. Now, a solution that is often more economical is to provide both offices connectivity to the Internet. Then, using the Internet as the medium, the two offices can communicate.
The danger in doing this, of course, is that there is no privacy on this channel, and it's difficult to provide the other office access to ``internal'' resources without providing those resources to everyone on the Internet.
VPNs provide the ability for two offices to communicate with each other in such a way that it looks like they're directly connected over a private leased line. The session between them, although going over the Internet, is private (because the link is encrypted), and the link is convenient, because each can see each others' internal resources without showing them off to the entire world.
Monday, August 16, 2010
Introduction to IT & IS – Data, Information & System
Information Technology (IT)
The Information Technology Association of America (ITAA) defines Information Technology as "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware."
The term "information technology" came about in the 1970s. Information Technology (IT) is a field concerned with the use of technology in managing and processing information. IT provides supports the use of electronic computers and computer software to convert, store, protect, process, transmit, and retrieve information. IT is a field which aids in making useful and sustainable the technology which Computer Science provides. The first commercial computer was the UNIVAC I. It was designed by J. Presper Eckert and John Mauchly for the U.S. Census Bureau. Since then, four generations of computers have evolved. Each generation represented a step that was characterized by hardware of decreased size and increased capabilities. The first generation used vacuum tubes, the second used transistors,the third integrated circuits, and the fourth used integrated circuits on a single chip. The late 70s saw the rise of microcomputers, followed closely by IBM’s personal computer in 1981. Today, the term Information Technology has ballooned to encompass many aspects of computing and technology and the term is more recognizable than ever before. The Information Technology umbrella can be quite large, covering many fields. IT professionals perform a variety of duties that range from installing applications to designing complex computer networks and information databases.
Information Technology or IT, also cited as Information Service (IS) or Management Information Service (MIS), can be defined as the development, design, study, implementation and management of computer related information. It can also be defined as the use of computer (hardware and software) to manage information.
Components of Information Technology
• Computers: Computers are very important in order to store and process data. Depending on the size, cost and processing ability, computers are divided into four categories. They are mainframes, supercomputer, minicomputers and microcomputers (desktops or personal computers).
• Servers: A server is a combination of hardware and software, and is used to provide services to the client computers. These services generally include storage and retrieval of information. A standalone computer can also act as a server, provided it's running on server operating system.
• Database Management Systems (DBMS): Database Management System is basically a set of software programs which manages the storage and retrieval and organizes the information in a computer. This information is in the form of a database and is managed with the help of softwares. The DBMS accepts requests from the application program and instructs the operating system to transfer the appropriate data. There are various departments to monitor the flow of information, which include System Administrators, IT Managers, Database Administrators and Chief Information Officers (CIOs).
• Networking: A computer network is a collection of computers and peripherals connected to each other through different modes. These modes can be wired or wireless. The network allows computers to communicate with each other (share information and resources like printers, scanners, etc.).
• Network Security and Cryptography: Network security is one of the most important aspects of information technology. It consists of all the provisions made in an underlying computer network, in order to prevent unauthorized usage of information. It also includes implementing the policies adopted by the government and the applicable cyber laws. It is also helpful in providing protection from computer hacking at the cyber boundaries of an organization.
Information System (IS)
An Information System (IS) is any combination of information technology and people's activities using that technology to support operations, management, and decision-making.In a very broad sense, the term information system is frequently used to refer to the interaction between people, algorithmic processes, data and technology. In this sense, the term is used to refer not only to the information and communication technology (ICT) an organization uses, but also to the way in which people interact with this technology in support of business processes.
Information system is a set of interrelated component that collect, process, store, and disseminate information to support companies’ managerial team in decision making, coordinating, controlling, and analyzing.
The information systems undergo at least four phases:
a) Initiation, the process of defining the need to change an existing work system
b) Development, the process of acquiring and configuring/installing the necessary hardware, software and other resources
c) Implementation, the process of building new system operational in the organisation, and
d) Operation and maintenance, the process concerned with the operation of the system, correcting any problems that may arise and ensuring that the system is delivering the anticipating benefits. The management of these processes can be achieved and controlled using a series of techniques and management tools.
Data
The term data refers to groups of information that represent the qualitative or quantitative attributes of a variable or set of variables. Data (plural of "datum", which is seldom used) are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which information and knowledge are derived. Raw data refers to a collection of numbers, characters, images or other outputs from devices that collect information to convert physical quantities into symbols, that are unprocessed.
The terms information and knowledge are frequently used for overlapping concepts. The main difference is in the level of abstraction being considered. Data is the lowest level of abstraction, information is the next level, and finally, knowledge is the highest level among all three. Data on its own carries no meaning. In order for data to become information, it must be interpreted and take on a meaning.
There are two main types of data:
1. Qualitative and
2. Quantitative
The Four Stages of Data Processing
Input: Data is collected and entered into computer.
Data processing: Data is manipulated into information using mathematical, statistical, and other tools.
Output: Information is displayed or presented.
Storage: Data and information are maintained for later use.
Information
The word information is derived from Latin informare which means "give form to". Most people tend to think of information as disjointed little bundles of "facts". The way the word information is used can refer to both "facts" in themselves and the transmission of the facts. Information is what is used in the act of informing or the state of being informed. Information includes knowledge acquired by some means. When information is entered into and stored in a computer, it is generally referred to as data. After processing (such as formatting and printing), output data can again be perceived as information. When information is packaged or used for understanding or doing something, it is known as knowledge.
System
A system is a combination or arrangement of parts to form an integrated whole. A system includes an orderly arrangement according to some common principles or rules. A system is a plan or method of doing something.
A system is a collection of elements or components that are organized for a common purpose. The word sometimes describes the organization or plan itself (and is similar in meaning to method) and sometimes describes the parts in the system (as in "computer system").
What Is a System?
System: A set of components that work together to achieve a common goal
Subsystem: One part of a system where the products of more than one system are combined to reach an ultimate goal
Closed system: Stand-alone system that has no contact with other systems
Open system: System that interfaces with other systems
A computer system consists of hardware components that have been carefully chosen so that they work well together and software components or programs that run in the computer.
The main software component is itself an operating system that manages and provides services to other programs that can be run in the computer.
A filing system is a group of files organized with a plan (for example, alphabetical by customer). All of nature and the universe can be said to be a system. We've coined a word, ecosystem, for the systems on Earth that affect life systems.
The Information Technology Association of America (ITAA) defines Information Technology as "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware."
The term "information technology" came about in the 1970s. Information Technology (IT) is a field concerned with the use of technology in managing and processing information. IT provides supports the use of electronic computers and computer software to convert, store, protect, process, transmit, and retrieve information. IT is a field which aids in making useful and sustainable the technology which Computer Science provides. The first commercial computer was the UNIVAC I. It was designed by J. Presper Eckert and John Mauchly for the U.S. Census Bureau. Since then, four generations of computers have evolved. Each generation represented a step that was characterized by hardware of decreased size and increased capabilities. The first generation used vacuum tubes, the second used transistors,the third integrated circuits, and the fourth used integrated circuits on a single chip. The late 70s saw the rise of microcomputers, followed closely by IBM’s personal computer in 1981. Today, the term Information Technology has ballooned to encompass many aspects of computing and technology and the term is more recognizable than ever before. The Information Technology umbrella can be quite large, covering many fields. IT professionals perform a variety of duties that range from installing applications to designing complex computer networks and information databases.
Information Technology or IT, also cited as Information Service (IS) or Management Information Service (MIS), can be defined as the development, design, study, implementation and management of computer related information. It can also be defined as the use of computer (hardware and software) to manage information.
Components of Information Technology
• Computers: Computers are very important in order to store and process data. Depending on the size, cost and processing ability, computers are divided into four categories. They are mainframes, supercomputer, minicomputers and microcomputers (desktops or personal computers).
• Servers: A server is a combination of hardware and software, and is used to provide services to the client computers. These services generally include storage and retrieval of information. A standalone computer can also act as a server, provided it's running on server operating system.
• Database Management Systems (DBMS): Database Management System is basically a set of software programs which manages the storage and retrieval and organizes the information in a computer. This information is in the form of a database and is managed with the help of softwares. The DBMS accepts requests from the application program and instructs the operating system to transfer the appropriate data. There are various departments to monitor the flow of information, which include System Administrators, IT Managers, Database Administrators and Chief Information Officers (CIOs).
• Networking: A computer network is a collection of computers and peripherals connected to each other through different modes. These modes can be wired or wireless. The network allows computers to communicate with each other (share information and resources like printers, scanners, etc.).
• Network Security and Cryptography: Network security is one of the most important aspects of information technology. It consists of all the provisions made in an underlying computer network, in order to prevent unauthorized usage of information. It also includes implementing the policies adopted by the government and the applicable cyber laws. It is also helpful in providing protection from computer hacking at the cyber boundaries of an organization.
Information System (IS)
An Information System (IS) is any combination of information technology and people's activities using that technology to support operations, management, and decision-making.In a very broad sense, the term information system is frequently used to refer to the interaction between people, algorithmic processes, data and technology. In this sense, the term is used to refer not only to the information and communication technology (ICT) an organization uses, but also to the way in which people interact with this technology in support of business processes.
Information system is a set of interrelated component that collect, process, store, and disseminate information to support companies’ managerial team in decision making, coordinating, controlling, and analyzing.
The information systems undergo at least four phases:
a) Initiation, the process of defining the need to change an existing work system
b) Development, the process of acquiring and configuring/installing the necessary hardware, software and other resources
c) Implementation, the process of building new system operational in the organisation, and
d) Operation and maintenance, the process concerned with the operation of the system, correcting any problems that may arise and ensuring that the system is delivering the anticipating benefits. The management of these processes can be achieved and controlled using a series of techniques and management tools.
Data
The term data refers to groups of information that represent the qualitative or quantitative attributes of a variable or set of variables. Data (plural of "datum", which is seldom used) are typically the results of measurements and can be the basis of graphs, images, or observations of a set of variables. Data are often viewed as the lowest level of abstraction from which information and knowledge are derived. Raw data refers to a collection of numbers, characters, images or other outputs from devices that collect information to convert physical quantities into symbols, that are unprocessed.
The terms information and knowledge are frequently used for overlapping concepts. The main difference is in the level of abstraction being considered. Data is the lowest level of abstraction, information is the next level, and finally, knowledge is the highest level among all three. Data on its own carries no meaning. In order for data to become information, it must be interpreted and take on a meaning.
There are two main types of data:
1. Qualitative and
2. Quantitative
The Four Stages of Data Processing
Input: Data is collected and entered into computer.
Data processing: Data is manipulated into information using mathematical, statistical, and other tools.
Output: Information is displayed or presented.
Storage: Data and information are maintained for later use.
Information
The word information is derived from Latin informare which means "give form to". Most people tend to think of information as disjointed little bundles of "facts". The way the word information is used can refer to both "facts" in themselves and the transmission of the facts. Information is what is used in the act of informing or the state of being informed. Information includes knowledge acquired by some means. When information is entered into and stored in a computer, it is generally referred to as data. After processing (such as formatting and printing), output data can again be perceived as information. When information is packaged or used for understanding or doing something, it is known as knowledge.
System
A system is a combination or arrangement of parts to form an integrated whole. A system includes an orderly arrangement according to some common principles or rules. A system is a plan or method of doing something.
A system is a collection of elements or components that are organized for a common purpose. The word sometimes describes the organization or plan itself (and is similar in meaning to method) and sometimes describes the parts in the system (as in "computer system").
What Is a System?
System: A set of components that work together to achieve a common goal
Subsystem: One part of a system where the products of more than one system are combined to reach an ultimate goal
Closed system: Stand-alone system that has no contact with other systems
Open system: System that interfaces with other systems
A computer system consists of hardware components that have been carefully chosen so that they work well together and software components or programs that run in the computer.
The main software component is itself an operating system that manages and provides services to other programs that can be run in the computer.
A filing system is a group of files organized with a plan (for example, alphabetical by customer). All of nature and the universe can be said to be a system. We've coined a word, ecosystem, for the systems on Earth that affect life systems.
Sunday, August 15, 2010
System-Open and Close System
System
Open systems refer to systems that interact with other systems or the outside environment, whereas closed systems refer to systems having relatively little interaction with other systems or the outside environment. For example, living organisms are considered open systems because they take in substances from their environment such as food and air and return other substances to their environment. Humans, for example, inhale oxygen out of the environment and exhale carbon dioxide into the environment. Similarly, some organizations consume raw materials in the production of products and emit finished goods and pollution as a result. In contrast, a watch is an example of a closed system in that it is a relatively self-contained, self-maintaining unit that has little interacts or exchange with its environment.
All systems have boundaries, a fact that is immediately apparent in mechanical systems such as the watch, but much less apparent in social systems such as organizations. The boundaries of open systems, because they interact with other systems or environments, are more flexible than those of closed systems, which are rigid and largely impenetrable.
A closed-system perspective views organizations as relatively independent of environmental influences. The closed-system approach conceives of the organization as a system of management, technology, personnel, equipment, and materials, but tends to exclude competitors, suppliers, distributors, and governmental regulators. This approach allows managers and organizational theorists to analyze problems by examining the internal structure of a business with little consideration of the external environment.
The closed-system perspective basically views an organization much as a thermostat; limited environmental input outside of changes in temperature is required for effective operation. Once set, thermostats require little maintenance in their ongoing, self-reinforcing function. While the closed-system perspective was dominant through the 1960s, organization scholarship and research subsequently emphasized the role of the environment. Up through the 1960s, it was not that managers ignored the outside environment such as other organizations, markets, government regulations and the like, but that their strategies and other decision-making processes gave relatively little consideration to the impact these external forces might have on the internal operations of the organization.
Open-systems theory originated in the natural sciences and subsequently spread to fields as diverse as computer science, ecology, engineering, management, and psychotherapy. In contrast to closed-systems, the open-system perspective views an organization as an entity that takes inputs from the environment, transforms them, and releases them as outputs in tandem with reciprocal effects on the organization itself along with the environment in which the organization operates. That is, the organization becomes part and parcel of the environment in which it is situated. Returning for a moment to the example of biological systems as open-systems, billions of individual cells in the human body, themselves composed of thousands of individual parts and processes, are essential for the viability of the larger body in which they are a part. In turn, "macro-level" processes such as eating and breathing make the survival of individual cells contingent on these larger processes. In much the same way, open-systems of organizations accept that organizations are contingent on their environments and these environments are also contingent on organizations.
As an open-systems approach spread among organizational theorists, managers began incorporating these views into practice. Two early pioneers in this effort, Daniel Katz and Robert Kahn, began viewing organizations as open social systems with specialized and interdependent subsystems and processes of communication, feedback, and management linking the subsystems. Katz and Kahn argued that the closed-system approach fails to take into account how organizations are reciprocally dependent on external environments. For example, environmental forces such as customers and competitors exert considerable influence on corporations, highlighting the essential relationship between an organization and its environment as well as the importance of maintaining external inputs to achieve a stable organization.
Furthermore, the open-system approach serves as a model of business activity; that is, business as a process of transforming inputs to outputs while realizing that inputs are taken from the external environment and outputs are placed into this same environment. Companies use inputs such as labor, funds, equipment, and materials to produce goods or to provide services and they design their subsystems to attain these goals. These subsystems are thus analogous to cells in the body, the organization itself is analogous to the body, and external market and regulatory conditions are analogous to environmental factors such as the quality of housing, drinking water, air and availability of nourishment.
The production subsystem, for example, focuses on converting inputs into marketable outputs and often constitutes a primary purpose of a company. The boundary subsystem's goal is to obtain inputs or resources, such as employees, materials, equipment, and so forth, from the environment outside of the company, which are necessary for the production subsystem. This subsystem also is responsible for providing an organization with information about the environment. This adaptive subsystem collects and processes information about a company's operations with the goal of aiding the company's adaptation to external conditions in its environment. Another subsystem, management, supervises and coordinates the other subsystems to ensure that each subsystem functions efficiently. The management subsystem must resolve conflicts, solve problems, allocate resources, and so on.
To simplify the process of evaluating environmental influences, some organizational theorists use the term "task environment" to refer to aspects of the environment that are immediately relevant to management decisions related to goal setting and goal realization. The task environment includes customers, suppliers, competitors, employees, and regulatory bodies. Furthermore, in contrast to closed-systems, the open-system perspective does not assume that the environment is static. Instead, change is the rule rather than the exception. Consequently, investigation of environmental stability and propensity to change is a key task of a company, making the activities of an organization contingent on various environmental forces. As an open system, an organization maintains its stability through feedback, which refers to information about outputs that a system obtains as an input from its task environment. The feedback can be positive or negative and can lead to changes in the way an organization transforms inputs to outputs. Here, the organization acts as a thermostat, identified previously as an example of a relatively closed-system.
The difference between closed-systems and open-systems, then, is in the complexity of environmental interactions. Closed-systems assume relatively little complexity; a thermostat is a simple device dependent mainly on temperature fluctuations. Conversely, open-system such as the human body and modern organizations are more intricately dependent on their environments.
The point is that closed-systems versus open-systems do not represent a dichotomy, but rather a continuum along which organizations are more open or less open to their environments. The key defining variable governing this degree of openness is the complexity of the environment in which the organization is situated.
Managers must take into consideration their organization's position along the open-closed continuum. The Linux computer operating system, for instance, is "open-source" and Red Hat, Inc., the corporation selling the bundled revisions-the multiple inputs from geographically dispersed users-represents an organization that would cease to exist if it were not for an open-systems perspective. Thus, stable environments with low complexity are more consistent with a relatively closed-system or mechanistic management style, while rapidly-changing environments are more consistent with flexible, decentralized, or "organic" management styles.
Saturday, August 14, 2010
Virtual Private Network (VPN) Technology
Virtual Private Network (VPN) Technology
The virtual private network (VPN) technology included in Windows Server 2003 helps enable cost-effective, secure remote access to private networks. VPN allows administrators to take advantage of the Internet to help provide the functionality and security of private WAN connections at a lower cost. In Windows Server 2003, VPN is enabled using the Routing and Remote Access service. VPN is part of a comprehensive network access solution that includes support for authentication and authorization services, and advanced network security technologies.
There are two main strategies that help provide secure connectivity between private networks and enabling network access for remote users.
Dial-up or leased line connections
A dial-up or leased line connection creates a physical connection to a port on a remote access server on a private network. However, using dial-up or leased lines to provide network access is expensive when compared to the cost of providing network access using a VPN connection.
VPN connections
VPN connections use either Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol/Internet Protocol security (L2TP/IPSec) over an intermediate network, such as the Internet. By using the Internet as a connection medium, VPN saves the cost of long-distance phone service and hardware costs associated with using dial-up or leased line connections. A VPN solution includes advanced security technologies such as data encryption, authentication, authorization, and Network Access Quarantine Control.
Using VPN, administrators can connect remote or mobile workers (VPN clients) to private networks. Remote users can work as if their computers are physically connected to the network. To accomplish this, VPN clients can use a Connection Manager profile to initiate a connection to a VPN server. The VPN server can communicate with an Internet Authentication Service (IAS) server to authenticate and authorize a user session and maintain the connection until it is terminated by the VPN client or by the VPN server. All services typically available to a LAN-connected client (including file and print sharing, Web server access, and messaging) are enabled by VPN.
VPN clients can use standard tools to access resources. For example, clients can use Windows Explorer to make drive connections and to connect to printers. Connections are persistent: Users do not need to reconnect to network resources during their VPN sessions. Because drive letters and universal naming convention (UNC) names are fully supported by VPN, most commercial and custom applications work without modification.
Virtual private networks are point-to-point connections across a private or public network such as the Internet. A VPN client uses special TCP/IP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a header. The header provides routing information that enables the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data being sent is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The link in which the private data is encapsulated and encrypted is known as a VPN connection.
There are two types of VPN connections:
• Remote access VPN
• Site-to-site VPN
Remote Access VPN
Remote access VPN connections enable users working at home or on the road to access a server on a private network using the infrastructure provided by a public network, such as the Internet. From the user’s perspective, the VPN is a point-to-point connection between the computer (the VPN client) and an organization’s server. The exact infrastructure of the shared or public network is irrelevant because it appears logically as if the data is sent over a dedicated private link.
Site-to-Site VPN
Site-to-site VPN connections (also known as router-to-router VPN connections) enable organizations to have routed connections between separate offices or with other organizations over a public network while helping to maintain secure communications. A routed VPN connection across the Internet logically operates as a dedicated WAN link. When networks are connected over the Internet, as shown in the following figure, a router forwards packets to another router across a VPN connection. To the routers, the VPN connection operates as a data-link layer link.
A site-to-site VPN connection connects two portions of a private network. The VPN server provides a routed connection to the network to which the VPN server is attached. The calling router (the VPN client) authenticates itself to the answering router (the VPN server), and, for mutual authentication, the answering router authenticates itself to the calling router. In a site-to site VPN connection, the packets sent from either router across the VPN connection typically do not originate at the routers.
VPN Connection Properties
Encapsulation
VPN technology provides a way of encapsulating private data with a header that allows the data to traverse the network.
Authentication
There are three types of authentication for VPN connections:
1. User authentication
2. Computer authentication with L2TP/IPSec
3. Data Encryption
User authentication
For the VPN connection to be established, the VPN server authenticates the VPN client attempting the connection and verifies that the VPN client has the appropriate permissions. If mutual authentication is being used, the VPN client also authenticates the VPN server, providing protection against masquerading VPN servers.
Computer authentication with L2TP/IPSec
By performing computer-level authentication with IPSec, L2TP/IPSec connections also verify that the remote access client computer is trusted.
Data authentication and integrity
To verify that the data being sent on an L2TP/IPSec VPN connection originated at the other end of the connection and was not modified in transit, L2TP/IPSec packets include a cryptographic checksum based on an encryption key known only to the sender and the receiver.
Data Encryption
Data can be encrypted for protection between the endpoints of the VPN connection. Data encryption should always be used for VPN connections where private data is sent across a public network such as the Internet. Data that is not encrypted is vulnerable to unauthorized interception. For VPN connections, Routing and Remote Access uses Microsoft Point-to-Point Encryption (MPPE) with PPTP and IPSec encryption with L2TP.
Connection Manager
Connection Manager is a service profile that can be used to provide customized remote access to a network through a VPN connection. The advanced features of Connection Manager are a superset of basic dial-up networking. Connection Manager provides support for local and remote connections by using a network of points of presence (POPs), such as those available worldwide through ISPs. Windows Server 2003 includes a set of tools that enable a network manager to deliver pre-configured connections to network users.
These tools are:
• The Connection Manager Administration Kit (CMAK)
• Connection Point Services (CPS)
The Connection Manager Administration Kit (CMAK)
A network administrator can tailor the appearance and behavior of a connection made with Connection Manager by using CMAK. With CMAK, an administrator can develop client dialer and connection software that allows users to connect to the network by using only the connection features that the administrator defines for them. Connection Manager supports a variety of features that both simplify and enhance implementation of connection support, most of which can be incorporated using the Connection Manager Administration Kit Wizard.
CMAK enables administrators to build profiles that customize the Connection Manager Installation package so that it reflects an organization’s identity. CMAK allows administrators to determine which functions and features to include and how Connection Manager appears to end-users. Administrators can do this by using the CMAK wizard to build custom service profiles.
Connection Point Services (CPS)
Connection Point Services (CPS) automatically distributes and updates custom phone books. These phone books contain one or more Point of Presence (POP) entries, with each POP supplying a telephone number that provides dial-up access to an Internet access point for VPN connections. The phone books give users complete POP information, so when they travel they can connect to different Internet POPs rather than being restricted to a single POP.
Without the ability to update phone books (a task CPS handles automatically), users would have to contact their organization’s technical support staff to be informed of changes in POP information and to reconfigure their client-dialer software.
CPS has two components:
• Phone Book Administrator
• Phone Book Service
Phone Book Administrator
Phone Book Administrator is a tool used to create and maintain the phone book database and to publish new phone book information to the Phone Book Service.
Phone Book Service
The Phone Book Service runs on an IIS server and responds to requests from Connection Manager clients to verify the current version of subscribers’ or corporate employees’ current phone books and, if necessary, downloads a phone book update to the Connection Manager client.
The virtual private network (VPN) technology included in Windows Server 2003 helps enable cost-effective, secure remote access to private networks. VPN allows administrators to take advantage of the Internet to help provide the functionality and security of private WAN connections at a lower cost. In Windows Server 2003, VPN is enabled using the Routing and Remote Access service. VPN is part of a comprehensive network access solution that includes support for authentication and authorization services, and advanced network security technologies.
There are two main strategies that help provide secure connectivity between private networks and enabling network access for remote users.
Dial-up or leased line connections
A dial-up or leased line connection creates a physical connection to a port on a remote access server on a private network. However, using dial-up or leased lines to provide network access is expensive when compared to the cost of providing network access using a VPN connection.
VPN connections
VPN connections use either Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol/Internet Protocol security (L2TP/IPSec) over an intermediate network, such as the Internet. By using the Internet as a connection medium, VPN saves the cost of long-distance phone service and hardware costs associated with using dial-up or leased line connections. A VPN solution includes advanced security technologies such as data encryption, authentication, authorization, and Network Access Quarantine Control.
Using VPN, administrators can connect remote or mobile workers (VPN clients) to private networks. Remote users can work as if their computers are physically connected to the network. To accomplish this, VPN clients can use a Connection Manager profile to initiate a connection to a VPN server. The VPN server can communicate with an Internet Authentication Service (IAS) server to authenticate and authorize a user session and maintain the connection until it is terminated by the VPN client or by the VPN server. All services typically available to a LAN-connected client (including file and print sharing, Web server access, and messaging) are enabled by VPN.
VPN clients can use standard tools to access resources. For example, clients can use Windows Explorer to make drive connections and to connect to printers. Connections are persistent: Users do not need to reconnect to network resources during their VPN sessions. Because drive letters and universal naming convention (UNC) names are fully supported by VPN, most commercial and custom applications work without modification.
Virtual private networks are point-to-point connections across a private or public network such as the Internet. A VPN client uses special TCP/IP-based protocols, called tunneling protocols, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network.
To emulate a point-to-point link, data is encapsulated, or wrapped, with a header. The header provides routing information that enables the data to traverse the shared or public network to reach its endpoint. To emulate a private link, the data being sent is encrypted for confidentiality. Packets that are intercepted on the shared or public network are indecipherable without the encryption keys. The link in which the private data is encapsulated and encrypted is known as a VPN connection.
There are two types of VPN connections:
• Remote access VPN
• Site-to-site VPN
Remote Access VPN
Remote access VPN connections enable users working at home or on the road to access a server on a private network using the infrastructure provided by a public network, such as the Internet. From the user’s perspective, the VPN is a point-to-point connection between the computer (the VPN client) and an organization’s server. The exact infrastructure of the shared or public network is irrelevant because it appears logically as if the data is sent over a dedicated private link.
Site-to-Site VPN
Site-to-site VPN connections (also known as router-to-router VPN connections) enable organizations to have routed connections between separate offices or with other organizations over a public network while helping to maintain secure communications. A routed VPN connection across the Internet logically operates as a dedicated WAN link. When networks are connected over the Internet, as shown in the following figure, a router forwards packets to another router across a VPN connection. To the routers, the VPN connection operates as a data-link layer link.
A site-to-site VPN connection connects two portions of a private network. The VPN server provides a routed connection to the network to which the VPN server is attached. The calling router (the VPN client) authenticates itself to the answering router (the VPN server), and, for mutual authentication, the answering router authenticates itself to the calling router. In a site-to site VPN connection, the packets sent from either router across the VPN connection typically do not originate at the routers.
VPN Connection Properties
Encapsulation
VPN technology provides a way of encapsulating private data with a header that allows the data to traverse the network.
Authentication
There are three types of authentication for VPN connections:
1. User authentication
2. Computer authentication with L2TP/IPSec
3. Data Encryption
User authentication
For the VPN connection to be established, the VPN server authenticates the VPN client attempting the connection and verifies that the VPN client has the appropriate permissions. If mutual authentication is being used, the VPN client also authenticates the VPN server, providing protection against masquerading VPN servers.
Computer authentication with L2TP/IPSec
By performing computer-level authentication with IPSec, L2TP/IPSec connections also verify that the remote access client computer is trusted.
Data authentication and integrity
To verify that the data being sent on an L2TP/IPSec VPN connection originated at the other end of the connection and was not modified in transit, L2TP/IPSec packets include a cryptographic checksum based on an encryption key known only to the sender and the receiver.
Data Encryption
Data can be encrypted for protection between the endpoints of the VPN connection. Data encryption should always be used for VPN connections where private data is sent across a public network such as the Internet. Data that is not encrypted is vulnerable to unauthorized interception. For VPN connections, Routing and Remote Access uses Microsoft Point-to-Point Encryption (MPPE) with PPTP and IPSec encryption with L2TP.
Connection Manager
Connection Manager is a service profile that can be used to provide customized remote access to a network through a VPN connection. The advanced features of Connection Manager are a superset of basic dial-up networking. Connection Manager provides support for local and remote connections by using a network of points of presence (POPs), such as those available worldwide through ISPs. Windows Server 2003 includes a set of tools that enable a network manager to deliver pre-configured connections to network users.
These tools are:
• The Connection Manager Administration Kit (CMAK)
• Connection Point Services (CPS)
The Connection Manager Administration Kit (CMAK)
A network administrator can tailor the appearance and behavior of a connection made with Connection Manager by using CMAK. With CMAK, an administrator can develop client dialer and connection software that allows users to connect to the network by using only the connection features that the administrator defines for them. Connection Manager supports a variety of features that both simplify and enhance implementation of connection support, most of which can be incorporated using the Connection Manager Administration Kit Wizard.
CMAK enables administrators to build profiles that customize the Connection Manager Installation package so that it reflects an organization’s identity. CMAK allows administrators to determine which functions and features to include and how Connection Manager appears to end-users. Administrators can do this by using the CMAK wizard to build custom service profiles.
Connection Point Services (CPS)
Connection Point Services (CPS) automatically distributes and updates custom phone books. These phone books contain one or more Point of Presence (POP) entries, with each POP supplying a telephone number that provides dial-up access to an Internet access point for VPN connections. The phone books give users complete POP information, so when they travel they can connect to different Internet POPs rather than being restricted to a single POP.
Without the ability to update phone books (a task CPS handles automatically), users would have to contact their organization’s technical support staff to be informed of changes in POP information and to reconfigure their client-dialer software.
CPS has two components:
• Phone Book Administrator
• Phone Book Service
Phone Book Administrator
Phone Book Administrator is a tool used to create and maintain the phone book database and to publish new phone book information to the Phone Book Service.
Phone Book Service
The Phone Book Service runs on an IIS server and responds to requests from Connection Manager clients to verify the current version of subscribers’ or corporate employees’ current phone books and, if necessary, downloads a phone book update to the Connection Manager client.
Subscribe to:
Posts (Atom)