Chapter 1, From Mainframe to Client/Server to World Wide Web
This lesson presents some background material from chapter 1. Objectives
important to this lesson:
Shifts in technology
WWW so far
E-commerce concerns
IoT concerns
Securing communications
Concepts:
Chapter 1
Our
text begins with a very basic start, reminding us that data is raw information
and that it needs to be processed to become information. Processing may
take place on a computer, or in the mind of an analyst, but it is still
processing. In order for a computer to help us with anything, a human
had to figure out what needed to be done, either by the human or by the
device. The text offers us some history about the invention of calculating
devices, Many of you will not have heard of John
Napier, Wilhelm
Schickard, or Blaise
Pascal. They made some wonderful progress in the first half of the
17th century in making devices that aided in calculation. Follow this
link to the Computer
History Museum and browse some of the devices in their discussion
of the subject.
The object shown on the left
is a realization of Schickard's machine, made from his surviving plans.
The object in the image on the right
is a pascaline, one of the actual devices that Pascal created, invented
for his father who was a tax collector.
A more "recent" contribution to computing was the invention
of the Jacquard loom, a weaver's device that could produce identical
pieces by using patterns saved on punched cards. The cards, essentially,
held programs for the loom. That was invented in 1801 by Mr. Jacquard,
but he did not create it all by himself. The book barely mentions
it, but this video by James Burke, a part of his TV series called Connections,
gives you more information as well as a some quick references to other
precursor technologies that Burke talked about in his program, technologies
that Jacquard and his predecessors used to build their creations.
Almost two hundred years after Pascal (1820s and 30s), several attempts
were made to design a general purpose
machine by Charles Babbage. (Click the image below to watch a video
about Babbage and his inventions.) Babbage's attempts might be seen as
an evolution in technology that was not implemented when it was
invented, because it was too complicated and too expensive
to build.
In 1889, the US Census changed forever due to the work of Herman
Hollerith, who had worked on the 1880 census, found it to be in
dire need of an information engineer, and subsequently created a punched
card system for tabulating the census data. His system was used by many
other countries for their censuses. He started a company to market his
services. It eventually merged with others and became IBM.
The rate of growth in computing power accelerated with the application
of electricity and, later, electronics, which really started in World
War II and the Cold War. Computers were an invention that needed electronics
to become what we consider them today. The text presents a list of significant
events on pages 6 and 7, taking us from 1941 to 2002.
On the next several pages, the text reviews the progression from mainframes
(centralized computing) to personal computers (distributed computing),
which led to networking computers to share resources, primarily
through client/server networks. Mainframe computing put all processing
on one device, the mainframe. Workstations were only terminals in those
systems. Networking provides services and resources on servers
(centralization), while allowing processing to take place on each client
(distribution).
The world changed again when the Internet became generally accessible,
and commerce became common on it. It may seem odd to you, but there was
a time when there was a lot of debate and doubt about the wisdom of allowing
commercial entities (businesses) to have a presence on the Internet, much
less allowing them to conduct the majority of their business on it. Security
was not an essential part of the Internet when it was designed. It was
not planned to be a system that everyone in the world would be able to
access. Pay attention to the four features on page 11 that provide confidence
in electronic commerce. They are a little different from usual CIA components:
integrity - part of CIA, the confidence that electronic transmissions
are sent, processed, and stored as intended
nonrepudiation - the state in which there is proof of what
each party in a transaction has agreed to do, and who those parties
are
authentication - confidence that an online user or provider
is who they appear to be
privacy - the CIA element called confidentiality, the
trust that private information is and will remain private
These four area of concern are important to this text, and to any information
security professional. The text presents four common features of
an e-commerce site that we should keep in mind as areas to secure and
areas that will be attacked:
catalog - This is the area of a commercial web site that discusses/presents
the products and services of a business. (It might be compromised by
failing to present anything, or by presenting incorrect information.)
shopping cart - The feature that tracks what a customer is
about to buy, or is considering buying. (This provides tracking information
about product interest, even is a purchase is not made.)
transaction and payment processing - This is arguably the most
complex part of the system. It calculates costs to the customer, and
collects payment information that is of extreme interest to attackers.
fulfillment system - Warehouse instructions, shipping instructions,
updates to the customer, and confirmation of the transfer of goods and
services happen here.
The text continues with some history about messaging and email, as well
as some material about early search engines, Gopher,
Archie, and Veronica. There is also a brief mention of a shared calendar
as an example of groupware, software that allows users to collaborate
on a single document or a project. This is not critical to the topic of
the chapter, so we will move on.
The Internet that most people know is only a portion of it, but it is
the most popular portion: the World Wide Web, invented by Tim Berners-Lee.
Berners-Lee and Robert Cailliau invented the web, as well as Hypertext
Transfer Protocol, Hypertext Markup Language, and the first web browser.
You really needed all of those things together to make the web possible
and practical. The text discusses three phases of the development of the
World Wide Web:
Web 1.0 - The creation of web servers and documents happened
here. Users followed links to read files that were stored on web servers.
Searching on the web allowed searches in the text of documents, not
just in their titles, which was an improvement over Gopher. Web portals
began to appear to present menus or collections of links to users.
Web 2.0 - The text tells us that this version is characterized
by blogging and social networking. Interactive websites were created,
such as Wikipedia, which allows users to post and correct already posted
information. Text file sharing evolved to include audio, photo, and
video file sharing. The ability to create a web site was made available
to everyone with an ISP account. Web applications like games, productivity
software, and commercial streaming became common.
Web 3.0 - The text quotes Tim Berners-Lee as referring to Web
3.0 as a single, connected, searchable database. Most users would assume
we are already there. The difference is more a matter of what goes on
behind the curtain, and what will be available, storable, and sortable.
The Internet of Things (IoT) refers to all the devices
that can be connected to the Internet, and that can be queried, controlled,
and used through those connections. For instance, a consumer grade printer
may be attached to a home LAN, and the device's owner may take a photo
with a web enabled smart device which can then be printed immediately
on that printer from almost anywhere. The "almost" is important:
the devices must be on live Internet connections for this to work. The
text offers three areas in which this concept might be applied:
manufacturing - The text mentions that connected manufacturing
devices might report not only their use and productivity, but their
needs for maintenance and resupply. Self diagnostics may be used to
warn that a failure is becoming likely before such a failure occurs.
Information leaking to competitors could be a problem.
healthcare - IoT sensors can report a patient's condition to
a doctor (or a monitoring AI) to watch a condition, to monitor the result
of a treatment, or provide statistical data that would be unavailable
without real time monitoring. Privacy violations are a major concern.
transportation - The text points out that companies like OnStar
monitor the condition and performance of vehicles, and that shipping
companies monitor the progress of their vehicles and individual packages
for clients. It does not mention the smart device applications that
allow information sharing about current traffic and weather conditions
along an intended route, which can be most helpful to travelers and
to emergency services staff trying to resolve problems.
The text lists some issues about information from IoT devices: privacy
of data, necessary encryption that may not have been considered, authorization
and authentication for users, and software updates that may need to be
delivered. This is more challenging than it sounds. Enabling secure services
on a computer can be done, but how do we do it on a door lock or any other
common item that may be a very limited device?
Assignments
Begin the reading assignments for the course.
Download the handouts file for this module.
Complete the assignment and class discussion made in this module.
We will have a discussion about the planned exams in our first
class.