Documente Academic
Documente Profesional
Documente Cultură
Engineering
A process is a collection of activities, actions, and tasks that are performed when some work
product is to be created. A task focuses on a small, but well-defined objective. A process framework
establishes the foundation for a complete software engineering process. A generic process framework
for software engineering encompasses five activities: Communication, Planning, Modelling,
Construction, Development.
1) Communication
Before any technical work can commence, it is critically important to communicate and
collaborate with the customer and other stakeholders
2) Planning
Any complicated journey can be simplified if a map exists. A software project is a complicated
journey, and the planning activity creates a “map” that helps guide the team as it makes the
journey. The map—called a software project plan—defines the software engineering work by
describing the technical tasks to be conducted, the risks that are likely, the resources that will be
required.
3) Modelling
Whether you’re a landscaper, a bridge builder, an aeronautical engineer, a carpenter, or an
architect, you work with models every day.
4) Construction
This activity combines code generation (either manual or automated) and the testing that is
required to uncover errors in the code.
5) Development
e) Measurement—defines and collects process, project, and product measures that assist the team
in delivering software that meets stakeholders’ needs; can be used in conjunction with all other
framework and umbrella activities.
f) Software configuration management—manages the effects of change throughout the software
process.
g) Reusability management—defines criteria for work product reuse (including software
components) and establishes mechanisms to achieve reusable components.
h) Work product preparation and production—encompasses the activities required to create work
products such as models, documents, logs, forms, and lists.
Management myths.
Managers with software responsibility, like managers in most disciplines, are often under
pressure to maintain budgets, keep schedules from slipping, and improve quality. Like a drowning
person who grasps at a straw, a software manager often grasps at belief in a software myth
Customer myths
A customer who requests computer software may be a person at the next desk, a technical
group down the hall, the marketing/sales department, or an outside company that has requested
software under contract. In many cases, the customer believes myths about software because software
managers and practitioners do little to correct misinformation. Myths lead to false expectations (by the
customer) and, ultimately, dissatisfaction with the developer.
Practitioners myth
Myths that are still believed by software practitioners have been fostered by over 50 years of
programming culture. During the early days, programming was viewed as an art form. Old ways
and attitudes die hard.
Myth: Once we write the program and get it to work, our job is done.
Reality: Someone once said that “the sooner you begin ‘writing code,’ the
longer it’ll take you to get done.” Industry data indicate that between 60 and 80 percent of
all effort expended on software will be expended after it is delivered to the customer for the first
time.
2. Planning:
It consists of complete estimation, scheduling for project development and
tracking.
3. Modelling:
a) Modelling consists of complete requirement analysis and the design of the project like
algorithm, flowchart etc.
b) The algorithm is the step-by-step solution of the problem and the flow chart shows a
complete flow diagram of a program.
4. Construction:
a) Construction consists of code generation and the testing part.
b) Coding part implements the design details using an appropriate programming
language.
c) Testing is to check whether the flow of coding is correct or not.
d) Testing also check that the program provides desired output.
5. Deployment:
a) Deployment step consists of delivering the product to the customer and take
feedback from them.
b) If the customer wants some corrections or demands for the additional
capabilities, then the change is required for improvement in the quality of the
software.
ISO 9001:2000 for Software—a generic standard that applies to any organization that
wants to improve the overall quality of the products, systems, or services that it provides.
Therefore, the standard is directly applicable to software organizations and companies
[Ant06].
2. Risk management
Risk is an event that may or may not occur.
If the event occurs, then it causes some unwanted outcome. Hence, proper risk
management is required.
5. Measurement
Measurement consists of the effort required to measure the software.
The software cannot be measured directly. It is measured by direct and indirect
measures.
Direct measures like cost, lines of code, size of software etc.
Indirect measures such as quality of software which is measured by some other
factor. Hence, it is an indirect measure of software.
7. Reusability management
It defines the criteria for reuse the product.
The quality of software is good when the components of the software are developed
for certain application and are useful for developing other applications.
Process patterns can be defined as the set of activities, actions, work tasks or
work products and similar related behaviour followed in a software development life cycle.
Process patterns can be more easily understood by dividing it into terms, Process
which means the steps followed to achieve a task and patterns which means the
recurrence of same basic features during the lifecycle of a process. Thus in a more
universal term process patterns are common or general solution for a complexity.
Process Patterns can be best seen in software design cycle which involves the common
stages of development. For example, a generic software design life cycles have following
steps:
1. Communication.
2. Planning.
3. Modelling which involves requirement gathering, analysis and design from business
perspective.
4. Development which involves code generation and testing.
5. Deployment includes the code deployment and testing in the production
environment.
Computer
system
security
Namdev S. Kacheboinwad | 9503712326
Define antivirus and write functions of antivirus
Antivirus
Antivirus software is a type of program designed and developed to protect computers from malware
like viruses, computer worms, spyware, botnets, rootkits, keyloggers and such. Antivirus programs
function to scan, detect and remove viruses from your computer.
Firewall
Firewall defined
A firewall is a network security device that monitors incoming and outgoing network
traffic and permits or blocks data packets based on a set of security rules. Its purpose is to
establish a barrier between your internal network and incoming traffic from external sources
(such as the internet) in order to block malicious traffic like viruses and hackers.
Think of IP addresses as houses, and port numbers as rooms within the house. Only
trusted people (source addresses) are allowed to enter the house (destination address) at all—
then it’s further filtered so that people within the house are only allowed to access certain
rooms (destination ports), depending on if they're the owner, a child, or a guest. The owner is
allowed to any room (any port), while children and guests are allowed into a certain set of
rooms (specific ports).
Types of firewalls
Firewalls can either be software or hardware, though it’s best to have both. A software
firewall is a program installed on each computer and regulates traffic through port numbers
and applications, while a physical firewall is a piece of equipment installed between your
network and gateway.
Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless
firewalls examine packets independently of one another and lack context, making them easy
targets for hackers. In contrast, stateful firewalls remember information about previously
passed packets and are considered much more secure.
While packet-filtering firewalls can be effective, they ultimately provide very basic
protection and can be very limited—for example, they can't determine if the contents of the
request that's being sent will adversely affect the application it's reaching. If a malicious
request that was allowed from a trusted source address would result in, say, the deletion of a
database, the firewall would have no way of knowing that. Next-generation firewalls and proxy
firewalls are more equipped to detect such threats.
Proxy firewalls filter network traffic at the application level. Unlike basic firewalls, the
proxy acts an intermediary between two end systems. The client must send a request to the
firewall, where it is then evaluated against a set of security rules and then permitted or
blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and
FTP, and use both stateful and deep packet inspection to detect malicious traffic.
Stateful multilayer inspection (SMLI) firewalls filter packets at the network, transport, and application
layers, comparing them against known trusted packets. Like NGFW firewalls, SMLI also examine the
entire packet and only allow them to pass if they pass each layer individually. These firewalls examine
packets to determine the state of the communication (thus the name) to ensure all initiated
communication is only taking place with trusted sources.
Network security
Network security defined
Network security typically consists of three different controls: physical, technical and
administrative. Here is a brief description of the different types of network security and how
each control works.
Physical security controls are designed to prevent unauthorized personnel from gaining
physical access to network components such as routers, cabling cupboards and so on.
Controlled access, such as locks, biometric authentication and other devices, is essential in
any organization.
Technical security controls protect data that is stored on the network or which is in transit
across, into or out of the network. Protection is twofold; it needs to protect data and systems
from unauthorized personnel, and it also needs to protect against malicious activities from
employees.
Administrative security controls consist of security policies and processes that control user
behavior, including how users are authenticated, their level of access and also how IT staff
members implement changes to the infrastructure.
User policies
IT policies.
User policies generally define the limit of the users towards the computer resources in a
workplace. For example, what are they allowed to install in their computer, if they can use
removable storages.
Whereas, IT policies are designed for IT department, to secure the procedures and functions
of IT fields.
General Policies − This is the policy which defines the rights of the staff and access level to the
systems. Generally, it is included even in the communication protocol as a preventive measure in
case there are any disasters.
Server Policies − This defines who should have access to the specific server and with what rights.
Which software’s should be installed, level of access to internet, how they should be updated.
Firewall Access and Configuration Policies − It defines who should have access to the firewall
and what type of access, like monitoring, rules change. Which ports and services should be allowed
and if it should be inbound or outbound.
Backup Policies − It defines who is the responsible person for backup, what should be the backup,
where it should be backed up, how long it should be kept and the frequency of the backup.
VPN Policies − These policies generally go with the firewall policy, it defines those users who
should have a VPN access and with what rights. For site-to-site connections with partners, it
defines the access level of the partner to your network, type of encryption to be set.
Types of Policies
Prudent Policy − This is a high restriction policy where everything is blocked regarding the internet
access, just a small list of websites are allowed, and now extra services are allowed in computers
to be installed and logs are maintained for every user.
Acceptance User Policy − This policy regulates the behavior of the users towards a system or
network or even a webpage, so it is explicitly said what a user can do and cannot in a system. Like
are they allowed to share access codes, can they share resources, etc.
User Account Policy − This policy defines what a user should do in order to have or maintain
another user in a specific system. For example, accessing an e-commerce webpage. To create this
policy, you should answer some questions such as −
Remote Access Policy − This policy is mainly for big companies where the user and their branches
are outside their headquarters. It tells what should the users access, when they can work and on
which software like SSH, VPN, RDP.
Firewall Management Policy − This policy has explicitly to do with its management, which ports
should be blocked, what updates should be taken, how to make changes in the firewall, how long
should be the logs be kept.
Special Access Policy − This policy is intended to keep people under control and monitor the
special privileges in their systems and the purpose as to why they have it. These employees can be
team leaders, managers, senior managers, system administrators, and such high designation
based people.
Network Policy − This policy is to restrict the access of anyone towards the network resource and
make clear who all will access the network. It will also ensure whether that person should be
authenticated or not. This policy also includes other aspects like, who will authorize the new
devices that will be connected with network? The documentation of network changes. Web filters
Email Usage Policy − This is one of the most important policies that should be done because many
users use the work email for personal purposes as well. As a result information can leak outside.
Some of the key points of this policy are the employees should know the importance of this system
that they have the privilege to use. They should not open any attachments that look suspicious.
Private and confidential data should not be sent via any encrypted email.
Software Security Policy − This policy has to do with the software’s installed in the user computer
and what they should have. Some of the key points of this policy are Software of the company
should not be given to third parties. Only the white list of software’s should be allowed, no other
software’s should be installed in the computer. Warez and pirated software’s should not be allowed.
Another tool used by the system administrator is the SSH (Secure Shell). This is a secure
replacement for the telnet and other unencrypted utilities like rlogin, rcp, rsh.
It provides a secure channel encrypted in the communication host to host over internet. It
reduces the man-in-the-middle attacks. It can be downloaded from − http://www.putty.org/