[cs615asa] HM#N

Georgios Kapoglis gkapogli at stevens.edu
Thu Apr 30 18:43:05 EDT 2015


For this Homework I attended the 10th Annual IEEE IT Professional Conference at TCF on March 20th. This is a yearly conference for IT professionals held by ACM. I chose this conference because of the wide variety of subjects covered concerning system administration, cloud security and security management. This conference had three separate tracks. Development, Technology and Management and at last but not least Cloud and Security. I chose to attend the track of Cloud and Security because I believe that Systems Administrators nowadays have to implement a lot of cloud based solutions for the company or organization that they work for. It is of great importance to enhance these solutions or applications with security due to the advance of cyber threats.

The first talk presented by Joe Levy was about the Danger in the public cloud. He presented his idea of the definition of the “cloud” and said that “the cloud”= your data, on someone else’s servers. He talked about the dangers of keeping your data on public clouds like Drobox-Google drive etc. You expose your data at a great risk if you upload them on these applications because in most of the cases your data are stored not encrypted “in plaintext”. So for a company with sensitive data it wouldn’t be a good idea to store your information on these public storage clouds platforms. The solution for cloud storage is an open source application called Own cloud. With own cloud you can create your own personal cloud storage and keep it encrypted safely behind your own firewall. Own cloud is cost effective because is open source and the only cost for the company is if you need support for the application.

Reference:
http://princetonacm.acm.org/tcfpro/DangerCloud_ITPRO.pdf <http://princetonacm.acm.org/tcfpro/DangerCloud_ITPRO.pdf>
https://owncloud.org <https://owncloud.org/>

On the second presentation What impact does ‘Internet of Things’ have on Cloud Computing? Ron Guida talked about the impact that IoT will have on cloud computing. He presented a case study with what he called “an internet minute”. During a minute on the internet right now only inside the US 2,7 million people search for something on the internet, 30 hours of video are uploaded, 135 devices are being victims of bot infections and there are 20 victims of identity thefts. All these per minute. He suggested that IoT will impact largely Cloud Computing because as the IoT gets larger and larger more storage is going to be needed online more computing power on Cloud servers will be needed and IoT is going to depend heavily on Cloud Computing because of the variety and distribution of all the IoT devices.

The third presentation was the most relevant to our course. The talk was about the The cost of the Cloud and Steve Saporta who presented it took into consideration a very interesting case study. He talked about how wrong he and his team was wrong predicting the cost of reserving some AWS instances for their company. He presented all his predictions before the implementation of his project about how much his company much charge a client for a service that he would use AWS services to implement. The most important part of his talk were his suggestions of how to reduce cost when using Amazon Web Services. The first step to a most cost efficient implementation is to use reserved instances. By doing so you will save a lot of money if you know that you will use an instance for a long time (like 3 years). You are committed to that instance and you pay all the money in front but if you are certain that you will need that instance for 3 or more years the money that you will save are worth it. A second way to save money is to look for spot instances in the spot market. There you can find spare EC2 instances for less money.The last but not least way is to use auto scaling. This means that you can define how the cpu power the network speed and storage will increase or decrease automatically in response to load.

Reference:

http://princetonacm.acm.org/tcfpro/Cost_of_the_Cloud.pdf <http://princetonacm.acm.org/tcfpro/Cost_of_the_Cloud.pdf>

The last talk that I attended considered the matter of Security Management. I believe that Systems Administrators have to be aware of all the best practices for Security. James L. Antonakos talked about the importance of employee security training and how this can be accomplished. He talked about social engineering and how employees can be trained to avoid such attacks. He also showed us how to better use the results of wireshark and tcp dump by doing better log file analysis. Next he talked about the differences of the security of tcp and udp and when each protocol should be used. At last he insisted of the importance for an organization to build a Computer Security Incident Response Team ( CSIRT). Moreover he talked about the responsibilities and duties of that team and how an organization can benefit from that team. After all Security is of great importance for every company and everyone has to be aware of that, 10 years ago security would not be implemented on every application on information systems but today Integrity, Confidentiality and Availability of a company’s assets are in danger because of the number of Threats throughout Internet.

Reference:

http://princetonacm.acm.org/tcfpro/SecurityManagement_leclair_antonakos.pdf

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20150430/21b2d9a4/attachment.html>


More information about the cs615asa mailing list