Skateserbia.com

Software are always made target of malicious attacks by some coding experts who are primarily motivated by financial gain. Many threats have been identified whose intentions are to vandalize some ones or to use them in an unauthorized way. When software operates in a networked environment then every fault becomes potential security vulnerability. Attacks targeting or exploiting software bugs have increased exponentially with the concurrent proliferation of software-intensive systems, services, applications, and portals connected to the Internet and wireless-addressable embedded devices, such as cell phones, global positioning systems, and even medical devices.  Some of the common threats to a software system are as follows:

• viruses
• logic bombs
• spyware
• Trojan malware
• Hacking
• Denial of service attacks

These are the commonly used methods of attacking a system. A detailed study and research on these will help us accumulate information to develop the techniques to mitigate the effects of such attacks.

Trusted software is the one that promises to deliver the software that would be free from the threats posed by security flaws in applications. Trusted software should attempt to incorporate all of the software assurance definitions. The software assurance must provide a reasonable level of justifiable confidence that the software will function correctly and predictably in a manner consistent with its documented requirements. Additionally, the function of software cannot be compromised either through direct attack or through sabotage by maliciously implanted code to be considered assured. The application developers of such software are proactive in improving their knowledge and skills related to information security and removing security related vulnerabilities. They are trusted by the users as they promise to deliver the same value proposition of improving the software capabilities.

The basis for gaining justifiable confidence that software will consistently exhibit all properties required to ensure that the software, in operation, will continue to operate in a reliable manner despite the presence of intentional faults. The trusted software is developed ensuring that various industry accepted standards for managing security risks have been applied. The development of such software is done with the diligent attention in an effort to eliminate any chances of bugs and errors that may make the software vulnerable.

In addition to trustworthiness, predictable execution, and conformance, the trusted software must be attack-resistant or attack-tolerant, and at the whole system level it must be attack-resilient. It must be able to recover from any failures that result from successful attacks on the software by resuming operation at or above some predefined minimum acceptable level of service in the short term. The system must eventually recover full service at the specified level of performance.

The trusted software is developed such that the exploitable faults and other weaknesses are avoided by the developers. They take special care such that the likelihood of intentionally implanted exploitable fault or malicious logic is eliminated from the software. The software should be developed such that the interactions among the components within the software intensive system, and between the system and external entities do not contain exploitable weaknesses.

Trusted software maintains the following three goals

• Confidentiality: This ensures that the user’s data and other software resources are not disclosed to an unauthorized person. This need of keeping the information confidential arises from the use of computers in sensitive fields such as government and banking.
• Integrity: Integrity refers to the trustworthiness of the data. It is safeguarding the accuracy and completeness of information and processing methods from intentional, unauthorized, or accidental changes.
• Availability: Availability is ensuring that authorized users have access to information and associated assets when required. The aspect of availability is relevant to security because someone may deliberately arrange to deny access or data to a service by making it unavailable.

The waste material generated from IT, mainly in the form of old hardware equipments which contains toxic substances must be properly recycled so that these equipments does not end up in a landfill where they can also end up polluting the ground water.

Many computer manufacturers offer take back program where they assume the responsibility of properly recycling of the systems so that IT department in an organization does not have to worry about it.

According to a survey, 50 % to 80 % of the recycled electronics land up in developing countries where it is handled by untrained workers which are exposed to hazardous toxic chemicals such as lead, cadmium and mercury which causes many health problems due to the methods of processing the waste.

The European Union and many US states have laws that require the electronic waste to be recycled. European Union’s Waste Electrical and Electronic Equipment directive requires the manufacturers of the electronic equipment to take responsibility to recycle the equipment in a responsible way.

Another solution to this problem is to use innovative recyclable material during the manufacturing of these equipments that can be disposed of easily at the end of the lifecycle of the product. The European Union also has a directive which came into effect on July 1, 2006 to restrict the use of six hazardous materials (lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyl and polybrominated  diphenyl) in certain electronic equipments.

All these measures will reduce the level of toxic substances in these equipments and thus the e-waste produced.

IT technologies if properly utilized can contribute greatly towards reducing the carbon footprint of various business functions. These technologies can monitor various processes such as day to day office activities or different business functions and manage the consumption of power for these functions to increase their energy efficiency.

Some of the uses of IT include using motion sensors to automatically switch of lights in an unused room or after office hours. Similarly can be used to control heat and air conditioning in buildings by using sensors that detect if any or how many people are present in a room.

Make use of facilities such as video conferencing, audio conferencing and webcast for meetings, lectures and similar activities this reduces the carbon emission by reducing the travel required by eliminating the need for physical presence.

Using power management settings in PC’s to set the desktop monitors to go into power saving mode when not in use. This saves up to two third of the energy consumed by PC’s.

IT industry can also help reduce the amount of paper used in daily office activities. Deploying tracking systems that track air and water emissions of plants and reporting system that can send this tracking information to the authorities.

Some of these strategies are already adopted by several large organizations, but use of these technologies even at smaller level can have sizeable benefits. Adapting these technologies can also be expensive at first but its returns are in contrast more profitable in terms of power consumed.

According to Gartner report power consumption by IT department’s accounts for 2 % of global carbon dioxide emission which is almost equal to the carbon output of the airline industry. These factors contribute greatly towards affecting the environment adversely and are responsible for global problems such as global warming.

IT organizations consumes huge amount of energy generally through data centers, this energy is mainly generated by burning fast depleting natural resources as a result companies should focus more on consuming energy from alternate sources. The rising cost of electricity is also a major motivator for IT companies to invest in technologies that conserve less amount of energy and give more output i.e. are more energy efficient.

Another major concern for IT managers is the disposal of IT or electronic waste which is hazardous in nature and contains toxic substances like mercury, cadmium and lead. It is necessary that this toxic waste is disposed of only after proper processing. There are several programs available which collect electronic waste from the customers and recycle them.

IT can also be used intelligently by organizations to reduce their carbon foot print by implementing technologies such as teleconferencing which will reduce the need to travel by reducing carbon emission thus contributing towards cleaner environment.

Data centers need to be designed in a manner which reduces its negative impact on the environment. Factors other than the concern for environmental impact of data centers that is forcing IT organizations to think about energy conservation are that IT organizations have almost reached their power and cooling capacity of their datacenters because of which they cannot expand their existing capacity, Even if they have to satisfy the ever increasing demand for more storage, servers and networking infrastructure for the increasing business needs that is they cannot scale their existing datacenters for accommodating future demands of the customers. One of the reason for large amount of power consumption in data centers is improper utilization of server resources, implementing technologies such as virtualization will help reduce significant amount of power consumption and increase the utilization and hence capacity of servers in data center.

Other things that can be done to conserve energy in data centers include developing cooling technologies that consume less power, producing more energy efficient processors etc. Implementing all these techniques in a right way is also important as the resulting server configuration should result in energy conservation and not end up consuming more power than before. Also while choosing the servers right combination of performance and power and cooling requirements must be taken into consideration that will result in maximum utilization of server resources and minimum power consumption.

Selecting the right hardware for datacenters is also a major task and IT mangers performing this task are required to have in depth knowledge of how data centers work and should take into consideration the various metrics involved. Data centers should be designed by keeping sustainability as a goal in mind, although organizations cannot compromise on performance and reliability of the system.

Another approach, in which the software written can also affect the amount of energy consumed for performing each operation on the servers. More energy efficient programming or designing of these software’s that use less resources for performing operations can substantially reduce the amount of energy consumed by data centers for their operations.

What is a Thin client?

A thin client also know as lean client is a client computer which depend heavily on some other central server for its processing activities, only screen information, mouse clicks and keystrokes travel between the clients systems and central server whereas in fat clients major amount of processing is done on the clients system and only data travels through the network

i.e. thin client solutions work by simply providing the client with a connection to applications and data that is hosted on a central server. Thin client systems does not consist of hard drives and expansion slots and also no complex components are required which draws far less power as compared to the traditional fat client systems.

In situations where many users perform similar activities such as browsing web, using document editing tools or email clients etc. it becomes cost effective and energy efficient to have one central server and many inexpensive, less power consuming thin clients. But in situations which include computing intensive applications thin client architecture cannot be implemented as it may introduce a problem of insufficient bandwidth resulting in poor performance. While implementing thin client approach, IT managers should understand the requirement of both user and application.

Lower power consumption results lower CO2 emissions which helps an organization to reduce its carbon footprint on the environment.

Implementing thin client solutions on a scale with a centralized server can provide functionality similar to traditional desktop systems with local processing and with more power saving.

Also with no hard drives and less or no microprocessors on the thin client less hazardous material is manufactured which will result in less generation of economically hazardous waste material to be recycled.

With Growing pressure on IT spending and rising environmental concerns Implementing Thin client architecture in their organizations can be one of the profitable options for IT managers. IT managers who decide to implement thin client solution in their organization should have enough information and knowledge how thin client architecture can be used for the benefit of the organization and environment and it should not result in poor performance or consuming more power.

There are several other benefits of implementing thin clients that they are easier to secure than thick clients as no data is present on the client machine even if the thin clients suffers from a serious accident no data will be lost as the data is present on the central server, which also allows for centralized malware protection.

Using thin clients also result in more efficient utilization of computing resources, in case of thick clients  they are designed to handle the maximum computations that the user needs to perform which are wasted when there is not much load on the machines with thin clients they use only the required amount of computing resources for a particular operation.

With rising concerns about several environmental issues, it has becomes important to contribute towards saving energy and be environmentally responsible as we have to ultimately remember that it is our world.

Implementing Green IT ideas deals with measures or steps IT industry needs to take to conserve energy (i.e. Reduce their carbon footprint) for example by developing  systems or software  which use fewer resources or by allocating money for recycling in IT budgets etc.

Green IT also referred to as Green Computing can be broadly defined as “study and use of Computer resources to reduce the negative impact of Information technology on the Environment  and thus managing the environmental sustainability of IT Industry operations”.

By employing right technologies IT industry can play an important role in reducing its own impact on environment and also helping other industries to reduce their carbon foot print.

Also several recent Government policies and grants include huge support for green IT related issues and to organizations that plan to implement energy conserving strategies.

According to an IBM estimate 40% of entire offices electricity is consumed by IT use. A large amount of this energy can be saved by implementing proper techniques and also by adapting proper habits such as turning of PC’s when not needed etc.

Information security is generally implemented through these methods:

• Procedures
• People
• Hardware
• Software
• Data

So through this project we are going to looking into the various aspects of information security that is being implemented in terms of hardware and software and also get a glimpse of the various procedures that are used to implement it. Moreover we also would get into the process of implementation of these securities by doing research on various organizations which have implemented them in their companies using different platforms and provide a statistical analysis on their pros and cons and ultimately decide on the most efficient information security model using our findings.