COMPUTER APPLICATION

9 WAYS TO IMPROVE THIS COURSE

In my point of view this course is totally perfect starting from the lecturer and ending with the course learning outcome. Anyways there are some tips that this course follows and some it doesn't.

1. Reflect on how the course contributes to the students’ big picture of learning

Salman Khan, in his One World Schoolhouse: Education Re imagined, reminds us that students become more engaged in learning when they see the value of the course beyond preparing for an exam or completing a graduation requirement. Especially if you are teaching an introductory course, help the students connect with the value of that subject area. Your approach to the course could help some students decide to take more courses — or even major — in the field. For the other students, they will have a better understanding of the concepts as they connect to life issues.

2. Align SLOs with course content – readings and assignments

Especially the first time you teach a course and especially for new faculty members, the tendency is to select a good textbook and then structure the course to match the textbook chapters. Start first with what the Student Learning Outcomes are for the course – which you may be determining but also may be determined by the overall curriculum structure. In Understanding by Design, Grant P. Wiggins and Jay McTighe explain the process for mapping out a course — starting first with the student outcomes and then designing appropriate activities and assignments.

3. Consider how you can help every student accomplish the goals of the course

“Who Gets to Graduate?” is Paul Tough’s New York Times Magazine cover story that addresses the issue of why so many capable students (successful high school students) start college but fail to graduate — and what the University of Texas is doing to help those students be successful. Led by Prof. David Laude, the University of Texas has implement a series of do-able strategies that all of us can be using in our own classes, including helping all students feel capable instead of needing remedial help and using peer mentors.

4. Help students see potential college majors and career options for themselves

These students were on the way to the PRSSA national convention. Being involved in a professionally focused student organization helps students be more engaged with their academic work.

The college women chronicled in sociologists Elizabeth A. Armstrong and Laura T. Hamilton’s book “Paying for the Party” wound up in one of two tracks — the party pathway or the professional pathway. The process that led to the party pathway was conscientious decision-making on the part of some of the college women (and even their parents), including requesting to live in a “party dorm.”  But some of the women wound up on the party pathway or not on the party pathway but not engaged in their academic work because they had difficulty in selecting a major. The key to being on the professional pathway often was having a faculty member who talked with the students about career options or made a course of such interest that they chose that field as a major. Professionally focused student organizations also helped students get more engaged in their academic work.

5. Review your textbook (course readings) selection

Check online to see what other textbooks (readings) could be used for your course. Typically the textbook decision must be made several months before the course starts to give campus bookstores time to order the book and to allow students time to seek alternative purchasing opportunities to save money. Be aware of different options for the textbook — traditional textbook purchased, traditional textbook rented, online textbook (which typically has a limited access time, such as one month or the length of the semester).

6. Check calendar dates

Every semester presents some scheduling challenges due to university holidays (i.e., Labor Day, Veterans Day, Homecoming, Thanksgiving) and religious observances. Also consider the special deadlines and responsibilities you have – the conference you are attending, a conference paper deadline, your doctoral student’s qualifying exam date, etc. Also think about any special personal dates, like hosting the big family Thanksgiving reunion or helping with your daughter’s Girl Scout troop’s big camping trip.

7. Invite guest speakers

Inviting guest speakers in advance can help you make any needed changes in your course arrangement before you distribute the syllabus. Especially if a particular speaker is critical to a course discussion or assignment, you want to get your course on the speaker’s calendar before he/she makes other plans. With Skype, you can include speakers who couldn’t physically be in class.

8. Build in more active learning into class

Students use their smartphones to record an interview with guest speakers and then will write a story based on the interview. That activity lets students use technology and be actively involved in class.

Consider how you typically teach a class. How much is you lecturing and showing presentation slides? That can be effective for delivering information but shouldn’t be your sole teaching strategy. Design ways to get the students more involved in class – having students write quick reaction papers, pairing students and having them discuss a concept and then share with the class, assigning students to presentation teams, etc. In McKeachie’s Teaching Tips, Marilla Svinicki and Wilbert McKeachie provide a wide range of instructional strategies.

9. Determine ways to include technology to promote learning

Most college students are enthusiastic about smartphones, laptops, tablets and social media. Capitalize on that enthusiasm by having students bring their laptops for an in-class activity. Use a listserv, Twitter, a course Facebook page or blog, or digital course ware to communicate with your students, but don’t try to use every platform, or you and your students could be overwhelmed.

10. What would be your recommendation for a way of improving your syllabus or the way you teach a course? leave a comment below about your thoughts and ideas.

COMPUTER APPLICATION

GREEN COMPUTING

Computing's Green Computing campaign aims to raise awareness of environmental issues in IT departments and in doing so, to reduce business costs and improve efficiency.

With power costs rocketing and electricity supplies becoming increasingly unpredictable, IT departments need to look at new ways of working.

At the heart of Green Computing is a seven point charter designed to provide chief information officers (CIOs) and IT managers with environmental goals that can be applied to their business.

The charter is a set of guidelines for IT organisations to improve their green credentials and reduce costs:

1. Find out how much energy your IT systems use and monitor ongoing consumption levels.

2. Ensure unused equipment is turned off when it is not being used.

3. Educate staff to the benefits of saving energy and recycling.

4. Establish a code of practice designed to minimise unnecessary printing.

5. Identify IT management practices that reduce power consumption.

6. When purchasing new IT equipment, choose energy-saving devices that have been manufactured in an environmentally-conscious fashion.

7. Dispose of old hardware responsibly; send old PCs to be reconditioned and recycled.

If you want to sign-up to the charter email us at:

greencomputing @computing.co.uk

• Listen to Computing discuss the Business Case for Green Computing, featuring contributions from leading IT directors, in our exclusive podcast. Click on thi s link to download the podcast.

Some of the UK's leading companies and organisations have already signed up to the Green Computing Charter:

Peter Brickley, chief information officer, Centrica: I fully support Computing's Green Charter. At Centrica we recognise the environmental and commercial benefits of taking a proactive approach to reducing our environmental impact. Involving our employees and suppliers helps us to meet our environmental goals.

Darryl West, director of group IT, Lloyds TSB: I am delighted to support the ethos of Green Computing and to encourage people to cut down on waste and to re-use and recycle whenever possible. We do consider ourselves to be a socially responsible company, but Lloyds TSB GroupIT will help take the lead on this and focus on extra measures we can all put into practice. We all have a duty to make sure we use energy wisely and dispose of hardware and consumables properly.

And other organisations are backing the Green Computing campaign:

Malcolm Wicks, Energy Minister, Department of Trade and Industry (DTI): We welcome this initiative. As the DTI made clear in The Energy Review, the government believes that all sectors of society need to be involved in reducing the amount of energy we waste, and so helping to reduce the UK's greenhouse gas emissions. In many cases, some small changes will actually save businesses money, so they should be welcomed by all. This campaign is therefore very timely.

Ross Taylor, managing director, E.ON Information Services UK: E.ON has very strong beliefs, led by the chief executive, to meet low carbon objectives. In particular, as a company we think firms should be putting their efforts into teaching staff to take personal responsibility for the energy we use, so that we can all have an impact on this. It should not just be something for the technical architects. I think the charter is a great idea.

David Roberts, chief executive of user group the Corporate IT Forum: The current cost of energy and the demand for energy to run computers is colossal and growing and as computers become more pervasive we will only need more power rather than less. Doing something to flag consumption is a good green thing to do. It would be inappropriate to pretend that the IT community is not consuming more than its fair share of electricity.

John Suffolk, Government CIO: The IT community must play its part in ensuring sustainable development. That means not only in moving to new, more energy efficient technologies - such as thin client and virtualisation, which have the potential to reduce energy costs - as well as other costs - dramatically, but also using information to allow people and businesses to operate in more sustainable ways.

Catherine Doran, director of information management, Network Rail: Network Railcontinually monitors the environmental impact of all its activities – from day-to-day work undertaken trackside to processes in the office environment. The Green Computing Charter outlines many points that our information management team at Network Rail are already implementing.

Stephen Meredith, business improvement and technology HSE manager, EDF Energy: EDF Energy is fully committed towards a sustainable future. Sustainability is something affecting the whole of the business, and this includes IT. As part of this, we are deve loping a Sustainable Futures strategy which encompasses a range of activities from our environmentally-friendly IT equipment disposal policy (kit recycling, with none going to landfill), to defaulting printers to print double-sided as part of our greener printing policy.

David Brown, IT and facilities general manager, Scottish Water: Scottish Water already encourages sensible computer use and dispose of old hardware responsibly. However, we want to do more and we fully intend to extend our commitment to energy saving equipment and practices in the near future. We welcome this Green Charter campaign as it fits perfectly with Scottish Water's long term vision of contributing to a healthy and vibrant environment for everyone to enjoy.

Martin Horwood MP, Liberal Democrat environment spokesman: It is a very timely initiative and can build on the efforts already being made by the computing industry to really turn computing green.

Geraint Day, head of health, environment and transport policy, Institute of Directors (IoD):It's great that Computing is addressing the environmental issues related to the computing industry. We at the IoD encourage our 52,000 members to take account of resource efficiency issues in their enterprises and the feedback we've had from members illustrates that there is a great deal of willingness to support and engage in environmental initiatives.

Nick Monger-Godfrey, head of corporate responsibility, John Lewis Partnership: Waitroseand John Lewis actively promote energy-saving initiatives. For example, a Partnership-wide energy awareness campaign, 'Save Energy, Share the Savings', was launched in 2005 to help save energy. Our IT department's awareness of environmental factors helps determine the decisions we make.

Cost Savings

But the Green Computing campaign is about more just than the worthwhile goal of making a contribution to reducing the threat of global warming and environmental damage.

The real impact is financial.

According to the Carbon Trust, a PC left on all day will cost about £37 a year. But if switched off at night and at weekends, this drops to nearer £10 a year and saves an equivalent amount of energy to making 34,900 cups of coffee. That is one PC.

Office equipment is the fastest growing area of energy use, currently accounting for up to 20 per cent of total output.

And that does not even take into account the increasing cost of air conditioning as more and more powerful processors are squeezed into ever-smaller spaces.

Green computing is simply best practice computing.

To sign-up to the charter email us at: greencomputing@computing.co.uk

Further reading:

How IT can reduce its power use - reducing energy consumption and cutting carbon emissions

Firms must not paper over the cracks - saving money by minimising paper use

Put staff on a green learning curve - how firms can encourage employees to be more environmentally aware

Podcast: The Business Case for Green Computing - We discuss the business benefits of environmentally-aware IT, and talks to leading IT managers about their plans

Get switched about switching off

HSBC switches to green computing

Constraints prompt firms to track IT energy consumption

We launch Green Computing campaign

It’s our duty to save energy

Momentum builds behind our gre en campaign

Constraints prompt firms to track IT energy consumption

IT can lead the green revolut ion

The eco-friendly way to meet

How to curb IT's hunger for power

Energy costs force server rethink

Energy must not cost the earth

Can electricity supplies keep up with growing server demand?

Power shortage hits IT

WEEE Directive to become law next year

Our PCs, our planet

Donate your old PCs to our Computer Aid appeal

Readers pledge 15,000 PCs to Computer Aid

Give your old PCs a new life

Computer Aid helping to change lives in Africa

Old PCs get a new lease of life in developing world

COMPUTER APPLICATION

Authentication is the process of verifying the identity or authenticity of a person or an entity. Let's go back to the time that the world was not yet introduced to computers and the internet. If a customer of a bank had to withdraw some money from the branch, how would it take place? The teller at the branch would ask the customer for a proof to confirm that he/she is the valid customer. The customer would then sign on a piece of paper, which would be compared with the signature provided by the customer at the time of opening the account. With the advent of computers, the signature was replaced by the password. The user would set a password value during registration and then provide it each time to access the account.

Authentication is the process of verifying the identity or authenticity of a person or an entity. Let's go back to the time that the world was not yet introduced to computers and the internet. If a customer of a bank had to withdraw some money from the branch, how would it take place? The teller at the branch would ask the customer for a proof to confirm that he/she is the valid customer. The customer would then sign on a piece of paper, which would be compared with the signature provided by the customer at the time of opening the account. With the advent of computers, the signature was replaced by the password. The user would set a password value during registration and then provide it each time to access the account.

However, as the internet has been evolving, authentication schemes have also been evolving. Let's take a look at some of the authentication schemes starting from the simplest HTTP Basic authentication to more sophisticated schemes.

The Hypertext Transfer Protocol (HTTP) that is generally used for building web applications provides 2 forms of authentication – Basic and Digest.

HTTP Basic Authentication

HTTP Basic Authentication - If a browser or program sends a request for a web page that requires Basic authentication, the server responds with an error that contains a 'WWW-authenticate' attribute in the header. The user then enters a username and password, which is sent to the server in a Base64-encoded form.

Advantages

• It's a very lightweight authentication mechanism.
• It can be used effectively in combination with SSL.
• Most web servers and platforms provide built-in support; thus making the implementation very simple.

Disadvantages

• Base64 is not an encryption technique but just a simple form of encoding.
• This can easily be intercepted and decoded; thus making it very insecure.
• Basic authentication uses text files to store usernames and passwords.
• It is inefficient as the request for each page needs to be sent twice. The server will reject it the first time and then ask for user credentials. The second request with the user credentials is accepted.
• Individual user accounts need to be created in the OS.
• There is no support for a Logout feature. The browser window has to be closed by the user to flush the password from the memory.
• The server's identity cannot be authenticated.

HTTP Digest Authentication

HTTP Digest Authentication works similar to Basic but is stronger as it uses 'hashes' while sending the username and password to the server. When a request for the web page is sent, the server sends back a response with a 'WWW-authenticate' attribute in the header and a 'nonce'. A 'nonce' is a string, which differs for each request. The client uses a series of hashes that involve the username and password, the requested URL, the authentication realm name and nonce, and sends the request again. The server picks the password from its data source and again goes through the same process of hashing and compares the results. Authentication is a success if the values match.

Advantages

• The password is hashed with the dynamic nonce value; thus protecting it in transmission and from replay attacks.
• The password can be stored on the server as a hash instead of as clear text.
• The server can also store the hash of the password along with the nonce; thus preventing rainbow-cracking attacks.
• Most web servers and platforms provide built-in support; thus making the implementation very simple.

Disadvantages

• Although stronger than Basic authentication, it is vulnerable to man-in-the-middle attacks. An MiTM attacker can trick clients to use Basic authentication or use Digest in a legacy-reduced security mode.
• The password has to be stored in a text file.
• Individual user accounts need to be created in the OS.
• There is no straightforward way to log out a user.
• Digest authentication also does not authenticate the server's identity.

Windows Integrated Authentication

Windows Integrated Authentication formerly known as NTLM authentication or NT LAN Manager is an authentication scheme from Microsoft for a Windows network. NTLM is a challenge–response scheme that uses a Cyclic Redundancy Check or message digest algorithms. The Windows Integrated scheme supports NTLM and Kerberos.

When a browser sends a request for a protected web page, the server sends two WWW-Authenticate headers i.e. Negotiate and NTLM. If the browser recognizes Negotiate, it'll send information to both NTLM and Kerberos. If the browser and the server are compatible and both belong to the same domain or trusted domains, the server will use Kerberos; otherwise, it will use NTLM. If the Negotiate attribute is not recognized by the browser, the default attribute is NTLM.

It is best suited for a Windows intranet application that uses the Windows Domain Controller or Active Directory as well as IIS and IE browsers although other well known platforms and browsers too have support for NTLM.

Advantages

• In a Windows environment, the password is not transmitted over the network.
• NTLMv2 and Kerberos address the weaknesses in NTLMv1 and prevent rainbow-cracking attacks.
• The server's identity is authenticated too.

Disadvantages

• Integrated Windows authentication does not work over HTTP proxy connections.
• NTLM is vulnerable to a number of attacks, some of which have been fixed by Microsoft.

Form-based Authentication

Form-based Authentication gives the developer freedom to build a more secure authentication scheme. This type evolved over time. Basically, form-based authentication refers to any mechanism that relies on factors external to the HTTP protocol for authenticating the user. The application is left to deal with taking the user credentials, verifying them and deciding their authenticity.

The simplest way to do so is to have a login form that asks the user for the username and password. These values are then compared with the username and the password already present in the database. The password is protected during transmission by either using an SSL connection or encrypting the password. SSL protects the password during transmission but it can still be stolen by a local adversary from the browser's memory. This problem can be fixed by using a salted hash technique to transmit the password.

Advantages

• The developer is free to implement the Login page in a desired manner.
• All development frameworks and languages support form authentication.

Disadvantages

• Encryption or security is not enforced by default. The responsibility to implement a safe solution belongs to the developer.

CAPTCHAs and Key Loggers

As attackers became smarter, applications had to defend themselves against newer threats like automated password guessing and key loggers. Attackers made their job easy by writing scripts that would keep on trying passwords on the Login page till a match was found.

CAPTCHA is an effective method used to address the problem of automated password-guessing attacks. Generally, CAPTCHAs comprise randomly generated text that is displayed in a distorted manner. The text can be read by a human, but not an automated program. CAPTCHAs also prevent an automated script from flooding the web server with a large number of requests. CAPTCHAs are typically used in User Registration pages, Login pages and Forgot Password pages.

Advantages

• They prevent automated password-guessing attacks.
• They prevent automated DoS attacks.
• They are simple and convenient for a user.

Disadvantages

• A CAPTCHA that is not implemented properly can make the application vulnerable to attacks.
• A visual CAPTCHA (distorted text) is not very user friendly for the visually weak.

The threat of key loggers was addressed by a number of sites using a virtual keyboard. Since key-logging programs would reside on the client machine and capture all the keystrokes and mail them to the attacker, virtual keyboards eliminate the need to key in the password. A graphical representation of the keyboard is displayed on the screen and the user uses the mouse to click on the respective characters.

Advantages

• It is a simple method that can be implemented easily.
• A virtual keyboard can also be used in pages with sensitive information like credit card details, etc.

Disadvantages

• Shoulder surfing becomes a more plausible threat.
• There are advanced malicious software that capture the mouse clicks and based on the pixels, compute the characters entered.

The next generation of authentication schemes involved 2 factors for authentication. The 2 factors in authentication are defined as something we know (i.e. password) and something we have (i.e. hardware token/card, etc.). The user is required to provide both to prove their identity.

One-Time Passwords (OTP)

One-time passwords are a form of two-factor authentication. They emulate the sharing of a secret on-the-fly between two digital entities using an out-of-band communication model (SMS, email or paper passwords).

The user provides his/her username and/or password during the authentication process. The server validates the username and generates the OTP, which is sent across to the out-of-band communication media (SMS, email, etc.). In certain cases, a pre-generated set of OTPs are generated on paper and physically delivered to the user by hand or through post. Any of these pre-generated OTPs can be used only once.

Advantages

• Increased difficulty for the attacker – needs to compromise SMSs/emails apart from the application.
• Authentication depends on secrets from two disparate systems (2 factors i.e. the human brain and the SMS).
• The duration of the validity of the OTP limits the continued compromise of the user account.
• Extended access for the attacker is limited since OTP can be used only once for the specific transaction.

Disadvantages

• The scheme depends on the availability of the additional (server) and the external infrastructure (SMSs/emails).
• There can be delays in the delivery of the password, which is outside the application’s control.
• There can be geographical limitations for a person who is traveling.

A number of sensitive sites resorted to various 2nd factors in authentication like hardware tokens and passwords being sent via email.

Hardware Tokens

Certain banks and owners of other critical applications provide hardware tokens to their users.

There are a number of types of hardware tokens in use, but the most common is the disconnected token. The user has to enter the number displayed on the token along with the password in the application. If both the values entered are correct, the user gains access to the application. The token contains an algorithm, a clock and a seed or a unique number. Taking the time and the seed as the input, the algorithm generates the number displayed.

The application using 2-factor authentication is connected to the server dealing with the tokens. The server would have the seed and using the current time and the same algorithm computes the same number as the token at any point in time. Therefore, the server is able to authenticate with the user. To accommodate for any mismatch in the number entered due to any delay in the clock, the server allows the token to be valid for a time window.

Advantages

• Very secure as you need the number generated by the token to log in.
• The token is easy to use.

Disadvantages

• A chance of mismatch in the time leading to authentication failure is possible.
• The token is a small physical entity and can be easily lost.
• The infrastructure required is a cost overhead.
• The distribution and maintenance of the tokens is an overhead.

Looking ahead...

To stay ahead of the attackers, we have to keep improving our authentication schemes. A large number of websites might start using biometrics like fingerprint scanning or retina/iris scanning to log in. Although biometric methods are quite prevalent in non-web authentication spaces, they are not as prevalent for web applications considering the infrastructure and cost overhead.