Presentation is loading. Please wait.

Presentation is loading. Please wait.

WISE GEN and The IT Revolution* Prof. Kamakoti, IIT Madras *All characters and entities in this presentation are imaginary.

Similar presentations


Presentation on theme: "WISE GEN and The IT Revolution* Prof. Kamakoti, IIT Madras *All characters and entities in this presentation are imaginary."— Presentation transcript:

1 WISE GEN and The IT Revolution* Prof. Kamakoti, IIT Madras *All characters and entities in this presentation are imaginary.

2 TTT: Buy a Photocopy Machine TTT Releases a Tender TTT Releases a Tender Statement Statement Quotations invited for Photocopy machines with speed at least 60 copies per minute, duplex, at least three year warranty, discounted cartridge cost, ethernet-Wifi-USB interface. Quotations invited for Photocopy machines with speed at least 60 copies per minute, duplex, at least three year warranty, discounted cartridge cost, ethernet-Wifi-USB interface.

3 Quotations Received Vendor NameDescription of Item CostRemarks ABC Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,50,0002 extra Cartridges free DEF Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,76,000Ten extra cartridges free GHI Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,80,000Twelve Cartridges extra JKL Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,30,000Replace cartridge every 15 days for next 3 years

4 Tender Opening The Purchase Committee The Purchase Committee Technical committee – Machine is an elephant – cartridge is the food to it. The latter costs heavily. Technical committee – Machine is an elephant – cartridge is the food to it. The latter costs heavily. Finance Committee – Recurring expenditure is very high and we have to somehow bring it under control. Finance Committee – Recurring expenditure is very high and we have to somehow bring it under control. An Oldy: DEF is servicing us for last two decades, very reliable, can we consider? An Oldy: DEF is servicing us for last two decades, very reliable, can we consider? An youngy: What is there to service in a photocopy Machine? Use your common sense. An youngy: What is there to service in a photocopy Machine? Use your common sense. Vendor Name Description of Item CostRemarks ABC Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,50,0002 extra Cartridges free DEF Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,76,000Ten extra cartridges free GHI Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,80,000Twelve Cartridges extra JKL Ltd.60 pages per minute, duplex, 3 year warranty Rs. 1,30,000Replace cartridge every 15 days for next 3 years

5 Happy JKL!!!! Old machine at CTOs office moved to Canteen Old machine at CTOs office moved to Canteen New Machine installed at CTOs office New Machine installed at CTOs office JKL did excellent service checking the machine and replacing the cartridge every 15 days. JKL did excellent service checking the machine and replacing the cartridge every 15 days. Process setup for shutting down the machine for 30 minutes every 15 days for maintenance. Process setup for shutting down the machine for 30 minutes every 15 days for maintenance. Recommended for Best Practices vendor award for JKL at DIOklub meet for customer friendliness, cartridge re-use by re-inking it (Green) and donating to Government schools (CSR). Recommended for Best Practices vendor award for JKL at DIOklub meet for customer friendliness, cartridge re-use by re-inking it (Green) and donating to Government schools (CSR).

6 Bad Luck – TTT!!!!! Started losing Tenders – al most all of them in the next quarter Started losing Tenders – al most all of them in the next quarter Share prices fell drastically. Share prices fell drastically. Only sustainable (no money demand) equipment was the photocopier as they need not even buy a cartridge. Only sustainable (no money demand) equipment was the photocopier as they need not even buy a cartridge.

7 End of TTT!!!!! Management met and broke their head – How can this happen? Management met and broke their head – How can this happen? No clue No clue Economic Untimely rated TTT as Does not know how to do business Economic Untimely rated TTT as Does not know how to do business So CLOSE TTT operations. So CLOSE TTT operations.

8 Employee Compensation Employees can take home their computers and any other items they feel could be of use to them at nominal cost. Employees can take home their computers and any other items they feel could be of use to them at nominal cost. This shall reduce disposal cost This shall reduce disposal cost Employee WISE GENE decided to take the photocopy Machine, as she wanted to setup a photocopy shop. Employee WISE GENE decided to take the photocopy Machine, as she wanted to setup a photocopy shop. It was a HUGE one, so she wanted to dismantle it. It was a HUGE one, so she wanted to dismantle it. She called JKL and they promptly replied – CALL Registered, possible date of visit – within next 32 days!!! She called JKL and they promptly replied – CALL Registered, possible date of visit – within next 32 days!!! WISE-GENE tried dismantling it at office and when she removed the cartridge – it fell down and broke. WISE-GENE tried dismantling it at office and when she removed the cartridge – it fell down and broke.

9 When the Cartridge broke!! There were two items inside it – a microcamera and microfilm WISE GENE was curious. A print of the microfilm revealed that images of all papers that were photocopied using the machine were stored in it. This explained the FALL OF TTT!!!! JKL – leaked all the tender documents photo-copied in the CTOs office to TTTs competitors, using the micro camera and micro film fixed in the cartridge once in every 15 days when they LEGALLY removed the cartridge.

10 The Legal Battle TTT sued JKL – paid lot of lawyer fees TTT sued JKL – paid lot of lawyer fees Court Proceedings: Court Proceedings: JKL: My Lord we removed the cartridge based on TTTs purchase condition. We promptly gave the same for re-inking. We did not give to competitors of TTT. JKL: My Lord we removed the cartridge based on TTTs purchase condition. We promptly gave the same for re-inking. We did not give to competitors of TTT. TTT: They did not inform us that there is a camera inside the Cartridge. TTT: They did not inform us that there is a camera inside the Cartridge. JKL: Camera is an additional backup mechanism used in case of destruction of records and is used for surveillance of unauthorized photocopying. We have mentioned this in page number 342, section of Additional advanced Features booklet which can be downloaded FREE from our website. A link to this is mentioned in Section , page 423 of Advanced features booklet which can also be downloaded FREE from our website and is in turn referred in page 22 of the User Manual shipped with the product. JKL: Camera is an additional backup mechanism used in case of destruction of records and is used for surveillance of unauthorized photocopying. We have mentioned this in page number 342, section of Additional advanced Features booklet which can be downloaded FREE from our website. A link to this is mentioned in Section , page 423 of Advanced features booklet which can also be downloaded FREE from our website and is in turn referred in page 22 of the User Manual shipped with the product.

11 The Legal Battle Court Proceedings: Court Proceedings: TTT: My Lord We do not put everything in one manual and put only the essential features. Else, it will confuse the customer TTT: My Lord We do not put everything in one manual and put only the essential features. Else, it will confuse the customer The Judge did not have any option but to dismiss the case in favour of JKL, with an advice to TTT to be careful in the future which any way it had lost. The Judge did not have any option but to dismiss the case in favour of JKL, with an advice to TTT to be careful in the future which any way it had lost. Once the judgment came, JKL sued a defamation case on TTT for questioning its integrity. Once the judgment came, JKL sued a defamation case on TTT for questioning its integrity.

12 Modern IT Infrastructure Extremely Complex Systems Extremely Complex Systems Entire CSE curriculum tightly coupled with each other Entire CSE curriculum tightly coupled with each other Hardware, Operating Systems, Application Software Hardware, Operating Systems, Application Software Database, Web Technology Database, Web Technology Networking Networking 95+% Outsourced model 95+% Outsourced model IT aids business and is NOT the business itself IT aids business and is NOT the business itself

13 IT-head Responsibilities Hardware Selection Hardware Selection Software Selection Software Selection Vendor Selection Vendor Selection Gave a clue on Hardware/Vendor selection Gave a clue on Hardware/Vendor selection Can I continue with my story? Can I continue with my story?

14 WISE GEN – Next Step WISE GEN joined the IT wing of a Public Sector company. WISE GEN joined the IT wing of a Public Sector company. To her fortune they wanted to buy a Photocopy machine and she was in the committee. To her fortune they wanted to buy a Photocopy machine and she was in the committee. She shared confidentially her experience with the other committee members. She shared confidentially her experience with the other committee members. The committee decided to place order with the vendor who is TRUST WORTHY. The committee decided to place order with the vendor who is TRUST WORTHY.

15 Next Steps Audit asked them to define TRUST Audit asked them to define TRUST Mathematical Properties that could help any definition Mathematical Properties that could help any definition Reflexive – TRUST is NOT Reflexive – TRUST is NOT Symmetric – TRUST is NOT Symmetric – TRUST is NOT Transitive – TRUST is NOT Transitive – TRUST is NOT Context Independent – TRUST is NOT Context Independent – TRUST is NOT Invariance with time – TRUST is TEMPORAL Invariance with time – TRUST is TEMPORAL No convincing definition for TRUST No convincing definition for TRUST

16 Next Steps Experts Broke their head to arrive at a SPEC so that XYZ Ltd – the TRUSTED vendor – alone can quote Experts Broke their head to arrive at a SPEC so that XYZ Ltd – the TRUSTED vendor – alone can quote This is the spec – Photocopy machine, duplex, 60 pages a minute, weighing Kgs and dimension X X 72. The vendor should have a branch office kilometer from the premises of installation. This is the spec – Photocopy machine, duplex, 60 pages a minute, weighing Kgs and dimension X X 72. The vendor should have a branch office kilometer from the premises of installation. XYZ knew it alone can satisfy the SPEC and quoted 7.2 Lakhs for a 1.2 lakhs machine – the COST OF TRUST. No negotiation with L1. XYZ knew it alone can satisfy the SPEC and quoted 7.2 Lakhs for a 1.2 lakhs machine – the COST OF TRUST. No negotiation with L1. WISE GEN felt very bad and quit. WISE GEN felt very bad and quit.

17 The Next Company WISE GEN joined another private Ltd. company, RRR, wherein all IT services were outsourced. WISE GEN joined another private Ltd. company, RRR, wherein all IT services were outsourced. There was a major breakdown of IT services There was a major breakdown of IT services The Network team blamed the Hardware Team, which blamed the Software Team, which blamed the Database team, which blamed back the Network team. The Network team blamed the Hardware Team, which blamed the Software Team, which blamed the Database team, which blamed back the Network team. The management decided that in the next AMC all services shall be given to the same vendor so that there is a single point of responsibility. The management decided that in the next AMC all services shall be given to the same vendor so that there is a single point of responsibility.

18 VVV gets the Jackpot!!! Next year VVV was selected to handle ALL IT operations in the organization. Next year VVV was selected to handle ALL IT operations in the organization. The hardware, networking, software were under the single supervision and control of VVV. The hardware, networking, software were under the single supervision and control of VVV. Even if RRR wants data they have to ask VVV for it. Even if RRR wants data they have to ask VVV for it.

19 RRR – Bad Luck RRR started losing tenders RRR started losing tenders Started moving towards bankruptcy. Started moving towards bankruptcy. WISE GEN first checked the Photocopy machine, and also started looking closely at what major IT changes happened. WISE GEN first checked the Photocopy machine, and also started looking closely at what major IT changes happened. She started looking closely at VVV. She started looking closely at VVV. Her luck, she was reminded of a presentation by VVV on a recent set of hard disks purchased and installed. Her luck, she was reminded of a presentation by VVV on a recent set of hard disks purchased and installed.

20 What did the Vendor Say We are a HIGH AVAILABILITY disk system vendor. We are a HIGH AVAILABILITY disk system vendor. Description of availability - Description of availability - You will get a Fed-Ex carrying a disk You will get a Fed-Ex carrying a disk You go an open the disk rack and find a red-color light burning on top of one disk. You go an open the disk rack and find a red-color light burning on top of one disk. Remove that and replace with this disk. Remove that and replace with this disk. How this is possible? How this is possible? While installing disk we asked for 24 X 7 support While installing disk we asked for 24 X 7 support The disk installation process, registers disk with the vendor site and keep sending health information. The disk installation process, registers disk with the vendor site and keep sending health information.

21 WISE GENs Wisdom What is this information – What is this information – The manual tells Health and the information is encrypted The manual tells Health and the information is encrypted The disk vendor introduced by VVV alone knows the key to decrypt. The disk vendor introduced by VVV alone knows the key to decrypt. WISE GEN found the size of Health information to be too large and asked for clarification with VVV. WISE GEN found the size of Health information to be too large and asked for clarification with VVV. On investigation she found that confidential information was sent in encrypted form to VVV for leak to competitors. On investigation she found that confidential information was sent in encrypted form to VVV for leak to competitors. Since all the infrastructure were maintained by VVV, it could create necessary rules in (network) firewall and also configure hardware accordingly so as to send such large packets carrying confidential information. Since all the infrastructure were maintained by VVV, it could create necessary rules in (network) firewall and also configure hardware accordingly so as to send such large packets carrying confidential information. The Gopalakrishna Committee (RBI) guidelines for IT infrastructure management in Banks advices different vendors for different components of the IT infrastructure. The Gopalakrishna Committee (RBI) guidelines for IT infrastructure management in Banks advices different vendors for different components of the IT infrastructure.

22 WISE GEN as CIO Management appreciated WISE GENs presence of mind and made her the CIO. Management appreciated WISE GENs presence of mind and made her the CIO. The company that quarter was making a loss. The company that quarter was making a loss. 15 minutes before it was announced on the web, around 3 million shares were sold by shareholders. 15 minutes before it was announced on the web, around 3 million shares were sold by shareholders. This created suspicion and WISE GEN was asked to investigate. This created suspicion and WISE GEN was asked to investigate.

23 WISE GENs Investigation The only medium through which one can leak information is through the web. The only medium through which one can leak information is through the web. The web admin is locked inside the office without mobile or telephone connection, while he is uploading the results. The web admin is locked inside the office without mobile or telephone connection, while he is uploading the results. How did information leak? How did information leak?

24 Web screen shorts Page at 2:15 PM Page at 2:45 PM

25 WISE GEN checks the Source Management Tasks Task-id M-001 Description Ensure Updating of lab web-page every Monday or the next working-day following Monday, if latter is not a working-day. The date in the lab home-page should reflect the update. Requests for Updates shall be sent to you from lab members and you must acknowledge all requests AFTER the update is done, to the respective members so that they can check if the update is done properly to their satisfaction. This Acknowledgement shall go with an update-id. Management Tasks Task-id M-001 Description Ensure Updating of lab web-page every Monday or the next working-day following Monday, if latter is not a working- day. The date in the lab home-page should reflect the update. Requests for Updates shall be sent to you from lab members and you must acknowledge all requests AFTER the update is done, to the respective members so that they can check if the update is done properly to their satisfaction. This Acknowledgement shall go with an update-id. Source at 2:15 PMPage at 2:45 PM

26 Who was the Culprit? The culprit was the Web admin. The culprit was the Web admin. At 2.15 PM he has started uploading the result and he knows the content. At 2.15 PM he has started uploading the result and he knows the content. He told his accomplice at 2.15 PM if you see a in the first line it is PROFIT and else it is LOSS. He told his accomplice at 2.15 PM if you see a in the first line it is PROFIT and else it is LOSS. In this case it was a LOSS. In this case it was a LOSS. The external world can check this out using View Source. The external world can check this out using View Source. The web-admin can legally edit this. The web-admin can legally edit this.

27 Reactions to Frauds All the three stories were reactions to frauds and in no way could have prevented the fraud. All the three stories were reactions to frauds and in no way could have prevented the fraud. Why cant we be proactive? Why cant we be proactive? Reason is WE DO NOT KNOW THE THREAT MODEL. Reason is WE DO NOT KNOW THE THREAT MODEL. Why is it so? Why is it so?

28 Computing system is nothing but layers of virtual machines. Computing system is nothing but layers of virtual machines. High Level programming CompilerApplication Programs Assembly Language Level Operating Systems Microprogramming Digital Hardware You do not care Beyond programming languages Beyond Compilers Beyond OS routines Beyond Micro Architecture

29 How Prevalent is the problem Select 100 COTS/open source applications packages randomly Select 100 COTS/open source applications packages randomly Packages with dead code 79 packages Packages with dead code 79 packages Packages with unwanted code (backdoors, etc.) 23 packages Packages with unwanted code (backdoors, etc.) 23 packages Packages with suspicious behaviors 89 packages Packages with suspicious behaviors 89 packages Packages with possible malicious code 76 packages Packages with possible malicious code 76 packages Known worms, Trojans, rootkits, etc. 21 packages Known worms, Trojans, rootkits, etc. 21 packages Possible worms, Trojans, rootkits, etc. 69 packages Possible worms, Trojans, rootkits, etc. 69 packages Source: Reifer Consultants presentation at Oct 2007 DHS SwA Forum

30 Borland Interbase 4.0, 5.0, 6.0 (2001) Hard-coded username politically with the password correct allowed remote access Hard-coded username politically with the password correct allowed remote access Credentials inserted into the database at startup Credentials inserted into the database at startup Support for user-defined functions equates to administrative access on the server Support for user-defined functions equates to administrative access on the server Undetected for over seven years Undetected for over seven years Opening the source revealed the backdoor Opening the source revealed the backdoor

31 At the end of this presentation M/s. VVV wanted to take Prof. Kamakoti to court for using their name in his story. Prof. Kamakoti says he has indeed wrote on the screen ALL characters and entities used in this presentation are imaginary Where did he? IN HIS VERY FIRST SLIDE

32 WISE GEN and The IT Revolution* Prof. Kamakoti, IIT Madras *All characters and entities in this presentation are imaginary.

33 SLAs and License Terms Key points in SLAs and License Terms are in fine print. Key points in SLAs and License Terms are in fine print. By not reading these in full customers get trapped and could potentially be sued for illegal usage. By not reading these in full customers get trapped and could potentially be sued for illegal usage. I am yet to see an SLA with a penalty clause relating to performance, leave alone security. I am yet to see an SLA with a penalty clause relating to performance, leave alone security. LOOOOOOOOOOOONG WAY to GO…….. LOOOOOOOOOOOONG WAY to GO……..

34 A tough road ahead – In next 10 years either the world would be happy with Computers calling them the eighth wonder of the world OR they curse the CS and EE guys – why the hell you invented one. The former will happen if we could deliver the necessary security, else the latter is inevitable.


Download ppt "WISE GEN and The IT Revolution* Prof. Kamakoti, IIT Madras *All characters and entities in this presentation are imaginary."

Similar presentations


Ads by Google