This tutorial doesn't include any figures about the process. I expect, that you can survive without.

This tutorial requires that you have permissions for using gksu and sudo (admin or root).

Getting updates using Update Manager

1. Find the ”System” menu. It's next to orange-blue Firefox icon at the upper left corner.
2. Click the ”System” menu.

Menu appears and you will see it.

1. Find the ”Administration” menu and move your cursor on it
2. Find the ”Update Manager” icon. Click it.

You wait a little while, depending the performance of your computer.

• Click ”Check” button in the window you got

You wait a while, when the ”Update Manager” downloads the update list for you. This time depends on the speed of your Internet connection. You have to be connected to the Internet to get updates.

• Click ”Install Updates” to install updates

You wait a while, when the ”Update Manager” downloads all the updates. After that it installs them. It might ask you questions depending the packages your updating. You can watch the indicator and see, how the update process goes. After the update, it will close the installation process window and show the same ”Update Manager” window again. Click ”Close” to close the ”Update Manager”.

Getting updates using APT

This way is not the easiest, but can be fastest when you learn it.

• Find the ”Applications” menu. This menu is the first menu in the upper left corner. Click the menu.

Menu will appear.

• Move your cursor on the ”Accessories” menu

A new menu will appear.

• Click the ”Terminal” icon

Terminal window will be opened. This window can be very dangerous if you don't know what you're using. I'm not responsible if something happens.

• Write ”sudo apt-get update” string to the Terminal and hit enter

Let's analyze this command. The first word called ”sudo” means that you're wanting to run this command as the root (=the admin). It's an acronym from ”superuser do”.

The next word called ”apt-get” means the program that provides an easy command line interface for managing packages.

The last word, ”update” means that you are updating your package list for downloading updates for your system.

• Insert your password and hit enter

Password is required to do different kind of operations as root.

It will start downloading updates. You may see the percentage of the part of the download process done. It might vary during the download process. After it ends and you will see the $ mark at the last row you can continue.

Be sure, you're connected to the Internet. This and the next step requires the Internet connection.

• Write ”sudo apt-get dist-upgrade” and hit enter

This command will download you all these updates. It might ask you to confirm that you want to download these update. Confirmation can be done by hitting the Y-button. After download process it will install these updates. The time it takes depends on the amount of updates, the speed of your Internet connection and the performance of your computer.

It might ask you question and you can navigate in the settings forms using TAB button (next to Caps Lock and Q buttons).

When you see the $ mark at the end of the last line, you may close the Terminal. Update process has been completed.

Honor Systems

Monitoring: Monitor the comings/goings and the time of said comings/goings

Log Books: Here is a very basic simple tool which is easily implemented and simple to administer but unfortunately it has numerous inherent flaws and exploits. For example those with malicious intent can simply ignore the log book and you would have no record of them or their activities.

Punch-Clocks: Here is a system which most people who have worked in a large factory environment will be very familiar with. It is simple and consists of a timing device, a time notification mechanism and a medium; such as punch cards, on which to record the time data.

The worker would take their card from a holder located adjacent to the timer/punch card device, insert it into the timer/punch card device which would place a time signature on the card and when done the worker would put their card back into the card holder.

This system was soon found to have some fatal flaws in that there was no way of identifying the authenticity of the person inserting the card into the punch mechanism. One person could sequentially punch in or out a whole bunch of cards even for persons who were not physically present.

The vindictive could also remove other individual's punch cards and so their record of attendance was lost. Very distressing for a worker to have worked all week and not to get paid because the pay office had no punch card records to work on. The same was true for using this system as a means of identifying comings and goings.

Not to be outdone companies simply required the worker to carry their punch card with them. This did reduce the vindictive down-side some what but it was still open to fraudulent use. One individual could still insert a "friend"s card' for them. Not to be out done the employers now manned their time/punch devices and the officer manning the device retained all punch cards.

Unfortunately; for a small consideration, some punch card operators could be enticed to falsely use their systems and so absent employees were still getting paid. Employers once again responded by introducing measures such as rotating punch card staff. But no matter what they did there were still abuses of the system.

The point of all of this is to show that the honor system has too many fatal flaws to work efficiently and effectively in any situation where large numbers of individuals are involved. It has always been very easy to get lost in a crowd.

Over the years these systems have evolved with the times and today we still use honor systems in one form or another. It is only since the advent of biometrics that most of the abuse of these systems has been effectively curtailed. It is very inconvenient to give somebody your eye-ball to clock into work while you go to the big game.

Human Presence Surveillance

Monitoring - Designed to monitor the comings/goings and the time of said comings/goings

Manned Sign-In/Sign-Out Registers - This system is far more reliable than the honor system above. A log book or register is maintained for signing in and another separate log book/register is maintained for sign-out. Both are manned by different personal who counter-sign every entry to validate authenticity and the accuracy of the time entries.

Identifiers - Proof of identity should always be required even when the person is well known to the security personal. This is to ensure that only those who are meant to be present are in fact the only ones present.

Rosters -It is also common practice for the security personal to have a rooster style checklist detailing those who are to be expected to be coming and going and the times of said comings and goings are also generally included on the checklist as well.

Reliability - Systems such as these do provide a more reliable mechanism for maintaining accurate records of who goes in and out and when. They are also easy to implement, maintain administer and update. Unfortunately this type of system also has inherent flaws and drawbacks. One being the staffing requirements and the costs associated with this.

Flaws - Others being corrupted personal manning the monitoring points, human lackadaisicalness and courtesy - such as making occasional exceptions when known authorised personal have "forgotten" to bring their ID with them today. It may well be that they have lost it or it has been stolen and the speed with which any access privileges are withdrawn from such IDs is of paramount importance.

Video Surveillance

Affordable - I did say that the majority of the mechanisms that will be listed here are affordable and video surveillance even if only in the form of a web camera is definitely well within reach of the average organisation and in deed the average citizen today.

Placement - Video surveillance equipment needs to be thoughtfully and carefully placed to make avoidance, tampering and/or disabling it difficult. The placement of the equipment should also provide a good clear and unobstructed view of persons entering and leaving. The capacity to take still pictures at bottlenecked check points is also an advantage as this ensures that only one person at a time will pass and their photo is taken both solely and collectively if they are coming and going as a group.

Video is not the end all be all and should always be used in conjunction with other mechanisms (logs etc)

Cost - It does help provide 24/7 monitoring at low cost

Triggers - Trigger events can be predefined and the system can automatically notify those designated members of the chain of notification should a trigger event occur along with basic details concerning the nature of the trigger event. Fire would be one such identifiable trigger event.

Email Notifications - The capacity to notify various select personal via email is an option that is gaining rapid adoption in the general community as we are all becoming ever oblivious to the continual presence of video surveillance systems.

Security Updates - Matters concerning the monitoring equipment should be discussed amongst the security team members at regularly irregular weekly team meetings

Recordings - Many video monitoring systems that are used in the public arena are operated by or through the auspices of a statutory body such as the police, or transit authorities. In their case legislation has been enacted that prescribes the manner in which they make video recordings (usually of public places), how they store them, for how long they must be retained and so on.

When it comes to the private arena things become somewhat muddied. We do or will have Privacy Legislation that does at least in part provide guidelines and in the case of the more extensive Privacy Legislations legally binding statutes that dictate; to one degree or another, the manner(s) in which private individuals and organisations should behave in this area.

Remember not all States in Australia have consistent Privacy Laws so you will need to check what is relevant to you. I will be discussing Privacy in another article and will let you know when I have found a home for it.

Part 5 of the IT Security Guide will continue with Part 4 of the Physical Security Guide series and will cover the following topics:

• Physical Location and Placement
• Wiring Closets
• Infrastructure Cabling and Cabling in General
• Mission Critical Systems
• Rack Mounted Systems
• Servers

So until next time enjoy!!!