Friday, 27 March 2015

Update registered manage account in SharePoint

To changed registered manage account password in SharePoint, if it has changed in the active directory.
Cause: I have changed my farm credentials (password) in morning and just tried to create web application. But getting below error:
“The password supplied with the username Domain\username was not correct. Verify that it was entered correctly and try again.”


There are two ways to change farm user Password
Using stsadm command– This updates password forcefully without any validation

For SharePoint 2010
  • Go to command prompt and navigate to bin location of 14 hives 
  • C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN 
  • stsadm -o updatefarmcredentials -userlogin <DomainUserName> -password <NewChangedPassword>
  • It will give you message as “Operation completed successfully.
  • Now reset IIS.
    For SharePoint 2013
  • Go to SharePoint 2013 Management Shall
  • stsadm -o updatefarmcredentials -userlogin <DomainUserName> -password <NewChangedPassword>
  • It will give you message as Operation completed successfully.
  • Now reset IIS.
It’s worked for me.

Using SharePoint Central Admin
  • Browse to your SharePoint Central Administration.
  • Navigate to Security from Quick launch.
  • Click on Configure Managed accounts under General settings as shown below.


  • Click on Register Managed Account to add the Service account which you would Change to.
  • Fill in the service account information in the Register managed Account.

  • If Password is not set base on password policy then gives error.
  • Now it’s time to change the Service account for the Web Application.
  • Navigate back to Security from Quick Launch shown below and click on Configure Service account

  • In the Service Account page, select the Web Application for which you would need to change
  • Select the appropriate service account and hit OK.
  • Now Reset IIS.
Reference and for more details: http://technet.microsoft.com/en-us/library/cc263417(office.12).aspx

About Author:
Sameer Kothari works in Systems Plus and actively contributes to technology. To read more interesting articles from him, please follow:  http://samk2010.blogspot.in/

Security of Point of Sale (POS) Devices

Introduction:
Point of Sale (POS) systems are used to process transactions when a consumer makes a payment in exchange of goods or services from a retailer. POS systems consist of hardware and software. Hardware is used to make the actual payment by swiping a credit or debit card. The software is linked to the hardware and it informs on the action to be taken on the received data.

The hardware mainly consists of Magnetic Strip Reader (MSR) and Personal Identification Number (PIN) pads. Credit / debit cards can be inserted in the POS systems using either MSR or PIN pads. POS systems are available in different types depending on the needs of retailers. The three main types of POS systems available are for desktop, mobile and cloud.

Security Concerns:
POS systems have been the target of the cyber criminals since a long time. There are numerous ways in which the attack can take place. The attackers may transmit malware to steal card information or attach a physical device to collect card data. There are three different areas which must be protected; data in transit; data in memory and data at rest.

Data in transit is the data which is passed through the network connections between different systems which process the data. This data must be encrypted so that attackers are not able to misuse the card information.

Data in memory is the data which is entered into the POS system via some input device. If the attacker has access to the POS system, this data is nearly impossible to protect.

Data at rest is the card information stored in the system at any given point of time. The best way to protect this data is not to store it at all.

The different attacking methods are explained below in brief:

1. Memory Scraping – Memory scraping is a popular and comparatively recent technique in the attacker tracks and targets specific sensitive data.
2. Skimming – In skimming, the attackers replace the POS device with vulnerable device which is then used to capture consumers’ data.
3. Forced Offline Authorization – Using this method, the attacker forces the cashier to locally authenticate payment card information by creating a DOS for the local retail network to go offline. Thus, the card details would be stored offline until the network is brought back online thus giving an opportunity to attackers to steal information.
4. Sniffing – This is a significantly old method in which the attacker sniffs and analyzes the network traffic for any sensitive card information.
5. Input Hooking – In this technique, the information entered by the user is seized at the system or OS level

POS Violation Stages:
Generally, a consistency is observed in POS breaches. The stages are as mentioned below:

1. Infiltration – In this stage, the attackers analyzes the target system and tries to find access. Once he finds the access, he creates a stronger grip of the system.
2. Propagation – Next, the attackers, spreads the malware in the target device.
3. Aggregation – Once the malware attacks the system, it sends the desired information to another single point within the environment for aggregation
4. Exfiltration – The information might also be send to a point outside the environment and then misused

Solution:
1. Strong passwords
Many consumers use default passwords for simplicity at the time of installation. These default passwords are not changed later and hence prove to be a very easy entry point for attackers. It is strongly recommended that users change the default password to something complicated which cannot be easily obtained by attackers.

2. Update Software
POS applications must be updated at a regular basis to protect them from malware attacks. In the busy day-to-day operations, users often neglect the activity of updating applications. Patch management must include the activity of updating the software and must be conducted on a regular basis.

3. Install Anti-virus      
Due to the additional costs of installing an anti-virus, many users would avoid this part and use their POS systems without any anti-virus. Hence, any virus or malware may work in their system undetected. To stay away from all this trouble, anti-virus must be installed and updated on a periodic basis.

4. Use Firewall
POS systems must be protected from external attacks with the use of firewalls.

5. Prohibit Remote Access
With the help of remote access, any user can enter the system without being present physically. Attackers can easily exploit this remote access configuration to POS systems. At all times, remote access to POS systems must be prohibited.

6. Limit Use of Internet
Internet is filled with virus and malwares which can easily enter any systems. Hence, to be on a safer side, internet use must be limited or restricted.

No one can guarantee that a POS system will never be attacked. All the above mentioned points are best practices which make it difficult for the attacker to breach a POS system. However, by following them and keeping one self updated on the issues, users can tremendously reduce the changes of a breach.

About Author:
Kintu Racca is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at kintu.r@spluspl.com

Effective Utilization of Application Support Budget

Application Support and maintenance comprises a major part of an organization’s budget. Also, the requirements of support activities can vary significantly from time to time. Increase in business enhancements can lead to spike in the volume of support requests / queries and incidents. On the contrary, a lull in the requests is often a common scenario which results in a wastage of skilled resources and cost.

Below are some of the challenges faced by support teams:

1. Managing available resources during times of spike is difficult because most of the knowledge gained for support activities besides technical knowledge is through experience which is difficult to pass on during project peaks.
2. Strategic opportunities and projects are mainly the focus of the business, thus placing application support on a lower priority.
3. Many incidents are occurred due to recurring problems which are not being eliminated from the root. This accumulates unnecessary support tickets which can be avoided by performing a root cause analysis of such incidents and coming up with effective solutions.
4. Skilled support staff cannot be easily replaced. And since support projects go on for a long period of time, employees cannot be easily assigned.
5. Most of the knowledge / information remain undocumented. Document received from development team is not updated to reflect changes that happen later.

The above challenges are commonly observed among application support projects. Some of the ways to address these issues are mentioned below:

1. All recurring incidents must be analysed to find the root cause. These incidents must be fixed such that they do not occur again. Thus, the number of tickets will reduce saving time and cost
2. All support incidents must be logged in prioritized based on pre-decided criteria depending on the impact it has to the business. This will help in tracking each request and ensuring that it is resolved within a certain amount of time as defined in the SLA.
3. In order to better utilize the staff during a spike in support activities, all support knowledge must be documented. Documents must be maintained in a common language comprehensible to all and updated from time to time to avoid referring outdated information.
4. The time taken by each request must be tracked in order to generate reports and anticipate future resource demands. This will provide insight on which requests take maximum time and thus take measures to reduce resolution time.
5. In order provide business justification for the support activities and to offer visibility, develop metrics to measure the value of support services and also reward employees. This will help to substantiate the efforts taken and help provide data to clients as and when required.

In the absence of management of support activities, the budget allotted may get utilized in very less time and thus prove a bad decision for the business. It is essential that all support activities are tracked and managed efficiently following the above mentioned steps such that the budget allotted is effectively consumed and also benefiting the business. 

About Author:
Kintu Racca is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at kintu.r@spluspl.com

Sunday, 15 March 2015

Mobile Payments

Any payment carried out using a mobile device is known as mobile payment, also known as mobile wallet or mobile money. Mobile Payment is probably the most upcoming technology and trend amongst corporate and consumers at the moment. The technology to make this possible is only now starting to emerge and used widely. The ease of making payments using your mobile phones instead of cash or cards looks promising and is predicted to grow tremendously. Leading technology companies, telecommunication companies and financial institutions have started to implement mobile payment solutions.

Out of the various different mobile payment techniques, let us look at some of the below methods in detail:
  1. Near Field Communication - Near Field Communication is the technology using which a consumer can make payments using only his mobile phone. Smart phones now days are equipped with NFC chips which enable the communication between the device and the reader if placed within few centimeters from each other. However, in order for this to work, both the devices must be equipped with the NFC chip. When making payments using NFC, the communication involved is mainly one-way in which the terminal subtracts money from the balance available on the card or charges the bank. While most transactions do not require any authentication, some transactions require entering a PIN to authenticate. Taking into consideration the increasing number of credit card breaches, NFC payment provides a much secure method to make payments which would go a long way in the future.                                                                                    
  2. Cloud-based mobile payment - Payment process which allows you to make transactions without the use of hardware Secure Element (SE) is referred to as cloud based mobile payments. PayPal or Google Wallet is a good example for this category. In this payment method, the consumer utilizes the help of a payment provider to make the transaction using a cloud-based link and in the next step, the payment provider charges the consumer’s cloud linked account to recover the amount. This method requires sensitive data to be stored on the consumer’s device and hence is less secured compared to NFC based payments.                                                
  3. Quick Response Codes (QR codes) - QR codes are basically machine readable two-dimensional codes which consist of a matrix of black and white squares. They cannot be read by naked eyes and require smart phones to be read and displayed. There are numerous applications which use QR codes and help consumers to link the app with their bank account and load certain amount of money in the app. Since the QR code generated is unique for each user, the system at the receiver end recognizes the QR code and can conduct the transaction with the help of consumers details stored in the QR code.
Mobile payment technologies bridge the gap between digital and physical world by allowing consumers to pay with their smart phones at the point of sale. The technology required for this is progressing at a remarkable rate and smart phones are soon going to replace cash, credit, and debit cards which are currently used widely to make payments.

About Author:
Kintu Racca is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at kintu.r@spluspl.com

Beyond Use Cases with Storyboarding

What are Storyboards?

Storyboards are pictorial organizers such as a sequence of graphics or pictures exhibited for the purpose of pre-rendering a motion graphic. It is a technique for demonstrating an interaction concerning a person and a product in storyline format, which includes a sequence of sketches, drafts, or images and sometimes words that tell a story.
The Storyboards concept has been borrowed from the motion picture and television industry where a series of significant events are drawn up that summarize the plot in a movie.
They are used to identify the major issues before noteworthy investment is undertaken. In the Software industry they are used for the same intention, wherein they can be used to reconnoiter alternatives or to test the feasibility of a specific approach.
For instance, a number of ‘scenarios’ may be drafted exploring the customer experience for a specific project.
Storyboards are just not related to user interfaces, they can be used to describe a business process which take account of the back office and other forms of interaction with the customer such as mail, email and telephone.


A storyboard is the best technique to share your vision - A visual aid makes it much easier for you to share and explain your vision for your video with others.  
A storyboard saves your time.
In the long run it will save your time, by providing a solid short list that will make the creation process go more smoothly.



How are Storyboards used effectively by the Moviemakers and Business Analysts?

Movie makers basically use storyboards to demonstrate the story in a much realistic manner. They breakdown the story into various scenes and then work on them. It is not necessary to do storyboarding of every scene, at some instances it may not be required. Sometimes movie makers do the storyboarding for a couple of important scenes. 


Significance of using Storyboards:

1.  Helps in identifying the areas where more investigation is desired
2.  Helps to view the bigger complex picture
3.  Helps to communicate the understanding to clients in a much organized way
4.  Simulating functionality without worrying about how to implement it
5.  Provides visual assistance
6.  Is more meaningful than flowcharts and other more technical diagrams for  conveying the user experience.
7.  Is a way to gain early-stage design feedback
8.  Provides a quick way to sketch design ideas
9.  Complements verbal scenarios
10.Provides a way to organize use cases into a coherent description of users' actions

When are Storyboards used?

1. In the Enterprise Analysis Phase, for building the Business Case
2. In Requirements Gathering Phase, in other to generate requirements
3. In the Requirement Elicitation Phase, before the Prototype is created
4. In Designing Phase, the process of crafting a storyboard helps designers to get a better insight of the people for whom they are designing.

How Storyboarding for Software Can Be Better


Using storyboards allows the designers to swiftly augment real-life circumstances that include place, people, and other ambient objects. Since software involves a user interface storyboards allows us to situate these UIs in the real-life contexts in which they’ll be encountered. Storyboarding assists in enforcing a discipline of thinking in terms of experiential flow.

Hopefully now you understand the importance of making a storyboard for a Business Analyst.

So let’s start storyboard-ing!


About the author:
Gurpreet Kaur Gaga is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: gurpreetkaur.gaga@spluspl.com


Wednesday, 4 March 2015

The Business Case: Strategies and Technologies for Stakeholder Involvement

A comprehensive business case is a significant tool in project selection and the assessment of investment prospects. It outlines the benefits of a planned project, the intentions addressed by the project, the different actions or conclusions that would accomplish the business objectives, the risks that may influence the project, and the budget of the project. The Business Analyst is often the lead writer of the business case.
Involvement of Stakeholders for creating a Business use case does not happen by chance. This should be planned very well in advance. Business Analyst should know what he/she needs to communicate, what type of questions and which technologies to be presented to the Business user so as to extract exact requirement from them.




Stakeholder’s needs:
A definite decisions that could affect their lives. An assurance that the stakeholder’s contribution will influence the decision on the project’s development. Business Analyst should seek out and facilitate the involvement of those potentially affected stakeholder for that product in development. Plan and execute the input on how they would be participating in determining what they actually need. Provide appropriate information to them so that they would be able to participate and contribute in a meaningful way. Communicate to them how their input would affect the decision and products development.

Tactics for Stakeholder Involvement should be:

Planned:
Most of the people think “Stakeholder involvement” as “Getting requirements”. But the actual illustration is very much different.
Business Analyst needs to plan the cycle of involvement:
He/she need to provide a Vision and problem definition about the project being developed. An Idea to feature view, where the BA is responsible to explain the stakeholder about the idea that would be a good to have feature for that product. He is also responsible for converting the Feature into requirements by asking correct question to the stakeholders. And then finally develop, idea to feature, feature to requirement and requirement to value.

Measured:
The level of stakeholder engagement is a tangible thing:
Business analyst needs to check, if the Stakeholder are satisfied with the product or feature that is being developed or they have any complaints or feedback, which would help BA’s to take appropriate decision. The Number of Stakeholder involved and how many of them have given their feedback is also important. It is also important for Business analyst to keep a check on stakeholder lifecycle participation, this would help them plan any development in advance.
Of all number of needs identified by stakeholders is the very essential, as it would help in prioritizing different set of features that needs to be developed.

Enabled:
Business Analyst has to embed training into his/her plan. They should keep the stakeholder up-to-date by coming back to “you are here” graphic to envision context and focus on what is actually needed.
Let the stakeholders define their needs or scenarios in their own words, this would help in getting what they need and not what they want from the product. BA’s should explain the stakeholders as what they need to prioritize. Stakeholder should be provided with a tool for project transparency, collaboration, and to see how their participation are translated into action

Technologies used for Stakeholder Involvement:
Technology is the enabler. It has to support the stakeholder involvement process. The end-to-end experience in a technology has to be concrete. Business Analyst should always follow the three most important task to avoid confusion while communicating with the stakeholders.
Contribute:
Make it convenient for the stakeholder to find the information, let them contribute, and track change so that they are aware of any changes upfront and are not intimidated.
Be Informed:
Always make it a point to keep all the information on this project in one place so that when the stakeholder wants to check the information they can easily access there.
Provide Oversight:
The BAPM should take a major initiative to involve stakeholder in the process and do management of the project in one place like assigning tasks, overview and tracking of changes, review and approve issues that is critical and comment or give feedback for the issues that would be important to the stakeholder.

When the BA finalizes a technology approach, he/she should think through the entire end-to-end scenario of what the involved stakeholder needs to experience:
  • See only what relates to that project.
  • Whenever required, the stakeholder can jump into an important feature of what I’m tracking.
  • Add a comment or vote for the issue.
  • See delivery status on something else that’s important to the stakeholder’s need.
  • Get a snapshot of current status which would help the stakeholder to get a view of what is being developed.
  • See the drafted requirements for any critical issue.
  • Check out a project impact and development.

Business Analyst should always remember the Golden Rules for Stakeholder Involvement Technology:
  • Stakeholders have ‘NEEDS’ and they have business scenarios which exist for their business.
  • Never force them to define their own requirements, business analyst should ask right question so as to get desired answers for the feature which needs to be implemented.
  • They don’t like being asked to do a highly complex tasks which would have little or no immediate payback.
  • Never force them to do their own modelling.
  • Stakeholders LIKE to contribute, if it’s easy and productive for them.

Generally, stakeholders often have No context for your content. Business Analyst needs to keep this is mind while communication and always remember to communicate project and personal context in every mail that is being sent to the stakeholder.
‘Involvement’ and ‘pushback’ are often the same thing where people that are passively involved are ‘academically interested’ in what you say and people that are actively involved are ‘operationalizing’ in what you say. You need to make your VALUE in the entire process crystal clear.

About the author:
Varun Shimoga is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, he actively contributes to the areas of Technology and Information Security. He can be contacted at: varun.shimoga@spluspl.com