Internet Systems Development

8/13/2019 Internet Systems Development

1/23

019026

Unit Title: Internet Systems Development Unit Code: ISDLevel: Advanced Diploma in Business Information SystemsLearning Outcome:

1. Candidates will be able to consider the Internet and its associatedtechnologies

Indicative Content:

1.1 Explain what is meant by the term Internet and evaluate the availabletechnologies for accessing it

A set of interconnected networks is called an internet; the worldwidecollection of interconnected networks based on the TCP/IP protocolsis a specific internet called the Internet

Access to it is through Internet Service Providers (ISPs) Available connection technologies include: Digital Subscriber Line

(xDSL); cable networks; wireless links to access points (802.11);Integrated Digital Service Networks (ISDN); analogue telephone links;cellular phone links; satellite phone links. Students should be able tocompare and contrast each technologys advantages anddisadvantages

1.2 Demonstrate an understanding of how the Internet Protocol (IP) providesa best effort service to move packets from source to destination

Internet hosts are identified by a unique IP address, which is a 32-bitbinary number that is normally written in dotted decimal notation IP addresses may be fixed or allocated dynamically using the

Dynamic Host Configuration Protocol (DHCP) IP is a connectionless protocol: messages are broken into packets;

each packet carries a source and destination address and is routedindependently; therefore, they can arrive at their destination in adifferent order from that in which they were originally sent; packetscan be lost/corrupted

1.3 Describe the mechanism that ensures packets are delivered to the

correct application at their destination When a data packet arrives at the Transport Layer, it must be

forwarded to the correct application process; this is achieved byadding the destination port number to which the application process isattached; for example, an HTTP server is attached to port 80.

A source port is also included so that a reply can be sent

Examiners Tips:

Students should be encouraged to use diagrams wherever possible whenexplaining packet-switching networks.


2/23

019026


1. continued Candidates will be able to discuss the Internet and itsassociated technologies

Indicative Content:

1.4 Demonstrate an understanding of how the Transmission ControlProtocol (TCP) provides a reliable service to applications

A reliable service means that all packets reach their destination in thecorrect order and without duplicates

The source TCP entity establishes a connection with the destination

TCP entity It is responsible for: detecting errors or losses and requesting

retransmission; detecting duplicate packets; flow control to minimisecongestion and subsequent packet loss; reordering packets into theiroriginal sequence

Sequence numbers are added to packets so that each one can beidentified

1.5 Demonstrate an understanding of the Domain Name System (DNS)

Internet hosts understand only numerical IP addresses; however, theyare hard for humans to remember and lack flexibility

For example, if a users email address was [email protected] andthe administrator moved the mail server software to a differentmachine that had a different IP address, Jims email address wouldhave to change

ASCII names decouple machine names from their IP addresses; Jimsemail address might become [email protected]; however, amechanism is needed to translate ASCII names to IP addresses

A single file with name-to-IP mappings would be too large and wouldneed to be co-ordinated centrally to avoid name conflicts; this

approach would be unmanageable on the world-wide Internet The solution was to introduce a hierarchical, domain-based naming

system; the name space is divided into a number of top-leveldomains, e.g. com; each of these is subdivided into subdomains andso on

The system is implemented as a distributed database

1.6 Understand the concept of the Universal Resource Locator (URL)

URLs comprise: scheme, server name, path to the file and the fileitself; absolute versus relative URLs


3/23

019026

Examiners Tips:

Students should be encouraged to use diagrams wherever possible; forexample, when explaining the DNS hierarchical structure.


4/23

019026


2. Candidates will be able to discuss and assess the World Wide Web interms of its business benefits

Indicative Content:

2.1 Explain what is meant by the term World Wide Web

It is a model for accessing information across the Internet using theHyperText Transfer Protocol (HTTP); documents (web pages) arelinked together with hyperlinks and web browsers are used to displaythose documents

2.2 Describe the role and functions of the HyperText Transfer Protocol

HTTP is based on the client-server model When a user clicks on a hyperlink, a request is sent to a web server;

the server returns the document and the browser displays it Pages are named using a Uniform Resource Locator (URL ) HTTP is stateless; a browser sends a request to a server and

receives a page; the server does not remember the request Cookies can be used to identify previous requests

2.3 Explain what is meant by the terms Intranet and Extranet

An intranet is a private network, internal to an organisation, that isused to share information; it is based on Internet technology;unauthorised access is prevented by a firewall (see 8.2)

An extranet is an extension of an intranet, via the publiccommunications system, so that some of an organisations privateinformation can be shared with suppliers etc.; secure access impliesauthentication, encryption (Virtual Private Network) and strict accessprivileges

2.4 Discuss the business benefits that Intranets and Extranets can provide

The main intranet benefits are: better internal communications inthat information can be stored centrally; sharing of resources and bestpractice; fast access to accurate and consistent information meansimproved customer service; reduced paperwork

The main extranet benefits are: it enables a company to communicateand collaborate more effectively with business partners, suppliers andcustomers


5/23


6/23

019026


3. Candidates will be able to assess the concepts and practice of othermajor Internet applications protocols

Indicative Content:

3.1 Identify and explain the purpose of the electronic mail applicationprotocols

Email systems comprise: user agents, which enable people to sendand read email messages in RFC 822 format, and message transferagents, whose job is to move messages from source to destination

Messages are sent by user agents to message transfer agents via theSimple Mail Transfer Protocol (SMTP); message transfer agentsexchange mail with other message transfer agents or arrange for finaldelivery to mailboxes

User agents retrieve messages from mailboxes using the Post OfficeProtocol v 3 (POP3); it is assumed that the messages will be deletedfrom the server after downloading

Users who have a single account, e.g. at work, but wish to accessmessages from home and work could end up with messages onvarious machines; an alternative final delivery protocol, InternetMessage Access Protocol (IMAP) assumes that messages stay onthe server indefinitely; it accepts outgoing mail

Webmail is implemented by normal message transfer agents thatpresent the browser with a login form; on successful login, the serverbuilds a listing of the mailboxs contents and presents it formatted asa normal web page

Early email messages were English ASCII text; nowadays, messagesmay, for example, be in non-Latin alphabets; they may also containbinary data (images) etc. Multipurpose Internet Mail Extensions(MIME) define encoding rules for non-ASCII content whilst continuingto use the RFC 822 format

3.2 Discuss the File Transfer Protocol (FTP)

FTP is used to up/download text and binary files to/from an FTPserver; it is a robust and efficient protocol, which makes it particularlysuitable for handling large files

FTP servers may allow anonymous access or require a user to login;however, usernames and passwords are not encrypted

3.3 Discuss the remote login application protocol (TELNET)

It is a client-server protocol that allows users to perform remotelogins, to machines running Telnet Server Software, and execute


7/23

019026

commands; by default, it does not encrypt passwords and data;therefore, it is insecure

Examiners Tips:

Students may get a better feel for SMTP/POP3 if they telnet into a mail serverand login manually, e.g. TELNET pop3.tiscali.co.uk 110


8/23

019026


4. Candidates will be able to develop web pages using the HyperTextMarkup Language (HTML) and Cascading Style Sheets (CSS)

Indicative Content:

4.1 Describe the main characteristics of the HyperText Markup Language(HTML), XHTML and XML

Concept of a markup language and formatting; predefined tags;concept of a hyperlink; HTML/XHTML standards and equivalence

XML is a specification for creating custom markup languages; no

predefined tags; concerned with structuring and transporting data;users define their own tags

4.2 Create reliable, static web pages using HTML

Web page building blocks: elements, attributes and values; block-level versus in-line elements; parent and child elements; content: text,links, images

Basic document structure: head: Doctypes; document encoding; title;body: headers; paragraphs; spans; line breaks; horizontal rules;attributes: id; class

Minimally, candidates will be expected to be familiar with thefollowing: links: to another web page; to a specific anchor; to URLs;using images to label links; client-side image maps and their shapes:rectangle; circle; polygon; lists: ordered; unordered; nested; tables:rows; cells; setting width using pixels or %; spanning cells acrosscolumns; spanning cells across rows

4.3 Select the most appropriate image type for a given application

Image formats: GIF; JPEG; PNG; advantages and disadvantages of

each format; when to use each format; alternative text; thumbnails

Examiners Tips:

The recommended text book HTML, XHTML and CSS by ElizabethCastro, publisher Peachpit Press, ISBN 0-321-43084-0 gives acomprehensive introduction to the concepts involved in producing reliableweb pages. Chapter 1 gives examples of absolute and relative URLs.Students should pay particular attention to chapter 16, which gives adetailed explanation of how tables should be constructed.

The following site contains numerous HTML tutorials and an interactiveeditor: http://www.w3schools.com


9/23

019026


4. continued Candidates will be able to develop web pages using HTMLand CSS

Indicative Content:

4.4 Create forms to collect user data for submission to a web-server

Forms comprise three distinct parts: the form tag, which containsthe processing scripts URL, and the submission methods getor post; the Forms elements: Text Boxes; Password Boxes;Labels; Radio Buttons: grouping menu options and default

selection; Checkboxes and default selection(s); hidden fields:when to use; the submit and reset buttons; including an imagefile

4.5 Use CSS to format and structure web pages

Style Sheet Building Blocks: selector: identifies the elements that areto be formatted; declaration: comprises one or more property/valuepairs; these define the formatting that is to be applied to the selectedelement; colours: predefined colours; specifying colours using RGBvalues in hexadecimal format

Where to locate Styles: external Style Sheets: write desired rulesand save as a text file with a CSS extension; link with an entry in thehtml pages head; internal Style Sheets: desired rules writtenwithin the style tag that is located in the html pages head section;local Styles: use style=rule within the tag to be formatted, where rule is the appropriate style rule; precedence: candidates will be expectedto demonstrate an understanding of the importance of location, i.e.style rules applied to html elements override those defined in a localstyle sheet, which in turn override those defined in an external stylesheet

Elements: minimally, candidates will be expected to be familiar withthe following: font family, size, colour, background colour, horizontalalignment, style and weight properties; setting link elementsaccording to their state. Beware of using px to set a fixed font size(see 7.3)

Structuring Pages: divide pages into logical elements with div ; thebox model: content, padding, border and margin; block-level and in-line boxes; relative and absolute positioning of elements; floatingelements


10/23

019026

Examiners Tips:

Chapter 10 of the recommended text book HTML, XHTML and CSS byElizabeth Castro, publisher Peachpit Press, ISBN 0-321-43084-0 showshow to perform basic formatting using styles, whereas Chapter 11concentrates on how to structure a web page using styles.

The World Wide Web Consortiums web site, http://www.w3.org, containsnumerous tutorials and other resources to help students.


11/23


12/23

019026

To be able to reference an object usingdocument.getElementById("string") , the object must be given a unique IDe.g.: That image can be referenced as follows:document.getElementById("firstImage").src=newImage1.src

Static web pages display elements in the order in which they were coded;using the DOM, it is possible to move elements while leaving theremainder to be displayed in the order in which they were coded.


13/23

019026


5. continued Candidates will be able to develop interactive web pagesusing client-side scripting

Indicative Content:

5.3 Construct functions to manipulate pre-loaded images

An HTML tag causes the browser to send an HTTP request forthe referenced image

The image can be changed when the mouse cursor is placed over theoriginal image (in response to the MouseOver event); however, the

first time this occurs there could be a noticeable delay as the newimage is fetched from the server The way to avoid the delay is to pre-load the new image into the local

cache; this can be achieved by instantiating a JavaScript Image object and assigning it the URL of the required image in the section

By embedding an tag inside an tag, appropriate JavaScriptfunctions (event handlers) can be called in response to MouseOver and MouseOut events; the event handlers are called by including theirrespective event-handling attributes, onMouseOver and onMouseOut ,in the HTML tag; the event-handling attributes value is the functionsname

5.4 Construct functions to validate forms

JavaScript can save bandwidth by validating user input before a formis submitted to the server

An event-handling function is called in response to the submit event(i.e. when the form is submitted)

Examiners Tips:

This w3schools link gives example code showing how to change images:http://www.w3schools.com/js/js_animation.asp

This example code shows how to instantiate a new Image object in the section:nextImage = new Image()//use the constructor to create the new imagenextImage.src = "skyBlue.jpg"// assign it a URL

Although the document.getElementById("string") method is the official wayto reference objects, it may be more convenient to cycle through an array

of radio buttons to check if any have been checked, e.g.


14/23

019026

for (var i=0;i


15/23

019026


6. Candidates will be able to critically compare the technologies associatedwith web servers

Indicative Content:

6.1 Discuss the Common Gateway Interface (CGI) Standard

When a user submits a form, its contents are sent to the web serverfor processing; the result is that a new web page is createddynamically, based on the users data

CGI is a protocol for interfacing external programs to, usually, a web

server; the server reacts to a client request by calling a CGI program,passing user data to it and returning the programs output, an HTMLpage, to the client browser; the CGI program may itself interface to adatabase server (3-tier architecture). CGI programs can be written inany programming language and normally reside in the cgi-bin directory

CGI is considered to be inefficient because each request creates anew process. The FastCGI interface uses a single process to handlemultiple requests; therefore, it is more efficient than CGI

6.2 Discuss alternative approaches to creating dynamic web pages

Server-side scripting refers to scripts that are embedded inside webpages; an interpreter built into the web server software executesthese scripts (e.g. Apache is distributed with a PHP module calledmod_php ); this is more efficient because there is no need to create anew process

PHP is a powerful, open source scripting language; it is particularlygood at handling forms; it supports many database managementsystems

Active Server Pages (ASP) is a proprietary server-side scriptingengine designed to interface with Microsofts Internet InformationServer (IIS); most pages are written in VB Script; however, otherscripting languages can be used; database access is achieved viaproprietary ActiveX Data Objects (ADO)

Java Server Pages (JSP) technology is similar to ASP; however, it isdesigned to be independent of platform and server. JSPs arecompiled into java servlets and executed by the java virtual machine.The JDBC API is a standard SQL database access interface

Most web servers include proprietary application programminginterfaces (API); these allow the creation of web applications,including database access, which are tightly integrated with the server

and therefore run efficiently


16/23

019026

Examiners Tips:

Students should be made aware that CGI programs are run by the servermachines operating system as opposed to being under the control of theweb server program.

Whatever technology is used to access a relational database, an SQLstatement will be sent to the database server. Students should beencouraged to use diagrams when explaining such a mechanism.


17/23

019026


6. continued Candidates will be able to critically compare the technologiesassociated with web servers

Indicative Content:

6.3 Compare and contrast the relative merits of JSP and ASP in developingweb applications

JSP applications are independent of the platform and server; it is amature technology with a large development community

ASP is restricted to a Microsoft platform and server; earlier versions

had some speed advantages over JSP; however, with the advent of.NET, any performance advantage is no longer so clear-cut

6.4 Identify issues of significance in selecting appropriate hosting anddevelopment strategies

Essential criteria for selecting a co-hosting web service or fordeveloping a dedicated hosting environment, e.g. in-house expertise,cost, server capacity and storage, available bandwidth and allocation,security, file type and size limitations, FTP access, 24x7 operationand support, remote support, reliability and speed of access, back-ups etc.

6.5 Describe the concept of a Java applet and understand how they areused within a web application

An applet is a program that executes within the context of anotherprogram

Java applets are downloaded and normally run within a browserscontext and extend its functionality; they are written in the Javalanguage and compiled to an intermediate code called bytecode; the

Java Virtual Machine executes this code; any platform with a JavaVirtual Machine can execute Java applets Applets have restricted security permissions and cannot access the

local file system; this approach is known as sandboxing Applets are used to provide enhanced interactivity

Examiners Tips:

Good examples of Java applets can be found on financial web sites such ashttp://www.iii.co.uk; they are used to display share price information incomplex, interactive graphical formats that can be selected by the user.


18/23


19/23

019026


8. Candidates will be able to make judgements on the security threatsassociated with the Internet and evaluate techniques designed tominimise them

Indicative Content:

8.1 Discuss the methods used to steal or compromise private data and thedamage that may result

If an unauthorised person reads data, the result is a loss ofconfidentiality. If it is altered, either maliciously or unintentionally, it

suffers a loss of integrity. If it is lost or cannot be accessed by anauthorised person due to a denial-of-service attack, it suffers a loss ofavailability (see also 8.4)

An intruder (hacker) exploits weaknesses in computer operatingsystems and application software in order to gain unauthorisedaccess to a machine in order to steal, destroy or alter private data orto take over the machine for, say, denial-of-service attacks

Malicious code, which is also designed to compromise or delete data,can be introduced into computer systems; such code includes:spyware, viruses, worms, trojan horses and rootkits

8.2 Discuss firewall technologies

Firewalls comprise hardware and software components that restrictaccess to/from the Internet and a protected network according to asites security policy. At its simplest, it may comprise a single, packet-filtering router or dual-homed host; however, more complexarchitectures may include proxy servers running on bastion hosts. Alltraffic passes through the firewall; therefore, it can log Internet activityeffectively

Firewalls cannot guard against the following: rogue insiders andinfected floppies or CDs; users who implement insecure pathsthrough and around them, e.g. via a dial-up connection; services thatare intentionally allowed through (e.g. email) may contain viruses andweb-server worms; however, a firewall may be able to limit thedamage caused by a virus or worm by minimising propagation;firewalls are a single point of failure

Examiners Tips:

Chapter 6 of the text book Building Internet Firewalls (2nd edition) byElizabeth D Zwicky, Simon Cooper and D Brent Chapman, OReilly, ISBN

1-56592-871-7 contains a set of diagrams that clearly describe possiblefirewall architectures.


20/23

019026

Although a little dated, the following article provides a concise descriptionof internet security threats: http://www.cert.org/encyc_article/tocencyc.html


21/23

019026


8. continued Candidates will be able to make judgements on the securitythreats associated with the Internet and evaluate techniques designed tominimise them

Indicative Content:

8.3 Compare and contrast symmetric and asymmetric encryptiontechniques

Symmetric cryptography uses a single, private key to encrypt plain-text; the same key is required to decrypt the resulting cipher-text;

distributing the shared secret key is problematic because it mustremain confidential to the two parties Asymmetric cryptography (Public-key) uses a pair of related keys:

a private key, which is confidential to a particular party, and a publickey

Plain-text that has been encrypted with a public key can only bedecrypted with the related private key; similarly, plain-text that hasbeen encrypted with a private key can only be decrypted with therelated public key

Asymmetric cryptography has a much greater computationaloverhead than symmetric cryptography; therefore, the former is oftenused to distribute session keys, e.g. when using Transport LayerSecurity (Secure Sockets Layer or https)

8.4 Explain how encryption techniques can be used to provide dataconfidentiality, authentication and non-repudiation

Data confidentiality: if a sender encrypts a message with the intendedrecipients public key, only the intended recipient can decrypt it usingthe related private key

Authentication: a hash function takes a variable length message andreturns a fixed length hash code (digest); the digest is then encryptedusing the senders private key; if the message is altered, the digestchanges. The recipient decrypts the digest with the senders publickey and compares it with one that he has calculated from themessage; if they are identical, the message has not been altered.The message has also been digitally signed because only the sendercould have generated the encrypted digest; this enforces non-repudiation

A Digital Certificate, issued by a trusted 3rd party, is required toauthenticate the sender, i.e. they are who they claim to be


22/23

019026

Examiners Tips:

The following sites contain links concerning cryptography and generalsecurity: http://williamstallings.com/Crypto/Crypto4e.html; http://www.us-cert.gov/cas/tips/


23/23


8. continued Candidates will be able to make judgements on the securitythreats associated with the Internet and evaluate techniques designed tominimise them

Indicative Content:

8.5 Describe a strong authentication protocol and the context in which thisshould be used

An authentication factor is a piece of information or an action that canbe used to verify a persons identity

The use of two different types of factor is called two-factorauthentication or strong authentication Human factors can be classified as something which the person:

possesses, e.g. an ID card or security token knows, e.g. a password or PIN has or does, e.g. fingerprint or signature

Can be used to provide stronger assurance that financial transactionsare performed by known parties than can be achieved byusername/password

Examiners Tips:

The following sites contain links concerning cryptography and generalsecurity: http://williamstallings.com/Crypto/Crypto4e.html; http://www.us-cert.gov/cas/tips/

Documents

Internet Systems Development