Upload
tara
View
43
Download
0
Embed Size (px)
DESCRIPTION
Office Automation & Intranets. BUSS 909. Lecture 8 Internet, Intranets and Extranets: Implementation and Management. Notices (1). Students must organise themselves into Teams in readiness for Assignment 3: - PowerPoint PPT Presentation
Citation preview
Clarke, R. J (2000) L909-08: 1
Office Automation & Intranets
BUSS 909
Lecture 8Internet, Intranets and Extranets:
Implementation and Management
Clarke, R. J (2000) L909-08: 2
Notices (1)
Students must organise themselves into Teams in readiness for Assignment 3:Each team must have 5 students, and must
nominate a Team Leader (if necessary a 6th student may be allocated to a group)
Teams should, if possible, belong to the same Tutorial Class
Team membership must be emailed to me prior to Monday 7th September 12:30 (Week 9)
Clarke, R. J (2000) L909-08: 3
Agenda
Web Servers Installation Performance Maintenance Security- Firewalls
Testing Client-side Testing Server-side Testing
Maintenance and Integration Web Site Maintenance Web Applications
Clarke, R. J (2000) L909-08: 4
Web Server Installation
Clarke, R. J (2000) L909-08: 5
Web Server Installationset up of Web Servers may be non-
trivial; the steps are likely to include:installing a pre-compiled server- for
example, HTTP Deamon Server (httpd) from NCSA
compilation of a server- to produce the required binaries
site specific configuration- for httpd you are required to adjust the contents of three files
Clarke, R. J (2000) L909-08: 6
Web Server Installation
Installation of the Server- move the httpd server and its files and directories to the required locations before starting the Web Server
Starting the Server- often can run servers in a prototyping mode for testing (inetd) or in a standalone mode for production
Clarke, R. J (2000) L909-08: 7
Web Server InstallationMapping URLs to Documents- when a URL
does not include a directory path or a filename, the web server: either returns the contents of a file called index.htmlor, the file does not exist and the web server
automatically generates a directory index (similar to ls-1)
Testing the Web Server- exercise the server via a browser, should as a minimum provide an index.html
Clarke, R. J (2000) L909-08: 8
Web Server InstallationSetting Up Home Pages- most often the entry
point to a web server is a home page- home.html. Can have one or many depending on the number of sites being hosted
Delegating Document Tree Management-discussion has assumed that a single user is using
the web serverin reality content maintenance is the responsibility of
an authoring community- rights to subdirectories etc
Clarke, R. J (2000) L909-08: 9
Web Server Installation
Conventions for Public Access- server names should start with wwwuse a CNAME alias record that maps the web
server name to an actual system nameestablish a so called webmaster alias- an email
alias that people can use to send comments, tips on broken pointers etc.
use signatures on the bottom of HTML pages mounted on the web server- often implemented as Server Side Includes (SSIs)
Clarke, R. J (2000) L909-08: 10
Web Server InstallationAnnouncing the Web Server:
there are no formal procedures for thisbut there are well-established normssend announcement message to the mailing list at
[email protected] announcement message to
[email protected] - a CERN moderated list of servers
send an announcement message to [email protected] - an NCSA moderated list
Clarke, R. J (2000) L909-08: 11
Web Server InstallationApache Web Server Successful Installation!
Clarke, R. J (2000) L909-08: 12
Web Server PerformanceSource: Yeager & McGrath (1996)
Clarke, R. J (2000) L909-08: 13
Web Server PerformanceDocument Distribution and Caching
each web server serves only one document tree (see L909-06.PPT)
web servers ‘expose’ a seamless view of information provided by the server, just as a web browser provides a seamless view of information on the web
the information provided by the server may actually be stored and organised in many different ways
Clarke, R. J (2000) L909-08: 14
Web Server PerformanceDocument Distribution and Caching
the web server acts as a translator between a simple logical view of a document tree and the physical view of files stored on the server users do not want to know the complex details of
physical storage but information providers must understand this
web servers can be configured to provide documents from a conceptually simpler ‘logical’ document tree rather than the complex ‘physical’ reality
Clarke, R. J (2000) L909-08: 15
Physical View of the Document Tree Logical View of the Document Tree
Source: Yeager & McGrath 1996, 180
web bin usr groups temp
sculpture
gargoyle-project
metallica-project
root
gryphon
root
gargoyle metallica interactive
graphics music
interactive- project
gryphon
Mapping Logical URL to Physical Disk
/gargoyles /groups/sculpture/gargoyle-project /metallica /groups/sculpture/metallica-project /interactive /groups/music/interactive-project
MAP /gargoyles/* /groups/sculpture/gargoyle-project/*MAP /metallica/* /groups/sculpture/metallica-project/*MAP /interactive/* /groups/music/interactive-project/*
RulesALIAS is the name of the function within the Apache Server that provides mapping.
Clarke, R. J (2000) L909-08: 16
Web Server PerformanceDocument Distribution and Caching
the information service provider may want the physical organisation as it is:large servers may have thousands of
documents to serve- more convenient to break documents into groups to store each separately
no single logical view will service all the needs of different users
Clarke, R. J (2000) L909-08: 17
Web Server PerformanceDocument Distribution and Caching
for high throughput systems it may be necessary to reduce the load on the server- two ways to do this:allocate part of the document tree to
another server
Clarke, R. J (2000) L909-08: 18
Web Server Maintenance
Clarke, R. J (2000) L909-08: 19
Web Server MaintenanceDepending on the type and state of the web
server, it may be necessary to enhance its capabilities by:providing additional MIME types (Multimedia
Extension) if necessaryEnabling Server-side includes- similar to include files
in programming languages- however, they can include not only files but variables
Automatic Directory Indexing- insurance against users pointing to a directory URL rather than a file URL when no index.html exists
Clarke, R. J (2000) L909-08: 20
Web Server Maintenance
Updating HTML Documents- don’t need to reboot the server, just lay the new documents over the existing ones
Managing/Analysing Log Files- on a daily/weekly basis the systems administrator should move or archive the log files to prevent them from growing to big- the process should be automated as part of standard backup procedures
Clarke, R. J (2000) L909-08: 21
Web Server Maintenance
Moving Directory Structures- on occasion parts of the document tree need to be moved in order to cope with disk space constraints or changing system environment
Mirroring Documents and Servers- mirror (duplicate) part of another hosts directory tree in order to speed up your server (fetch slow graphics overnight), or in order to spread your server’s load across another
Clarke, R. J (2000) L909-08: 22
Web Server SecurityReading 24: Lodin & Scuba (1998)
Clarke, R. J (2000) L909-08: 23
Web Server SecurityFirewalls (1)
each company that connects to WWW provides new opportunities for crackers
the general solution to secure internal networks is to construct a guarded gateway called a firewall
Clarke, R. J (2000) L909-08: 24
Web Server SecurityFirewalls (2)
firewalls are the first defense against unwelcome visits to intranets and extranets
firewalls comprise software and or hardware which collectively form a set of mechanisms that enforce secure communications traffic entering or leaving a network domain
Clarke, R. J (2000) L909-08: 25
Web Server SecurityFirewalls (3)
firewalls have several different topologies (as we will show shortly)
in general, firewalls are located between the internal network and the internet
an estimated one third of all Internet connected machines are located behind firewalls (Liu et al 1994, 497)
Clarke, R. J (2000) L909-08: 26
Web Server Security
firewalls prevent unauthorised access between networks
it implies that decisions have been made about what is allowed and disallowed across the firewall
the decisions are based on the security policy for the site
Clarke, R. J (2000) L909-08: 27
Web Server Security
firewalls work by examining the IP packets that travel between the server and the client
this approach enables the control of information flow for each of the possible internet services byIP addressby portin each direction
Clarke, R. J (2000) L909-08: 28
Firewalls- Security (based on Lodin & Schuba 1998, 27)
Firewall
Outside(untrusted)
NetworkLAN
Clarke, R. J (2000) L909-08: 29
Firewalls- Security
attempt to maintain privacy by protecting data that its entering or leaving a domain, by preventingpassive wiretapping- data eavesdroppingactive wiretapping- data change
traffic outside the firewall or internal to the domain is not affected
Clarke, R. J (2000) L909-08: 30
Firewalls- Security
firewalls guard intranets and extranets from an outside and therefore untrusted network
they may also guard against parts of the internal intranet from other parts
Clarke, R. J (2000) L909-08: 31
Firewalls- Security (based on Lodin & Schuba 1998, 27)
LAN BLAN A Firewall
Outside(untrusted)
NetworkFirewall
abc
d d’
e
Firewalls control communication to (a), from (b), or through outside network, although they cannot control messages within the LANs or external connections through the outside network
LAN A and LAN B are parts of one organisations intranet
Clarke, R. J (2000) L909-08: 32
Firewalls- Security
can protect material within the domain- stored data, computational resources, and communication resources
can be guarded against unauthorised access, browsing, leaking, modification, insertion, and deletion- can protect against ‘denial of service type’ hacks
Clarke, R. J (2000) L909-08: 33
Firewalls- Security
firewalls are generally applied to Transmission Control Protocol/Internet Protocol (TCP/IP) communications which are used in public Internet and private Intranets
controversies abound on the need for firewalls- even if they are deficient, they are a focus for computer security policy
Clarke, R. J (2000) L909-08: 34
Firewalls- Security
security mechanisms employed by firewalls correspond to layers in the Open Systems Interconnection (OSI) model
OSI model views data communication in terms of movement through a series of layers (see L909-02.PPT)1 Physical Layer; 2 Data Link Layer; 3 Network
Layer; 4 Transport Layer; 5 Session Layer; 6 Presentation Layer; 7 Application Layer
Clarke, R. J (2000) L909-08: 35
OSI Model
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
Protocols
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
2
1
2
1
33
Front-end processor Cluster Control Unit
P
P
P
P
P
P
P
P
P
AP
SP
SP
SP/P
User Node Host UserIntermediate Nodes
TerminalSoftwareor ROMRoutines
UserActions
Host
ChannelDevices
Front-endProcessor
Front-endor switching Node
Clarke, R. J (2000) L909-08: 36
Firewalls- Security
network address translation uses the network layerLayer 3: Network Layer: causes the
physical layer to transfer the frames from node to node
all seven layers in the model may employ cryptographic mechanisms
Clarke, R. J (2000) L909-08: 37
Firewalls- Security
packet filtering mechanism operates primarily on network and transport layers Layer 4: Transport Layer: enables user
and host nodes to communicate with each other; synchronizes fast- and slow- speed equipment as well as overburdened and idle units
Clarke, R. J (2000) L909-08: 38
Firewalls- Security
can impose overheads especially performance limitations (delays) on the throughput of the intranet
this is becoming less of a concern due to speed improvements with hardware (higher processing speeds) and software optimisations
Clarke, R. J (2000) L909-08: 39
Firewalls- Security
specific operations supported by firewalls include:packet filtering- a router allows/denies the
passage of data after checking its header and contents based on security rules
network address translation (NAT)- hides internal addresses and network topology of the domain from outside users
Clarke, R. J (2000) L909-08: 40
Firewalls- Security
circuit-level forwarding (low-level)- groups packets into connections. Inbound and outbound connections must connect to a proxy process before it can proceed. The proxy makes use of rules to determine whether the connection should be made.
application-level forwarding (higher-level)- firewalls can interpret data in packets in accordance with protocols and security rules
Clarke, R. J (2000) L909-08: 41
Firewalls- Security
crytographic mechanisms- enciphering or deciphering of messages using a secret code. There are many different types of crypographic meachanisms around.
Internet Engineering Task Force for the IP security (IPsec) protocols
Clarke, R. J (2000) L909-08: 42
Web Applications
Clarke, R. J (2000) L909-08: 43
Web Applications
a number of companies are implementing ‘mission-critical’ web based applicationsthese applications generally utilise
databasesattempt at developing closer alliances
with customers, suppliers, partners, and employees
Clarke, R. J (2000) L909-08: 44
Web Applications
sophisticated web applications must support complex Internet/intranet system configurationsystems level hardware/software, and
networking products must work togethersoftware elements: JAVA applets,
Microsoft Active X controls, CGI scripts, SQL code
Clarke, R. J (2000) L909-08: 45
Web ApplicationsSystem Configuration: Logical View
Firewall
Client Workstations with Web Browsers Production
Web Server
Application Server
DatabaseServer
MainframeDatabase
DevelopmentWeb Server
Clarke, R. J (2000) L909-08: 46
Web Applications
In terms of complexity, complex web applications are therefore no different to traditional systems development projects
web-based application components must be thoroughly tested to ensure that they are reliable, defect-free, and meets its original design purposes
Clarke, R. J (2000) L909-08: 47
Web ApplicationsClient-side Components
Standard WindowsGUI Objects
Browser Specific Objects
Procedural Logic (Client or Server)
Special HTMLExtension Objects•tables•frames
NavigationalObjects•text links•image links•image map links
•display text•images•backgrounds•control buttons•edit fields•list boxes•radio buttons•checkboxes•cursor•pull-down menus•dialog boxes•forms
•Java Code•Javascripts•Active X controls•procedural logic coded with various proprietary scripting languages
Multimedia Objects
•audio streams•video streams•VRML plug-ins
NetObjects Support
Clarke, R. J (2000) L909-08: 48
Web ApplicationsServer-side Components
Firewall
Application Server
Mainframe Database
•provides special purpose applications necessary to support a web application•generally invoked by passing a request from a CGI script
•Prevents unauthorised access to Intranet•Implements security policy and ‘stance’ for Web Applications
•Central repository for all data in the organisation•Database Server provides a view on the necessary subsets of this central repository data
Database Server
•provides database access for a web application•implemented using SQL commands•must support the database needs of a large number of potential users
NetObjects Support
Web Server
Production•Serves HTML/XML web pages•runs CGI scripts to provide added functions to web applications
Development•handles an internal representation of pages in a web application
Clarke, R. J (2000) L909-08: 49
Client-side Testing
Clarke, R. J (2000) L909-08: 50
Client-side TestingBrowser & Desktop
Browser compatibility testingapplication operates correctly and
consistently on different types of browsers (see Reading #22, Berghel 1996)
Desktop configuration testingverifies that the client-side operates
consistently on different client desktop machines with different configurations
Clarke, R. J (2000) L909-08: 51
Client-side TestingUsability & Documentation
Usability testinguser-centric design of the user interfacewith multimedia elements, establish that
the user activity matches the users business task flows
Documentation testingverifies the accuracy, relevance, user-
friendliness, and completeness of written user guides and online help
Clarke, R. J (2000) L909-08: 52
Client-side TestingSecurity
Security testingverifies that the web application is
immune from unauthorised access attempts
necessitates the regular determination of the accuracy of the information on the web site
determines that links have not been modified
Clarke, R. J (2000) L909-08: 53
Client-side TestingBrowser & Desktop
Error message testingproper handling of known error
conditions by the web application
Client load testingverifies the scalability of the web
application client-side while under different volumes of data
Clarke, R. J (2000) L909-08: 54
Client-side TestingPortability & Applet Scripting
Cross-platform portabilityverifies that the web application functional
behaviour is consistent across different client platforms (eg. Windows, Mac, UNIX)
Applet/Script Testingverifies applet/script behaviour of JAVA
applets, scripts, plug-ins, or Active X components when downloaded and executed client-side
Clarke, R. J (2000) L909-08: 55
Client-side TestingGUI Testing
GUI Testingverifies the overall functionality of the
Web Application with respect to its Graphical User Interface environment
Clarke, R. J (2000) L909-08: 56
Server-side Testing
Clarke, R. J (2000) L909-08: 57
Server-Side Testing
Web-server Load testingNetwork Load TestingApplication Server TestingDatabase Server Load Testing
Clarke, R. J (2000) L909-08: 58
Web Site MaintenanceLink Verification
Clarke, R. J (2000) L909-08: 59
Web Site MaintenanceLink Types
web sites will have several link typesusing NetObjects naming
conventions, web sites will have:internal links that link pages in your site
to other pages in your site, or external links that link pages in your
site to other web sites
Clarke, R. J (2000) L909-08: 60
Web Site MaintenanceLink Types
it is generally true that the same internal links get used repeatedly, for example links to home pages, and those used in navigation bars
this is not true of external links- may be used only once in the web site
even small web sites can have masses of external links
Clarke, R. J (2000) L909-08: 61
Web Site MaintenanceNeed for Link Verification
the resources referenced by external links can be re/moved from the Internet
this leads to a bad link occurring in your web site over which you have no control
fortunately, there are link verification tools both freeware and commercial which can automatically test links in your web sites
Clarke, R. J (2000) L909-08: 62
Web Site MaintenanceLink Verification Tools
suitable characteristics for link verification tools include:should be able to check weblets (that is parts
of your website), not just the entire web hierarchy
should be able to cope with the situation where a valid URL points to a web site that is temporarily down, unresponsive, or slow
ability to restart if interrupted
Clarke, R. J (2000) L909-08: 63
Further Reading
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 18: Setting Up a Web Server, O’Reilly & Associates, Inc. 299-324
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 20: Web: Gateways and Forms, O’Reilly & Associates, Inc. 357-380
Liu, C.; Peek, J.; Jones, R.; Buus, B. and A. Nye (1994) Managing Internet Information Services Chapter 21: Web: Access Control and Security, O’Reilly & Associates, Inc. 381-390
Berghel, H. (1996) “HTML Compliance and the Return of the Test Pattern” Communications of the ACM February 39 (2) 19-22 (Reading #22)
Clarke, R. J (2000) L909-08: 64
Luotonen, A. (1998) Web Proxy Servers Prentice Hall PTR Web Infrastructure Series NJ: Prentice Hall PTR
Fournier, R. (1999) A Methodology for Client/Server and Web Application Development Yourdon Press Computing Series, NJ: Yourdon Press, Prentice Hall
Lodin, S. W. and C. L. Schuba (1998) “Firewalls fend off invasions from the Net” IEEE Spectrum February 1998, 35 (2), 26- 34 (Reading #24)
Oppliger, R. (1997) “Internet Security: Firewalls and Beyond” Communications of the ACM May 40 (5) 92-102 (Reading #25)
Wood, D. (1998) “The Search for the Searcher: Use second-rate search engine software and your users will avoid your Web site in droves” Systems April 1998, 58-67 (Reading #26)
Clarke, R. J (2000) L909-08: 65
Anonymous (1998) “Serving from the baseline: APC Labs checks out entry-level Web servers from small-to-medium businesses” APC Magazine April 1998, 115-124 (Reading #27)
Schwartz, R. L. (1999) “Programming with Perl: Step-by Step Link Verification” Web Techniques 4 (3) March 1999, 30-34
Yeager, N. J. & R. E. McGrath (1996) Web Server Technology: The Advanced Guide for World Wide Web Information Providers San Francisco, California: Morgan Kaufmann
Holden, G. and M. Keller (1999) Apache Server for Windows: Little Black Book Arizona: Coriolis
Clarke, R. J (2000) L909-08: 66
Links
Web Techniques www.webtechniques.co
NewApps Software Archive http://www.newapps.com/appstopics/Win_95_HTML_and_Link_Verification_Tools.html
Viable Software Alternatives- Alert LinkRunner http://viablesoftware.com/
Tetranet Software- LinkBot Pro http://www.tetranetsoftware.com/products/linkbot.htm
Trellian- SiteMapper http://www.trellian.com/mapper/
Aman Software- CyberSpyder Link Test 2.1.5 http://www.cyberspyder.com/cslnkts1.html
Hausherr, Tilman- Xenu's Link Sleuth http://www.snafu.de/~tilman/xenulink.html
comp.lang.tcl Frequently Asked Questions (1998)
http://www.cis.ohio-state.edu/hypertext/faq/usenet/tcl-faq/part1/faq-doc-2.html
Clarke, R. J (2000) L909-08: 67
Bourne Shell (1994)
http://garfield.ir.ucf.edu/manual/aix/bourne.html
CGI Programming 101 (1997-1998)
http://lightsphere.com/dev/class/
Comprehensive Perl Archive Network (1998)
http://ftp.digital.com/pub/plan/perl/CPAN/CPAN.html
IPSec Online (1998)
http://www.data.com/tutorials/bullet_online.html