Presentation is loading. Please wait.

Presentation is loading. Please wait.

LO2 - Factors that influence website performance

Similar presentations


Presentation on theme: "LO2 - Factors that influence website performance"— Presentation transcript:

1 LO2 - Factors that influence website performance

2 Assessment Criteria Learning Outcome The learner will: Pass
The assessment criteria are the pass requirements for this unit The Learner can: Merit To achieve a merit the evidence must show that, in addition to the pass criteria, the learner is able to: Distinction To achieve a distinction the evidence must show that, in addition to the pass and merit criteria, the learner is able to: 1 Understand web architecture and components P1 Outline the web architecture and components which enable internet and web functionality 2 Understand the factors that influence website performance P2 Explain the user side and server side factors that influence the performance of a website P3 Explain the security risks and protection mechanisms involved in website performance M1 Compare and contrast current interactive websites for performance and security D1 Discuss the impact that cases of website security breaches have had on society 3 Be able to design websites P4 Using appropriate design tools, design an interactive website to meet a client need M2 Produce annotated design documentation for an interactive website to meet a client need 4 Be able to create websites P5 Create an interactive website to meet a client need M3 Implement CSS in an interactive website to improve the site to meet a client’s needs D2 Carry out acceptance testing with client on an interactive website

3 LO2 Understand the factors that influence website performance
Tutor led discussions and group based exercises can be used to teach the influences of website performance, researching both strengths and weaknesses for each of the user and server side factors. Learners should look at the security risks websites have to be concerned with including hacking, viruses and identify theft. Learners should be encouraged to research examples in the media for these. They should discuss how these cases and the actions have impacted on society. This should be followed by research into the security mechanisms that can be used to help protect websites such as firewalls, secure socket layers (SSL), using strong passwords and following appropriate legal considerations such as the Data Protection Act. Learners should be encouraged either individually or as a group to consider and evaluate existing websites as examples while discussing performance (user side and server side factors) and security measures that websites have used.

4 LO2 Understand the factors that influence website performance
Assessment criterion P2 should consider the server side and user side factors listed in the teaching content. It should explain how these factors can benefit and hinder website performance for a user and the business. This could be an extension of P1 or a separate report. Assessment criterion P3 may be presented as a further continuation of the report for P1 explaining the security risks and protection mechanisms involved in website performance. For merit criterion M1, Learners must review two examples of each category of website (e-commerce, promotional, educational) and compare and contrast what they believe the client and user needs are, what multimedia / interactive / accessibility / security features have been included and why. They should also consider the user and server side factors and how much they affect the website’s performance. Learners should also include any identified improvements for this site and identify innovative content used. For distinction criterion D1 learners must research the impact that cases of website security breaches have had on society. Five cases should be discussed from the three categories, discussing the threat, the impact on society and how the threat was resolved.

5 LO2 Understand the factors that influence website performance – User Side
In the production, uploading and side management of any website, internally and externally managed there are consideration that need to be looked at by any business from the amount of space and hosts they use to the amount of traffic they can handle on a daily business basis. This is called User side and server side management. User side is the considerations that the company can manage on their own, server side is what hosts and network stores can manage. Connection Speed (e.g. dial-up, broadband, mobile broadband, WI-FI) Dial up is dying but there is still 3% of the population that is still managing a slower connection. Slower connections means pages do not load, users get impatient and go elsewhere, video files will far too long to load, streaming buffers to the point of being unwatchable. Similar with mobile broadband when it loses signal can cause data transfers to crash or a delay in reconnection, Wi-Fi can be restricted in public places so linked sites can come up as web filtered. Tis can have an impact on what the user places on their site, causes them to reconsider content, possibly creating a secondary site to accommodate these customers.

6 LO2 Understand the factors that influence website performance – User Side
Browser (e.g. latest, and older versions) – this can have an impact in two ways, it can either stop a user from seeing or using the site or force them to download constant updates that will limit their internet usage. Particular issues involve looking at PDF’s, playing video content, using shockwave and flash based content on a html site. Html itself has not changed in years, it has merely added new sections like sHtml and dHtml to force more dynamic inclusion with java script into the content. The problem with this is not all Web Browsers have action scripts, java or ActiveX turned on or activated. This can cause incompatibilities, forced pop-ups, excluded content and irritation for the user. PC Memory (e.g. cache, RAM) – this can be an issue if the website has large files such as videos, to avoid streaming websites convert them into FLV’s which are smaller but the quality is reduced. Companies like IMDB put large file formats that are memory hungry, YouTube is smaller files but manage streaming better by having more capable servers. Companies know this and choose file format and type to anticipate RAM issues. Again, not managing customer needs means disenfranchised customer base. P2.1 – Task 1 - Explain how User Side factors can benefit and hinder website performance for user customer base and business functions. Connection Speed Browser PC Memory

7 LO2 Understand the factors that influence website performance – Server Side
Server side issues are easier to deal with, usually by throwing more money at the issue. Machines can be upgraded, server made faster, connections improved etc. Server storage space - Standard page content only websites can take up to 10mb of storage space, add in video content is low resolution and each video can add 5mb of space, higher quality videos can add up to 35mb each or more, depending on length, quality etc. Games use 30mb of space each, higher quality images can add 1mb for three images each. Whereas music download sites store mp3’s averaging 3mb each per song. Storage tends not to restrict sites unless they are hosted with a hosting limit size. Bandwidth limitations – Linked to the above, the bandwidth processing of information is important if there is a lot of outgoing traffic. Bandwidth is like the width of the road, traffic can flow as fast but allow more users to download and watch at that speed. Unlike speed bandwidth is good for companies that have a lot of users looking at the same file at the same time like film releases, new music downloads, app sites etc. whereas sites with a consistent flow of traffic around the board do not require a wide bandwidth but faster traffic flow.

8 Bandwidth limitations Pages with too many scripts
LO2 Understand the factors that influence website performance – Server Side Pages with too many scripts - while it might seem good at the time to make the page more interactive and interesting, making a page too busy with too many scripts like rollovers, hotspots, flash, activeX, java enabling and general content will make the page too complex for the average user. Scripts tend to get added before the header information in a table for them to take affect, more than one piece of Javascript can affect how the other parts work, more importantly scripts make the coding more complicated, meaning those who created the pages need to be around to manage the pages. Website content (e.g. databases, file formats used for images, sound, video, animation, additional technologies such as AJAX, ActiveX). In theory a web page should manage all the actions of a user, from logins and database management to the checkout process. Adding in additional content such as AJAX on top of image and video management has become an expectation. Gone are the days when a website was just pictures and text. There are a lot of assumptions, internal videos are FLV, external ones are MP4, images are jpeg unless animated etc. All these additional assumptions drive compatibility but also add complexity when it is assumed that all Browsers will manage these functions. P2.2 – Task 2 - Explain how Server Side factors can benefit and hinder website performance for user customer base and business functions. Bandwidth limitations Server storage space Pages with too many scripts Website content

9 LO2 Understand the factors that influence website performance – Security Risks - Hacking
Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. People who engage in computer hacking activities are often called hackers. Since the word “hack” has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills. Computer hacking is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an “art” form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, computer hacking is a real life application of their problem-solving skills. It’s a chance to demonstrate their abilities, not an opportunity to harm others. Since a large number of hackers are self-taught prodigies, some corporations actually employ computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the company’s security system so that they can be repaired quickly. In many cases, this type of computer hacking helps prevent identity theft and other serious computer-related crimes. Computer hacking can also lead to other constructive technological developments, since many of the skills developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a huge impact on the development of Linux, a free UNIX-like operating system. Shawn Fanning, the creator of Napster, is another hacker well known for his accomplishments outside of computer hacking.

10 LO2 Understand the factors that influence website performance – Security Risks - Hacking
Hacking has many negative effects; Personal information may be leaked, Intellectual Property could be stolen, and lives can be ruined. There is no effective way to eliminate cracking. Any security measure put out will be circumvented sooner or later (as an example, see the iPhone 3G unlock). So the only way to keep unwanted criminals out is to keep your software up-to-date and protected from the outside world, i.e. firewalls. Cracking isn't always bad. Some people crack software or security in order to learn how to prevent it. There is a difference between good and bad though; White hat hackers vs. Black hat hackers. Hacking can take many forms and the infiltration level can vary from curiosity to espionage. Levels of hacking are usually only detected after the fact. Setting systems on Subnet masks is useful but not foolproof, firewalls involve degrees of encrypted security from 8bit to 64bit but can still be accessed. We all know the story of the Norad hack from the movie War Games but how close to the truth is hacking. Governments have set up agencies like CIPAV or US-CERT to determine hacking and security threats to governmental systems but businesses are less prepared. For information look at: For a detailed explanation see:

11 LO2 Understand the factors that influence website performance – Security Risks - Hacking
Most networks today are built on what is called the eggshell principle: hard on the outside and soft on the inside. This means that if an attacker can gain a foothold onto the network, the rest of the network will usually fall like dominoes. Once inside, the most difficult part is often to figure out what to attack next and where to go for the really juicy bits of information. It does not have to be this way. With the proper techniques, we as network administrators can achieve two crucial objectives: to make it much more difficult to gain a foothold in the first place and to make it much more difficult to use that foothold to get anywhere else on the network.

12

13 LO2 Understand the factors that influence website performance – Security Risks - Viruses
Europe has Entered a ‘Cyber Cold War’ (Source: NATO, FBI, McAfee & Serious Organized Crime Agency) China Most Actively Spying, but with 120 Other Countries ! NATO Said that All 26 of its Member Countries Have Been Targeted by Cyber-Attacks (e.g.: Estonia) Georgia’s Government Websites Fall Victim to Cyber-Attacks (DDoS & Defacements) … “Too Sophisticated for Amateurs !” Tibetan Government Web Site Injected with Malicious Source-Code Palin’s Yahoo Account Hacked in Less then 45 Minutes Using Password Reset Functionality Web Defacers Hacked into CERN Website of the LHC (Large Hadron Collider) UK Minister Confirms Cyber-Terrorists Attempting to Take Out the National Grid (Aug ’08)

14 LO2 Understand the factors that influence website performance – Security Risks - Viruses
Viruses have been the bane of IT and companies since networks were introduced into companies for business transactions. Remember that all computer viruses have been created by someone for a purpose, whether it is to annoy, destroy, deliberately bring down a company or website. computer virus n. A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory. All viruses are different so they all act in a different way and have a different purpose. On Symantec the threats are defined daily according to the possibility of risk and the exploit a virus takes advantage on in its attack such as:

15 LO2 Understand the factors that influence website performance – Security Risks - Phishing
Phishing is an fraud method in which the perpetrator sends out legitimate-looking in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. Phishers use a number of different social engineering and spoofing ploys to try to trick their victims. In one typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from AOL that said there had been a billing problem with recipients' AOL accounts. The perpetrator's used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was then used for identity theft. The Trojan infects and then waits for the victim to visit his or her bank Information is gathered by injecting additional fields into the genuine bank web page as it loads in the browser. No fake web sites are used The SSL connection between client and bank is valid (padlock is shown and certificate chain is OK) Classical Anti virus software did not detect this threat

16 LO2 Understand the factors that influence website performance – Security Risk – Identity Theft
Identity Theft - In today’s society, people have a more common way to buy and shop. People use credit cards instead of cash. They purchase goods and services online instead of at a store. Instead of going to the bank people have online bank accounts. This is called the plastic era or the wireless generation. We have the convenience and opportunity to purchase goods from around the world; to pay our bills at two o'clock in the morning; or to check our bank statement from home. Technology has brought about tremendous advances but technology has also advanced the common criminal, giving birth to a new breed of criminal. This type of criminal steals someone's identity in order to commit fraudulent acts through Phishing, bin rummaging, telephone scams and hacking. Thieves are on the look out for our personal information so they can obtain credit cards, bank loans, utility services, wireless phone service and more by using our identity. Victims of identity theft suffer from damaged credit reports, drained bank accounts and even a criminal record. Some identity thieves will give your personal information when they are arrested. This causes embarrassment to you as it creates a criminal record. Often, victims of identity theft do not find out they have been victimised until they receive their bank statement or credit card statement in the post or when they are turned down for a loan or flat rental.

17 LO2 Understand the factors that influence website performance – Security Risks - PiggyBacking
Over half of UK internet users have admitted using other people's Wi-Fi networks to piggyback onto the internet. It is estimated that 54 per cent of respondents had used someone else's wireless internet access without permission. Many internet-enabled homes fail properly to secure their wireless connection with passwords and encryption, allowing passers-by and neighbours to 'steal' their internet access. Although most businesses have security measures in place to protect their Wi-Fi networks, the protections a lot of companies take is too light to stop a determined piggy-backer. Piggy backing occurs when a user with a laptop or Wi-Fi connection connects to an unprotected network server. Routers can be protected by a WEP key or WPA protection through 16 or 32 bit encryption and network protocols. But a lot of modems made by the same company have the same initial password to connect to the routers administrative functions or have no WEP or WPA protection set, allowing a user to connect and download without restrictions in the same way a user could user an unprotected Wi-Fi hotspot. The worst case scenario is an external user connecting not just to the internet through the Wi-Fi but to the network, allowing a user access and control over stored files leading to deletion, corruption and industrial espionage.

18 LO2 Understand the factors that influence website performance – Security Risks – DOS Attack
Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic types of attack: consumption of scarce, limited, or non-renewable resources destruction or alteration of configuration information physical destruction or alteration of network components Consumption of Scarce Resources Computers and networks need certain things to operate: network bandwidth, memory and disk space, CPU time, data structures, access to other computers and networks, and certain environmental resources such as power, cool air, or even water. Network Connectivity Denial-of-service attacks are most frequently executed against network connectivity. The goal is to prevent hosts or networks from communicating on the network. An example of this type of attack is the "SYN flood" attack described in In this type of attack, the attacker begins the process of establishing a connection to the victim machine, but does it in such a way as to prevent the ultimate completion of the connection. In the meantime, the victim machine has reserved one of a limited number of data structures required to complete the impending connection. The result is that legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections. You should note that this type of attack does not depend on the attacker being able to consume your network bandwidth. In this case, the intruder is consuming kernel data structures involved in establishing a network connection. The implication is that an intruder can execute this attack from a dial-up connection against a machine on a very fast network. (This is a good example of an asymmetric attack.)

19 LO2 Understand the factors that influence website performance – Security Risks – DOS Attack
Using Your Own Resources Against You An intruder can also use your own resources against you in unexpected ways. One example is described in In this attack, the intruder uses forged UDP packets to connect the echo service on one machine to the charged service on another machine. The result is that the two services consume all available network bandwidth between them. Thus, the network connectivity for all machines on the same networks as either of the targeted machines may be affected.

20 LO2 Understand the factors that influence website performance – Security Risks – DOS Attack
Bandwidth Consumption An intruder may also be able to consume all the available bandwidth on your network by generating a large number of packets directed to your network. Typically, these packets are ICMP ECHO packets, but in principle they may be anything. Further, the intruder need not be operating from a single machine; he may be able to coordinate or co-opt several machines on different networks to achieve the same effect. Consumption of Other Resources In addition to network bandwidth, intruders may be able to consume other resources that your systems need in order to operate. For example, in many systems, a limited number of data structures are available to hold process information (process identifiers, process table entries, process slots, etc.). An intruder may be able to consume these data structures by writing a simple program or script that does nothing but repeatedly create copies of itself. Many modern operating systems have quota facilities to protect against this problem, but not all do. Further, even if the process table is not filled, the CPU may be consumed by a large number of processes and the associated time spent switching between processes. Consult your operating system vendor or operating system manuals for details on available quota facilities for your system.

21 LO2 Understand the factors that influence website performance – Security Risks – Page Jacking
Page Jacking or Spyware is software that collects and transmits user specific behaviour and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page. Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users. Pagejacking and Spyware is a type of software intrusive camera that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users, registering key presses and passwords. While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs.

22 LO2 Understand the factors that influence website performance – Security Risks – Page Jacking
Examples of Spyware CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites. Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. HuntBar, aka WinTools, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to Internet Explorer, track browsing behaviour, redirect rival references, and display advertisements. MyWebSearch has a plug-in that displays a search toolbar near the top of a browser window, and it spies to report user search-habits. MyWebSearch is notable for installing over 210 computer settings, such as over 210 MS Windows registry keys/values. Beyond the browser plug-in, it has settings to affect Outlook, , HTML, XML, etc. WeatherStudio has a plug-in that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove WeatherStudio from a computer, using its own uninstall-program. Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for rival advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies. Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to the company. Some information can be the search-history, the Websites visited, and even keystrokes. More recently, Zlob has been known to hijack routers set to defaults.

23 LO2 Understand the factors that influence website performance – Security Risks
P3.1 - Task 3 – State and define the needs of companies when it comes to website security within the workplace. P3.2 – Task 4 - Describe the various types of threats to organisations, systems and data. Explain the threats that exist within the business environment for each of the following with specific examples defining the damage done to organisations, to the system and to data: A virus Phishing Identity theft Piggybacking Hacking Denial of Service Page Jacking

24 Security Policy P3.2 - Task 5 - You have been appointed as a network administrator to a new small bricks and clicks company. They have asked for you to create a policy document for the companies security. Create a table listing all the various types of threats to the business, all their systems and all their data. In a second column, describe in detail the nature of the threat in some detail. Threats to Company Data Nature of the Threat Risk of Damage Impact and response A Virus Attack External attack running the risk of corrupting data. Medium to data High to Customer Account Information Phishing Scam Identity Theft of a Staff Member External Piggybacking on Network Successful Hacking attempt Successful Denial of Service Attack Loss of control through Spyware and Malware

25 LO2 Understand the factors that influence website performance - Protection mechanisms - Firewalls
A firewall is a security-conscious router that sits between the Internet and your network with a single purpose: preventing external attacks. The firewall acts as a security guard between the Internet and your Network. All network traffic into and out of the system must pass through the firewall, which prevents unauthorised access to the network. Some type of firewall is a must-have if your network has a connection to the Internet, whether that connection is broadband, T1, or some other high-speed connection. Without it, sooner or later a hacker will discover and breach your unprotected network. You can set up a firewall using two basic ways. The easiest way is to purchase a firewall program, which is basically a self-contained router with built-in firewall features like one Alarm or Sophos. Most firewall appliances include a Web-based interface that enables you to connect to the firewall from any computer on your network using a browser. You can then customise the firewall settings to suit your needs. Alternatively, you can set up a server computer to function as a firewall computer (SSL). The server can run just about any network operating system, but most dedicated firewall systems run Linux. Whether you use a firewall appliance or a firewall computer, the firewall must be located between your network and the Internet, firewall is connected to a network hub, which is, in turn, connected to the other computers on the network. The other end of the firewall is connected to the Internet. As a result, all traffic from the LAN to the Internet and vice versa must travel through the firewall.

26 LO2 Understand the factors that influence website performance - Protection mechanisms - SSL
SSL (Secure Sockets Layer) is a method of encrypting TCP/IP transmissions—including Web pages and data entered into Web forms—en route between the client and server using public key encryption technology. If you trade stocks or purchase goods on the Web, for example, you are most likely using SSL to transmit your order information. SSL is popular and used widely. The most recent versions of Web browsers, such as Firefox and Internet Explorer, include SSL client support in their software. If you have used the Web, you have probably noticed that URLs for most Web pages begin with the HTTP prefix, which indicates that the request is handled by TCP/IP port 80 using the HTTP protocol. When Web page URLs begin with the prefix HTTPS (which stands for HTTP over Secure Sockets Layer or HTTP Secure), they require that their data be transferred from server to client and vice versa using SSL encryption. HTTPS uses the TCP port number 443, rather than port 80. After an SSL connection has been established between a Web server and client, the client’s browser indicates this by showing a padlock in the lower-right corner of the screen in the browser’s status bar, in the URL textbox, or elsewhere.

27 LO2 Understand the factors that influence website performance - Protection mechanisms - SSL
Each time a client and server establish an SSL connection, they also establish a unique SSL session, or an association between the client and server that is defined by an agreement on a specific set of encryption techniques. An SSL session allows the client and server to continue to exchange data securely as long as the client is still connected to the server. An SSL session is created by the SSL handshake protocol, one of several protocols within SSL, and perhaps the most significant. As its name implies, the handshake protocol allows the client and server to authenticate (or introduce) each other and establishes terms for how they will securely exchange data. For example, when you are connected to the Web and you decide to open your bank’s account access URL, your browser initiates an SSL connection with the hand shake protocol.

28 LO2 Understand the factors that influence website performance - Protection mechanisms – Digital Certificate A digital certificate is a password-protected and encrypted file that holds an individual’s identification information, including a public key. In the context of digital certificates, the individual’s public key verifies the sender’s digital signature. An organisation that issues and maintains digital certificates is known as a CA (certificate authority). For example, on the Internet, certificate authorities such as VeriSign will, for a fee, keep your digital certificate on their server and ensure to all who want to send encrypted messages to you (for example, an order via your e-commerce site) that the certificate is indeed yours. The use of certificate authorities to associate public keys with certain users is known as PKI (public key infrastructure).

29 LO2 Understand the factors that influence website performance - Protection mechanisms - Passwords
Choosing a secure password is one of the easiest and least expensive ways to guard against unauthorized access. Unfortunately, too many people prefer to use an easy-to-remember password. If your password is obvious to you, however, it may also be easy for a hacker to figure out. The following guidelines for selecting passwords should be part of your organisation’s security policy. It is especially important for network administrators to choose difficult passwords, and also to keep passwords confidential and to change them frequently. Tips for making and keeping passwords secure include the following: Always change system default passwords after installing new programs or equipment. For example, after installing a router, the default administrator’s password on the router might be set by the manufacturer to be “1234” or the router’s model number. Do not use familiar information, such as your name, nickname, birth date, anniversary, pet’s name, child’s name, spouse’s name, user ID, phone number, address, or any other words or numbers that others might associate with you. Do not use any word that might appear in a dictionary. Hackers can use programs that try a combination of your user ID and every word in a dictionary to gain access to the network. This is known as a dictionary attack, and it is typically the first technique a hacker uses when trying to guess a password (besides asking the user for her password).

30 LO2 Understand the factors that influence website performance - Protection mechanisms - Passwords
Do not use familiar information, such as your name, nickname, birth date, anniversary, pet’s name, child’s name, spouse’s name, user ID, phone number, address, or any other words or numbers that others might associate with you. Do not use any word that might appear in a dictionary. Hackers can use programs that try a combination of your user ID and every word in a dictionary to gain access to the network. This is known as a dictionary attack, and it is typically the first technique a hacker uses when trying to guess a password (besides asking the user for her password). Make the password longer than eight characters—the longer, the better. Some operating systems require a minimum password length (often, eight characters), and some might also restrict the password to a maximum length. Choose a combination of letters and numbers; add special characters, such as exclamation marks or hyphens, if allowed. Also, if passwords are case sensitive, use a combination of uppercase and lowercase letters. Change your password at least every 60 days, or more frequently, if desired. If you are a network administrator, establish controls through the NOS to force users to change their passwords at least every 60 days. If you have access to sensitive data, change your password even more frequently.

31 LO2 Understand the factors that influence website performance - Protection mechanisms - Passwords
Do not write down your password or share it with others. Do not reuse passwords after they have expired. Use different passwords for different applications. For example, choose separate passwords for your program, online banking, remote access connection, dial-up connection, and so on. That way, if someone learns one of your passwords she won’t necessarily be able to access all of your secured accounts. Password guidelines should be clearly communicated to everyone in your organization through your security policy. Although users might grumble about choosing a combination of letters and numbers and changing their passwords frequently, you can assure them that the company’s financial and personnel data is safer as a result. No matter how much your colleagues protest, do not back down from your password requirements. Many companies mistakenly require employees only to use a password, and don’t help them choose a good one. This oversight increases the risk of security breaches. P3.1 - Task 6 – State and define the needs of companies when it comes to security within the workplace in terms of physical and technical. P3.2 – Task 7 - Describe the various types of threat reduction methods available to organisations, systems and data. Firewalls SSL Digital Certificate Passwords

32 LO2 Understand the factors that influence website performance – Legal Mechanisms – Data Protection Act The Data Protection Act is one of the four major Acts that apply in Britain to business and how business handle information. Next to the Health and Safety Act, it is the second law that companies get prosecuted over the most. The law is over 700 pages in length but the main stipulations include: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary Processed in line with your rights Secure Not transferred to other countries without adequate protection

33 LO2 Understand the factors that influence website performance – Legal Mechanisms – Data Protection Act The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records. Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help. Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken. P3.3 – Task 8 –Describe the Data Protection Act and outline its importance in business society and personal liability. P3.3 – Task 9 – State what each of these stipulations means in real terms with an example. P3.3 – Task 10 – State and explain what your company needs to do to abide by the 8 stipulations above.

34 LO2 Understand the factors that influence website performance – Legal Mechanisms – Copyright and Patents Act 1988 Introduced to protect people who have created original pieces of work. Books, Music, Films, Games, Applications. 2 main purposes of the Act: To ensure people are rewarded for their endeavours. To give protection to the copyright holder if someone tries to steal their work. The Act protects a wide range of work… written and computer based. Includes: Copying Software; Copying or Downloading music; Copying images or photographs from the Web; Copying text from web pages. P3.3 - Task 11 - State briefly what each condition of the Copyright and Patents Act means and then relate this back to what your company should do to prevent a breach of this law.

35 LO2 Understand the factors that influence website performance – Legal Mechanisms – Computer Misuse Act 1990 The first section in the Computer Misuse Act forbids a person to use someone else’s identification to access a computer, run a program or obtain any data, even if no personal gain is involved in such access. You also cannot change, copy, delete or move a program. The Computer Misuse Act also outlaws any attempts to obtain someone else’s password. Obviously, if someone gives you their identification and you may legally use the computer, these laws under Unauthorized Access do not apply. The second provision in the Computer Misuse Act is gaining access to a computer system in order to commit or facilitate a crime. You can’t use someone else’s system to send material that might be offensive or to start worms or viruses. You also can’t give someone your identification so they can use your system for this purpose. This second part means that you would be facilitating someone else’s intent or crime. Unauthorized Modification in the Computer Misuse Act means you can’t delete, change or corrupt data. Again, if you put a virus into someone else’s system you would be violating the act. Usually committing Unauthorized Access only is thought a crime punishable by fine. Access with Intent, and Unauthorized Modification are considered more severe and may be punished by heavy fines and/or jail time.

36 The Computer Misuse Act makes it illegal to:
LO2 Understand the factors that influence website performance – Legal Mechanisms – Computer Misuse Act 1990 The Computer Misuse Act makes it illegal to: Gain unauthorised access to a computer's software or data (hacking) - including the illegal copying of programs. To gain unauthorised access to a computer's data for blackmail purposes. To gain unauthorised access to a computer's data with the intention of altering or deleting it. This includes planting viruses. To prevent copying programs illegally (software piracy) A conviction may lead to a fine and a 5-year prison sentence. P3.3 - Task 12 – State briefly what each condition of the Computer Misuse Act means and then relate this back to what your company should do to prevent a breach of this law.

37 LO2 Understand the factors that influence website performance – Legal Mechanisms – Code of Practice
Organisations might have their own code of practice that should be one part of a general strategy aimed to producing professionalism within the organisation. This strategy could include: Screening of potential employees Adherence to AUP Training (probably the most important part of the strategy) Raising awareness of legal issues like copyright, Data Protection Act, etc. Security procedures In order to help maintain professional standards of behaviour within the industry, the British Computer Society publishes a code of conduct that comprises twenty-two rules relating to the professional behaviour of its members. These rules cover four areas: The Public Interest Duty to Employers and Clients Duty to the Profession Professional Competence and Integrity There is also a great deal of law concerning the interaction between employers and employees. In addition there is an increasing amount of legislation relating to IT matters. The code of conduct is separate from and additional to the obligations imposed by law. P3.4 – Task 13 - Create a set of Company specific guidelines on Duty of Care and specify what can be done to eliminate or reduce the threats.

38 LO2 Understand the factors that influence website performance - Interactive websites for performance and security M1.1 – Task 14 – Using the table below compare and contrast the end client and user needs are for 2 e-commerce websites. Users need to compare and contrast what they believe the client and user needs are, what multimedia / interactive / accessibility / security features have been included and why. They should also consider the user and server side factors and how much they affect the website’s performance. Learners should also include any identified improvements for this site and identify innovative content used. E-commerce Website 1 Website 2 Client Needs User needs Multimedia Content Interactive Content Accessibility Features Security Features User side Factors Server Side Factors Innovative Content Used Improvements Suggested

39 LO2 Understand the factors that influence website performance - Interactive websites for performance and security M1.1 – Task 15 – Using the table below compare and contrast the end client and user needs are for 2 promotional websites. Users need to compare and contrast what they believe the client and user needs are, what multimedia / interactive / accessibility / security features have been included and why. They should also consider the user and server side factors and how much they affect the website’s performance. Learners should also include any identified improvements for this site and identify innovative content used. Promotional Website 1 Website 2 Client Needs User needs Multimedia Content Interactive Content Accessibility Features Security Features User side Factors Server Side Factors Innovative Content Used Improvements Suggested

40 LO2 Understand the factors that influence website performance - Interactive websites for performance and security M1.1 – Task 16 – Using the table below compare and contrast the end client and user needs are for 2 educational websites. Users need to compare and contrast what they believe the client and user needs are, what multimedia / interactive / accessibility / security features have been included and why. They should also consider the user and server side factors and how much they affect the website’s performance. Learners should also include any identified improvements for this site and identify innovative content used. Educational Website 1 Website 2 Client Needs User needs Multimedia Content Interactive Content Accessibility Features Security Features User side Factors Server Side Factors Innovative Content Used Improvements Suggested

41 LO2 Understand the factors that influence website performance
Since the Internet first went public in 1992 there has been case after case of attack, breaches, viruses, and incident and even with new technologies, improved security, SSL, cloud computing and biometrics, the problems continue. Viruses are not such a threat as they used to be but the American Government still used one to disable the Iranian Nuclear program in 2012. Firewalls have been improved immeasurably but Sony was still hacked. Single fraudsters like Kevin Mitnick are more rare but LulzSec has recently hacked the Twitter Accounts of North Korea. High profile cases are known like Wikileaks and the recent Facebook hack but the best forms are rarely caught. Click here and here for recent news. D1.1 – Task 17 - Research the impact that 5 cases of website security breaches have had on society. Five cases should be discussed from the three categories, at least one from each category, discussing the threat, the impact on society and how the threat was resolved. Cases Viruses, Trojans and Worms (Sobor, iloveyou, Lovesan) Hackers (Adrian Lamo, Kevin Mitnick, MafiaBoy) Sony, Facebook and Twitter Identity theft (Abraham Abdallah)

42 LO2 Understand the factors that influence website performance – Task List
P2.1 – Task 1 - Explain how User Side factors can benefit and hinder website performance for user customer base and business functions. P2.2 – Task 2 - Explain how Server Side factors can benefit and hinder website performance for user customer base and business functions. P3.1 - Task 3 – State and define the needs of companies when it comes to website security within the workplace. P3.2 – Task 4 - Describe the various types of threats to organisations, systems and data. P3.2 - Task 5 - You have been appointed as a network administrator to a new small bricks and clicks company. They have asked for you to create a policy document for the companies security. P3.1 - Task 6 – State and define the needs of companies when it comes to security within the workplace in terms of physical and technical. P3.2 – Task 7 - Describe the various types of threat reduction methods available to organisations, systems and data. P3.3 – Task 8 –Describe the Data Protection Act and outline its importance in business society and personal liability. P3.3 – Task 9 – State what each of these stipulations means in real terms with an example.

43 LO2 Understand the factors that influence website performance – Task List
P3.3 – Task 10 – State and explain what your company needs to do to abide by the 8 stipulations above. P3.3 - Task 11 - State briefly what each condition of the Copyright and Patents Act means and then relate this back to what your company should do to prevent a breach of this law. P3.3 - Task 12 – State briefly what each condition of the Computer Misuse Act means and then relate this back to what your company should do to prevent a breach of this law. P3.4 – Task 13 - Create a set of Company specific guidelines on Duty of Care and specify what can be done to eliminate or reduce the threats. M1.1 – Task 14 – Using the table below compare and contrast the end client and user needs are for 2 e-commerce websites. M1.1 – Task 15 – Using the table below compare and contrast the end client and user needs are for 2 promotional websites. M1.1 – Task 16 – Using the table below compare and contrast the end client and user needs are for 2 educational websites. D1.1 – Task 17 - Research the impact that 5 cases of website security breaches have had on society. Five cases should be discussed from the three categories, at least one from each category, discussing the threat, the impact on society and how the threat was resolved.


Download ppt "LO2 - Factors that influence website performance"

Similar presentations


Ads by Google