unit 28 week 3

Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20

Keeping Websites SecureWhat are the top 3 security

dangers for websites? (in your opinion!)


Objectives• explain the security risks and

protection mechanisms involved in website performance (P3)


To achieve a pass grade the evidence must show that the learner is able to:

To achieve a merit grade the evidence must show that, in addition to the pass criteria, the learner is able to:

To achieve a distinction grade the evidence must show that, in addition to the pass and merit criteria, the learner is able to:

P1 outline the web architecture and components which enable internet and web Functionality

M1 explain the role of webarchitecture in websitecommunications

D1 explain the role of the TCP/IP protocol and how it links to application layer protocols

P2 explain the user side and server side factors thatinfluence the performance of a website

P3 explain the security risks and protection mechanisms involved in website Performance

P4 using appropriate design tools, design an interactive website to meet a client need

M2 explain the tools and techniques used in the creation of an interactive website

D2 discuss the techniques that can be used on web pages to aid user access to information

P5 create an interactive website to meet a client need.

M3 improve the effectiveness of a website on the basis of a client review.

D3 demonstrate that a created website meets the defined requirements and achieves the defined purpose.


P3 – Assignment 3• You have 3 tasks to complete, each of which

will require some research and may well take more than 1 hour each

BUT:• If we are going to learn the skills necessary

for the other 2 pass marks we have a lot to learn!• We cannot spare more than 1 hour next

week for either U1,2,3 catch up or U28A3


Task 1 - Dangers:You should research each of the following terms – hacking, viruses, identity theft – and produce a definition of each in your own words in a leaflet suitable for distribution to a small business that intends to develop an online presence.You should also find examples of organisations or websites that have experienced these threats and identify how the threats were dealt with and any consequences. You should add these case studies to your leaflet.


How it might look…Website Security

image

Hacking Means: Hacking Case study

image

imageViruses are: Viruses Case study

image

image

Identity Theft is: Phishing Case study

image

image


Check basic understanding:• Hacking means – unauthorised

access to computer systems• While there may not be intent to

commit another crime, this access often damages files such as logs and operating systems


Check basic understanding:• Viruses are programs that are

designed to spread and infect other computers• They may be used to allow other

criminal access to a computer• This could include taking copies of

confidential data or destroying files


Check basic understanding:• Identity theft is a form of fraud where a

criminal can impersonate someone else, usually for financial gain• Phishing is a form of identity theft where

convincingly designed emails and websites are sent to convince users to enter their usernames and passwords into fake sites so criminals can use them


Create your leaflet!• Use your own words, especially for

definitions!• Aim it at small business owners who do not

necessarily have good technical knowledge• Prompt questions are on the brief• Share resources like case studies that could

be useful to others• Reference the source of those things


Task 2 – Protection:• You should research each of the

following terms – firewalls, SSL, strong passwords and CAPTCHA – and produce a short information leaflet or a poster suitable for issuing to YellowZebra clients.


How it might look… • Separate leaflet, please!• If you decide on a poster, don’t

skimp on detail – make it A3 if you need to fit more information on!


Check basic understanding:• Firewalls use rules to allow or block

data to/from different IPs & ports based on rules• Legitimate HTTP requests will be on

port 80, HTTPS on 25 – other access might be suspicious/hacking


Check basic understanding:• SSL means Secure Socket Layer and

it’s a way of encrypting data between webserver & browser so passwords, personal information etc. is more secure• If an address starts https:// and if

you have a little lock on your browser it’s using HTTPS


Check basic understanding:• A good password takes longer for a

hacker to guess or crack• More letters are more difficult, use

of numbers & characters on keyboard is even better – more complexity, more possible options


Check basic understanding:• CAPTCHA (and others too) is a puzzle

that only a human should be able to do• They stop hackers using scripts to

automatically set up thousands of new accounts e.g. on email for spam


Make your leaflet/poster!• Use your own words, especially for

definitions!• Aim it at small business owners who do

not necessarily have good technical knowledge• Prompt questions are on the brief• Share resources if they’re especially good• Reference sources


Task 3 - DPA• Choose one website from following list and

describe in a short report (with the use of screen shots) how that organisation complies with this law.

• For example, you could include the data collection and privacy policy, the registration and purchase/transaction process, and permission to use the data collected.

• You should look for areas on the website where information is given to the user covering, at least, some parts of the Data Protection Act.


How it might look… • Report typed in Word• Screenshots should

be small enough not to dominate your text but big enough to make them clear to read

How Amazon UK complies with the Data Protection Act


About the DPA• Check out the links on the VLE• Look back at older work!• Start your report with a summary of

the law, its principles• Then show what your chosen site

does to comply

unit 28 week 3

Technology

start20check

protection

small business

start20how

case studies

interactive

identity theft

security risks