unit 28 week 3
Post on 11-Sep-2014
1.628 views
DESCRIPTION
Dame Elizabeth Cadbury BTEC L3 ICT Unit 28 Week 3 lessonTRANSCRIPT
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Keeping Websites SecureWhat are the top 3 security
dangers for websites? (in your opinion!)
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Objectives• explain the security risks and
protection mechanisms involved in website performance (P3)
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
To achieve a pass grade the evidence must show that the learner is able to:
To achieve a merit grade the evidence must show that, in addition to the pass criteria, the learner is able to:
To achieve a distinction grade the evidence must show that, in addition to the pass and merit criteria, the learner is able to:
P1 outline the web architecture and components which enable internet and web Functionality
M1 explain the role of webarchitecture in websitecommunications
D1 explain the role of the TCP/IP protocol and how it links to application layer protocols
P2 explain the user side and server side factors thatinfluence the performance of a website
P3 explain the security risks and protection mechanisms involved in website Performance
P4 using appropriate design tools, design an interactive website to meet a client need
M2 explain the tools and techniques used in the creation of an interactive website
D2 discuss the techniques that can be used on web pages to aid user access to information
P5 create an interactive website to meet a client need.
M3 improve the effectiveness of a website on the basis of a client review.
D3 demonstrate that a created website meets the defined requirements and achieves the defined purpose.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
P3 – Assignment 3• You have 3 tasks to complete, each of which
will require some research and may well take more than 1 hour each
BUT:• If we are going to learn the skills necessary
for the other 2 pass marks we have a lot to learn!• We cannot spare more than 1 hour next
week for either U1,2,3 catch up or U28A3
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Task 1 - Dangers:You should research each of the following terms – hacking, viruses, identity theft – and produce a definition of each in your own words in a leaflet suitable for distribution to a small business that intends to develop an online presence.You should also find examples of organisations or websites that have experienced these threats and identify how the threats were dealt with and any consequences. You should add these case studies to your leaflet.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
How it might look…Website Security
image
Hacking Means: Hacking Case study
image
imageViruses are: Viruses Case study
image
image
Identity Theft is: Phishing Case study
image
image
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• Hacking means – unauthorised
access to computer systems• While there may not be intent to
commit another crime, this access often damages files such as logs and operating systems
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• Viruses are programs that are
designed to spread and infect other computers• They may be used to allow other
criminal access to a computer• This could include taking copies of
confidential data or destroying files
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• Identity theft is a form of fraud where a
criminal can impersonate someone else, usually for financial gain• Phishing is a form of identity theft where
convincingly designed emails and websites are sent to convince users to enter their usernames and passwords into fake sites so criminals can use them
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Create your leaflet!• Use your own words, especially for
definitions!• Aim it at small business owners who do not
necessarily have good technical knowledge• Prompt questions are on the brief• Share resources like case studies that could
be useful to others• Reference the source of those things
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Task 2 – Protection:• You should research each of the
following terms – firewalls, SSL, strong passwords and CAPTCHA – and produce a short information leaflet or a poster suitable for issuing to YellowZebra clients.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
How it might look… • Separate leaflet, please!• If you decide on a poster, don’t
skimp on detail – make it A3 if you need to fit more information on!
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• Firewalls use rules to allow or block
data to/from different IPs & ports based on rules• Legitimate HTTP requests will be on
port 80, HTTPS on 25 – other access might be suspicious/hacking
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• SSL means Secure Socket Layer and
it’s a way of encrypting data between webserver & browser so passwords, personal information etc. is more secure• If an address starts https:// and if
you have a little lock on your browser it’s using HTTPS
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• A good password takes longer for a
hacker to guess or crack• More letters are more difficult, use
of numbers & characters on keyboard is even better – more complexity, more possible options
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Check basic understanding:• CAPTCHA (and others too) is a puzzle
that only a human should be able to do• They stop hackers using scripts to
automatically set up thousands of new accounts e.g. on email for spam
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Make your leaflet/poster!• Use your own words, especially for
definitions!• Aim it at small business owners who do
not necessarily have good technical knowledge• Prompt questions are on the brief• Share resources if they’re especially good• Reference sources
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
Task 3 - DPA• Choose one website from following list and
describe in a short report (with the use of screen shots) how that organisation complies with this law.
• For example, you could include the data collection and privacy policy, the registration and purchase/transaction process, and permission to use the data collected.
• You should look for areas on the website where information is given to the user covering, at least, some parts of the Data Protection Act.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
How it might look… • Report typed in Word• Screenshots should
be small enough not to dominate your text but big enough to make them clear to read
How Amazon UK complies with the Data Protection Act
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
About the DPA• Check out the links on the VLE• Look back at older work!• Start your report with a summary of
the law, its principles• Then show what your chosen site
does to comply