The Internet Unit - Higher - Dumfries High School
Information Systems
The Internet
[HIGHER]
Bruce Kerr
[pic]
The Scottish Qualifications Authority regularly reviews the arrangements for National Qualifications. Users of all NQ support materials, whether published by LT Scotland or others, are reminded that it is their responsibility to check that the support materials correspond to the requirements of the current arrangements.
Acknowledgements
Learning and Teaching Scotland gratefully acknowledge this contribution to the National Qualifications support programme for Information Systems.
First published 2005
This publication may be reproduced in whole or in part for educational purposes by educational establishments in Scotland provided that no profit accrues at any stage.
ISBN 1 84399 031 8
|Tutor notes | |5 |
|Section 1: |Introduction |11 |
|Section 2: |Internet services and resources |13 |
|Section 3: |Technical issues |25 |
|Section 4: |Regulating the Internet |47 |
|Section 5: |Internet security |55 |
|Section 6: |Policing the Internet |71 |
|Section 7: |Introducing HTML |79 |
|Section 8: |HTML design elements |89 |
|Section 9: |Website design |107 |
|Section 10: |Uploading and publishing web pages |121 |
|Section 11: |Client-side scripting |125 |
|Section 12: |Server-side scripting |141 |
|Section 13: |Cascading style sheets |143 |
|Section 14: |Practical task and checklist |155 |
| |Outcome 2 Observation checklist |159 |
|Appendix: |HTML tags |161 |
TUTOR NOTES
About this pack
The materials in this pack cover:
• internet (theory)
• HTML.
Sections are included on:
• creating a multi-page website
• observation checklist for Outcome 2.
The materials covering Internet (theory) and HTML contain a number of student-based tasks. Internet (theory) deals with such matters as TCP/IP and IP addressing, while HTML looks at all aspects of creating an interactive website.
In Section 2, students gain knowledge and understanding about the development of the Internet and the services that are supported by it.
The list of Internet services includes:
• World Wide Web (WWW)
• e-mail
• conferencing and newsgroups
• file transfer and file updating
• chat/instant messaging.
The WWW can be used for:
• education
• shopping
• booking holidays
• booking flights
• banking
• advertising
• 24-hour news
• interactive gaming
• virtual reality.
In Section 3, students gain knowledge and understanding about the transmission hardware that is used by the Internet. Students gain knowledge about the specific use of, e.g. routers, multiplexors and gateways.
Students gain some understanding of the structure of URLs, including:
• protocol
• domain name
• path
• file identifier
• port number (optional).
Students are required to carry out a number of practical tasks, which will illustate the dynamic nature of the Internet. These tasks require access to the C:> prompt, which will allow students to PING and ROUTE and TRACERT (trace route). These tasks may be difficult to carry out on a school computer system, but students should be encouraged to try. The information supplied by these utilities will give breadth to the topic.
Protocols and IP address classifications are used to transmit information between networks. This section looks at TCP/IP transmission protocol and packet switching, and how IP addresses contain information about the network ID and the host ID.
The notes explain IP address structure and classification in some detail. This section then looks at sub-netting.
In Section 4, students examine the main Internet regulatory bodies and gain an understanding about how they function and what they try to regulate. Students will use advanced searches to investigate top-level domain names and generic domain names.
In Section 5, students gain an understanding about the need for virus protection and the need to keep virus protection software up to date. Internet security also covers the use of firewalls, proxy servers and packet filtering routers, and how filters are allocated.
This section also looks at:
• encryption
• key distribution problem
• RSA
• public and private keys
• PGP
• secure sockets.
Asymmetric mathematics and one-way functions are looked at; this is required for completeness. Students may find the maths difficult to follow; all that matters is that students gain an understanding of the principles and processes involved.
Students are also required to establish their browser software encryption security level.
Section 6 covers UK laws and how the Internet affects these laws. Students gain understanding about the collection of information via the Internet, which uses methods like submission forms and visitor books. Is the information gathered covered by UK laws?
The Data Protection Act is looked at, and how it attempts to deal with Internet users who gather and process information over the Internet. Students are encouraged to look up open websites to see the personal information that is accessible on the Internet.
Section 7 looks at HTML script, client-side script and cascading style sheets. Students can only gain a flavour of these topics; each requires a 40-hour course in its own right. Students should gain knowledge and understanding about the need for and use of scripting and style sheets on the WWW.
The HTML notes give students an understanding about headers, meta data, scripts, styles and body.
In Section 8, students are required to create HTML scripts that will:
• hyperlink
• use headings …
• change fonts
• use RGB colour structure
• use colours
• set background colours
• change link colours
• create tables
• insert table data
• insert graphics
• allow meta data.
In Sections 9 and 10, students gain knowledge and understanding about web page design, uploading websites to web servers, and the need to use ‘index’ to publish websites.
Web page layout has to be flexible. Headers should be used for graphical impact and navigation links. Footers should contain copyright information and, in the case of a long web page, a means of navigating to the top of the page. The left margin may contain menu options. The gutter margin should be left blank, as it breaks up the margin area and the content area. The content area contains the web page information.
It is important to remember that the line length should be easily readable – that is, without undue movement of the human eye. Students should be discouraged from using horizontal scroll bars as Internet users find it difficult to cope with, and hard copy print-outs are useless.
In Section 11, students gain knowledge and understanding about the need for client-side scripting. The scripted code is contained within the web page and is executed once the web page has been downloaded. Students will use JavaScript and VBScript. Most school computer systems have access to Visual Basic; students will have little difficulty using VBScript. JavaScript may need the implementation of Java Console, which might be difficult on a school computer system. If Java Console cannot be implemented, then teachers should concentrate on the VBScript tasks.
Document Write and Document Cookie routines are used to demonstrate dynamic website construction. Students should be aware that HTML, on its own, cannot create the dynamic web pages that they have been using on the WWW.
In Section 12, students are required to produce submission forms and gain knowledge and understanding about the need to validate data before the data is sent to the web server for processing and storage in a MySQL relational database.
Students will use Alert messages, or Messagebox messages, to display messages about data transfer or to show that an error has occurred.
Submission forms need client-side scripting to send collected data to the web server’s cgi bin. Web-side scripts, such as PHP, are used to preprocess the data before transmitting a reply to the user. Students will gain an understanding of the use of PHP on the Internet.
In Section 13, students discover how cascading style sheets are used to set up a standard style format for a number of different web pages. Students will gain knowledge and understanding about the need for and implementation of cascading style sheets. Students will be required to write cascading style sheets and implement the style sheets in their own web pages.
In Section 14, a practical task is described, which covers the skills laid down for Outcome 2. Teachers can instead produce their own tasks to demonstrate the Outcome.
An observation checklist for Outcome 2 is supplied at the end of the materials.
PowerPoint presentation
A PowerPoint presentation linked to this pack may be downloaded from the Information Systems subject pages in the e-library at .uk/NQ
SECTION 1
The Internet
The Internet is a network of interconnected networks. It allows worldwide communication and the distribution of information, and is the world’s largest network.
In order to work, the Internet needs to overcome the problems of different connected networks, running on different types of computer hardware and using different software applications. The Internet uses communication protocols to overcome these problems.
Internet development
Timothy Berners-Lee created the original HyperText Transfer Protocol (HTTP) and HyperText Mark-up Language (HTML), which allowed users to share information over the networks, using a document viewer or browser application.
The document viewer could parse the HTML script; that is, it could scan through the script, interpreting and executing all HTML commands, or tags, while ignoring the basic text. The original HTML only allowed the transmission and viewing of text documents.
In the early 1990s, HTML was a basic language predominately used to display abstracts from research documents. HTML was well defined and well structured, containing a paragraph structure and a few features that could be used to break up the document.
Mosaic was the first browser application to allow graphics. Mosaic embedded graphics into an HTML document by using a hyperlink image reference, which pointed to the original image file on the server. With Mosaic, anyone could place images into a document.
Users with no specialisation in computing and who had no HTML training began to display information on the Internet. These users included graphics in their web pages and also used graphics as navigation aids, such as image maps.
Netscape began to introduce new elements into HTML, such as emphasis and strong. These elements were later called bold and italic.
Microsoft entered the market in 1995 with its own browser application software. Netscape and Microsoft began submitting new tags for approval on a regular basis. Unfortunately, some of these were totally useless!
The tag, which allows authors to place content into a table structure, was a disaster, with Netscape and Microsoft using different definitions. This meant that an author would need to produce two different tables, one for Netscape and the other for Microsoft browsers. Many authors depended upon client-side scripting to investigate which type of browser was being used and then direct the web page to an appropriate set of table definitions.
Netscape countered with , which divided the browser window into separate frames. Navigation between the frames caused difficulty and web authors had to direct output to particular frames.
Font elements were now being introduced and the author could the text and set up font styles and colours.
In 1998, Microsoft launched the Windows 98 operating system, which came with a free Internet browser. After much legal tussle, this was the final blow for Netscape and in 1999, America Online and Sun Microsystems acquired the Netscape business.
Today Microsoft Internet Explorer is the most popular of all the web browser software, being used by the majority of PC users.
SECTION 2
Internet services
The Internet offers users a number of services:
• World Wide Web (WWW)
• e-mail
• conferencing and newsgroups
• file transfer and file updating
• chat/instant messaging.
World Wide Web
The World Wide Web is the most commonly used Internet service. The WWW consists of millions of multimedia hyperlinked documents. Each multimedia document is a web page. A website consists of a number of hyperlinked web pages. Web servers store thousands of websites and are operated by Internet Service Providers (ISPs) among other organisations.
An Internet user needs browser software to download and interact with web pages.
The web server sends a copy of the web page instructions to the user’s browser. The browser software interprets these HTML instructions, displaying the web page in the browser.
A browser is capable of displaying many different media – text, graphics, video, etc.
The WWW has many uses, including:
• education
• shopping
• booking holidays
• booking flights
• banking
• advertising
• 24-hour news
• web TV/radio
• interactive gaming
• virtual reality.
NB: many people call the Internet the World Wide Web. This is not accurate. The Internet is the interconnection of networks and the World Wide Web is an Internet service.
E-mail
E-mail allows users to send messages to one another. Each user has a mailbox into which e-mail is delivered. A mailbox is a Storage area on the ISP’s web server.
E-mail software (e.g. Outlook Express) allows the user to create and send e-mail messages. The user can also attach files to an e-mail. An attachment can be any type of data file, ranging from word processing documents to graphics.
Conferencing and newsgroups
Conferencing allows three or more Internet users to take part in a real-time conference. Internet users can see each other and speak to one another real-time, using specialised video-conferencing software.
Newsgroups are specialised message services. Most newsgroups are dedicated to a particular topic, like computing or sports. Internet users can subscribe to the newsgroup and read the messages that have been posted. The user can also leave or post messages.
File transfer and file updating
File transfer (FTP) software allows users to upload or download files, such as music, video, graphics, data and software.
Companies, such as Microsoft, use FTP to automatically download software updates. Browser software now supports FTP, so there is no need to use specialised software to upload data files.
Chat/instant messaging
Chat allows Internet users to communicate interactively. Users can send and read real-time messages. Internet Relay Chat (IRC) allows many users to communicate over the Internet without any undue delay.
Task 1
Answer the following questions.
1. What exactly is the Internet?
2. List five Internet services.
3. Which service would you use if you wanted to play an interactive game?
4. How are web pages joined together?
5. What is contained in a website?
6. What is a mailbox?
7. What does e-mail software allow the user to do?
8. What is an attachment?
9. What is meant by real-time?
10. How do Internet users communicate when conferencing?
11. What does the chat service allow Internet users to do?
12. Explain the difference between the Internet and the WWW.
Internet resources
There are three main types of Internet resource:
• academic
• commercial
• personal.
Academic
There are a number of academic resources:
• edutainment
• e-books
• e-learning
• web-based training
• virtual libraries
• e-journals
• university, college and school websites.
Edutainment
Edutainment is a resource that is both educational and entertaining. Edutainment websites allow students to learn while having fun.
E-books
Books and textbooks available in an electronic format. Adobe’s Acrobat Reader uses a portable document format (PDF), which allows readers to view documents originated in any software.
E-learning
E-learning is learning using ICT, usually involving the Internet. E-leaning offers a number of benefits over conventional learning:
• students do not need to travel to school or college
• courses are available 24-hours a day
• learning is interactive
• multimedia can make subjects more appealing
• students can use the Internet to exchange knowledge
• students can manage their own learning.
A good example of an e-learning website can be viewed at:
bbc.co.uk/scotland/education/bitesize
Web-based training
Web-based training is a form of e-learning, more applicable to adult education or vocational training.
Check out:
Virtual libraries
The Internet is an information resource that brings information from all over the world to the user’s desktop. The growth in web-based database services has led to the development of virtual libraries.
[pic]
Check out the following virtual libraries:
royalsoc.ac.uk/library
bl.uk
E-journals
E-journals are the electronic equivalents of printed scientific/academic journals.
[pic]
Check out the following e-journal:
University, college and school websites
All universities and colleges, and most schools, have websites providing information for staff, students and visitors.
Check out:
ed.ac.uk/
lauder.ac.uk/
Commercial
There are many commercial resources, including:
• e-commerce
• e-banking
• airline reservations
• e-marketplace
• advertising.
E-commerce
The Internet can be used to purchase just about anything. Ironically, the first Internet business was set up to sell books.
E-commerce has many advantages for buyers and sellers alike:
• sellers do not need large stores, nor do they need to employ a large number of staff
• both have access to a worldwide market, open 24 hours a day, 365 days a year
• customers are able to shop or browse and use services from the comfort of home
• customers can gain impartial purchase advice and look around for the best prices.
E-commerce also has many disadvantages for customers:
• customers can only see pictures of the goods, and a text description
• customers have to trust that an overseas company will send the correct purchased goods and give after-sales service
• customers need to be sure that their credit card details will not be misused.
The effects of e-commerce on society are far reaching. Old jobs are lost; new jobs are created.
One recent development is online auction sites, which allow private individuals to buy and sell goods in a secure environment.
E-banks
With Internet banking, customers can check their own accounts, pay bills and transfer money between accounts. As with e-commerce, this service is available 24-7-365, so there is no longer any pressing need to physically visit a bank.
Airline reservations
Ticket offices in airports and travel agencies are linked to computers that store flight details. Internet users can check these flight details themselves and book their flights direct.
E-marketplace
E-marketplaces are trading groups that allow businesses to speak to other businesses – B2B (business-to-business).
Advertising
Most Internet users are painfully aware of the pop-ups and banner ads advertising anything from credit cards to exotic holidays. However, the revenue raised by these advertisements keeps a lot of websites in business.
Personal
There are many types of personal resources on the Internet, including:
• computer games
• multi-user games
• news and weather
• local information services
• personal websites.
Computer games and multi-user games
The Internet has a feast of games and amusements. Multi-user games (MUGs) allow users from all over the world the chance to compete.
[pic]
News and weather
Most news agencies (e.g. BBC, CNN) have websites which carry up-to-the-minute news and weather.
Music and video distribution
The music and film industries use the Internet to sell records and DVDs. Media player software allows for easy searching and downloading of these resources.
Local information services
The Internet can be used to get local information, e.g. what is on at the cinema, or what the latest traffic news is. Local directories (e.g. Yellow Pages) provide contact details for local services.
Personal websites
Many users create their own personal websites. These can be fun for the author, and can also be a source of useful information, e.g. local history.
Task 2
Answer the following questions.
1. List three main types of Internet resources.
2. What is meant by ‘edutainment’?
3. Explain ‘e-books’.
4. What advantages are offered by e-learning?
5. Why might professionals find e-learning beneficial?
6. What advantages has e-commerce given to companies?
7. What advantages has e-commerce given to customers?
8. What are the main disadvantages for customers?
9. How has the Internet affected banking?
10. Explain how the Internet has changed the airline reservations business.
11. Why is advertising revenue important to the Internet?
12. What are MUGs?
13. What type of service is distributed on the Internet by news agencies?
14. How could you use the Internet to find a plumber?
Web resource information
Anyone can put content onto the Internet, so it is unwise to simply accept information uncritically. Any information should be assessed by the user for:
• accuracy
• bias
• credibility.
Accuracy
When interacting with web resources the user must be aware that the information may or may not be correct. There is no quality control on the Internet. The information might be partially or entirely wrong, or totally out of date.
Bias
The Internet contains some information that is deliberately misleading and prejudiced and which states only one side of an argument, i.e. the one that the web author wants others to believe.
But how can you tell if the contents of a web page are biased? Generally speaking, you will need to have some prior knowledge of the topic. So, you may need to do some studying before you access the website.
Credibility
The information on the Internet might or might not be believable. Web pages might contain information that is fiction, even when it claims to be true and accurate.
It is important that Internet users are more than aware of these problems. Here are a few tips, which might help you gauge the reliability of information posted on a website.
• Is the author’s name displayed on the site?
• Can the author be contacted? If not, why not?
• Is the author qualified; does he/she know anything about the subject?
• Is the site well laid out, up to date and error free? If not, can you really trust the information?
• Are any reliable sites hyper-linked to the website in question?
• Is it an educational site? (.ac.uk or .edu)
• Can the author be contacted by e-mail?
Task 3
Check out the following websites and assess them for accuracy, bias and credibility.
|URL |Accuracy |Bias |Credibility |
|cam.ac.uk/global/search |Yes/No |Yes/No |Yes/No |
|.uk |Yes/No |Yes/No |Yes/No |
|.uk |Yes/No |Yes/No |Yes/No |
|fife.police.uk |Yes/No |Yes/No |Yes/No |
| |Yes/No |Yes/No |Yes/No |
|timeshare-spain. |Yes/No |Yes/No |Yes/No |
| |Yes/No |Yes/No |Yes/No |
|theanticanadapage/ |Yes/No |Yes/No |Yes/No |
|scottish.parliament.uk/ |Yes/No |Yes/No |Yes/No |
|2002/WORLD/europe |Yes/No |Yes/No |Yes/No |
|skoda.co.uk |Yes/No |Yes/No |Yes/No |
| |Yes/No |Yes/No |Yes/No |
|utexas.edu/ |Yes/No |Yes/No |Yes/No |
1. Make a list of websites that you consider to be inaccurate.
2. Make a list of websites that you consider to be biased.
3. Make a list of websites that you consider to be unbelievable.
4. Explain how you might be able to detect if a website is reliable.
5. Write an essay outlining the need for Internet users to consider the accuracy, bias and credibility of websites and web pages.
SECTION 3
Hardware
Server-side hardware can consist of:
• computers
• disk drives
• communication links
• multiplexor
• hubs
• switches
• routers
• gateways
• bridges.
Multiplexor
A multiplexor allows a number of workstations to simultaneously gain access to the Internet using only one Internet communications link.
[pic]
It receives data from a number of sources, and then splits the data into discrete blocks called packets and transmits them over the link.
Intranets, which consist of a number of hosts, are linked to the Internet by a multiplexor.
Hubs
Network hubs are multi-port devices, connecting the computers to the network. They are generally passive, simply allowing data to pass through.
Data sent over the network is specifically addressed to a destination (by IP address). The hub ‘understands’ this information and sends the data onwards. The routing of the data over the network is by software command.
Switch
A switch is a multi-port hardware device that reads the destination address and physically switches the route between the source and destination.
A store-and-forward switch can read a packet and check that the packet has been sent correctly, before forwarding it to its destination. Switches tend to be faster than hubs.
Router
The most important of all Internet devices are routers. Without routers we quite simply would not have the Internet.
A router is a hardware device that will store and forward packets by checking IP addresses and then routing the packets to their destinations. A simple router is needed to link an Intranet to the Internet.
The Internet requires the use of complex routers, which are switches that have access to routing tables. A routing table is a database, which contains all of the information about a network and the optimal paths or jumps between source and destination. Packets can be routed so that they take the shortest path to their destination.
Internet routers are dynamic, as they speak to one another, automatically updating their routing tables.
Task 4
Answer the following questions.
1. What is a multiplexor and what does it do?
2. What is a router and what does it do?
3. What are routing tables and what do they contain?
4. How are routing tables updated?
Uniform resource locator (URL)
The Internet allows the user to locate different resources. The resource might be a piece of text, or an image or a means of booking a holiday. A resource is a file that is stored somewhere on the Internet. Every file needs a unique web address.
[pic]
A URL is the unique web address of the resource, for example;
•
•
The first URL will locate a web page, while the second will locate an image.
URL structure
All URLs require the following elements in their structure:
• protocol
• domain name
• path
• file identifier.
A protocol is an agreement or standard set of rules between two or more parties. Internet protocols ensure the successful transfer of data. There are transmission and service protocols. TCP/IP and IP addresses are transmission protocols; HTTP and POP/SMTP are service protocols.
The URL can be divided into each of the main elements:
• protocol http
• domain name mywebsite.co.uk
• path /internet/routers/
• file identifier tables.html
The protocol HTTP uses communications channel (or port) 80 to receive World Wide Web documents. The port number may need to be altered if the resource is on an intranet or located using a proxy server.
The URL below includes a port number:
Summary
• Standard URL structure: protocol ://domain name/path name/file identifier
• URL structure with port number: protocol ://domain name :port number/path name/file identifier
Task 5
Answer the following questions.
1. What is a URL?
2. List the types of resource that can be located on the Internet.
3. List the five URL elements.
4. Why might the port number need to be included in the URL?
5. Identify the protocol, domain name, path and file identifier for each of the following URLs:
(a)
(b)
(c) files/bang.wav
(d) /style /font.css
(e) lands/skye.jpg
(f)
(g)
Domain name server and IP address
IP addresses
The Internet connects millions of different network hardware components together. Each component is referred to as a host. The host is uniquely identified on the Internet by having a unique identification number – an Internet protocol (IP) address, which appears as a dotted decimal number, for example:
10.120.10.60
Each separate decimal number (in the range 0–255) is called an Octet. Each octet represents an 8-bit binary number.
[pic]
If you know the IP address of a resource, you can enter it directly into the address bar in your browser window.
Domain name server (DNS)
A domain name server resolves a web address into the correct IP address.
If you entered the following web address –
– into your web browser, how is it located?
The simple answer is that it is not located: the web address needs to be resolved into the correct IP address (e.g. 205.23.12.27).
The operating system compares the domain name with the domain name that is currently being referenced. If the names match, then the web page is displayed. If the names do not match, then a fully qualified domain name (FQDN) is requested from the DNS server. The DNS server holds a list of web addresses and their associated IP addresses. The DNS then passes the correct IP address to your computer and the connection is made.
If the DNS cannot resolve the web address, then it contacts another DNS server and requests that the web address be resolved. If the web address cannot be resolved, a negative result is sent to your computer. You may have seen a 404 error popping up!
Client to DNS to DNS resolution
[pic]
Task 6
Answer the following questions.
1. What does a domain name server do?
2. Explain how the web address is resolved.
3. What is meant by FQDN?
4. Explain what happens if the current domain name is not being referenced.
5. Explain what happens if the domain name is not resolved by the DNS.
Timeouts
Clearly, resolution cannot go on forever – it must be completed inside an acceptable period of time. After a minute or so, depending upon configuration, a timeout error will be generated. The web address resolution process will be terminated and an error will be generated.
NB: You can bypass DNS by memorising all the IP addresses that you use!
Error resolution
There are various utilities that allow you to see what is going on behind the scenes. These include Ping, Route and NetStat.
Ping
This displays statistics about the number of ‘jumps’ needed to reach a particular website. Ping sends four packets to the destination address and returns the time needed to make the round trip from source to destination.
Route
This utility displays detailed information from the routing tables.
NetStat
Returns network statistics.
Task 7
Use the Command Prompt program to run the following network utilities:
C:\>Ping
C:\>Ping
C:\>Route
C:\>NetStat –a
C:\>NetStat –p
Example screenshots from Ping and Route are shown below. These will help you make sense of what you see on your own screen. Study them if your computer doesn’t allow access to these programs.
Ping
[pic]
The Ping shown above displays the IP address – 216.109.118.69 – of . Ping displays the time needed to send the packets from router to router. This utility is very useful if you want to investigate if a website actually exists.
Route
[pic]
Note that Route displays destination, mask, gateway addresses. You will learn more about gateways and network masks later in the Unit.
Transmission control protocol/Internet protocol (TCP/IP)
TCP/IP is a set of protocols:
• IP uses the IP address of both the source and the destination
• TCP creates data blocks called packets, and packet numbers.
Consider how a document would be sent from to .
[pic]
TCP divides the message up into data blocks called packets.
[pic]
Each packet is allocated a unique packet number, along with the total number of packets that will be sent.
[pic]
IP is responsible for the delivery of each of the packets to the destination. IP now adds the source IP address and the destination IP addresses to each of the packets.
[pic]
Each packet is now ready to be sent onto the Internet and make its own way to the destination address.
Packet switching
The Internet relies upon packet switching to transmit information from source to destination using TCP/IP. Different packets may follow different routes, as shown below.
Step 1
[pic]
Step 2
[pic]
Step 3 Step 4
[pic]
[pic]
Step 5
[pic]
Eventually, all five packets will arrive at the destination. Since the packets took different routes through the Internet and passed through different routers, it is highly likely that the packets will arrive in a random order. The web server at the destination address needs to sort the packets into numerical order before the message can be read.
The main advantage of using packet switching is that a telephone line or communications channel does not have to be totally devoted to linking a sender and receiver, unlike making a telephone call. With packet switching, a communications channel can be used to pass messages between many users.
[pic]
Network and host ID
Every IP address contains two pieces of information: these are the network ID and the host ID.
The network ID uniquely identifies the network, while the host ID uniquely identifies a hardware device that is on the network. In the following example, the first 24 bits (or first 3 octets) identify the network, and the last 8 bits (or last octet) identify the device.
32 bits
[pic]
The IP address 10.120.60.10 has a network ID of 10.120.60 and a host ID of 10 – i.e. a packet sent to this address will be routed to device 10 on network 10.120.60.
32 bits
[pic]
Address classes
To allow for different types of network, the 32 bit IP address can be arranged into five different formats, or address classes. The three most commonly used classifications are indicated below. TCP/IP classifications are used to define the number of possible networks and the number of different hosts.
Class A
[pic]
Network ID Host ID
[pic]
Class A allows 126 unique network IDs and over 16,000,000 unique host IDs, so class A addresses are used for devices on the world’s largest networks.
The most significant bit, the one furthest to the left, must be set to zero, identifying the IP address as class A. The remaining bits can be set to one or zero, giving the unique network ID.
Class B
[pic]
Network ID Host ID
Not many networks need so many host IDs, so class B uses 16 bits for the network ID and 16 bits for the host ID. Class B allows 16,384 unique network IDs and over 65,000 unique host IDs.
The first two most significant bits, those furthest to the left, must be set to 1 and 0, identifying the IP address as class B. The remaining bits can be set to one or zero, giving the unique network ID.
Class C
[pic]
Network ID Host ID
Even 65,000 hosts is a large number for a single network, so class C can be used for smaller networks. Class C allows 2,000,000 unique network IDs and over 254 unique host IDs.
The first three most significant bits, those furthest to the left, must be set to 1 and 1 and 0, identifying the IP address as class C. The remaining bits can be set to 1 or 0, giving the unique network ID.
Summary
|Class |Number of networks |Hosts per network |Range of first octet |
|A |126 |16,777,214 |1 to 126 |
|B |16,384 |65,534 |128 to 191 |
|C |2,097,152 |254 |192 to 223 |
• Some IP addresses are reserved and cannot be used. Network address 127 is reserved to allow testing of network cards and protocol binding. Computers which are not linked to the Internet default to IP address 127.0.0.1 allowing testing of Internet commands such as WinSock.
• Octets cannot be set to 255 – this value is used to set up network broadcasts.
• Octets cannot be set to 0 – all packets that have an IP address that contain an all-zero octet are restricted to the local network and never passed to the Internet.
Task 9
Answer the following questions.
1. What information is held in IP protocol?
2. What are hosts?
3. Which two pieces of information are held in an IP address?
4. What does the network ID identify?
5. What does the host ID identify?
6. How many bits are used to store an IP address?
7. How many TCP/IP address classifications are there?
8. How many networks does class A allow?
9. How many hosts does class C support?
10. Write down the leading octet structure for each of the three classifications.
11. Write down the range of the class A first octet.
12. Write down the range of the class B first octet.
13. Write down the range of the class C octet.
14. Classify the following IP addresses:
(a) 120.245.10.10
(b) 130.70.90.200
(c) 70.34.34.90
(d) 195.26.117.35
Network masks
Every IP address has an associated network mask. The network mask is used to separate the network ID from the host ID.
Each network class has its own network mask value. Network masks may only consist of the values 0 or 255. The 255 value masks out the network ID, leaving only the host ID.
|Class |Network Masks |
|A |255.0.0.0 |
|B |255.255.0.0 |
|C |255.255.255.0 |
For instance, class A:
IP address 102.165.80.20 Network mask 255.0.0.0 Host ID of 255.165.80.20
[pic]
102.165.80.20 masked by 255.0.0.0 gives a host ID of 165.80.20
Task 10
Answer the following questions.
1. What does a network mask do?
2. List the network masks for each of the three classifications.
3. Which two values can only be used in a network mask?
Sub-netting
Suppose your school network has 400 hosts. This is too many for class C (254 max), but it would be wasteful to allocate class B addresses (which would allow 65,384 hosts). Also, there are only 16,384 class B networks allowed, which is not enough to give a unique class B address to each school.
To get around this problem, sub-netting is used. Sub-netting uses network masks to split a network into a number of smaller networks.
The class C network mask – 255.255.255.0 – allows a network to have only 254 host IDs. It requires that the first three octets be set at 255 – the remaining octet, which is normally set to zero, can in fact take a series of values.
For example, 255.255.255.128 can be identified as a sub-net mask, as the last octet is non-zero.
Sub-net values are defined as follows. (The sub-net must be a series of 1s followed by 0s.
128
|Binary |1 |0 |0 |0 |0 |0 |0 |0 | |
|Value |128 |0 |0 |0 |0 |0 |0 |0 |= 128 |
192
|Binary |1 |1 |0 |0 |0 |0 |0 |0 | |
|Value |128 |64 |0 |0 |0 |0 |0 |0 |= 192 |
224
|Binary |1 |1 |1 |0 |0 |0 |0 |0 | |
|Value |128 |64 |32 |0 |0 |0 |0 |0 |= 224 |
240
|Binary |1 |1 |1 |1 |0 |0 |0 |0 | |
|Value |128 |64 |32 |16 |0 |0 |0 |0 |= 240 |
248
|Binary |1 |1 |1 |1 |1 |0 |0 |0 | |
|Value |128 |64 |32 |16 |8 |0 |0 |0 |= 248 |
252
|Binary |1 |1 |1 |1 |1 |1 |0 |0 | |
|Value |128 |64 |32 |16 |8 |4 |0 |0 |= 252 |
254
|Binary |1 |1 |1 |1 |1 |1 |1 |0 | |
|Value |128 |64 |32 |16 |8 |4 |2 |0 |= 254 |
These are the only values that can be used in a sub-net mask. The following are legal sub-net masks:
|Class A |255.254.0.0 |11111111 |11111110 |00000000 |00000000 |
|Class B |255.255.192.0 |11111111 |11111111 |11000000 |00000000 |
|Class C |255.255.255.248 |11111111 |11111111 |11111111 |11111000 |
How are sub-nets used to identify different networks?
[pic]
Host IP address 200.165.80.20 Host IP address 200.165.80.40
Class C
IP address 200.165.80.20 Network mask 255.255.255.192
200.165.80.20
[pic]
AND 255.255.255.192
[pic]
Result = 200.165.80.0
[pic]
Class C
IP address 200.165.80.40
Network mask 255.255.255.192
200.165.80.40
[pic]
AND 255.255.255.192
[pic]
Result = 200.165.80.0
[pic]
The results are the same, as both hosts are on the same network.
[pic]
Host IP address 200.165.80.20 Host IP address 200.165.80.40
Class C
IP address 200.165.80.20 Network mask 255.255.255.224
[pic]
AND 255.255.255.240
[pic]
Result = 200.165.80.16
[pic]
Class C
IP address 200.165.80.40 Network mask 255.255.255.240
[pic]
AND 255.255.255.240
[pic]
Result = 200.165.80.48
[pic]
The results are different, so the hosts are on different networks.
Gateway
A gateway is a link between two different networks. Gateways make up part of a router. The router will have at least two network cards. Each network card has its own IP address, or gateway address. Each gateway address belongs to a different sub-net.
[pic]
If sub-net mask results are different, then the packets need to be routed. The router passes packets from one network card to the other network card.
Task 11
Answer the following questions.
1. What effect can sub-net masks have on a network?
2. Write down the range of sub-net values.
3. Copy the list of legal network masks.
4. Explain how sub-net masks can detect that two IP addresses are on different networks.
5. What are gateways?
6. Which hardware device forms a gateway?
7. How many network cards are needed to create a gateway?
8. Explain what happens to a packet if the sub-net results are different.
SECTION 4
The Internet is a seamless network that allows users to access information from all over the world. A number of regulatory non-profit making organisations have been set up to manage the development of the Internet and to standardise Internet controls.
Some Internet regulatory boards/organisations include:
• IANA/ICANN
• IETF
• Nominet
• W3C
IANA
The International Assigned Numbers Authority was the authority responsible for administrating IP addresses and the management of DNS allocations of top-level domain names. There are two top-level domains:
• country codes – ccTLD
• generic – gTLD
[pic]
[pic]
[pic]
| |
|.tf |French Southern Territories |.us |United States |
|.tg |Togo |.uy |Uruguay |
|.th |Thailand |.uz |Uzbekistan |
|.tj |Tajikistan |.va |Holy See (City Vatican State) |
|.tk |Tokelau |.vc |Saint Vincent & Grenadines |
|.tm |Turkmenistan |.ve |Venezuela |
|.tn |Tunisia |.vg |Virgin Islands (British) |
|.to |Tonga |.vi |Virgin Islands (USA) |
|.tp |East Timor |.vn |Vietnam |
|.tr |Turkey |.vu |Vanuatu |
|.tt |Trinidad and Tobago |.wf |Wallis and Futuna Islands |
|.tv |Tuvalu |.ws |Western Samoa |
|.tw |Taiwan |.ye |Yemen |
|.tz |Tanzania |.yt |Mayotte |
|.ua |Ukraine |.yu |Yugoslavia |
|.ug |Uganda |.za |South Africa |
|.uk |United Kingdom |.zm |Zambia |
|.um |US Minor Outlying Islands |.zw |Zimbabwe |
|Generic Codes |
|.com |Commercial |
|.edu |Academic |
|.gov |Government |
|.int |International organisations |
|.mil |Military |
|.net |Internet network |
|.org |Non-commercial |
Check out the following web address:
The authority assigns ‘well known’ Internet port numbers. Some of these port numbers are shown below.
|Service |Port number |
|FTP |21/22 |
|Telenet |23 |
|HTTP |80 |
|NNTP |119 |
|SSL |443 |
|Gopher |70 |
|SNMP |161 |
|Kerberos |88 |
|TFTP |69 |
|DNS |53 |
Check out the following web address:
ICANN
Since 1999, the administration functions of IANA have largely been taken over by a new organisation – ICANN (International Corporation for Assigned Names and Numbers).
The US government set up ICANN to oversee and administer developments in:
• Internet protocol
• Internet domain name system
• generic top-level domain names
• country code domain names.
Check out the following web address:
Nominet
Nominet.uk was set up in 1996 as a private non-profit making company to control the use of the top-level .uk domain
A voluntary group called ‘The Naming Committee’ managed .uk in the 1980s. In the 1990s domain names were being sold by commercial organisations and there was a clear need for control. As a result, Nominet was formed as an authorising body to control second-level domain names in the UK.
Second-level domain names managed by Nominet
|.co.uk |Commercial organisations |
|.me.uk |Personal |
|.org.uk |Non-commercial |
|.ltd |Registered company name |
|.plc |Registered company name |
|.net.uk |Internet service providers |
|.sch.uk |Schools |
Second -level domain names not managed by Nominet
|.ac.uk |Academic |
|.gov.uk |Government |
|.nhs.uk |National Health Service |
|.police.uk |Police |
|.mod.uk |Ministry of Defence |
Nominet registration deals with:
• registration of domain names
• accuracy of domain name registration
• transfer of domain name registrations
• cancellation of domain names
• disputes.
W3C
The World Wide Web Consortium (W3C) leads developments on the World Wide Web. Based at the Massachusetts Institute of Technology (MIT), the W3C is an open forum, which anyone can apply to join, and which deals with technical developments.
W3C has led the change in the WWW from a hypertext network to a fully multimedia network.
W3C has made recommendations on the development of:
• HTML 4
• XHTML
• XHTML Basic
• cascading style sheets
• XForms
• PNG – portable network graphics format
• SVG – scalable vector graphics
• XML – encryption
• eb access guidelines.
Check out the following web address:
IETF
The Internet Engineering Task Force has a similar role to the W3C. It consists of many sub-groups carrying out research into all aspects of Internet development. Again, it is open to any interested person to join.
Check out:
Task 12
Answer all of the following questions.
1. State the two types of top-level domain.
2. What are contained in country top-level codes?
3. List the seven top-level generic domains.
4. List the four main regulatory Internet bodies.
5. What does IETF regulate?
6. What does IANA regulate?
7. Which port number is used to receive HTTP?
8. Which port number is used by DNS servers?
9. Which port numbers are used by FTP?
10. Which organisation regulates .uk?
11. What does Nominet control?
12. List the second-level domain names that Nominet does not control.
13. What is the main difference between .org.uk and .co.uk?
14. What does W3C regulate?
SECTION 5
There are four main threats to a computer system and/or network from the Internet:
• viruses
• unauthorised access (hacking)
• denial of service
• information theft.
Viruses
Viruses are background computer applications that can copy themselves from one computer system to another. Viruses need not cause any harm to a computer system; but they may cause untold harm.
Any computer system or network that is linked to the Internet must have virus protection. But remember, any virus protection is only as good as the last update. If your virus protection software is out of date, then it is totally useless.
Viruses are being continually produced and sent out over the Internet. The summer of 2003 alone saw MSBlaster, Backdoor.Jittar, VBS Mill H, Trojan.Mumuboy, Trojan.Vardo and many more besides.
Unauthorised computer access
The intent to gain unauthorised access to a computer system (sometimes called hacking) is an offence under the Computer Misuse Act. Hackers may not do any real harm – some just like the challenge of accessing a secure network, often leaving a message explaining that the network has been hacked. Hacking a network is generally quite difficult, needing a lot of networking knowledge. Generally speaking, if a network is hacked it is most likely that someone’s password was guessed or acquired. Regular changing of passwords is therefore a simple way of stopping unauthorised access.
Denial of service
Denial-of-service attacks are Internet attacks on a particular IP address. In recent years Microsoft, The White House and The Pentagon have all been targeted. The IP address is swamped by numerous messages, stopping the website from sending or receiving legitimate information. The simplest denial-of-service attack requires many Internet users to Ping a particular IP address. The IP host then becomes swamped with Ping replies. Firewalls and packet filtering can be used to prevent denial of service attacks.
Information theft
Viruses, unauthorised access and denial of services all leave tell-tale signs. With information theft, there is no way of knowing if someone has copied your files or your credit card number. Information thieves do not leave messages thanking you for your bank details!
It is worth remembering that 80% of all Internet attacks come from authorised users. It is much easier for an authorised user to make an attack on a computer network than for an unknown Internet user.
The UK Computer Misuse Act makes it a criminal offence to send viruses, gain unauthorised access to a computer system, deny computer access, or to copy files without permission.
Protection
Computer systems and networks that are linked to the Internet require protection from Internet attacks. This can be achieved by using:
• packet filtering routers
• firewalls
• proxy servers.
Each of these three methods restricts access to the Internet. The host is connected to either a packet filtering router, or a firewall, or a proxy server. The host is not directly connected to the Internet. Each of these three methods hide the host ID from the Internet. The only IP address passed out to the Internet is the gateway address, giving security and privacy for the host.
[pic]
Packet filtering routers
Routers are switches that have access to routing tables. Routing tables are dynamic databases that contain data about destination IP addresses, and how many jumps it takes to reach a particular destination. Routers direct data packets from source IP address to destination IP address.
Packet filtering routers can filter out ‘unwanted’ IP addresses. This is achieved by writing a set of rules, which accept or prohibit an IP address. These rules are maintained by the network manager.
Example packet filtering rules
|Rule Number |Action |Local Host |Local Port |External Host |External Port |Comment |
|1 |Block | | |123.10.10.4.2 | |Block all |
|2 |Allow |141.34.16.24 |80 | | |Allow all |
| | | | | | |Internet access |
|3 |Allow | |25 | | |Allow email |
| | | | | | |replies |
|4 |Allow | |>1023 | | |Allow all |
| | | | | | |Internet replies |
|5 |Block | | | | |Block everything |
| | | | | | |else |
|6 | | | | | | |
Once all of the rules have been assembled, only the allowed packets will be permitted. Packet filtering cannot check the contents of a packet – only the attached IP addresses.
Firewall
A firewall is a single secure network connection to the Internet, which controls the flow of traffic between the Internet and the client.
Like packet filter routers, firewalls require a set of rules. The usual firewall default setting is to block everything. The firewall needs to be configured to allow packets through.
Firewalls are fail-safe, i.e. if an attack or breach in security is detected, the firewall will close down the service or cut off all Internet access.
Unlike packet filter routers, which can only allow or block IP addresses, a firewall can read the content of the packets, as well as save information. Stateful inspection allows the firewall to check the contents of the packet before the packet is allowed through the firewall.
Proxy server
A proxy server is a web server that acts on a user’s behalf. Proxy servers are used to link LANs or Intranets to the Internet using only one source IP address – this is called IP aggregation.
Intranet users are linked to a proxy server, not to the Internet. Only the proxy server is linked physically to the Internet. Users request web pages from the proxy server; the proxy server then changes the source IP address to the proxy server IP address. Once the required web page is returned from the destination, the proxy server changes the source destination back to the client source IP address.
A proxy server can also be used to cache web pages; and can be used as part of a firewall.
Task 13
Answer the following questions.
1. List the four Internet security threats.
2. Define a computer virus.
3. What is meant by unauthorised access?
4. What is meant by ‘denial of service’?
5. Which of the four security threats is the hardest to identify?
6. List the three ways in which computer systems can be protected from security threats.
7. What is a router?
8. What are routing tables?
9. How are routing tables updated?
10. How does filtering work?
11. What are packet filter rules and what do they do?
12. What is a firewall?
13. What is the main difference between packet filtering routers and firewalls?
14. What is the default setting for all firewalls?
15. What happens if a firewall detects a breach in security?
Encryption
Encryption is a method of sending secure information by masking, or disguising, each character with an arbitrary number.
If we want to encrypt the message ‘HAVE A NICE DAY’ we would need to:
1. change the message into the ASCII equivalent
2. decide upon an arbitrary random number to mask out the characters in the message
3. mask off each ASCII code
4. apply a formula, using the ASCII number and the masking number.
In this example, taking 255 as the masking number:
|Plain Text |H |A |V |E | |A | |N |I |C |
|Character |A |0 |1 |0 | |0 | |0 |0 |
|Mask/Key |255 |1 |1 |1 |1 |1 |1 |1 |1 |
|Character |A |0 |1 |0 |0 |0 |0 |0 |1 |
This is an example of a symmetric encryption system, as the same mask/key is used to encrypt and decrypt the message.
Key distribution problem
Encryptions, like all code systems, require that the sender and receiver know the key to unlocking the code. If the receiver does not know the key, then he/she cannot read the message – it is as simple as that.
Can a sender distribute a key so that only the receiver can use it in order to decipher a secret message? When you are sending your credit card details on the Internet, you want to make sure that these details are secure. You want the receiver and only the receiver to be able to read your details, but you need to send the keys openly over the Internet.
The key distribution problem can be resolved by using a special piece of mathematics, called a one-way mathematical function.
Question: I am thinking of a number that, when I double it, I get a value of 24. What is the number?
Answer: The number is 12.
All mathematical functions have inverses and are called two-way functions:
• the opposite of doubling is halving
• the opposite of add is subtract
• the opposite of multiply is divide.
Question: I am thinking of a number that, when I divide it by 10, I get a remainder of 1. What is the number?
Answer: The number is obviously 11. If you divide 11 by 10, the remainder is 1. But is 11 the only answer? What about 21, or 31 or 41 or 51 or 1,000,001?
Calculating remainder (or modulo) value gives a family of possible answers. This is an asymmetric (or one-way) function. All Internet security is based upon modulo arithmetic.
Public keys
Public keys are freely distributed throughout the world. A message, or credit card details, encrypted using public keys can be sent out on the
Internet with the knowledge that the information cannot be read by a third party. But why is the message secure from prying eyes?
Question: I am thinking of a number, and when I divide the number by 7156177199311371, the remainder is 9117667347513. What is the number?
Answer: You need a super-computer!
In this case, the public key is 7156177199311371 and the transmitted value is 9117667347513. So, to break the code, all you need do is find the number that, when divided by 7156177199311371, gives you a remainder of 9117667347513.
Easy?
RSA encryption
RSA is named after its three American inventors: Rivest, Shamir and
Adleman. It requires the use of three formulae, which exploit the
asymmetry of modulo arithmetic.
If you are into mathematics, you might want to try these equations. This
Unit only requires that you gain an understanding of what is required
to encode and decode an Internet message.
Code = Asciie mod Pk
Dk × e = N mod((p–1)(q–1)
Ascii = CodeDk mod(Pk)
Where:
• Code is the encrypted value that will be sent on the Internet
• Ascii is the ASCII code of each character in the message
• Pk is the public key
• Dk is the decode key
• N is an arbitrary number needed to calculate Dk and e
• pand q are the private keys.
Private keys have only two rules:
1. they must be prime numbers
2. they must be different prime numbers.
Generally, these two prime numbers are always referred to as p and q. Let’s say that:
p=7 and q=11
My public key is the product of these two private keys:
p × q = 7 × 11 = 77
Pk = 77
The decode key is an exponent, which must be large enough to generate a set of unique remainders when divided by the public key.
Dk × e = 1 mod((p–1)(q–1)
5 × Dk = 1 mod((7–1)(11–1)) as e =5
= 1 mod(6×10)
= 1 mod(60)
Dk = 11 and e = 5
So I am now ready to receive secure messages; I tell the whole world that Pk = 77 and e = 5 and sit back and wait for my first message.
If you want to send me a short message, like the letter ‘A’ all you need to do is combine my two public keys and the ASCII code for A, which is
65.
Calculate the encryption code:
Code = Asciie mod Pk
Code = 655 mod 77
= 1160290625mod 77
= 32
I receive the encrypted message 32. I can decode the message using the last of the three formulae.
Ascii = CodeDk mod(Pk)
= 3211mod(77)
= [ 325 mod(77) × 326 mod(77)] mod(77)
= [ 65 × 1 ] mod(77)
= 65
You sent me the ASCII code 65, which is the letter ‘A’.
RSA is an asymmetric encryption, as it uses two different keys – one to encode and a different key to decode.
Even this simple example produced one or two large numbers and looks very secure and unbreakable, but like the Lorenz code machine, RSA does have an Achilles heel – and it is the public key. If the public key can be factorised, then both p and q will be known and the decode key can be calculated.
To ensure better security, both p and q should be prime numbers greater than 549755813888 – that is 40-bit security. Public keys will have 80 bits and should be more difficult, but not impossible, to factorise. In America, public keys use strong primes, i.e. prime numbers with more than 128 bits, yet Internet Explorer 5.5 and Outlook Express only offer at best 56-bit security, while Internet Explorer 6.0 offers 128-bit security.
Do not worry! You will not need to do any of these calculations! It is only important that you understand that RSA is quite complicated and requires a lot of calculations.
Encryption strength
Internet Explorer will tell you its encryption strength by selecting About Internet Explorer from the Help menu.
[pic]
Browser encryption functions
There are a number of browser encryption functions, including:
• DES
• IDEA
• Blowfish
• Shark
• AES
• RC2
• GOST.
IDEA (International Data Encryption Algorithm)
IDEA is a block cipher, which uses a 128-bit cipher key to encrypt blocks of plain text. The algorithm is very complicated, using sub-keys to carry out a series of modulo arithmetic calculations. The encryption process requires the use of 52 sub-keys!
First it generates the 52 sub-keys from the original 128-bit cipher key. The plain text is then split into 64-bit blocks. Each block of text is now ciphered using modulo arithmetic and one of the sub-keys.
Text block1 × sub-key1 → code1
Text block2 + sub-key2 → code2
Text block3 + sub-key3 → code 3
Text block4 × sub-key4 → code4
Notice that IDEA uses both add and multiply.
Each of the codes is combined to produce a new secure cipher.
Code1 XOR Code3 [pic] Secure code1
Code2 XOR Code4 [pic] Secure code2
IDEA then performs this process a further seven times, that is each block of the plain text is encoded eight times.
DES (Data Encryption Standard)
DES is also a 128-bit block cipher. It encrypts and decrypts 64-bit data blocks. Each 64-bit data block passes through 16 different permutations, so that means the data in each data block is combined together 16 times.
Blowfish
Blowfish is a free alternative, replacing DES and IDEA. Blowfish has a variable cipher key length, from 32-bit to 448-bit, and requires 14 runs to encode each block of plain text.
PGP (Pretty Good Privacy)
Although RSA is secure, it requires a lot of calculations. Each character
in the message needs to be encrypted before sending and decrypted on
arrival. There was a need for a fast and secure system. RSA was secure
but not fast enough.
In the late 1980s, Phil Zimmermann developed PGP, which is a
combination of RSA asymmetric and symmetric encryption.
Zimmermann’s idea was to use RSA to code a symmetric key and then
send the encrypted message. The receiver need only do one RSA
calculation in order to find the key. The message can then be quickly
decoded.
PGP = RSA encrypted key + encrypted message
Message = ‘HAVE A NICE DAY’
Key = 255
Encrypted message =
327320341324287320287333328322324287323320344
RSA encrypts 255 to give a new code of 61.
PGP message = 61 + 327320341324287320287333328322324287323320344
On receiving the PGP message, the RSA encrypted code of 61 can be decoded and the message quickly unmasked.
Phil Zimmermann’s development of PGP unfortunately brought him into conflict with his own government. He was charged with selling munitions to foreign countries. Strangely enough, PGP software was classified as munitions as it could help a foreign power in time of war. Zimmermann was the subject of many US Grand Jury investigations. In 1996, the US Attorney General dropped all cases against him.
PGP’s importance was realised when the Iron Curtain finally came down. Zimmermann received many e-mails from Soviet dissidents, thanking him for PGP, as they had used it to pass secure messages.
Summary
• Encryption is a method of masking data so that a third party cannot intercept the data.
• Encryption uses cipher keys to scramble the data.
• The key distribution problem outlines the problems of sending the cipher key between sender and recipient.
• RSA uses public and private cipher keys.
• A public key is freely available to everyone on the Internet and is used to encrypt the message.
• A private key is secure and is used to decipher the message.
• Both public and private keys are derived from large prime numbers.
• RSA requires many complex calculations to encode and then decode a message.
• RSA requires that the message is encrypted and decrypted, character by character.
• PGP uses RSA to encode the cipher key.
• PGP does not require numerous complex calculations.
• RSA is slow compared to PGP.
• PGP is more suited to Internet traffic.
Check out the following websites to get more information on PGP and RSA:
Task 14
Answer the following questions.
1. What is encryption?
2. Explain how encryption works.
3. Why is it important that both the sender and the receiver know the key?
4. What is meant by the key distribution problem?
5. What is meant by a one-way mathematical function?
6. What are public keys?
7. What are private keys?
8. How many different mathematical formulae are needed for RSA security?
9. Why is the publishing of private keys not a security risk?
10. What is RSA’s Achilles heel?
11. Why was PGP developed?
12. Why is PGP quicker than RSA?
Secure sockets
The secure socket layer (SSL) is a protocol that is used to create an encrypted link between two computer systems. The secure socket layer prevents communications from being intercepted by a third party.
Source Destination
[pic]
HTTP requires that all TCP/IP packets be received on Port number 80. A TCP/IP packet is sent through any random port number. The sender generates a random number, which is then used to identify the port number. The combination of send and receive ports creates a socket.
The SSL provides integrity, because the Internet user’s browser must ensure that the remote server is identified. Passing a server validation certificate ensures that the web server is secure.
Privacy is ensured, because a third party cannot compromise the information, as the SSL data is encrypted.
Site tracking
Site-tracking software collects and analyses the data that is generated by Internet traffic.
The simplest type is a hit counter, which can be incorporated into a web page. A hit counter stores data about the number of visitors who have browsed the website. Site-tracking software depends upon the sending and receiving of cookies.
Most web servers generate log files, which record information about the Internet user’s browser software, their ISP, the time and date a website was visited, and which web pages were accessed.
Some hosting companies (e.g. Lycos) allow other types of site tracking, with a breakdown on the types of browser that were used to visit the site, as well as analysis on which web pages were most often visited and downloaded.
There are many other site-tracking tools.
Privacy issues
Remember that when you are using the Internet, any site-tracking software will have logged your IP address, the name of your ISP, the type of web browser that you are using and the time and date. Site tracking will also record the web pages that you have visited and the information that you have downloaded.
Many Internet users think that they are anonymous, but site tracking logs most Internet details.
Check out the following website:
Task 15
Answer the following questions.
1. What does a secure socket create?
2. What does a secure socket prevent?
3. What is a socket?
4. Explain how a socket is created.
5. What does site-tracking software do?
6. What is the simplest type of site-tracking software?
7. List the information that is logged by site-tracking software.
8. Why might it be important to know which web pages are visited the most?
SECTION 6
Legal implications
Currently there are two UK laws that are relevant to the Internet and which are intended to protect the individual. These are:
• The Data Protection Act 1998
• The Computer Misuse Act 1990.
The Data Protection Act
Most people in Britain are aware of the Data Protection Act (DPA). It has been updated regularly since coming into force, and itself replaced an earlier version. This Act gives us a ‘right to privacy’, which means that sensitive information about us is kept confidential.
The Data Protection Act states that if any person, organisation, company or business (data user) wishes to hold or process personal information about an individual (data subject) on a automatic retrieval system (database) then they must be registered with the Data Protection Registrar’s office.
Principles
The Act has eight basic principles.
1. Information may only be obtained and processed fairly and lawfully.
2. Information may only be held for specific purposes.
3. The information is not to be used for any purpose other than that for which it was intended.
4. The information is relevant and adequate for the purpose.
5. The information is accurate and up to date.
6. The information is not kept longer than necessary.
7. The information should be made available to the individual concerned and the individual can have corrections made.
8. Information is kept secure.
Exemptions
1. No right to see information that is needed for national security.
2. No need to register if information is being gathered for recreation.
3. Non-profit making member organisations, such as clubs and churches, do not need to register if all members agree.
4. Mainly governing things like tax affairs.
Personal data on web servers
The Internet is a large database, which contains a lot of information; some of this is personal/ sensitive information. Under the law, Internet users must be registered if they process personal information. Does this include information that is freely available on the Internet?
If a website uses submission forms or visitors’ books to gather personal data, it is unlikely that the site is within the letter of the law, unless registered under the DPA.
The gathered data will be held on a web server. The organisation that controls the server will need to register under the DPA, but organisations outside the UK have no obligation to register under the Act, even though they hold personal data about UK citizens.
The situation becomes more confused when considering who is actually gathering the data. A UK citizen, who is gathering personal data by means of submission forms or visitors’ books for recreational fun is exempt, and does not need to register.
A UK business that gathers personal data by the same means will need to register. The business may not intend to process the information gathered, but it will still need to register. Once registered, the business will need to notify all data subjects that data is being held about them, along with a description justifying the need for collecting the data and explaining the purpose for which it will be used.
A non-UK business does not need to register and can use the Internet to gather personal data, perhaps selling the information on to a third party.
There is no binding international agreement on the storing and processing of personal information.
Strangely enough, educational institutions – universities in particular – that have placed employees’ personal data on the Internet are complying with the Data Protection Act, provided that the institution has already registered under the Act, stating that they are storing employee data.
Check out the following website and look up departmental details:
strath.ac.uk
Search engines
Search engines give Internet users the ability to carry out name searches. Most Internet users have searched for information about themselves or searched for information about famous people. The Internet user then becomes a data user, as they are processing personal information, and under UK law should register under the DPA! Perhaps the exemption that allows individuals to store and process information for recreation may apply, but this was written into an earlier version of the Act, long before the Internet was in common personal use.
• Have you ever downloaded information about yourself from the Internet? You were a data user and you should have registered under the DPA!
• Have you ever searched for any of your friends or relatives on the Internet? You are again a data user and should have registered as such.
Task 16
Answer the following questions.
1. Define a data user.
2. Define a data subject.
3. List the four main exemptions to the terms of the DPA.
4. Outline the problems with gathering personal data using a visitors’ book.
5. If an individual uses the Internet to gather personal data, will he/she need to register with the Data Protection Registrar? Explain your answer.
6. If a UK business uses the Internet to gather personal data, will it need to register with the Data Protection Registrar? Explain your answer.
7. Explain how a search engine could be used to gain personal information.
8. Outline the problems of storing personal information on a web server.
9. Explain why using a search engine to look up your own name may be considered illegal under the DPA.
10. Explain why downloading information about Madonna could be seen as infringing the DPA.
11. It is possible to view open-access web pages, often found in American academic websites like the University of Texas. These pages contain personal information, such as name, date of birth, address, etc. Explain why this data provision is not legal in the UK.
12. Why are international agreements needed to protect our personal information?
The Computer Misuse Act
This Act tries to close the loopholes in civil law, as well as create legislation regarding the possible misuse of computer systems. There are four basic infringements:
• hacking
• sending viruses
• service denial
• copying of files.
Hacking
Hacking is the use of a computer to gain illegal access to another computer system. Often, a hacker just does it for kicks, just to see if they can break in, but this is illegal. Others hack into computer systems to make illicit gains or to cause damage; obviously this too is illegal.
Viruses
The Act also covers the distribution of computer viruses. It is an offence to cause damage to a computer system, or to cause deliberate loss of files by sending a computer virus.
• Computer viruses spread from one computer to another.
• Viruses can cause harm to your computer system.
• You may lose everything on your computer.
• Your computer may stop working.
• The virus might be sending information about you to other people.
How do you get viruses?
If you are connected to the Internet, you may get a virus. Viruses are often sent as e-mail attachments that you are instructed to download.
You might get a copy of a game from one of your pals, which unknowingly has a virus attached to the game. This can happen with any type of file sharing.
How do I protect myself?
The best way is to have virus protection software running in your computer system. This software is only as good as the information that it contains. If the software is a month or two out of date, then it is useless.
Court cases
Example 1
In September 2003, an 18-year-old British schoolboy hacked into the American Nuclear Weapons Laboratory by cracking the security software with a program that he had written. The intrusion triggered a full-scale alert at the Fermi Research Labs in Chicago. As a result, the lab’s computer systems were shut down for three days. The subsequent cost of restarting the computer system was £22,000.
It was said that he was only breaking into the computer system in order to use its power to allow him to download music and videos from the Internet. He passed on passwords to friends and other hackers.
The policemen who arrested him said that he was ‘very good and admitted everything’.
The boy appeared at Bow Street Magistrates Court and was given unconditional bail, so that he could continue with his studies.
Example 2
A teenager charged with computer hacking offences appeared before magistrates in west Wales. He faced 10 charges under the Computer Misuse Act of downloading unauthorised information. He was also charged on two counts of deception by obtaining computer equipment worth £1,399 and obtaining other items with a value of £400.
He was given unconditional bail.
Example 3
A 26-year-old man (‘the Black Baron’) faced 11 charges in respect of two virus programs. He was described in court as a typical ‘anorak’, being lonely and friendless. His solicitor said that he had ‘a particular talent’ and had ‘written something extraordinary’, and if directed properly, he could have ‘made a place for himself’. The police claimed that he had ‘caused mindless havoc’ all over the world.
He received a sentence of 18 months’ imprisonment.
Service denial
Service denial can be the deliberate act of destruction of computer systems and wiping of files, stopping users from gaining access. This is often referred to as computer vandalism.
It can also take the form of a service denial attack, where a web server receives countless user requests. Eventually, the server crashes, denying access to legitimate users.
Copying of files
Files and credit card numbers are copied from the user’s computer system. What makes this infringement worse than the other three is that the hacker does not leave any evidence that they have been there. They just copy the information and go.
Task 17
Answer the following questions.
1. List the four misuse infringements.
2. What is a hacker?
3. How might you get a virus?
4. How do you protect your computer from viruses?
5. What is service denial?
6. Which is the worst of all computer infringements?
7. What does the Computer Misuse Act attempt to do?
8. Is there a need for international policing of the Internet?
International policing
The Internet is worldwide, crossing countries with different cultures – so it is difficult to see how international policing would work.
In February 1997, the European Conference on Combating Violence and Pornography on the Internet was convened in London. The conference looked at the technical and moral issues surrounding policing the Internet. All proposals would be put to the European Union to influence European policy. Delegates attended from all over Europe.
There were many contrary views expressed. Delegates could not agree on a definition of offensive materials, or even on a need to control the distribution of offensive materials.
British Telecom representatives looked at the problem from an industry perspective. If BT comes across any illegal material, they report the contents to the Internet Watch Foundation.
By December 1996, the Internet Watch Foundation (a UK-only organisation) had received only 28 reports from Internet users, which led to five images being removed from UK servers.
Engineering and technical representatives outlined some technical solutions, including address filtering, service filtering and content labelling/filtering, which could be used to monitor illegal content on the Internet.
The German Committee of Enquiry into Media and Violence stated that they were against the policing of the Internet for pornography, when it is widely available on German streets. The Committee had difficulty in defining the word ‘pornography’, stating that a definition would be complicated in an international environment such as the Internet.
The Netherlands representative stated that censorship does not work and that we should not allow governments to tell us what to do about our sex lives. They also stated that production of pornography, rather than possession of it, should be illegal, as in the Netherlands.
The French Ministry for Telecommunications and Postal Affairs stated that the French would only work with the Organisation for Economic Co-operation and Development, and had no interest in the ECCVP.
Task 18
Write a short essay outlining the problems of internationally policing the Internet.
SECTION 7
HyperText Markup Language
Although hypertext systems have been in use for many years, it was the development of HTML by Timothy Berners-Lee that allowed everyone to put information onto the web. Prior to this, information could only be placed on a network using complicated code. HTML is a scripted language that is easy to understand and easy to use.
Browser viewing
When you view or, more correctly, browse a website you can interact with it and read the information. As a browser, you cannot change the information that is being displayed. You use a piece of software called a web browser, like MS Internet Explorer.
Author viewing
When you interact with a website as an author, you can change the website. (You are only allowed to change your own website; you will not be able to change other people’s websites.)
To author a website you need authoring software. There are a number of software packages, that you can use:
• MS FrontPage
• Dreamweaver
• MS Word
• MS PowerPoint.
FrontPage and Dreamweaver are specialised web-authoring packages, while Word and PowerPoint are general purpose document-creation packages with authoring tools.
Client-side and server-side
HTML scripts are hosted (stored) on a web server as a document. The user (client) downloads the HTML document to their computer system. The browser software then reads the script and displays the document as intended.
Server side
[pic]
Client side
Task 19
Answer all of the following questions.
1. Explain the difference between
(a) browsing a web page
(b) authoring a web page.
2. Where are web page HTML scripts stored?
3. Where are HTML documents displayed?
4. Explain the difference between server-side and client-side.
HTML documents
All HTML documents have the same structure and use tags to encode the actual content. A tag is a word or phrase that a browser recognises as a command. HTML tags are written in angled brackets, thus: . Many commands require an opening and closing tag, e.g. . Equally, many tags have attributes, which add to, or put conditions on, the command in the tag, e.g. .
The structure of an HTML document:
This section does not display
This is the section of the document that is displayed.
All of a web page content is contained in this area.
Each HTML document must start with a new document tag . The next tag is the header . Header text is not displayed in the HTML document, but is used to set up special instructions and allocate keywords. Headers must have a closing tag.
The next part of the document is ; this is the section of the document that is displayed in the web page.
Notice that and tags surround the document, while the remaining tags are nested inside. Remember that a tag will switch on an HTML command, while the tag will switch the command off.
Task 20
Answer the following questions.
1. What are tags?
2. What is the starting tag of every HTML document?
3. Which part of an HTML document is not displayed?
4. What is contained between the tags?
5. What is the last tag of every HTML document?
Tags and structure
Have a look at the following HTML document text:
”home page”
This is my Home Page
I am interested in computers.
The tag contains information. When the web page is being displayed in a browser, the title is displayed in the task bar. All HTML documents should contain a title.
Another tag is included in the body. The tag is used to break the lines of text – to take a new line. (HTML does not recognise RETURN or space bar commands.)
Task 21
1. Use Notepad/Simple Text, or any other text editor to enter the ‘Home Page’ HTML script shown above.
2. Save the document with either an .htm or .html extension, with the name ‘test’. Set the Save as type as All files. (If this is not done, then the file will be saved as a text file (.txt) and will not display in a browser.)
3. Now display ‘test.html’ in your browser.
You have created your first simple web page. As you can see, it is quite easy to do. There is no complicated computer code, no complicated structure; just text and HTML tags.
Task 22
Answer the following questions.
1. Where are web page titles displayed?
2. Which keyboard signals are ignored by HTML?
3. What does the tag do?
4. Which file extension must be used when saving a web page?
Using paragraphs
An alternative to the tag is , which, with , can be used to enclose paragraphs. This also inserts a line space between paragraphs.
Try the following:
< html>
”Home Page”
I am a student at…, studying the Internet Unit for Higher
Information Systems, and having a whale of a time learning how to
create web pages using HTML.
This example is to show how to split up extended text into
paragraphs, with a line space between them.
What is transmitted on the WWW?
The simple answer is just simple text!
The web server sends out HTML script, which is a text document. Clearly, the amount of script contained in a document affects the transmission speeds over the Internet. The larger the script, the longer it will take to be transmitted from server to client.
Task 23
Create a simple web page.
1. Use a text editor, such as Notepad, to enter the following HTML script:
My Home Page
2. Save as ‘Home Page1.html’. Take care to ensure that the file type is set to All.
3. Double click on ‘Home Page1.html’ to display the document in your browser.
Click on the View menu option and select Source.
[pic]
You will see the HTML script that you have just entered.
[pic]
Task 24
1. Now use Microsoft Word, or any other web authoring software, to create the same web page.
2. Save as ‘Home Page2.html’.
3. Double click on ‘Home Page2.html’ to display the document in your browser. It should look identical to ‘Home Page1.html’.
4. Click on the View menu option and select Source.
You will see something like this:
Hello. |document.write "Hello. |
|Todays date is" |Todays date is " |
|+ today + ""); |& date() & "" |
| | |
| | |
| | |
|Welcome |Welcome |
| | |
| | |
Task 43
1. Enter the JavaScript version above into a text editor.
2. Save the document as ‘Java Date.html’.
3. Display the page in a browser.
4. Enter the VBScript version into a text editor.
5. Save the document as ‘VBS Date.html’.
6. Display the page in a browser.
7. Edit ‘VBS Date.html’ to include the following:
document.write "Hello. Todays date is " & date() & time() & ""
8. Save the document as ‘VBS Date.html’.
9. Display ‘VBS date.html’ in a browser.
Cookies
Cookies allow a web server to send and receive information. A cookie is a text file that contains one line of text, and which is stored on the web server or the user’s hard drive.
If you visit a website that has a hit counter, then your browser software will check to see if you have already visited the website. Your browser will look into the Cookies folder to check if the website has already stored a hit counter cookie.
If the Cookies folder does not have a cookie from the website, then the browser sends a cookie to the website, requesting that the hit counter be increased by one. Once the value of the counter has been increased, the web server sends a cookie to the browser. The browser stores the hit counter cookie in the Cookies folder and the hit counter value is displayed in the browser.
Cookies and databases
Web-based companies, especially e-commerce, make a lot of use of cookies and underlying databases. Cookies allow the client’s browser to exchange information with the web server.
Have you ever purchased CDs or books or holidays using the Internet?
Internet companies use databases, especially relational databases, to store and process personal information. If you book a low-cost flight on the Internet, your details and the flight details are stored on the company’s database. If you want to purchase a book or a holiday using the Internet, then you will query a server-side database to check if the book or holiday is available.
[pic]
It is important to remember that e-commerce is really about data processing. Some of the data is personal data about the client, while the remaining data contains stock details. All this information will be held on web-based databases. These are large databases, most likely relational databases, which are situated on the host’s web server.
On-line shopping uses cookies to keep track of a customer’s order. Every time a customer selects an item, a cookie is sent to the server. The cookie is then used to update a web-based database, which contains the client’s shopping list. In turn, the server sends the client a cookie confirming the purchase.
There are other types of web-based databases, some of which are fun to use!
[pic]
Check out the Internet Movie Database:
Cookie privacy
The interchange of cookies is invisible. The client has no idea that information about them is being sent by the browser to the web server.
Your browser will allow you to set how you want to interact with cookies. Internet Options will allow you to restrict the number and type of cookies that are sent to and from the web server.
[pic]
Document.cookie
Document.cookie allows client-side script to interact with cookies.
However, it requires communication between the client’s browser and a
web server, and this means that it might not work on a standalone
computer system or school system that does not support a web server.
You can download your own web server from:
Look at the following client-side script:
Cookies
if document.cookie=“” then
user= inputbox(“ENTER YOUR NAME”)
document.cookie=USER
else
user=document.cookie
end if
document.write “ HELLO ” & user & “HOW ARE
YOU?”
User’s name will be displayed in the heading
Once the user’s name has been stored as a cookie then his/
her name will appear automatically.
Task 44
Answer the following questions.
1. What do cookies allow web servers to do?
2. What is contained in a cookie?
3. Explain how hit counters use cookies.
4. What are web-based databases?
5. What type of database structure is used by web-based databases?
6. Explain how cookies and web-based databases are used to purchase goods over the Internet.
7. What is meant by the invisible interchange of cookies?
8. Explain how you can safeguard your cookie privacy.
9. Why will document.cookie not run on a standalone computer system?
Submission forms
One way of using web pages to collect information is to use a submission form.
Sub Form
Welcome to Scotland Stores
First name......
Surname ........
E-mail address
The tags set out where the submission form will be displayed in the browser. The tag can also contain a method of returning the collected information. In this case, the collected information will be posted, that is e-mailed to you using action:mailto followed by your e-mail address.
Task 45
1. Enter the HTML script above into Notepad.
2. Save the document as ‘Sub Form.html’.
3. Display the page in a browser.
4. Enter your own details into the submission form and click on SEND NOW.
[pic]
This method of collecting data is not very reliable, nor is it secure. Originally, only Netscape allowed mailto: so you may have difficulty getting it to work with Internet Explorer. Internet Explorer might display a warning message explaining that your e-mail address will also be sent, or your school network might refuse to handle mailto:
Fortunately, there are better ways of collecting information from a submission form. However, this requires your web server to have access to a CGI bin.
A CGI bin is a special directory that allows the user to store information. It requires management software to analyse the collected data.
First name...... Surname ........ E-mail address
This method will probably not work on your school computer system, but most ISPs offer web tools, allowing you to set up a CGI bin.
Form validation
Form validation requires that the data in the submission form has been entered correctly. The VBScript program does a simple validation check to ensure that required/compulsory fields have not been left blank.
|10 | |
|20 | |
|30 |Validation |
|40 | |
|50 | |
|60 |Private Sub Button_onclick() |
|70 | |
|80 | |
|90 |IF len(customer.Firstname.value)= 0 or |
| |len(customer.Surname.value)= 0 then |
|100 | |
|110 |msgbox "Error!" |
|120 |ELSE |
|130 | |
|140 |MSGBOX "Data ready to be submitted" |
|150 | |
|160 | |
|170 |End if |
|180 |End sub |
|190 | |
|200 | |
|210 | |
|220 | |
|230 |Welcome to Scotland Stores |
|240 | |
|250 | |
|260 |First name*...... |
|270 |Surname* ........ |
|280 |E-mail address |
|290 | |
|300 | |
|310 | |
|320 |All data items mark* as required. |
|330 | |
|340 | |
|350 | |
|360 | |
The Private Sub Button_onclick() sub-routine is executed when the SEND NOW button is selected, or ONCLICK.
In lines 90–120, the length of the first name and surname is checked. If either the first name or surnames have not been completed, then the number of letters in the name will be ZERO.
If either name has not been completed, an error message will be displayed, but if the first name and surname have been completed, the data is ready for transmission to cgi_bin.
Task 46
1. Edit ‘Sub Form.html’ to include the extra VBScript needed for form validation.
2. Save the web page as ‘Sub Form.html’.
3. Display the page in a browser.
4. Select SEND NOW without entering any data.
5. Select SEND NOW after entering your own details.
[pic]
Task 47
1. Edit ‘Sub Form.html’: delete line msgbox "Error!" and replace with the script shown below. This script will alert the user about the actual information that they have missed.
if len(customer.Firstname.value)= 0 then
msgbox "First name has not been completed"
End If
if len(customer.Surname.value)= 0 then
msgbox "Surname has not been completed"
End If
2. Write VBScript to ensure that the e-mail address has not been omitted.
Task 48
1. Construct your own submission form for ‘Super Store’. Use the previous example as a template. The Super Store web page must contain:
• date and time – use document.write
• three required fields*
• form validation to ensure that the fields are not left blank
• alert messages notifying the user which fields have not been completed
• headings …
2. Change text and background colour; show off; have some fun! What about a couple of graphics? Save web page as ‘SuperStores.html’.
[pic]
SECTION 12
PHP/MySQL
PHP stands for Pre-Processed Hypertext. However, PPH does not look as catchy as PHP! PHP is a server-side scripting language. That is, web pages that contain PHP script are executed on the web server and the output is transmitted to the client.
PHP has many advantages over client-side HTML and VBScript/JavaScript methods:
• Transmitted web page documents are reduced in size, as PHP output is sent instead of large amounts of HTML script.
• No need for client-side plug-ins. The PHP script is executed on the web server, so only the web server needs plug-ins.
• Browser software should not need continual updating. The updates only need to affect the web server.
PHP has one obvious disadvantage, namely the slowing down of the web server while it executes PHP script.
PHP and MySQL work together on the web server. MySQL is a standard query language, which is used to store and interrogate data that has been collected on the Internet.
E-commerce is totally dependent upon PHP/MySQL. If you book a flight or purchase goods over the Internet, there will be a MySQL database storing your details and processing your order.
Check out:
This is one of the more user-friendly flight booking systems on the Internet. Please do not book any flights!
Task 49
Answer the following questions.
1. What is the correct name for PHP?
2. What is PHP?
3. What is sent from the web server?
4. List the advantages of using PHP.
5. What is the major disadvantage?
6. Which web-based industry is totally dependent upon PHP/ MySQL?
7. Explain how the World Wide Web and relational databases work together so that you can purchase a book on the Internet.
SECTION 13
Style sheets
Style sheets are definitions – sets of rules – for a number of text formatting controls.
HTML lacks any control over the way that text is displayed in a web page. The W3C recommendation for cascading style sheets (CSS) allowed authors to define their own text styles and incorporate these styles into their web pages.
For example, the standard headings tag normally uses the Arial font to display text. If an author decides to use Times New Roman for a website, then he/she needs to change the tag on every web page. If the website has a couple of hundred web pages, that might prove daunting!
A style sheet allows an author to set up a style that can be linked to all of the web-page documents.
[pic]
Setting up a style sheet
The following style-sheet definition will change the headings tag to display all text in Times New Roman:
h1 {font-style: Times New Roman}
Style sheets are saved as simple text files, with a .css extension.
CSS recommendations
The W3C consortium has issued the following three sets of recommendations.
December 1996
|CSS1 |Style properties |
| |Fonts |
| |Text |
| |Box |
| |Colour/color |
May 1998
|CSS2 |Media |
| |Position properties |
| |Download format |
| |Table styles |
| |Text shadowing |
January 1999
|CSS3 |User interface |
| |Scalable vector graphics |
| |Multimedia |
For more information on W3C recommendations, check out:
Style/
Style sheets offer the following advantages:
1. web pages are more concise and less cluttered
2. style sheets are flexible
3. one individual style sheet can be used in many different web pages.
Task 50
Answer the following questions.
1. What are style sheets?
2. What does HTML lack?
3. What is the name of the body that makes style-sheet recommendations?
4. If an author wants to change the font in the tag, what would they need to do?
5. How many style sheets are needed to change the display of a website?
6. How are style sheets saved?
7. How many W3C recommendations have been made?
8. List the advantages of using a style sheet.
Creating a cascading style sheet
Use Notepad, or any other text editor software, to enter the following text:
h1 {color: red}
body {background-color: green}
Save the style sheet as ‘style1.css’.
That’s all there is to it!
The inclusion of this style sheet into any web page will display a green background and all tags in red.
Inserting CSS into a web page
There are three ways of including a style sheet in an HTML web page:
• embed the style sheet into the area
• link or import a saved .css file
• attach a .css definition to a section of an HTML web document.
Embedding style sheets
Embedded style-sheet definitions are located in the area of the HTML web-page document.
Style Sheet
Red Heading
This is a test
Task 51
1. Use text editor software to enter the script given above.
2. Save the document as ‘red test.html’.
3. Display ‘red text.html’ in a browser. The embedded style redefines the tag so that all text is displayed in red.
4. Change to display in blue.
5. Change the text ‘Red heading’ to ‘Blue heading’.
6. Save as ‘blue text.html’.
7. Display ‘blue text.html’ in a browser.
Linking or importing style sheets
Most web browser application software allows the linking of .css files to web pages. The file is linked to the web page in the same way as an image file is linked.
Style sheet:
h1 {color: red}
Web page text:
Style Sheet
Red Heading
This is a test
Task 52
1. Use text editor software to enter the style sheet text shown above.
2. Save as ‘red.css’.
3. Use text editor software to enter the HTML script above.
4. Save as ‘red link.html’.
5. Display ‘red link.html’ in a web browser.
Importing style sheets
As the name suggests, a .css file is imported into the web page document.
Style sheet text:
h1 {color: red}
Web page text:
Style Sheet
@import url(red.css);
Red Heading
This is a test
Task 53
1. Use text editor software to enter the style sheet text shown above (or use the saved ‘red.css’ style sheet).
2. Save as ‘red.css’.
3. Use text editor software to enter the HTML script above.
4. Save as ‘red import.html’.
5. If you have Internet Explorer 6 (or equivalent), display ‘red link.html’ in a web browser.
NB: Internet Explorer 5 or below will not allow @import url linking of style sheets.
Attaching a CSS definition
Attaching a CSS definition allows the style definition to be directly attached to the HTML tag.
Web page text:
Style Sheet
Red Heading
This is a test
Task 54
1. Use text editor software to enter the HTML script above.
2. ave as ‘red apply.html’.
3. Display ‘red.apply.html’ in a browser.
Conflicts and cascading
What happens when the same style sheet rules have been entered more than once? For example:
h1 {font-style: Times New Roman}
h1 {font-style: Courier}
The first rule changes to Times New Roman, while the second rule changes to Courier.
These rules are in conflict – but cascading will resolve the conflict. Cascading will ignore the first rule and execute the second rule.
Cascading is like a waterfall: as each similar rule is listed down through the style sheet, the last rule encountered will be executed and all previous similar rules will be ignored.
Task 55
Answer the following questions.
1. What are the three methods of using cascading style sheets?
2. Where must all embedded style sheets be entered?
3. Name the two methods of including separate style sheet files.
4. What problem is associated with @import?
5. What does cascading deal with?
6. Explain how cascading deals with the following conflict:
h1 {font-style: Times New Roman}
h1 {font-style: Courier}
Use Microsoft Word, or any other web-authoring package, to create the following web-page document.
[pic]
1. Use , , to display the text.
2. Save as ‘heading.html’
3. Use text editor, such as Notepad, and create the following cascade style sheet.
h1 {color: red}
h2 {color: blue}
h3 {color:green}
4. Save the style sheet as ‘heading.css’
5. Ensure that ‘heading.html’ and ‘heading.css’ are in the same directory.
6. Display the ‘heading.html’ web page in a browser.
7. Use View/Source to display the HTML script.
8. Delete any script within the tags.
9. Now enter the following script into the tags:
10. Save as ‘heading.html’.
11. Display ‘heading.html’ in a browser. The web page should display the three headings in different colours.
Setting up cascading style sheets
Cascading has three basic rules:
1. The most specific rule applies.
2. If rules have the same specification, then the last rule will be executed.
3. Embedded rules are over-ruled by linked or imported rules.
If you have access to Visual Basic, then you should also have access to Microsoft Development Environment.
[pic]
Development Environment allows the user to create cascading style sheets. It supplies the user with a list of fonts and the HTML tags that can be used to create quite complicated style sheets.
If you do not have access to Microsoft Development Environment, then you can always create style sheets using Notepad or any other text editor. Remember to save the style sheet with the .css extension and, of course, set the Save type to All.
Specialised web-authoring packages, such as Dreamweaver, devote a lot of resources to the creation and management of CSS.
Task 57
1. Use a text editor and create the following CSS.
p
{
colorR: magenta
}
h1
{
color: red
}
h2
{
color: green;
font-family: ‘Californian FB’
}
body
{
border-right: fuchsia solid;
border-top: fuchsia solid;
border-left: fuchsia solid;
border-bottom: fuchsia solid;
font-family: Andy;
background-color: lime
}
2. Save as ‘Classic.css’.
3. Link or import ‘Classic.css’ into ‘SuperStore.html’.
4. Display ‘SuperStore.html’ in a browser.
5. Edit ‘classic.css’ to include other fonts and sizes.
6. Display ‘SuperStore.html’ again, and notice how it has changed.
CSS definitions
The following CSS definitions can be used with the ..., , tags.
|CSS | |
|Fonts |font-family |
| |font-size |
| |font-style |
| |font-variant |
| |font-style |
| |font-weight |
|Text |text-align |
| |text-indent |
| |word-spacing |
|Box |border |
| |border-color |
| |border-style |
| |border-width |
|Colour |color #RRGGBB |
| |background-color |
| |background-image |
SECTION 14
Outcome 2
To complete Outcome 2, you are required to demonstrate the following practical skills:
• use of HTML coding (including layout tables) in web-page design
• use of client-sided scripting in web-page design
• use a cascading style sheet in website design
• creation of web pages, forming a multi-page website with links to other pages on the same site.
The following task gives you the opportunity to demonstrate all of these skills. Remember that you must produce hard copy evidence of two of the skills listed above.
Outcome 2 – Budget Airways
1. Create the following HTML website.
Site map
Your website’s top level is the Budget Airways Home Page. The text for this is shown below.
|Welcome to Budget Airways |
|Welcome to Budget Airways. We offer the best low-cost fares from any of the following national and |
|international airports: |
|Glasgow |Edinburgh |Dublin |
|Simply select the airport of your choice. |
2. Create and save ‘Budget Airways Home Page.html’. Remember that the home page needs to grab the Internet user’s attention, so use lots of colour and embed some graphical images.
3. Create ‘Glasgow Departures.html’, using the text shown below. You must use tags to help construct the page.
|Budget Airways – Glasgow Departures |
| |
|Flight Number |
|Destination |
|Date |
|Time |
| |
|BD 9777 |
|EDINBURGH |
|12/04/2004 |
|10:00 |
| |
|BD 9779 |
|DUBLIN |
|12/04/2004 |
|14:20 |
| |
|BD 9781 |
|INVERNESS |
|13/04/2004 |
|09:35 |
| |
|BD 8001 |
|BOURNEMOUTH |
|13/04/2004 |
|10:20 |
| |
|BD 8021 |
|LUTON |
|13/04/2004 |
|15:45 |
| |
|Edinburgh Departures |Dublin Departures |
| |
|Book your flight |
4. Save as ‘Glasgow Departures.html’.
5. Edit the file to embed a graphic of an aeroplane; use … to improve the headings.
6. Create two new web pages:
• Edinburgh Departures.html
• Dublin Departures.html
7. Use the same layout as ‘Glasgow Departures.html’ for the two new pages. Enter your own flight numbers, destinations, dates and times.
8. Hyperlink ‘Budget Airways Home Page.html’ to each of the following web pages:
• Glasgow Departures.html
• Edinburgh Departures.html
• Dublin Departures.html
9. Create ‘Booking Form.html’ from the text shown on the next page.
[pic]
10. Use client-side script to validate all entries to ensure that no entry has been omitted. Display alert messages indicating which fields have been left blank.
11. Hyperlink ‘Budget Airways Booking Form.html’ to each of the following web pages:
• Glasgow Departures.html
• Edinburgh Departures.html
• Dublin Departures.html
12. Use one simple cascading style sheet to set up the font style and colours for all the web pages.
Information Systems: The Internet Unit (Higher)
Observation checklist
Student name: __________________________________________________
Starting date of assessment: _______________________________________
Budget Airways
|Practical skill |Completed |
|Use of HTML script |Yes/No |
|Use of color and bgcolor |Yes/No |
|Use of … |Yes/No |
|Use of embedded images |Yes/No |
|Correct use of table definitions |Yes/No |
|Data entered into tables |Yes/No |
|Creation of submission form |Yes/No |
|Client-sided script used to validate submission form | |
|entries |Yes/No |
|Creation of alert messages |Yes/No |
|Creation of cascading style sheet |Yes/No |
|Linking or importing CSS into web pages |Yes/No |
|Creation of a multiple-page website |Yes/No |
|All hyperlinks working correctly |Yes/No |
Completion date: _______________________________________________
Tutor’s signature: _______________________________________________
HTML tags
(Note: many of these are now deprecated by W3C and should not be used unless absolutely necessary.)
|Tags |Description |
|< ! ... comment ...> |Not displayed in browser window |
| |Hypertext link to local or remote url |
| |target=Name |
| |target=_self |
| |target=_parent |
| |target=_blank |
| |href options to specify how a document is to be displayed |
| |Holds author’s e-mail address |
| | |
| |Bold text |
| |Sets the base url. Use when files are stored in a set of folders |
| |and sub-folders |
| |Make text flash on and off |
| |Defines body area |
| |background = Image filename |
| |bgcolor = Colour number ... Note COLOR spelling!! |
| |text = Colour number to change text colour |
| |link = Colour number to set link colour vlink = Colour number to |
| |set visited site colour link |
| |alink=Colour number to set active link colour |
| |Define caption |
| |align=top |
| |align=bottom |
| |Centre text or image |
| |Citation |
| |Source code |
| |Document definition |
| |Text formatting command |
| |Define a list |
| |Term in a definition list |
| |Enclosed text in this font |
| |size = Number from 1 to 7 to set text |
| |size |
| |Encloses a form |
| |method = post |
| |action = Your e-mail address |
| |Start of frame section, which must contain: |
| |rows=”*,*,*” Three rows |
| |cols=”*,*” Two columns |
| |src=url |
| |name = name of frame to be used as |
| |target for href link scrolling=yes/no/auto Appearance of scroll |
| |bars and how they work noresize forces fixed size of frames |
| |End frame section |
| |Encloses heading information area |
| |Sets up text in a heading size, n>1–6 |
| |Horizontal rule |
| |size = Value in pixels displayed width = Value in pixels or as a |
| |percentage |
| |noshade This makes the line solid |
| |Encloses the whole HTML document |
| |Italics |
| |Display an image (image source) |
| |alt = If image not available then display an alternative piece of|
| |text |
| |align=TOP |
| |align=bottom |
| |align=middle |
| |width = Value in pixels or percentages height = Value in pixels |
| |or |
| |percentages |
| |Allows data to be entered |
| |name = A variable name which is used to store and reference the |
| |data |
| |size = Character width |
| |type = Checkbox |
| |type = Radio |
| |type = Reset |
| |type = Submit |
| |type = Password |
| |Contains key words for searches |
| |List item |
| |Contain useful information about author |
| |and keywords, used by search engines for |
| |listings |
| |Code to be displayed in a browser window |
| |which does not support frames |
| |Ordered list |
| |Start/end a new paragraph |
| |align=left |
| |align=centre |
| |align=right |
| |Per-format text; preserves line breaks, font |
| |spacing |
| |Set-up a Javascript/VBScript work area |
| |Sets up a drop-down list |
| |name = A variable name which is used |
| |to store and reference the data |
| |size = The number of items to be |
| |displayed at one time |
| |multiple Allow for multiple selections |
| |value = Return value |
| |Ends select |
| |Spans an area of code |
| |Subscript |
| |Superscript |
| |Define table area |
| |border = Width of border |
| |cellspacing = Value in pixels of distance between inner and outer |
| |border |
| |cellpadding= Value in pixels of distance between text and border |
| |Enclose a table data cell |
| |colspan= Number of columns to spread cells across |
| |rowspan=Number of rows to stretch cells across |
| |align=left |
| |align=right |
| |align=centre |
| |align=top |
| |valign=middle |
| |valign=bottom Vertical alignment width=Value in pixels for width of |
| |cell |
| |Multi-line text entry |
| |name = a variable name which is used |
| |to store and reference the data |
| |rows= Number of rows to be displayed cols= Number of columns to be |
| |displayed |
| |Encloses a table header |
| |Defines the name of the document, as it is |
| |to appear in the window title bar |
| |Encloses a table row |
| |An unordered list |
| |Variable name |
-----------------------
DNS
DNS
DNS
DNS
DNS
6
2
My Home Page
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- the internet unit higher dumfries high school
- osp lia 3 notice and take down agreements in practice in
- undp global environment facility
- a glossary of computer oriented abbreviations
- png australia economic and public sector governance
- sons of the soil immigrants and the state
- independent progress review png australia epsp 16
- open software development organizational culture in a virtual
- taxpayer notice on salary wages tax
Related searches
- high school freshman school supply list
- the value of higher education
- the advantages of higher education
- the importance of higher education
- the best public high school in nyc
- how does the high school years go
- best high school in the us
- the indian high school dubai
- high school in the community new haven
- high school in the 1920s
- internet and higher education journal
- best high school in the country