1. Familiarise yourself with the various network addressing terms e.g. socket.
Socket: a socket is a combination of an IP address (where the computer is located) and a port and places it together into a single identity – a good analogy is a telephone where the actual phone connection is a combination of a given phone number and a particular extension. In computer networking, an Internet socket or network socket is an endpoint of a bidirectional inter-process communication flow across an Internet Protocol-based computer network, such as the Internet.
Subnet Mask: A subnetwork is a distinct and visible part of a single Internet Protocol wikipedia.org/wiki/Subnet_Mask
Gateway: A Gateway is a link between two computers—the actual gateway acts a space between two different programs that provides them with a means to communicate or share information. en.wikipedia.org/wiki/Gateway_(computer_program)
2. Different layers of the network OSI stack have different address schemes how do they relate to each other?
The OSI, or Open System Interconnection, model defines a networking framework for implementing protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. See diagram:
3. A PC may be on and physically connected to the network but what else is needed for packets to be sent to that PC from another host?
A Network address, a physical network connection, an application that uses that network (web Browser), Network card, Data to transmit, a server from which to get data
4. When entering a web address in a browser, there are different ways of representing the address. In this context reflect on the meaning of host name only, host IP and fully qualified host.
The Host name is the logical name assigned to a particular computer. On the Web, most hosts are named WWW; for example, www.nameofmycompany.com. If a site is composed of several hosts, they might be given different names such as support.mycompany.com and sales.mycompany.com. SUPPORT and SALES are the host names, NAMEOFMYCOMPANY the subdomain name, and COM is the top-level domain name.
The Internet protocol of a device attached to an IP network is the HOST IP (TCP/IP network). Every client, every server and every network device is assigned an IP address, and every IP packet traversing an IP network contains a source IP address and a destination IP address.
Every IP address that is exposed to the public Internet is unique. In contrast, IP addresses within a local network use the same private addresses; thus, a user's computer in company A can have the same address as a user in company B and thousands of other companies.
A fully qualified domain name (FQDN) consists of a number of things: 1. A host 2. A domain name including a top level domain. In breaking down www.cnn.com : www is the host, CNN is the second level domain, and .com is the top level domain. A FQDN always starts with a host name and continues all the way up to the top-level domain name.
These questions focus on mobile distributed systems.
1. Extending or distributing an application to mobile devices is not simply a matter of connecting the device to the existing application, there are challenges, what are these challenges?
Mobile software development is the process of creating programs that can be used on a mobile device. Specific web applications need to be designed for mobile devices and is often accomplished using a mobile simulator housed on a personal computer.
Mobile software is developed by using different platforms and programming languages based on the target mobile device. There are many different hardware components found in mobile devices so their applications are developed using different software architectures. It is also made more difficult because users of mobile applications have diverse preferences so extensive improvements to traditional system development methodologies are required in order to keep up with this demand. ( http://en.wikipedia.org/wiki/Mobile_application_development#cite_note-0)
For many companies, the perceived benefits of going mobile — streamlined business processes and increased user productivity through fast, round-the-clock access to enterprise applications and data — have often been overshadowed by the IT challenges of mobile business, including:
Scalability — Larger organizations need to be able to deploy mobile applications to more than just a few hundred users.
Device management — Once mobile devices are no longer tethered to the network, it's not a simple feat to maintain and manage all of them.
Security — Field access to business applications can carry great risk; mobile workers often run applications that contain sensitive data — but without the safeguards of an in-office system landscape.
But these challenges don't deter the demands placed on IT to develop and deliver more and more mobile business functionality. Business teams want specific, customized mobile applications — and often need different ones for each line of business. IT teams must resist buying a one-off solution that has no flexibility to accommodate the requirements of multiple lines of business, or they will face the consequence: numerous mobile platforms, each with varied capabilities and different limitations.
Instead, IT organizations are looking to standardize on one mobile platform and make it enterprise-wide. Only then can IT face mobile business challenges head on and provide business users with the scalability, flexibility, and security they need.
2. How does a desktop device compare to a mobile device in terms of user context?
The size and display of the browser and associated applications are smaller on the mobile device. The rich experience of using a desktop device is often compromised on a mobile device. The processing power and memory of the mobile device is smaller than the desktop.
Typically, mobile users want different things from a particular product than a desktop user would want—mobile users want fewer details and information in a more conceise manner. Mobile users are typically focused on seeing what they’ve got going on during a given day.
3. From a mobile developers point of view what are the key challenges. The W3C best practices has many useful guidelines:
- Small screen sizes
- Speeding up time to market
- Application exposure
- Accessibility for a wide range of users
- Application planning and testing
- Ease and accessibility of navigation
4. Mobile device can run applications through micro browsers and also using native applications. What is meant by these two categories of applications? What are the distinguishing features?
A mobile browser, also known as a wireless Internet browser (WIB), a mini browser or micro browser, is an application which allows the user to access the Internet wirelessly from a mobile device, such as a cellular phone. A mobile browser is designed to operate on a mobile device in a somewhat modified fashion than what would be on a personal computer. In addition, the mini browser is programmed to operate more efficiently on a limited memory capacity.
A Native App is a software program that requires installation on a particular device. Good examples include applications found on iTunes. Since the applications require installation, one of their advantages is that they typically run when the device is offline and can utilize the built in hardware of the actual device (like a camera). Native apps are device specific however there are some new mobile apps like PhoneGap that allows you to publish your Native app on multiple platforms.
These questions concern client-server computing
1. A core part of this unit has been the coverage of the client-server (CS) paradigm. What are the core principles of CS distributed computing? What processes and characteristics could describe a CS model?
The client–server paradigm pertains to the direct relationship between different programs functioning together within an application. The server provides a service to one or more than one clients. These clients then can initiate requests for these particular services.
Functions or services such as email exchange, web access and database access, are built on the client–server model. An example includes banking—where a user may send a request to a web server at a particular bank. That program than forwards the request to specific database client program that then will send on another request to a database server at another bank computer to retrieve the account information. The balance is returned to the bank database client, which in turn serves it back to the web browser client displaying the results to the user. This model is currently central to network computing. Sequence diagrams are used to display this interaction between client and server.
A common way of organizing software to run on distributed systems separates functionality into two parts--clients and servers. A client program uses services provided by server programs. The client makes a request for a service, and a server provides that service. Server functionality often involves some sort of resource management, in which a server synchronizes and manages access to the resource, responding to client requests with either data or status information. Client programs typically handle user interactions and often request data or initiate some data modification on behalf of a user.
For example, a client can provide a graphical user interface (GUI) on which a user (a person working at a personal computer, for example) can enter orders for a product. The client sends this order information to the server, which checks the product database and performs tasks needed for billing and shipping. A single server is typically used by multiple clients. For example, dozens or hundreds of clients can interact with a handful of servers that control database access.
Clients can access several different servers, and the servers themselves can act as clients to other servers. Exactly how the functionality is distributed across servers--whether a single server provides all the services a client needs or the client accesses multiple servers to perform different requests, for example--is an application design decision.
Some servers are part of an application and are referred to as application servers. Other servers are not part of a specific application. Instead, any application can use them. The Encina Recoverable Queueing Service (RQS) server, which we use in our example application, is an example of this type of server.
A common design of client/server systems uses three tiers: a client that interacts with the user, an application server that contains the business logic of the application, and a resource manager that stores data. In this way, the client is isolated from having to know anything about the actual resource manager. If the database being used is changed, the server possibly needs to be modified, but the client does not need to be modified. Because there are usually fewer copies of the server than the client, and because the servers are often in locations that are easier to update (for example, on central machines rather than on PCs running on users' desks), the update procedure is also simplified. Furthermore, this approach provides additional security. Only the servers, not the clients, need access to the data controlled by the resource manager. (http://publib.boulder.ibm.com/infocenter/txformp/v5r1/index.jsp?topic=%2Fcom.ibm.txseries510.doc%2Faetgpn0011.htm)
2. Has CS computing been a success and if so what factors have influenced this?
Yes it is a success and has become a success because most apps in today’s day and age are becoming web applications—ipads, iphones, mobile phones-- all use client server applications. The progression of technology has supported the use of client server applications—also, online banking is a significant use of client server computing.
3. What is meant by a client and a server and are the roles set permanently in an instance of a CS implementation?
Client: a mobile device, a desktop computer, a device gathering information from a centralized server
Server: a server is a computer that is designed to process requests (from a client) and ultimately deliver data other client computers over the Internet or over a local network. A network server is typically configured with additional processing, memory and storage space in order to handle the servicing of clients. There are a number of different types of network servers: Web Servers, Proxy Servers, FTP servers, Online game servers
The time in which the roles of client and server can change is within Peer to Peer networking which is an alternative model of CS. In this model, all computers are enabled to act as either a server or as a client on an as needed basis.
4. Familiarise yourself with the characteristics of distributed systems, e.g. scalability.
Characteristics of Distributed Systems:
A program - the code you write.
A process - what you get when you run it.
A message - used to communicate between processes.
A packet - a fragment of a message that might travel on a wire.
A protocol - a formal description of message formats and the rules that two processes must follow in order to exchange those messages.
A network - the infrastructure that links computers, workstations, terminals, servers, etc. It consists of routers which are connected by communication links.
A component - be a process or any piece of hardware required to run a process, support communications between processes, store data, etc.
A distributed system - an application that executes a collection of protocols to coordinate the actions of multiple processes on a network, such that all components cooperate together to perform a single or small set of related tasks.
There are many advantages to a distributed system including the ability for remote users to connect to remote resources in a scalable manner.
Open= Each component is continually open to interaction with other components.
Scalable= system can easily be altered to accommodate changes in the number of users, resources and computing entities
The Whole is greater than the sum of its parts: A distributed system is typically larger and more powerful given the capabilities of the distributed components, than combinations of stand-alone systems. A distributed must be reliable in order to be useful. To be truly reliable, a distributed system must have the following characteristics:
Fault-Tolerant: It can recover from component failures without performing incorrect actions.
Highly Available: It can restore operations, permitting it to resume providing services even when some components have failed.
Recoverable: Failed components can restart themselves and rejoin the system, after the cause of failure has been repaired.
Consistent: The system can coordinate actions by multiple components often in the presence of concurrency and failure. This underlies the ability of a distributed system to act like a non-distributed system.
Scalable: It can operate correctly even as some aspect of the system is scaled to a larger size. For example, we might increase the size of the network on which the system is running. This increases the frequency of network outages and could degrade a "non-scalable" system. Similarly, we might increase the number of users or servers, or overall load on the system. In a scalable system, this should not have a significant effect.
Predictable Performance: The ability to provide desired responsiveness in a timely manner.
Secure: The system authenticates access to data and services [1]
These are high standards, which are challenging to achieve. Probably the most difficult challenge is a distributed system must be able to continue operating correctly even when components fail.
5. Reflect on the meaning of transparency. What are the different types of transparency and why are they important in design? How do they relate?
Transparency means that any form of distributed system hides its distributed nature from the users and thereby appears like one centralized system.
There are many types of transparency:
Access transparency - Regardless of how resource access and representation has to be performed on each individual computing entity, the users of a distributed system should always access resources in a single, uniform way.
Location Transparency - Users of a distributed system should not have to be aware of where a resource is physically located.
Migration transparency - Users should not be aware of whether a resource or computing entity possesses the ability to move to a different physical or logical location.
Relocation transparency - Should a resource move while in use, this should not be noticeable to the end user.
Replication transparency - If a resource is replicated among several locations, it should appear to the user as a single resource.
Concurrent transparency - While multiple users may compete for and share a single resource, this should not be apparent to any of them.
Failure Transparency - Always try to hide any failure and recovery of computing entities and resources.
Persistence Transparency - Whether a resource lies in volatile or permanent memory should make no difference to the users
Security Transparency- Negotiation of cryptographically secure access of resources must require a minimum of user intervention, or users will circumvent the security in preference of productivity. http://bt.counterpane.com/sandl.html
Transparency is usually considered to be a good characteristic of a system because it shields the user from the system's complexity. This is critical in design so as not to confuse users and at the same time allow for awareness of the process.
These questions concern server types and HTTP.
1. Distinguish between the different types of server e.g. database server?
Server Platform: Server platform is the fundamental hardware or software for a system which acts as an engine that drives the server. It is often used synonymously with an operating system.
Application Server: Also known as a type of middleware, it occupies a substantial amount of computing region between database servers and the end user, and is commonly used to connect the two.
Audio/Video Server: It provides multimedia capabilities to websites by helping the user to broadcast streaming multimedia content.
Chat Server: It serves the users to exchange data in an environment similar to Internet newsgroup which provides real time discussion capabilities.
Fax Server: It is one of the best option for organizations seeking for minimum incoming and outgoing telephone resources, but require to fax actual documents.
FTP Server: It works on one of the oldest of the Internet services, the file transfer protocol. It provides a secure file transfer between computers while ensuring file security and transfer control.
Groupware Server: It is a software designed that enables the users to work together, irrespective of the location, through the Internet or a corporate intranet and to function together in a virtual atmosphere.
IRC Server: It is an ideal option for those looking for real-time discussion capabilities. Internet Relay Chat comprises different network servers that enable the users to connect to each other through an IRC network.
List Server: It provides a better way of managing mailing lists. The server can be either open interactive discussion for the people or a one-way list that provide announcements, newsletters or advertising.
Mail Server: It transfers and stores mails over corporate networks through LANs, WANs and across the Internet.
News Server: It serves as a distribution and delivery source for many public news groups, approachable over the USENET news network.
Proxy Server: It acts as a mediator between a client program and an external server to filter requests, improve performance and share connections.
Telnet Server: It enables the users to log on to a host computer and execute tasks as if they are working on a remote computer.
Web Server: It provides static content to a web browser by loading a file from a disk and transferring it across the network to the user's web browser. This exchange is intermediated by the browser and the server, communicating using HTTP. (http://www.buzzle.com/articles/different-types-of-servers.html)
2. How can these servers be configured together to deliver a distributed CS solution?
The web server is the front end, second is a middleware server, which transmits the data, and then finally, there is a database server that holds and stores the data. In this example, all three servers work together to provide a distributed CS solution.
3. What is HTTP? Familiarise yourself with its command set.
Hypertext transfer protocol: a protocol (utilizing TCP) to transfer hypertext requests and information between servers and browsers.
The following are HTTP commands: CONNECT (connect to server), DISCONNECT (disconnect from server), GET (get a particular file), HEAD (request for specific resource), LOAD RESPONSE_INFOBODY (used after head), LOAD RESPONSE_INFOHEADER (use after head), POST (upload), SYNCHRONIZE REQUESTS
4. Reflect on any security issues when using the command set. Are there any related to HTTP requests?
Yes, because HTTP is not encrypted, therefore all data is open text and able to be read by any router. HTTPS, on the other hand is encrypted.
These questions concern e-commerce and mash-ups.
1. Familiarise yourself with e-commerce system architectures using diagrams and annotations.
2. How do mash-ups work, what is the typical chain of events?
Mashups usually depend on certain web applications that allow for automatic updating of web pages without the need to continually click the refresh button. The mashup is a success if the client browser, the mashup website and the online data source providers all collaborate to create a good mashup.
SOURCE Information: Mapping mashups need a mapping source which provides a visual presentation of the area or location that is involved in the process. The source for the type of data or information that the mashup will contain is also required. This data will then be plotted on the map in a graphical or visual manner by the application.
News mashups work on the concept of putting up a specific collection of news that a certain user or client wants or usually prefers and then presents them in one collective method.
Video and photo mashups rely on photo and video content providers together with another data source that could provide any information that could be related to such multimedia content. These could include the places or locations of photos and videos taken. These locations or addresses could then be used for geographical plotting for visual reference.
Shopping and search mashups works on the idea of comparing product prices and specifications using a search method. The search results from various online sources could then be compiled or mashed-up for the surfer’s convenience.
3. Can Mashups be categorised, if so how?
Yes, Client Presentation Mashups or Enterprise Mashupsactually combine data and services. HTML, Ajax, or flash are usually prepackaged and the chunks of code are called titles like wedigets, gadgets, or badges. Client Presentation Mashups add functionality to a page on a browser. Such functionality allows for the building of portals by combining and composing individual portlets.
These questions concern security.
1. Why are there security requirements for e-commerce systems?
Security requirements enable customer security. For example, a customer would not be likely to input his/her credit card number onto a website if there were no security requirements. Without such requirements, anyone would easily be able to hack into a system and obtain private and confidential information.
(Additional information: http://www.symantec.com/connect/articles/common-security-vulnerabilities-e-commerce-systems ) The tremendous increase in online transactions has been accompanied by an equal rise in the number and type of attacks against the security of online payment systems. Some of these attacks have utilized vulnerabilities that have been published in reusable third-party components utilized by websites, such as shopping cart software. Other attacks have used vulnerabilities that are common in any web application, such as SQL injection or cross-site scripting. This article discusses these vulnerabilities with examples, either from the set of known vulnerabilities, or those discovered during the author's penetration testing assignments. The different types of vulnerabilities discussed here are SQL injection, cross-site scripting, information disclosure, path disclosure, price manipulation, and buffer overflows.
Successful exploitation of these vulnerabilities can lead to a wide range of results. Information and path disclosure vulnerabilities will typically act as initial stages leading to further exploitation. SQL injection or price manipulation attacks could cripple the website, compromise confidentiality, and in worst cases cause the e-commerce business to shut down completely.
2. Understand what they are and why they are necessary.
Security Requirements and SSL certificates allows the user to know that the information is presented from a trusted source that ensures that the websites are truly that they claim to be and the authors are who they claim to be. Security Requirements are necessary because without them, anyone could claim that they are someone else or from another organization – or they could claim they are selling something or have a product that they don’t really have. This ensures the reliability and validity of particular websites.
3. Is technology the only way of attacking an e-commerce system?
If there is no paper trail, then the only way of attacking an e commerce system involves some level of technology—for example encryption, packet sniffing, physical access, brute force, password hacking, social engineering—these are all ways of attacking an ecommerce system and all involve some level of technology. If, however, there is a paper trail, then someone could go through the garbage and collect old bills or private information and then use this information. This is known as Garbage Collecting. In this way, technology is not necessary to attack a portion of an ecommerce system.
