Transcript Document

Assessment Criteria
Learning Outcome
Pass
Merit
Distinction
The learner will:
The assessment criteria are the
pass requirements for this unit
The Learner can:
To achieve a merit the
evidence must show that, in
addition to the pass criteria,
the learner is able to:
To achieve a distinction
the evidence must show
that, in addition to the pass
and merit criteria, the
learner is able to:
1 Understand web
architecture and
components
P1 Outline the web architecture
and components which enable
internet and web functionality
2 Understand the
factors that influence
website performance
P2 Explain the user side and
server side factors that
influence the performance of a
website
P3 Explain the security risks and
protection mechanisms
involved in website
performance
M1 Compare and contrast
current interactive
websites for performance
and security
D1 Discuss the impact that
cases of website security
breaches have had on
society
3 Be able to design
websites
P4 Using appropriate design
tools, design an interactive
website to meet a client need
M2 Produce annotated
design documentation for
an interactive website to
meet a client need
4 Be able to create
websites
P5 Create an interactive website
to meet a client need
M3 Implement CSS in an
interactive website to
improve the site to meet a
client’s needs
D2 Carry out acceptance
testing with client on an
interactive website
LO2 Understand the factors that
influence website performance
 Tutor led discussions and group based exercises can be used to teach
the influences of website performance, researching both strengths
and weaknesses for each of the user and server side factors.
 Learners should look at the security risks websites have to be
concerned with including hacking, viruses and identify theft.
Learners should be encouraged to research examples in the media
for these. They should discuss how these cases and the actions have
impacted on society.
 This should be followed by research into the security mechanisms
that can be used to help protect websites such as firewalls, secure
socket layers (SSL), using strong passwords and following
appropriate legal considerations such as the Data Protection Act.
 Learners should be encouraged either individually or as a group to
consider and evaluate existing websites as examples while discussing
performance (user side and server side factors) and security
measures that websites have used.
LO2 Understand the factors that
influence website performance
 Assessment criterion P2 should consider the server side and user side
factors listed in the teaching content. It should explain how these factors
can benefit and hinder website performance for a user and the business.
This could be an extension of P1 or a separate report.
 Assessment criterion P3 may be presented as a further continuation of the
report for P1 explaining the security risks and protection mechanisms
involved in website performance.
 For merit criterion M1, Learners must review two examples of each category
of website (e-commerce, promotional, educational) and compare and
contrast what they believe the client and user needs are, what multimedia /
interactive / accessibility / security features have been included and why.
They should also consider the user and server side factors and how much
they affect the website’s performance. Learners should also include any
identified improvements for this site and identify innovative content used.
 For distinction criterion D1 learners must research the impact that cases of
website security breaches have had on society. Five cases should be
discussed from the three categories, discussing the threat, the impact on
society and how the threat was resolved.
LO2 Understand the factors that influence website
performance – User Side
In the production, uploading and side management of any website, internally and
externally managed there are consideration that need to be looked at by any business
from the amount of space and hosts they use to the amount of traffic they can handle
on a daily business basis. This is called User side and server side management. User
side is the considerations that the company can manage on their own, server side is
what hosts and network stores can manage.
 Connection Speed (e.g. dial-up, broadband, mobile broadband, WI-FI) Dial up is
dying but there is still 3% of the population that is still managing a slower
connection. Slower connections means pages do not load, users get impatient and
go elsewhere, video files will far too long to load, streaming buffers to the point of
being unwatchable. Similar with mobile broadband when it loses signal can cause
data transfers to crash or a delay in reconnection, Wi-Fi can be restricted in public
places so linked sites can come up as web filtered. Tis can have an impact on what
the user places on their site, causes them to reconsider content, possibly creating a
secondary site to accommodate these customers.
LO2 Understand the factors that influence website
performance – User Side
 Browser (e.g. latest, and older versions) – this can have an impact in two ways, it
can either stop a user from seeing or using the site or force them to download
constant updates that will limit their internet usage. Particular issues involve
looking at PDF’s, playing video content, using shockwave and flash based content
on a html site. Html itself has not changed in years, it has merely added new
sections like sHtml and dHtml to force more dynamic inclusion with java script
into the content. The problem with this is not all Web Browsers have action scripts,
java or ActiveX turned on or activated. This can cause incompatibilities, forced
pop-ups, excluded content and irritation for the user.
 PC Memory (e.g. cache, RAM) – this can be an issue if the website has large files
such as videos, to avoid streaming websites convert them into FLV’s which are
smaller but the quality is reduced. Companies like IMDB put large file formats that
are memory hungry, YouTube is smaller files but manage streaming better by
having more capable servers. Companies know this and choose file format and type
to anticipate RAM issues. Again, not managing customer needs means
disenfranchised customer base.
 P2.1 – Task 1 - Explain how User Side factors can benefit and hinder website
performance for user customer base and business functions.
Connection Speed
Browser
PC Memory
LO2 Understand the factors that influence website
performance – Server Side
Server side issues are easier to deal with, usually by throwing more money at
the issue. Machines can be upgraded, server made faster, connections
improved etc.
 Server storage space - Standard page content only websites can take up
to 10mb of storage space, add in video content is low resolution and each
video can add 5mb of space, higher quality videos can add up to 35mb each
or more, depending on length, quality etc. Games use 30mb of space each,
higher quality images can add 1mb for three images each. Whereas music
download sites store mp3’s averaging 3mb each per song. Storage tends not
to restrict sites unless they are hosted with a hosting limit size.
 Bandwidth limitations – Linked to the above, the bandwidth processing
of information is important if there is a lot of outgoing traffic. Bandwidth
is like the width of the road, traffic can flow as fast but allow more users to
download and watch at that speed. Unlike speed bandwidth is good for
companies that have a lot of users looking at the same file at the same time
like film releases, new music downloads, app sites etc. whereas sites with a
consistent flow of traffic around the board do not require a wide
bandwidth but faster traffic flow.
LO2 Understand the factors that influence website
performance – Server Side
 Pages with too many scripts - while it might seem good at the time to make the
page more interactive and interesting, making a page too busy with too many
scripts like rollovers, hotspots, flash, activeX, java enabling and general content will
make the page too complex for the average user. Scripts tend to get added before
the header information in a table for them to take affect, more than one piece of
Javascript can affect how the other parts work, more importantly scripts make the
coding more complicated, meaning those who created the pages need to be around
to manage the pages.
 Website content (e.g. databases, file formats used for images, sound, video,
animation, additional technologies such as AJAX, ActiveX). In theory a web page
should manage all the actions of a user, from logins and database management to
the checkout process. Adding in additional content such as AJAX on top of image
and video management has become an expectation. Gone are the days when a
website was just pictures and text. There are a lot of assumptions, internal videos
are FLV, external ones are MP4, images are jpeg unless animated etc. All these
additional assumptions drive compatibility but also add complexity when it is
assumed that all Browsers will manage these functions.
 P2.2 – Task 2 - Explain how Server Side factors can benefit and hinder
website performance for user customer base and business functions.
Bandwidth limitations
Server storage space
Pages with too many scripts
Website content
LO2 Understand the factors that influence website
performance – Security Risks - Hacking
Computer hacking is the practice of modifying computer hardware and software to accomplish a goal
outside of the creator’s original purpose. People who engage in computer hacking activities are often
called hackers. Since the word “hack” has long been used to describe someone who is incompetent at
his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to
their skills.
Computer hacking is most common among teenagers and young adults, although there are many older
hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers
work and consider computer hacking an “art” form. They often enjoy programming and have expertlevel skills in one particular program. For these individuals, computer hacking is a real life application of
their problem-solving skills. It’s a chance to demonstrate their abilities, not an opportunity to harm
others.
Since a large number of hackers are self-taught prodigies, some corporations actually employ computer
hackers as part of their technical support staff. These individuals use their skills to find flaws in the
company’s security system so that they can be repaired quickly. In many cases, this type of computer
hacking helps prevent identity theft and other serious computer-related crimes.
Computer hacking can also lead to other constructive technological developments, since many of the
skills developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis
Ritchie and Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a
huge impact on the development of Linux, a free UNIX-like operating system. Shawn Fanning, the
creator of Napster, is another hacker well known for his accomplishments outside of computer hacking.
LO2 Understand the factors that influence website
performance – Security Risks - Hacking
 Hacking has many negative effects; Personal information may be leaked,
Intellectual Property could be stolen, and lives can be ruined.





There is no effective way to eliminate cracking. Any security measure put out will be
circumvented sooner or later (as an example, see the iPhone 3G unlock). So the
only way to keep unwanted criminals out is to keep your software up-to-date and
protected from the outside world, i.e. firewalls. Cracking isn't always bad. Some
people crack software or security in order to learn how to prevent it. There is a
difference between good and bad though; White hat hackers vs. Black hat hackers.
Hacking can take many forms and the infiltration level can vary from curiosity to
espionage. Levels of hacking are usually only detected after the fact. Setting
systems on Subnet masks is useful but not foolproof, firewalls involve degrees of
encrypted security from 8bit to 64bit but can still be accessed. We all know the
story of the Norad hack from the movie War Games but how close to the truth is
hacking. Governments have set up agencies like CIPAV or US-CERT to determine
hacking and security threats to governmental systems but businesses are less
prepared.
For information look at:
http://www.wired.com/threatlevel/2009/04/fbi-spyware-pro/
For a detailed explanation see:
http://technet.microsoft.com/hi-in/magazine/2005.01.anatomyofahack(enus).aspx
LO2 Understand the factors that influence
website performance – Security Risks - Hacking
 Most networks today are built on what is
called the eggshell principle: hard on the
outside and soft on the inside. This means
that if an attacker can gain a foothold
onto the network, the rest of the network
will usually fall like dominoes.
 Once inside, the most difficult part is
often to figure out what to attack next and
where to go for the really juicy bits of
information. It does not have to be this
way. With the proper techniques, we as
network administrators can achieve two
crucial objectives: to make it much more
difficult to gain a foothold in the first
place and to make it much more difficult
to use that foothold to get anywhere else
on the network.
LO2 Understand the factors that influence website
performance – Security Risks - Viruses
 Europe has Entered a ‘Cyber Cold War’ (Source: NATO, FBI,







McAfee & Serious Organized Crime Agency)
China Most Actively Spying, but with 120 Other Countries !
NATO Said that All 26 of its Member Countries Have Been
Targeted by Cyber-Attacks (e.g.: Estonia)
Georgia’s Government Websites Fall Victim to Cyber-Attacks
(DDoS & Defacements) … “Too Sophisticated for Amateurs !”
Tibetan Government Web Site Injected with Malicious
Source-Code
Palin’s Yahoo Account Hacked in Less then 45 Minutes Using
Password Reset Functionality
Web Defacers Hacked into CERN Website of the LHC (Large
Hadron Collider)
UK Minister Confirms Cyber-Terrorists Attempting to Take
Out the National Grid (Aug ’08)
LO2 Understand the factors that influence website
performance – Security Risks - Viruses
 Viruses have been the bane of IT and
companies since networks were
introduced into companies for
business transactions. Remember that
all computer viruses have been
created by someone for a purpose,
whether it is to annoy, destroy,
deliberately bring down a company or
website.
 computer virus n. A computer
program that is designed to replicate
itself by copying itself into the other
programs stored in a computer. It may
be benign or have a negative effect,
such as causing a program to operate
incorrectly or corrupting a computer's
memory.
 All viruses are different so they all act
in a different way and have a different
purpose. On Symantec the threats are
defined daily according to the
possibility of risk and the exploit a
virus takes advantage on in its attack
such as:
http://www.symantec.com/norton/security_
response/threatexplorer/index.jsp
LO2 Understand the factors that influence website
performance – Security Risks - Phishing
 Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking
email in an attempt to gather personal and financial information from recipients. Typically, the
messages appear to come from well known and trustworthy Web sites. Web sites that are
frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America
Online. A phishing expedition, like the fishing expedition it's named for, is a speculative
venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the
bait. Phishers use a number of different social engineering and e-mail spoofing ploys to try to
trick their victims.
 In one typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out
messages purporting to be from AOL that said there had been a billing problem with
recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate
links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a
spoofed AOL Web page that asked for personal information, including credit card numbers,
personal identification numbers (PINs), social security numbers, banking numbers, and
passwords. This information was then used for identity theft.
 The Trojan infects and then waits for the victim to visit his or her bank
 Information is gathered by injecting additional fields into the genuine bank web page as it
loads in the browser. No fake web sites are used
 The SSL connection between client and bank is valid (padlock is shown and certificate chain is
OK) Classical Anti virus software did not detect this threat
LO2 Understand the factors that influence website
performance – Security Risk – Identity Theft
Identity Theft - In today’s society, people have a more common way to buy and shop.
People use credit cards instead of cash. They purchase goods and services online
instead of at a store. Instead of going to the bank people have online bank accounts.
This is called the plastic era or the wireless generation. We have the convenience and
opportunity to purchase goods from around the world; to pay our bills at two o'clock
in the morning; or to check our bank statement from home.
Technology has brought about tremendous advances but technology has also
advanced the common criminal, giving birth to a new breed of criminal. This type of
criminal steals someone's identity in order to commit fraudulent acts through
Phishing, bin rummaging, telephone scams and hacking.
Thieves are on the look out for our personal information so they can obtain credit
cards, bank loans, utility services, wireless phone service and more by using our
identity. Victims of identity theft suffer from damaged credit reports, drained bank
accounts and even a criminal record.
Some identity thieves will give your personal information when they are arrested.
This causes embarrassment to you as it creates a criminal record. Often, victims of
identity theft do not find out they have been victimised until they receive their bank
statement or credit card statement in the post or when they are turned down for a
loan or flat rental.
LO2 Understand the factors that influence website
performance – Security Risks - PiggyBacking
 Over half of UK internet users have admitted using other people's Wi-Fi networks
to piggyback onto the internet.
 It is estimated that 54 per cent of respondents had used someone else's wireless
internet access without permission.
 Many internet-enabled homes fail properly to secure their wireless connection
with passwords and encryption, allowing passers-by and neighbours to 'steal'
their internet access.
 Although most businesses have security measures in place to protect their Wi-Fi
networks, the protections a lot of companies take is too light to stop a determined
piggy-backer.
 Piggy backing occurs when a user with a laptop or Wi-Fi connection connects to
an unprotected network server. Routers can be protected by a WEP key or WPA
protection through 16 or 32 bit encryption and network protocols. But a lot of
modems made by the same company have the same initial password to connect to
the routers administrative functions or have no WEP or WPA protection set,
allowing a user to connect and download without restrictions in the same way a
user could user an unprotected Wi-Fi hotspot.
 The worst case scenario is an external user connecting not just to the internet
through the Wi-Fi but to the network, allowing a user access and control over
stored files leading to deletion, corruption and industrial espionage.
LO2 Understand the factors that influence website
performance – Security Risks – DOS Attack
Denial-of-service attacks come in a variety of forms and aim at a variety of services. There are three basic
types of attack:
 consumption of scarce, limited, or non-renewable resources
 destruction or alteration of configuration information
 physical destruction or alteration of network components
Consumption of Scarce Resources
Computers and networks need certain things to operate: network bandwidth, memory and disk space, CPU
time, data structures, access to other computers and networks, and certain environmental resources such as
power, cool air, or even water.
 Network Connectivity Denial-of-service attacks are most frequently executed against network
connectivity. The goal is to prevent hosts or networks from communicating on the network. An
example of this type of attack is the "SYN flood" attack described in
http://www.cert.org/advisories/CA-1996-21.html
 In this type of attack, the attacker begins the process of establishing a connection to the victim
machine, but does it in such a way as to prevent the ultimate completion of the connection. In the
meantime, the victim machine has reserved one of a limited number of data structures required to
complete the impending connection. The result is that legitimate connections are denied while the
victim machine is waiting to complete bogus "half-open" connections.
 You should note that this type of attack does not depend on the attacker being able to consume your
network bandwidth. In this case, the intruder is consuming kernel data structures involved in
establishing a network connection. The implication is that an intruder can execute this attack from a
dial-up connection against a machine on a very fast network. (This is a good example of an asymmetric
attack.)
LO2 Understand the factors that influence website
performance – Security Risks – DOS Attack
Using Your Own Resources Against You
An intruder can also use your own resources against you in unexpected
ways. One example is described in http://www.cert.org/advisories/CA1996-01.html
In this attack, the intruder uses forged UDP packets to connect the echo
service on one machine to the charged service on another machine. The
result is that the two services consume all available network bandwidth
between them. Thus, the network connectivity for all machines on the
same networks as either of the targeted machines may be affected.
LO2 Understand the factors that influence website
performance – Security Risks – DOS Attack
Bandwidth Consumption
An intruder may also be able to consume all the available bandwidth on your
network by generating a large number of packets directed to your network.
Typically, these packets are ICMP ECHO packets, but in principle they may be
anything. Further, the intruder need not be operating from a single machine; he
may be able to coordinate or co-opt several machines on different networks to
achieve the same effect.
Consumption of Other Resources
In addition to network bandwidth, intruders may be able to consume other
resources that your systems need in order to operate. For example, in many
systems, a limited number of data structures are available to hold process
information (process identifiers, process table entries, process slots, etc.). An
intruder may be able to consume these data structures by writing a simple
program or script that does nothing but repeatedly create copies of itself. Many
modern operating systems have quota facilities to protect against this problem,
but not all do. Further, even if the process table is not filled, the CPU may be
consumed by a large number of processes and the associated time spent
switching between processes. Consult your operating system vendor or operating
system manuals for details on available quota facilities for your system.
LO2 Understand the factors that influence website
performance – Security Risks – Page Jacking
Page Jacking or Spyware is software that collects and transmits user specific behaviour and
information, with or without permission. Sometimes, permission to collect and transmit is assumed to
have been given simply by the act of installing software or loading a Web page.
Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example,
software that transmits user specific information for the legitimate purpose of confirming eligibility for
updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their
software is not being pirated, and that the users of pirated software are not receiving the same
benefits as legitimate users.
Pagejacking and Spyware is a type of software intrusive camera that can be installed on computers,
and which collects small pieces of information about users without their knowledge. The presence of
spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly
installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are
installed by the owner of a shared, corporate, or public computer on purpose in order to secretly
monitor other users, registering key presses and passwords.
While the term spyware suggests software that secretly monitors the user's computing, the functions
of spyware extend well beyond simple monitoring. Spyware programs can collect various types of
personal information, such as Internet surfing habits and sites that have been visited, but can also
interfere with user control of the computer in other ways, such as installing additional software and
redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow
connection speeds, different home pages, and/or loss of Internet connection or functionality of other
programs.
LO2 Understand the factors that influence website
performance – Security Risks – Page Jacking
Examples of Spyware
 CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs
traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine
results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
 Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users
follow a broken link or enter an erroneous URL, they see a page of advertisements.
 HuntBar, aka WinTools, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements
displayed by other spyware programs—an example of how spyware can install more spyware. These programs add
toolbars to Internet Explorer, track browsing behaviour, redirect rival references, and display advertisements.
 MyWebSearch has a plug-in that displays a search toolbar near the top of a browser window, and it spies to report
user search-habits. MyWebSearch is notable for installing over 210 computer settings, such as over 210 MS
Windows registry keys/values. Beyond the browser plug-in, it has settings to affect Outlook, email, HTML, XML,
etc.
 WeatherStudio has a plug-in that displays a window-panel near the bottom of a browser window. The official
website notes that it is easy to remove WeatherStudio from a computer, using its own uninstall-program.
 Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users
visit. It also alters HTTP requests for rival advertisements linked from a Web site, so that the advertisements make
unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing
companies.
 Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to the
company. Some information can be the search-history, the Websites visited, and even keystrokes. More recently,
Zlob has been known to hijack routers set to defaults.
LO2 Understand the factors that influence website
performance – Security Risks
P3.1 - Task 3 – State and define the needs of companies
when it comes to website security within the workplace.
P3.2 – Task 4 - Describe the various types of threats to
organisations, systems and data.
Explain the threats that exist within the business
environment for each of the following with specific
examples defining the damage done to organisations, to
the system and to data:
A virus
Hacking
Phishing
Identity theft
Denial of Service
Piggybacking
Page Jacking
Security Policy
 P3.2 - Task 5 - You have been appointed as a network administrator to
a new small bricks and clicks company. They have asked for you to
create a policy document for the companies security.
 Create a table listing all the various types of threats to the business, all
their systems and all their data. In a second column, describe in detail
the nature of the threat in some detail.
Threats to Company Data
Nature of the Threat
Risk of Damage
A Virus Attack
External attack running the
risk of corrupting data.
Medium to data
High to Customer
Account Information
Phishing Scam
Identity Theft of a Staff
Member
External Piggybacking on
Network
Successful Hacking attempt
Successful Denial of Service
Attack
Loss of control through
Spyware and Malware
Impact and response
LO2 Understand the factors that influence website
performance - Protection mechanisms - Firewalls
A firewall is a security-conscious router that sits between the Internet and your network
with a single purpose: preventing external attacks. The firewall acts as a security guard
between the Internet and your Network. All network traffic into and out of the system must
pass through the firewall, which prevents unauthorised access to the network. Some type
of firewall is a must-have if your network has a connection to the Internet, whether that
connection is broadband, T1, or some other high-speed connection. Without it, sooner or
later a hacker will discover and breach your unprotected network.
You can set up a firewall using two basic ways. The easiest way is to purchase a firewall
program, which is basically a self-contained router with built-in firewall features like one
Alarm or Sophos. Most firewall appliances include a Web-based interface that enables you
to connect to the firewall from any computer on your network using a browser. You can
then customise the firewall settings to suit your needs.
Alternatively, you can set up a server computer to function as a firewall computer (SSL). The
server can run just about any network operating system, but most dedicated firewall
systems run Linux. Whether you use a firewall appliance or a firewall computer, the firewall
must be located between your network and the Internet, firewall
is connected to a network hub, which is, in turn, connected to the
other computers on the network. The other end of the firewall
is connected to the Internet. As a result, all traffic from the LAN
to the Internet and vice versa must travel through the firewall.
LO2 Understand the factors that influence website
performance - Protection mechanisms - SSL
 SSL (Secure Sockets Layer) is a method of encrypting TCP/IP
transmissions—including Web pages and data entered into Web
forms—en route between the client and server using public key
encryption technology. If you trade stocks or purchase goods on the
Web, for example, you are most likely using SSL to transmit your
order information. SSL is popular and used widely. The most recent
versions of Web browsers, such as Firefox and Internet Explorer,
include SSL client support in their software.
 If you have used the Web, you have probably noticed that URLs for
most Web pages begin with the HTTP prefix, which indicates that
the request is handled by TCP/IP port 80 using the HTTP protocol.
When Web page URLs begin with the prefix HTTPS (which stands
for HTTP over Secure Sockets Layer or HTTP Secure), they require
that their data be transferred from server to client and vice versa
using SSL encryption. HTTPS uses the TCP port number 443, rather
than port 80. After an SSL connection has been established between
a Web server and client, the client’s browser indicates this by
showing a padlock in the lower-right corner of the screen in the
browser’s status bar, in the URL textbox, or elsewhere.
LO2 Understand the factors that influence website
performance - Protection mechanisms - SSL
 Each time a client and server establish an SSL connection, they
also establish a unique SSL session, or an association between
the client and server that is defined by an agreement on a
specific set of encryption techniques. An SSL session allows
the client and server to continue to exchange data securely as
long as the client is still connected to the server. An SSL
session is created by the SSL handshake protocol, one of
several protocols within SSL, and perhaps the most
significant. As its name implies, the handshake protocol
allows the client and server to authenticate (or introduce)
each other and establishes terms for how they will securely
exchange data. For example, when you are connected to the
Web and you decide to open your bank’s account access URL,
your browser initiates an SSL connection with the hand shake
protocol.
LO2 Understand the factors that influence website
performance - Protection mechanisms – Digital Certificate
 A digital certificate is a password-protected and encrypted file
that holds an individual’s identification information,
including a public key. In the context of digital certificates, the
individual’s public key verifies the sender’s digital signature.
An organisation that issues and maintains digital certificates
is known as a CA (certificate authority). For example, on the
Internet, certificate authorities such as VeriSign will, for a fee,
keep your digital certificate on their server and ensure to all
who want to send encrypted messages to you (for example, an
order via your e-commerce site) that the certificate is indeed
yours.
 The use of certificate authorities to associate public keys with
certain users is known as PKI (public key infrastructure).
LO2 Understand the factors that influence website
performance - Protection mechanisms - Passwords
 Choosing a secure password is one of the easiest and least expensive ways to guard
against unauthorized access. Unfortunately, too many people prefer to use an easyto-remember password.
 If your password is obvious to you, however, it may also be easy for a hacker to
figure out. The following guidelines for selecting passwords should be part of your
organisation’s security policy. It is especially important for network administrators
to choose difficult passwords, and also to keep passwords confidential and to
change them frequently.
 Tips for making and keeping passwords secure include the following:
 Always change system default passwords after installing new programs or equipment.
For example, after installing a router, the default administrator’s password on the
router might be set by the manufacturer to be “1234” or the router’s model number.
 Do not use familiar information, such as your name, nickname, birth date,
anniversary, pet’s name, child’s name, spouse’s name, user ID, phone number, address,
or any other words or numbers that others might associate with you.
 Do not use any word that might appear in a dictionary. Hackers can use programs that
try a combination of your user ID and every word in a dictionary to gain access to the
network. This is known as a dictionary attack, and it is typically the first technique a
hacker uses when trying to guess a password (besides asking the user for her
password).
LO2 Understand the factors that influence website
performance - Protection mechanisms - Passwords
 Do not use familiar information, such as your name, nickname, birth date,




anniversary, pet’s name, child’s name, spouse’s name, user ID, phone number,
address, or any other words or numbers that others might associate with you.
Do not use any word that might appear in a dictionary. Hackers can use programs
that try a combination of your user ID and every word in a dictionary to gain access
to the network. This is known as a dictionary attack, and it is typically the first
technique a hacker uses when trying to guess a password (besides asking the user
for her password).
Make the password longer than eight characters—the longer, the better. Some
operating systems require a minimum password length (often, eight characters),
and some might also restrict the password to a maximum length.
Choose a combination of letters and numbers; add special characters, such as
exclamation marks or hyphens, if allowed. Also, if passwords are case sensitive, use
a combination of uppercase and lowercase letters.
Change your password at least every 60 days, or more frequently, if desired. If you
are a network administrator, establish controls through the NOS to force users to
change their passwords at least every 60 days. If you have access to sensitive data,
change your password even more frequently.
LO2 Understand the factors that influence website
performance - Protection mechanisms - Passwords
 Do not write down your password or share it with others.
 Do not reuse passwords after they have expired.
Use different passwords for different applications. For example, choose separate passwords
for your e-mail program, online banking, remote access connection, dial-up connection,
and so on. That way, if someone learns one of your passwords she won’t necessarily be able
to access all of your secured accounts.
 Password guidelines should be clearly communicated to everyone in your organization
through your security policy. Although users might grumble about choosing a combination of
letters and numbers and changing their passwords frequently, you can assure them that the
company’s financial and personnel data is safer as a result. No matter how much your
colleagues protest, do not back down from your password requirements. Many companies
mistakenly require employees only to use a password, and don’t help them choose a good one.
This oversight increases the risk of security breaches.
P3.1 - Task 6 – State and define the needs of companies when it comes to security within the
workplace in terms of physical and technical.
P3.2 – Task 7 - Describe the various types of threat reduction methods available to organisations,
systems and data.

Firewalls
SSL
Digital Certificate
Passwords
LO2 Understand the factors that influence website performance –
Legal Mechanisms – Data Protection Act
 The Data Protection Act is one of the four major Acts that
apply in Britain to business and how business handle
information. Next to the Health and Safety Act, it is the
second law that companies get prosecuted over the most. The
law is over 700 pages in length but the main stipulations
include:
 Fairly and lawfully processed
 Processed for limited purposes
 Adequate, relevant and not excessive
 Accurate and up to date
 Not kept for longer than is necessary
 Processed in line with your rights
 Secure
 Not transferred to other countries without adequate protection
LO2 Understand the factors that influence website performance –
Legal Mechanisms – Data Protection Act
The second area covered by the Act provides individuals with
important rights, including the right to find out what personal
information is held on computer and most paper records.
Should an individual or organisation feel they're being denied
access to personal information they're entitled to, or feel their
information has not been handled according to the eight
principles, they can contact the Information Commissioner's
Office for help. Complaints are usually dealt with informally, but
if this isn't possible, enforcement action can be taken.
P3.3 – Task 8 –Describe the Data Protection Act and outline its
importance in business society and personal liability.
P3.3 – Task 9 – State what each of these stipulations means in
real terms with an example.
P3.3 – Task 10 – State and explain what your company needs to
do to abide by the 8 stipulations above.
LO2 Understand the factors that influence website performance –
Legal Mechanisms – Copyright and Patents Act 1988
Introduced to protect people who have created original pieces of work.
• Books, Music, Films, Games, Applications.
2 main purposes of the Act:
•
To ensure people are rewarded for their endeavours.
•
To give protection to the copyright holder if someone tries to steal their
work.
• The Act protects a wide range of work… written and computer based.
• Includes:
•
Copying Software;
•
Copying or Downloading music;
•
Copying images or photographs from the Web;
•
Copying text from web pages.
P3.3 - Task 11 - State briefly what each condition of the Copyright and Patents Act
means and then relate this back to what your company should do to prevent a breach
of this law.
LO2 Understand the factors that influence website performance –
Legal Mechanisms – Computer Misuse Act 1990
 The first section in the Computer Misuse Act forbids a person to use
someone else’s identification to access a computer, run a program or
obtain any data, even if no personal gain is involved in such access. You
also cannot change, copy, delete or move a program. The Computer
Misuse Act also outlaws any attempts to obtain someone else’s password.
Obviously, if someone gives you their identification and you may legally
use the computer, these laws under Unauthorized Access do not apply.
 The second provision in the Computer Misuse Act is gaining access to a
computer system in order to commit or facilitate a crime. You can’t use
someone else’s system to send material that might be offensive or to start
worms or viruses. You also can’t give someone your identification so they
can use your system for this purpose. This second part means that you
would be facilitating someone else’s intent or crime.
 Unauthorized Modification in the Computer Misuse Act means you can’t
delete, change or corrupt data. Again, if you put a virus into someone
else’s system you would be violating the act. Usually committing
Unauthorized Access only is thought a crime punishable by fine. Access
with Intent, and Unauthorized Modification are considered more severe
and may be punished by heavy fines and/or jail time.
LO2 Understand the factors that influence website performance –
Legal Mechanisms – Computer Misuse Act 1990
The Computer Misuse Act makes it illegal to:
 Gain unauthorised access to a computer's software or data
(hacking) - including the illegal copying of programs.
 To gain unauthorised access to a computer's data for
blackmail purposes.
 To gain unauthorised access to a computer's data with the
intention of altering or deleting it. This includes planting
viruses.
 To prevent copying programs illegally (software piracy)
A conviction may lead to a fine and a 5-year prison sentence.
P3.3 - Task 12 – State briefly what each condition of the
Computer Misuse Act means and then relate this back to
what your company should do to prevent a breach of this law.
LO2 Understand the factors that influence website
performance – Legal Mechanisms – Code of Practice
Organisations might have their own code of practice that should be one part of a
general strategy aimed to producing professionalism within the organisation. This
strategy could include:
 Screening of potential employees
 Adherence to AUP
 Training (probably the most important part of the strategy)
 Raising awareness of legal issues like copyright, Data Protection Act, etc.
 Security procedures
In order to help maintain professional standards of behaviour within the industry, the
British Computer Society publishes a code of conduct that comprises twenty-two
rules relating to the professional behaviour of its members. These rules cover four
areas:
 The Public Interest
 Duty to Employers and Clients
 Duty to the Profession
 Professional Competence and Integrity
 There is also a great deal of law concerning the interaction between employers and
employees. In addition there is an increasing amount of legislation relating to IT
matters. The code of conduct is separate from and additional to the obligations
imposed by law.
P3.4 – Task 13 - Create a set of Company specific guidelines on Duty of Care and
specify what can be done to eliminate or reduce the threats.
LO2 Understand the factors that influence website performance Interactive websites for performance and security
M1.1 – Task 14 – Using the table below compare and contrast the end client and user needs are for 2 ecommerce websites.
 Users need to compare and contrast what they believe the client and user needs are, what multimedia /
interactive / accessibility / security features have been included and why. They should also consider the
user and server side factors and how much they affect the website’s performance. Learners should also
include any identified improvements for this site and identify innovative content used.
E-commerce
Client Needs
User needs
Multimedia Content
Interactive Content
Accessibility Features
Security Features
User side Factors
Server Side Factors
Innovative Content Used
Improvements Suggested
Website 1
Website 2
LO2 Understand the factors that influence website performance Interactive websites for performance and security
M1.1 – Task 15 – Using the table below compare and contrast the end client and user needs are for 2
promotional websites.
 Users need to compare and contrast what they believe the client and user needs are, what multimedia /
interactive / accessibility / security features have been included and why. They should also consider the
user and server side factors and how much they affect the website’s performance. Learners should also
include any identified improvements for this site and identify innovative content used.
Promotional
Client Needs
User needs
Multimedia Content
Interactive Content
Accessibility Features
Security Features
User side Factors
Server Side Factors
Innovative Content Used
Improvements Suggested
Website 1
Website 2
LO2 Understand the factors that influence website performance Interactive websites for performance and security
M1.1 – Task 16 – Using the table below compare and contrast the end client and user needs are for 2
educational websites.
 Users need to compare and contrast what they believe the client and user needs are, what multimedia /
interactive / accessibility / security features have been included and why. They should also consider the
user and server side factors and how much they affect the website’s performance. Learners should also
include any identified improvements for this site and identify innovative content used.
Educational
Client Needs
User needs
Multimedia Content
Interactive Content
Accessibility Features
Security Features
User side Factors
Server Side Factors
Innovative Content Used
Improvements Suggested
Website 1
Website 2
LO2 Understand the factors that influence website
performance
 Since the Internet first went public in 1992 there has been case after case of attack,
breaches, viruses, and incident and even with new technologies, improved security,
SSL, cloud computing and biometrics, the problems continue. Viruses are not such
a threat as they used to be but the American Government still used one to disable
the Iranian Nuclear program in 2012.
 Firewalls have been improved immeasurably but Sony was still hacked. Single
fraudsters like Kevin Mitnick are more rare but LulzSec has recently hacked the
Twitter Accounts of North Korea. High profile cases are known like Wikileaks and
the recent Facebook hack but the best forms are rarely caught. Click here and here
for recent news.
D1.1 – Task 17 - Research the impact that 5 cases of website security breaches have had
on society. Five cases should be discussed from the three categories, at least one from
each category, discussing the threat, the impact on society and how the threat was
resolved.
 Cases
 Viruses, Trojans and Worms (Sobor, iloveyou, Lovesan)
 Hackers (Adrian Lamo, Kevin Mitnick, MafiaBoy) Sony, Facebook and Twitter
 Identity theft (Abraham Abdallah)
LO2 Understand the factors that influence website
performance – Task List
 P2.1 – Task 1 - Explain how User Side factors can benefit and hinder website
performance for user customer base and business functions.
 P2.2 – Task 2 - Explain how Server Side factors can benefit and hinder website
performance for user customer base and business functions.
 P3.1 - Task 3 – State and define the needs of companies when it comes to website






security within the workplace.
P3.2 – Task 4 - Describe the various types of threats to organisations, systems and
data.
P3.2 - Task 5 - You have been appointed as a network administrator to a new small
bricks and clicks company. They have asked for you to create a policy document for
the companies security.
P3.1 - Task 6 – State and define the needs of companies when it comes to security
within the workplace in terms of physical and technical.
P3.2 – Task 7 - Describe the various types of threat reduction methods available to
organisations, systems and data.
P3.3 – Task 8 –Describe the Data Protection Act and outline its importance in
business society and personal liability.
P3.3 – Task 9 – State what each of these stipulations means in real terms with an
example.
LO2 Understand the factors that influence website
performance – Task List
 P3.3 – Task 10 – State and explain what your company needs to do to abide by the 8







stipulations above.
P3.3 - Task 11 - State briefly what each condition of the Copyright and Patents Act
means and then relate this back to what your company should do to prevent a breach
of this law.
P3.3 - Task 12 – State briefly what each condition of the Computer Misuse Act
means and then relate this back to what your company should do to prevent a breach
of this law.
P3.4 – Task 13 - Create a set of Company specific guidelines on Duty of Care and
specify what can be done to eliminate or reduce the threats.
M1.1 – Task 14 – Using the table below compare and contrast the end client and user
needs are for 2 e-commerce websites.
M1.1 – Task 15 – Using the table below compare and contrast the end client and user
needs are for 2 promotional websites.
M1.1 – Task 16 – Using the table below compare and contrast the end client and user
needs are for 2 educational websites.
D1.1 – Task 17 - Research the impact that 5 cases of website security breaches have
had on society. Five cases should be discussed from the three categories, at least one
from each category, discussing the threat, the impact on society and how the threat
was resolved.