Writing Your Dissertation

Download Report

Transcript Writing Your Dissertation

ORAL
By:
Karaiskos Kostas
(M.N 00/4364)
December 2002
Department of Computing and Information Systems
MSc in Information Technology
with WEB Technology
Project Title:
Analysis and Design of a Distributed System for Athens Land Registry on the
needs of Fictitious Pawn (mortgage for mobile property without delivery) via the
Internet.
By
Karaiskos Kostas
(M.N 00/4364)
June 2002
The term “Fictitious Pawn”
Real estate finance and investments is a field of study
that requires an understanding of many important subjects:
property law, mortgage underwriting practices, mortgage
insurance programs, financial analysis, valuation principles,
income tax lows, investments analysis, real estate
development and capital markets. The “Fictitious Pawn” is
part of the above fields.
“Pawn” is a sum of money borrowed from a bank in order
to purchase a property. The Lender keeps the goods of the
Borrower for assurance. Then the money paid back to the
Lender over a fixed period of time together with the
accrued interest.
The Lender gives back to the Borrower his goods.
“Fictitious Pawn” is a sum of money borrowed
from a bank in order to purchase a property. The
Lender does not keep the goods of the Borrower for
assurance, but in this case an agreement is occurred
between Lender and Borrower. This agreement is
registered in a “Public Book” by Manual form -that
there is in the Land Registries-. Then the money paid
back to the Lender over a fixed period of time
including the accrued interest.
The Lender “writes off “the agreement.
Description of the Work
Basic aim of the work is the analysis and the design of a distributed
system for Athens Land Registry through the Internet. The system will
handle the data and processes needed for the implementation of the
“Fictitious Pawn” in Greece. The system should have an open
architecture, it will be based on Internet technologies, it should vouch for
secure transactions and it must be user friendly. The project should give
proposals concerning the network infrastructure and data design of the
system. A prototype will be developed in order to demonstrate the whole
system.
Land Registries in Greece are Public Services that belong to the Ministry
of Justice. The central L.R is the Land Registry of Athens and consists of
400 and more that are located in the Country. The main purpose is to
register title-deeds and to record dealings (as sales and mortgages).
The principal aims are:
•to maintain and develop a stable and effective land registration system
as the cornerstone for the creation and free movement of interests in land
•to guarantee registered bonds and interests in land
•to provide online access for updating and guaranteed land information in
order to secure confident dealings in properties and security of titles
•to achieve improved performance targets progressively, so that high
quality services and lower cost are provided to users
•to keep “public book” for the “fictitious pawn”
THE TWO PROPOSALS
In this project, two different proposals are analyzed
and described:
The First proposal, (henceforth it will be reported as
VPN Solution) has to do with the description of the
Regional Services connection with the Central
Service, via a VPN (Virtual Private Network) that is
implemented over the public internet.
The second one (henceforth Mixed Solution)
constitutes to an alternative proposal, where the
Land Registries with the bigger traffic of data will be
connected via a VPN (as above) with a Central
Service. At the same time the rests will be connected
via the Public Telephone Network.
SWOT Analysis
SWOT analysis is a tool for auditing an
organization and its environment. It is the first
stage of planning and helps marketers to focus on
key issues.
Once key issues have been identified, they feed
into marketing objectives. It can be used in
conjunction with other tools for audit and
analysis, such as PEST analysis and Porter's FiveForce analysis. It is a very popular tool because it
is quick and easy to learn.
SWOT consists of strengths, weaknesses,
opportunities, and threats. Strengths and
weaknesses are internal factors
F.P SWOT Analysis
Strengths
•Knowledge. The central L.R has the knowledge for systems, networks, connectivity, programming, all the
VARs, and data management.
•Relationship. The central L.R knows his clients, as better as possible, one by one.
•History. The Central Land Registry in Athens has a history for 150 years.
Weaknesses
•Costs. The contracts cost more.
•Price and volume. The State of every contract has a 7,5 %0 tax in the total price.
•Brand power. There is not a national advertising.
Opportunities
•Local area networks. LANs become common place in small business, and in home offices. Nowadays,
business assumes LANs as part of normal office work. This is an opportunity to extend, because LANs are
more familiar and the service is more intensive.
•The Internet. The increasing possibilities of the Internet offer another area of opportunity.
•Training. The public servants could use new methods of technology through the internet.
•Service. This business model includes better service, as the client service is the main target.
Threats
Political reasons could effect negatively.
Technology review of this project
In this project have developed the
following technologies:
•Virtual Private Networks
•Active Server Pages
•HTML
•VB Scripting
•Global.asa file
•ADO
We will not discuss and compare the
advantages and the disadvantages of
different technologies but only the pros and
cons of the above.
What is a Virtual Private Network?
There are many definitions of a VPN and some of the more common of
them are as follows:
•
IP tunnels between a remote user and a corporate firewall with
tunnel creation and deletion controlled by the user's computer and the
firewall
•
IP tunnels between an Internet service provider and a corporate
firewall with tunnel creation and deletion controlled by the ISP
•
IP tunnels among sites over the public Internet, or over a service
provider's IP network that is separate from the public Internet
•
ISDN, Frame Relay or ATM connections among sites with ISDN B
channels, PVCs or SVCs used to separate traffic from other users.
Basically, a VPN (sometimes known as an extranet) is a private network
that uses a public network (usually the Internet) to connect remote
sites or users together. Instead of using a dedicated, real-world
connection such as leased line, a VPN uses "virtual" connections routed
through the Internet from the company's private network to the remote
site or employee.
There are three main types of VPN:
•Intranet VPNs allow private networks to be extended across the Internet or other public network service in a
secure way. Intranet VPNs are sometimes referred to as site-to-site or LAN-to-LAN VPNs.
•Remote access VPN allows individual dial-up users to connect to a central site across the Internet or other
public network service in a secure way. In this way Remote access VPNs are sometimes referred to dial VPNs as
the user is connected to a public IP network via a dial-up PSTN or ISDN link, and user packets are tunnelled
across the public network to the desired site, giving the impression to the user of being ‘directly’ connected into
that site.
•Extranet VPNs allow secure connections with business partners, suppliers and customers for the purpose of ecommerce. Extranet VPNs are an extension of intranet VPNs with the addition of firewalls to protect the
internal network.
Advantages of using VPN connections
Cost advantages
One way a VPN lowers costs is by eliminating the need for
expensive long-distance leased lines.
Another way VPNs reduce costs is by lessening the need for longdistance telephone charges for remote access.
A third, more subtle way that VPNs may lower costs is through
offloading of the support burden.
The benefits of secure access to private data are ensured by
additional VPN-required authenticated access, encryption, and user
data compression.
Outsourcing dial-up networks
It is the telephone company or ISP that manages the modems and
telephone lines required for dial-up access.
Enhanced security
Sensitive data is hidden from Internet users, but made securely
accessible to appropriate users through a VPN.
Network protocol support
Because the most common network protocols (including TCP/IP and
IPX) are supported, you can remotely run any application.
Scalability and VPNs
However, as an organization grows and more companies must be
added to the network, the number of leased lines required increases
dramatically. VPNs that utilize the Internet avoid this problem by
simply tapping into the geographically-distributed access already
available.
IP address security
Because the VPN is encrypted, the addresses you specify are
protected, and the Internet only sees the external IP address.
Disadvantages of using VPN connections
•VPNs require an in-depth understanding of public network security
issues and proper deployment of precautions.
•The availability and performance of an organization's wide-area VPN
(over the Internet in particular) depends on factors largely outside of
their control.
•VPN technologies from different vendors may not work well together
due to immature standards.
•VPNs need to accomodate protocols other than IP and existing
("legacy") internal network technology.
A well-designed VPN can greatly benefit a company. For example, it
can:
Extend geographic connectivity
Improve security
Reduce operational costs versus traditional WAN
Reduce transit time and transportation costs for remote users
Improve productivity
Simplify network topology
Provide global networking opportunities
Provide telecommuter support
Provide broadband networking compatibility
Provide faster ROI (return on investment) than traditional WAN
What features are needed in a well-designed VPN?
It should incorporate:
Security
Reliability
Scalability
Network management
Policy management
It's fast.
It's easy to take with you wherever you go.
It's able to completely hide you from any other boats or
submarines.
It's dependable.
It costs little to add additional submarines to your fleet once the
first is purchased.
What is Active Server Pages ?
ASP is Web server based technology that pre-processes web pages
before they are returned to a browser.This technology contains three
maijor components.
These components are defined as:
•Server Side Scripting Code and Include Files
•Server Base Objects
•Server Side Components
With Active Server Pages (ASP), you can create a server-side script
that extracts the contents of a user's client certificate and saves this
information in a text file. By adding this script to SSL-secured Web
pages, you can effectively catalog and manage the client certificates
of users accessing your server.
What is Global.asa file?
The Global.asa file is an optional file that can contain declarations of
objects, variables, and methods that can be accessed by every page
in an ASP application.
The Global.asa file can contain only the following:
•Application events
•Session events
•<object> declarations
•TypeLibrary declarations
The Global.asa file must be stored in the root directory of the ASP
application, and each application can only have one Global.asa file.
The Global.asa file can contain four types of events:
•Application_OnStart
•Session_OnStart
•Session_OnEnd
•Application_OnEnd
What is ADO?
The ActiveX® Data Objects (ADO) programming model
represents the best of the existing Microsoft data access
programming models.
ADO provides the following benefits:
•Easier development using a simple object model
•Reduction in network traffic and client memory requirements
•Improvement scalability and built-in support for resource pooling
•Saving of records sets to a physical file
•Support of local find, sort, and filter operation by record sets
•Fabrication of record sets without a database connection.
A. Detailed problem statement
An estimate of Land Registries Data Traffic
For the requirements and the needs of
the project (the architecture of the
network and the application), we have a
preliminary study of the existing
elements concerning the traffic and the
expected data.
Receiving
the
estimate
of
the
transactions (Mortgages, AttachmentsCheque) in Land Registries of the
countries (386 records of TIRESIAS
COMPANY) 120.000 transactions for
year 2001 (not included purchases and
sales) and with an increase 60%, the
transactions are about 200.000 per
year.
According to these estimations for the
current number of 120.000 deeds per
year we have the following elements.
Average of Contracts /Land Registry
/Day
1.1
Bad Day Case: Average of Contracts
/Land Registry / Day
4.7
Average of Contracts /Land Registry
/Day (Athens)
3.7
Bad Day Case: Average of Contracts
/Land Registry / Day (Athens)
41.
6
Average of Contracts /Land Registry
/Day(Thessalonica)
9.0
Bad Day Case: Average of Contracts
/Land Registry / Day (Thessalonica)
28.
7
Average of Contracts /Land Registry
/Day (Patra)
5.2
Bad Day Case: Average of Contracts
/Land Registry / Day (Patra)
26.
7
For 200.000 contracts per year we
have the following elements:
Average of Contracts /Land
Registry /Day
1.7
Bad Day Case: Average of Contracts
/Land Registry / Day
7.5
Average of Contracts /Land
Registry /Day (Athens)
6.0
Bad Day Case: Average of Contracts
/Land Registry / Day (Athens)
66.5
Average of Contracts /Land
Registry /Day(Thessalonica)
14.4
Bad Day Case: Average of Contracts
/Land Registry / Day (Thessalonica)
45.9
Average of Contracts /Land
Registry /Day (Patra)
8.2
Bad Day Case: Average of Contracts
/Land Registry / Day (Patra)
42.7
Conclusion: We observe that in Panhellenic level (except big centres)
the averages of the contracts do not exceed the 1.7 contracts/Land
Registry/Day. Receiving this number in combination with the 20 Kbytes
of Data /Deed (this resulted from the "Publication of Law 2844/2000"),
which are estimated to be dispatched in the Central System for each
contract, we have 34 Kb total volume of traffic data/ Land Registry/Day.
This volume is minimal in the level of Land Registry. These numbers are
expected for the bad case, considering that each Land Registry will send
34 Kb each day for 200.000 contracts in the year.
Analysis of the provided services
Basic requirement of the Land Registry is the fast, easy and friendly data
interchange that is required by the legal platform.
Daily the Central Service contacts with all Land Registries. (about 400) Because of
it, a more expedient and effective solution that is proposed, is the creation of a new
information system. This system will be installed in the Central Service and will
allow the data input of the Regional Services in a central DataBase.
The Inetrnet access will be successed using the appropriate tools and devices.
In this project a Web Server in the Central Service must be installed, to be updated
the Database by the Regional Services.
The proposed system will provide the following services:
•Input data
•Confirmation
•Data Storage
•DataBase Management
By the proposed system, the Regional Services will use a PC, with an Internet
connection and a navigation program.
Each user must know to use only the browser application for the connection and
navigation on the Web. (Internet Explorer, Netscape Navigator or some similar
program of navigation).
The proposed architecture of the system is shown below:
The proposed architecture
Input
The user from a Regional Service when he will connect with the system he
must have in his disposal an electronic prefabricated form that it will be structured
according to the requirements of the Central Service. In this form he will write the
elements that are required (the information that he has predetermined and it be
considered essential from the Central Service). The user’s entry in the system and
the fill of the form will become with the use of some concrete name in combination
with the proportional code for access.
Confirmation
The process of confirmation begins afterwards the data are forwarded in the
server. Concretely the system checks the elements that have been input in the form
with a unique field of the elements of the Region Service.
Data Storage
The data that will be collected by the Regional Services, as well as the names
of user and the proportional code access will be stored in a central database in a
server at the Central Service.
DataBase Management
The proposed system will offer possibilities management of the elements of
the database that will be collected by the Regional Services.
Data Protection
The solution that is proposed for data protection is implemented via the backup
system with Software and Hardware.
B. Solution Design – Implementation
There are a variety of different process models for software engineering.
The Linear Sequential Model
The Prototype Model
The RAD Model
The Incremental Montel
The Spiral Model
The WINWIN Spiral Model
The Concurrent Development Model
The Formal Methods Model
In this project we will follow
the Linear Sequential
Model (Waterfall Model).
The Waterfall model has five
stages.
•Requirements analysis and
definition.
•System
and
software
design.
•Implementation and "unit"
testing
•System testing
•Operation and maintenance
Software requirements analysis:
The system specifications were carefully documented and reviewed with
the customer. The analysts developed refined system specifications after
the review, this aims to produce software that would be most similar to
the customer’s needs. The analysts also drew up a use case diagram
and object diagram to facilitate the designers.
Design:
The design process translated the system specifications into a
representation of the software that can be assessed for quality before
coding begins. Like requirements, the design is documented and
becomes part of the software configuration. The designers refined the
system specifications, refined the use-case diagrams and refined the
object diagrams. The designers also drew collaboration diagrams.
Code:
The design must be translated into a machine readable code. The
programmers came up with the coding for the software and
implemented it. The programmers, the analysts and the designers
decide the main programming language. A bug-free code was finally
generated.
Testing:
Once the code was generated, program testing began. The testers drew
up test cases and proceeded with White and Black Box Testing. The
testing process focuses on the logical internals of the software,
ensuring that all the statements have been tested, and on the
functional externals; that is, conducting tests to uncover errors and
ensure that defined input will produce actual results that agree with the
required results.
Requirements Analysis
Requirements of the Network
•VPN (Virtual Private Network) interconnection is provided by ISP (OTENET).
•Use of ISDN (64 kbps are proposed) for the server of the Central System or
dial-up connections for the Regional Systems.
•Protection of the internal network with the use of firewals.
•Network devices as routers, switches, and modems are worked out.
Requirements of Hardware/Software
•Server: Compaq Proliant ML 350
•Operating system: MS Windows 98, 2000 , XP
•DataBase: Access 2000, MS SQL Server 2000
•Firewall software: MS Internet Security and Acceleration Server 2000
•Web Server: MS Internet Information Server 5.0
•UPS 1KVA.
Requirements of the Application
• Platform: Microsoft.
• Technology: n-tier, web based, client-server application with the use of
technologies ASP, COM components and Transaction Server.
• Desirable operations of the system: Data Input, Input Confirmation, Data
Storage, DataBase Management.
• The safety is ensured through the users’ certification (authentication username, password). However it will be supposed that the safety of the
entire system is increased considerably by the use of VPN.
• the use of SSL protocol .
Network Architecture of the Proposed Solutions
Concisely two alternative solutions are proposed for the architecture
of the network in order to support the operation of the application.
•VPN Solution: The connection of the Central System with the
Regional Services through VPN, is provided by a third provider (ISP).
The functionality and the safety of VPN are ensured by the provider,
while the connection of the Central Service with the VPN takes place
also with ISDN lines and the Regional Services with the VPN via dialup connections. (Modem)
•Mixed Solution: A mixed "situation" is proposed, in which some
Regional Units (these with max volume of traffic) are connected with
the Central via VPN, while the rest are connected directly through
dial-up connections (Modem) with the Central System.
VPN Solution
on
p
-u
cti
ne
n
co
l
dia
Router
Baseband
Modem
PWR
WIC0
ACT/CH0
WIC0
ACT/CH0
ETH
ACT
OK
ACT/CH1
ACT/CH1
COL
Leased
Line
Baseband
Modem
PWR
WIC0
ACT/CH0
WIC0
ACT/CH0
ETH
ACT
OK
ACT/CH1
ACT/CH1
COL
Client PC
dial-up connection
VPN
co dialnn up
ec
tio
n
Firewall
DMZ Switch
Web Server
Client PC
Main Switch
DB Server
Client PC
Comparative advantages:
Easy installation.
Less investment costs.
Security due to the use of the guaranteed infrastructure of the
ISP.
Security in the level of application.
Unlimited number of Regional Services that can be connected to
the Central System.
Easy interface
Comparative disadvantages:
Most functional costs.
Costs for servers, devices and software programs.
Estimate of Data using VPN Solution
For the data transactions of 12.8 Mb/day (as it was calculated
more or less) are required 4.6 hours using 64Kbits/sec line.
To avoid the above time we can use 128 Kbits/sec ISDN line.
Mixed Solution
on
l
dia
Router
Hub
Access Server
Baseband
Modem
PWR
WIC0
ACT/CH0
WIC0
ACT/CH0
ETH
ACT
OK
ACT/CH1
ACT/CH1
COL
Leased
Line
pc
-u
ti
ec
n
on
Client PC
Baseband
Modem
PWR
WIC0
ACT/CH0
WIC0
ACT/CH0
ETH
ACT
OK
ACT/CH1
ACT/CH1
COL
dial-up connection
VPN
co dialnn up
ec
tio
n
Modem
Pool
PSTN
dial-up
direct
conne
cti
on
Firewall
Client PC
n
io
Main Switch
Web Server
ct ct
re e
di onn
c
p
l-u
a
di
DMZ Switch
DB Server
Client PC
Client PC
Client PC
Comparative advantages:
Low functional cost.
Comparative disadvantages:
The research and the installation require more time and are technically
difficult.
High investment cost.
The security of the data distribution through the direct telephone
connections is not ensured (contrary to the distribution through VPN).
There is a restriction of the 256 simultaneous direct telephone
connections. (Practically they are calculated around the 10-15 maximum
simultaneous connections.)
Estimate Data Volume of Mixed Solution
Average time is considered the time that is needed for the achievement
of the connection with the Central System, the data input and finally the
dispatch of the elements to the Central System.
We consider the following parameters for each Regional Service:
average time/ contract the 16 minutes,
connection cost with the VPN 15 € /monthly,
telephone cost 0.006 € /per min and
telephone cost of provinces call 0.08 € per min (prices without VAT).
Break-Even Analysis
On the bases of these parameters, we have the following diagram:
We observe that the direct call is better when there are
up to 12 contracts / month.
Threshold Points
If we perform this analysis for different time/ contract, with minimal time 3 min/
contract and max 29 min/ contract we have the Threshold points.
From the above diagram we observe that time per contract and volume of contracts
per month are inversely.
The total time of data dispatch with the direct connection, is estimated 59 min per
day. (with the assumption of : 16 min/ contract) and the volume of the Land
Registries that will be connected directly (and no via VPN) with the Central System,
it is appreciated in roughly 200 Land Registries
Time of Connections
per day
8:00 until 14:00
total 6 Hours
Duration of connection
0,5 Hours (30 min.)
Total of connections
/modem
6 Hours/0,5 Hour Duration of connection
= 12 connections per modem
Total of
connections/day
16 modem x 12 connections per modem
per day = 192 connections per day.
Clear service time for
each connection
30 min. per connection -5 min Delay of
connection of modem = 25 min Clear
time of service per connection.
Total max service time
per day
192 Connections of x 25 min = 4800 min
service per day
From the elements of the above table we conclude that
an available number from 16 modems (Pool of
Modems) are enough to have satisfaction of the
requirements. (users/modem: 12,5:1, when for ISPs is
forecasted 10:1)
With the same number of Modem (16) they can be
served less connections/day, but with increased time
of service.
Daily service of connections
The volume of the contracts that will be sent with direct connection, in
point of the total volume (estimate 2001) is very small (4.195 and
119.853 ). So, the main movement of the data will be with the leased
line.
Estimate of the Costs
a. VPN Solution Network Infrastructure
Central Service
Regional Service
Functional Monthly Cost
b. Mixed Solution Network Infrastructure
Products and Technologies
Network Equipment
The connection with the internet will become
via the router Cisco 1720 which will be
connected with the Firewall Server in the local
network via an Ethernet. The same router will
be also used for the connection with the VPN
network of OTENET.
The modem Campus-RS will be used for
the connection in the INTERNET and in the
VPN network of OTENET.
For the role of the convector, the model
that has been selected is the PS220A of
Compex.
Proliant ML of 350 Compaq is the
computer that will be used for the
role of Web Server.
UPS
The offered equipment is Pulsar
EX10 of Marlin Cerin.
Printer
The offered equipment is the HP 1200 LaserJet.
Description of the Application
The users can execute the following operations (Menu of
Users):
•Input of a new registration (new pawn).
•Change of an existing registration (correction, change of
elements, changes etc)
•Depreciation – obliteration of the existing registration.
•Search for registrations that have some criteria.
•All the users must have access (search) in the database,
independent from Land Registry.
The administrators can execute the following operations
(Menu of Administrators):
•New user addition.
•Change of elements for an existing user.
•Deletion of existing user.
•Review of the contracts that became in a time period per
Land Registry.
•Review of the contracts that became from all the Land
Registries in a time period.
Input elements Flow Chat
This flow chart describes
the process of the input
elements
by
electronic
form, through user’s web
browser, the control of the
locally correction (that they
can be checked before the
dispatch), the dispatch and
the central control of the
data and finally a briefing
of the result of the process
for the user.
DataBase ENTITY RELATIONSHIP DIAGRAM and Design
The entity relationship model views the Organisation as a set of data elements,
known as entities, which are the things of interest to the organisation, and
relationships among these entities. This model helps the computer specialist to
design appropriate computer systems for the organisation and to provide
management for the perceiving aspects of the business.
As soon as the user tries to acquire access in the operations of the application (to connect in
the web server) it is asked from him the following elements (in level of application):
Name of access (username)
Code Access (password)
The inputted elements will be compared with that in the database and if the user " not locked
himself", it will be presented to him, (proportionally if he is administrator or simply user), a
suitable menu. If the user gives error elements in the system moreover 5 times the system
will prohibit him to access (it locks him) and it will communicate directly with the
administrator.
.
Navigation Forms of the prototype
default.html
Backdoor.asp
Disk file
login.asp
Disk file
main.asp
Signup.asp
confirm.asp
emplglst.asp
emplist.asp
emplform.asp
Disk file
addnewmember.asp
UML Diagrams of the prototype
The heart of object-oriented problem solving is the construction of a
model. The model abstracts the essential details of the underlying
problem from its usually complicated real world. Several modelling tools
are wrapped under the heading of the UML, which stands for Unified
Modelling Language.
A model is an abstraction of the underlying problem. The domain is the
actual world from which the problem comes. Models consist of objects
that interact by sending each other message. Think of an object as
"alive." Objects have things they know (attributes) and things they can
do (behaviours or operations). The values of an object's attributes
determine its state. Classes are the "blueprints" for objects. A class
wraps attributes (data) and behaviours (methods or functions) into a
single distinct entity. Objects are instances of classes.
Use case diagrams
describe what a system
does from the standpoint
of an external observer.
The emphasis is on what
a system does rather
than how.
Activity diagrams and
statechart diagrams are
related. While a statechart
diagram focuses attention
on an object undergoing a
process (or on a process as
an object), an activity
diagram focuses on the
flow of activities involved in
a single process. The
activity diagram shows the
how
those
activities
depend on one another.
Deployment
diagrams
show
the
physical
configurations of software
and
hardware.
The
following
deployment
diagram
shows
the
relationships
among
software and hardware
components involved in
the
“Fictitious
Pawn”
transactions.
Class diagram gives
an overview of the
system by showing its
classes
and
the
relationships
among
them. Class diagrams
are static -- they
display what interacts
but not what happens
when they do interact.
Sequence Diagram is
an interaction diagram
that
details
how
operations are carried
out - what messages are
sent
and
when.
Sequence diagrams are
organized according to
time.
Electronic Forms of the prototype
The use cases have been completed, the problem has been
analyzed, and a suitable design for the architecture has been
defined. It is time for implementation. The activities of
implementation include:
•Mapping the design into code and components
•Unit testing
•Reverse engineering
The principal responsibility and activity of the implementer is to
map the artefacts of design into executable code. Every
implenmenter is responsible for unit testing his own work. The final
step in the sequence is reverse engineering any code changes that
affect the artefacts in the model.
The following prototype has implemented only the administrator and user
registration to the system:
This is the folder with all the files of the application.
PRESS THIS BUTTON
FOR THE APPLICATION
C. Testing
Is a process of executing a
program with the intent of finding
an error. A good test is one that
has a high probability of finding an
as yet undiscovered error. The
objective is to design tests that
systematically uncover different
classes of errors and do so with a
minimum amount of time and
effort.
Secondary benefits include:
Demonstrate
that
software
functions appear to be working
according to specification.
The performance requirements to
have been met.
Data
collected
during
testing
provides a good indication of
software
reliability
and
some
indication of software quality.
System testing may involve testing website performance, testing and
debugging software, and testing new hardware.
An important part of testing is the review of prototypes of displays,
reports, and other output. Prototypes should be reviewed by end users
of the proposed systems for possible errors. Of course, testing should
not occur only during the system’s implementation stage, but
throughout the system’s development process.
We have many types of testing:
Exercising the code
Performance testing.
The black box
Usability testing
load testing
acceptance testing
security testing
D. Security
The
term
security
describes
the
protection of our data and system. A
secure system is a properly fuctioning
software application that does only what
it
is
supposed
to
do,
without
compromising the integrity of our data to
those who are not authorized to have that
information.
For the creation a site in the Internet,
should be ensured certain terms of safety.
Initially it should be evaluated the needs,
and to be answered questions, as: how
sensitive are the data? What ways of
access in the data exist? Who wants this
data and on what reason? What users
need to have access in the data? To
understand the areas of risk in our
application, we need to understand where
our system is vulnerable. The basic Web
architecture, being a variant of a
client/server architecture, has three
principal architectural elements; the
client, the network, and the server.
VPN Security
Using VPNs places most of the security responsibilities, such as network
traffic encryption, on the infrastructure rather than on the individual
applications. Some Web applications may use VPNs as part of their
security measures. VPNs can be implemented with a combination of
software and hardware or just as software.
A well-designed VPN uses several methods for keeping your connection
and data secure:
Firewalls - A firewall provides a strong barrier between your private
network and the Internet. You can set firewalls to restrict the number
of open ports, what types of packets are passed through and which
protocols are allowed through. Some VPN products, such as Cisco's
1700 routers, can be upgraded to include firewall capabilities by
running the appropriate Cisco IOS on them. You should already have a
good firewall in place before you implement a VPN, but a firewall can
also be used to terminate the VPN sessions.
Encryption - This is the process of taking all the data that one
computer is sending to another and encoding it into a form that only
the other computer will be able to decode. Most computer encryption
systems belong in one of two categories:
Symmetric-key encryption
Public-key encryption
Technology behind VPNs
Several network protocols have become popular as a result of VPN
developments:
•PPTP
•L2TP
•IPsec
•SOCKS
These protocols emphasize authentication and encryption in VPNs.
Authentication allows VPN clients and servers to correctly establish
the identity of people on the network. Encryption allows potentially
sensitive data to be hidden from the general public.
Many vendors have developed VPN hardware and/or software products.
Unfortunately, immature VPN standards mean that some of these
products remain incompatible with each other.
These protocols attempt to close some of the security holes inherent in
VPNs. These protocols continue to compete with each other for
acceptance in the industry.
E. CONCLUSION
The Future of VPN
Increased network capability is a major priority of companies as
they look to strengthen their electronic ties with an everexpanding network of business partners and a growing proportion
of remote workers. Companies need networks that can handle
higher transmission speeds over greater distances and with
greater reliability all in an efficient manner. They also look for
networks that can handle a growing number of data types and
have the flexibility to meet future requirements. To manage
these diverse needs, companies are upgrading their networks to
handle voice and multiple data types in a controlled manner. The
emphasis is on meeting current needs in a cost- effective way
while building a foundation to support future needs. A number
of different solutions are emerging as a result, including IP virtual
private networks (IP VPNs), 10 GB ethernet (10GbE), and fiberoptic networks.
Bibliography
WEB SECURITY: A Step-by-step Reference
Guide
Lincoln D.Stein, Addison Wesley Longman, 1998
INFORMATION SYSTEMS DEVELOPMENT
D.E Avison and G.Fitzgerald
Computer Networks
Tanenbaum, Andrew S. ISBN 0133942481
Communications Networks: A First Course
Walrand, Jean ISBN 0256088640
Managing IP Networks with Cisco Routers
Ballew, Scott ISBN 1565923200
Implementing Virtual Private
Networks:PRAC
BIRD ISBN 0735700478
Virtual Private Networks 2/ed
SCOTT ISBN 1565925297
ASP in Nutshell: A Desktop Quick Reference,
Second Edition
A.Keyton Weissinger. O’Reilly & Associates July
2000
Beginning ASP Databases
John Kaufman
UML FOR V.B6.0 DEVELOPERS (Visual
Modeler & Rational Rose)
Paul Harmon and Brian Sawyer
Software Engineering: A Practitioner’s
Approach (European [12] Adaptation)
Pressman S R.(2000) McGraw-Hill
Informations Systems Requirements:
Determination and Analysis (2nd edition)
Flynn D J. (1997) McGraw-Hill
Information Systems Development:
Methodologies, Techniques and tools
Avison D E & Fitzgerald G. (1995) McGraw-Hill
A Database System: A practical approach to
design, implementation and management
Reading.
Connolly, Begg, Strachan. Addison-Wesley (1996)
Fundamentals of Database Systems USA :
World Student Series Edition
Elmasri/Navathe
Engineering Design
Dhillon, Balbir S. ISBN 0256183120
Τεχνολογία Λογισμικού Τόμος Α'
ΓΙΑΚΟΥΜΑΚΗΣ ISBN 420-0304-1
Τεχνολογια Λογισμικου Β'
ΓΙΑΚΟΥΜΑΚΗ ISBN 420-0304-2
By
Karaiskos Kostas
(M.N 00/4364)
December 2002