Exercise 9

1. S.E.T. and RSA 128-bit Encryption fort e-commerce

SET stands for Secure Electronic Transaction. SET is a standard protocol for securing credit card transactions over insecure networks, i.e. the internet. SET was initially supported by Mastercard, Visa, Microsoft, Netscape plus others. A SET user is given an 'electronic wallet' (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the puchaser, merchant and the purchasers bank.

RSA 128-bit encryption is a public-key cryptography algorithm that allows for secure communications over an insecure network through public and private keys. 128-bit RSA encryption is widely used today for secure communications over the internet as it is considered to be out of reach of current computing power.

2. Network and Host-based Intrusion Detection Systems

A Network Intrusion Detection System (NIDS) is an intrusion detection system that is used to detect malicious attacks on networks, including denial of services attacks, port scans etc through the monitoring of network traffic. The NIDS scans all incoming packets and looks for suspicious patterns known as signatures or rules. NIDS also scan outgoing packets as some attacks can be undertaken from within the monitored network or network segment.

Host-based Intrusion Detection System (HIDS) started in the early 1980's are intrusion detection system that monitors and analyzes the communication traffic in and out of a computer and also checking the integrity of your system files and watching for suspicious processes. HIDS can detect which program accesses which processes, also, they look at RAM, file system, log files etc to make sure that the contents appear as expected.

3. What is Phishing

Phishing is the fraudulent process of attempting to acquire sensitive information such as bank account details, user names, passwords, credit card numbers by masking itself as a legitimate and trustworthy entity. An email is sent to an unsuspecting user which looks quite legitimate and links to an illegitimate website that also looks legitimate, where the user is prompted for their username and password or credit card details.

4. SET Compared to SSL

SET is explained earlier in the post.

SSL stands for Secure Socket Layer, which is a cryptographic protocol that provides security over insecure networks, i.e. the internet. SSL encrypts segments of network communications at the transport layer. SSL uses public and private keys, the public key is used to encrypt data at the browser end and the private key is used by the e-commerce system to decrypt and read the data. SSL is a system used by millions of websites worldwide to protect the data of their online transactions.

5. Cookies

A cookie is a small amount of text that is sent by a web server that is stored on a computer by a web browser. Cookies are used by a web browser to "remember" specific information that is later used by a web browser. This information can consist of preferences, shopping cart contents and other data used by websites.

Cookies can be used for authentication and session tracking among others. HTTP cookies can be used by web servers to track a persons particular web movements. Cookies cannot be used to gain access to a computers hard drive or steal sensitive information about a person.

6. Firewall Security

Firewalls protect a PC through the blocking of ports according to specific criteria. If a computer is connected to the internet then it needs to be protected from vulnerabilities that can be exploited by external sources. Attacks on a system can come from a number of sources, whether it be from someone that wishes to steal or alter your data or viruses and worms. Through the use of a firewall these types of attacks can be minimized, however, not all attacks can be prevented by a security measures.

Firewalls can be hardware or software based and sit between a network and the internet for hardware and the operating system and the internet when installed on your home PC. Firewalls allow the user more control of what comes in and out of the network or local PC. They control and monitor ports, protocols url's and IP's etc. The acquiring of which type of firewall, hardware or software, is purely determined by the size and type of the network or PC it is to protect.

Zonealarm is a type of firewall that is specifically software based that is perceived by some users that protects a PC more effectively than an inbuilt firewall.

7. Measures to create trust

E-commerce provides security features such as SET, SSL, encryption and the use of Digital Certificates to create trust amoung their customers.

8. Other Authentication Techniques

CHAP Authentication - Challenge Handshake Authentication is a one-way authentication method, however, you use CHAP in both directions on the link to create a two-way authentication. This type of authentication requires a shared secret which is usually a username and password which is set up when the link is first established.

Form Based Authentication - This type of authentication is where websites use a web form to collect and authenticate credential information, like a username and password, from a user. This technique is useful for developers as it allows them to customize the authentication user interface. Internet banking use such authentication methods.

Exercise 8

Elevator Pitch 1

This is the first of two elevator pitches for ITC382 business to business systems. This subject will follow our progress through the use of ruby on rails as a framework for the development of an online system. During this 13 week period we will delve deep into the world of developing online systems and plan, design and develop our way to the final goal. During our studies we will utilize a blog to comment on our research and experiences with ruby on rails.
Ruby on rails is an open source web framework that has been optimised for greater efficiency and sustained productivity. Ruby on rails can be used to create e-commerce solutions including online booking systems as well as client/server computing in general. The design concepts that are used in ruby on rails are REST, DRY and convention over configuration. The REST architecture is implemented by ruby on rails through representing its states in http format. The DRY concept states that the unnecessary repetition of code is wasteful and hinders productivity. Toolsets and programming practices help overcome these issues. Convention over configuration is a model that reduces the amount of configuration needed by the administrator that increases the simplicity of development without reducing flexibility.

Exercise 7

The perception that integration will be getting stronger in the near future is coming about as businesses strive to make available more resources in the one place. If a business is able to provide more features for their service than any of its competitors than it is more likely to have a higher number of users. Through integration the features and components of multiple systems can be integrated into a larger, more efficient and more powerful system, which in the long run will see a reduction in costs. An example of two systems that have been integrated is a website for woolworths supermarket and the ability to order groceries online.

Representational State Transfer, when compared to other web services, has many highly desirable architectual properties: scalability, performance security, reliability and extensibility.

Exercise 6

I spent hours on end for this exercise, I really must be missing something with Ruby on Rails. I can get most of the basics working but when I try to get further into it I seem to confuse myself. I really need to step back and start from the beginning again, hopefully it clicks.

Exercise 5

This exercise examines some environment variables on the server. I did this exercise on a windows machine using the $_SERVER[variable] and got these results:

• $_SERVER[$REMOTE_ADDR] - You are connected from: 127.0.0.1


• $_SERVER[$PHP_SELF] - You are connected from: 127.0.0.1

The second exercise creates a variable, $myvar, and assigns it a value, Hello World!. The echo function is then used to display the variable, Hello World!, on the screen for the user.

The third exercise creates a form to enter your name which uses the "Return" key to submit the text. The result was:

The fourth exercise builds a php file that uses the input from the last exercise and prints it on the screen for the user. Although I did not get the desired result, from purely ready the code I could see what the outcome was supposed to be.



For the fifth exercise I could create the database and tables, no worries. Using the database commands:

CREATE DATABASE mydatabase;

USE mydatabase;

CREATE TABLE employees

(First varchar(20) NOT NULL,

Last varchar(20) NOT NULL,

Address varchar(50) NOT NULL,

Position varchar(20) NOT NULL);

The rest of exercise five is where I had trouble and run out of time to complete. Hopefully have a bit of time towards the end of semester to fix it up.

Workshop 4

I have spent a couple of hours on the coding examples at http://www.fincher.org/tips/Languages/Ruby/, I found these tutorials good for the basics and learnt a few extra things on top of what I had already picked up. Also, a couple of different ways of doing similar things. I have become more familiar and confident with the basic functionality of Ruby through this workshop.

The syntax for a Javascript "If" statement is as follows:

• if (condition) { code to be executed if condition is true }

The syntax for a Ruby "If" statement is as follows:

• if object < method =" action">

The major difference here is the use of parentheses. Ruby is written with perentheses for purpose of precedence, while in Java conditions must be inside perentheses and curly brackets are used around the code block.

Some of the similarities between Java and Ruby include:

• They both include public, private and protected methods
• Memory is managed via a "grabage collector"
• Both are object-orientated languages

References

• http://www.w3schools.com/JS/js_if_else.asp
• http://www.indicthreads.com/1739/ruby-and-java-similarities-and-differences/

Workshop 3

The MySQL Graphical User Interface contained tools including:

• MySQL Administrator 1.2
• MySQL Query Browser 1.2
• MySQL Migration ToolKit 1.1

Rails is installed and running, however, my lack of development skills/knowledge is showing as a large portion of my time has been spent getting this section up and running with little success. I am understanding what Rails is and why it is used, however, when it comes to fitting it all together to get a working app, that is where I fall in a heap. I am studying network engineering and through my frustrations with getting Ruby on Rails to work I am becoming more and more confident that I have chosen the right path for me.

I will try to increase my learning and skills with rails through more Ruby on Rails reading and hopefully get my head around this development process. Resources currently being looked at are:

• The “Rolling with Ruby on Rails” series and “Cookbook recipes by Curt Hibbs and others beginning at http://www.onlamp.com/pub/a/onlamp/2005/01/20/rails.html
• and, “Fast-track your Web apps with Ruby on Rails” at http://www-128.ibm.com/developerworks/linux/library/l-rubyrails/