Section 1 Introduction to the Internet

1
Section 1Introduction to the Internet
WHAT IN THE WORLD IS THE WEB?
2
Who in the World Are Firebird Services?

• Ebusiness experts
• Strategy through to implementation
• Consultants, project managers and developers
• Java or Microsoft or CGI/Perl environments
• Experience with many web/app servers
• Ebusiness Services
• Strategy workshops through to hosting
• Technical arch/infrastructure design
• Audits, reports are a speciality
• We also offer training
• http//www.firebirdservices.com

3
History of the Web

• Internet
• Arpanet project
• Resilience to nuclear attack
• Ease of access not secure
• TCP/IP protocol
• Web
• Web browsers
• Web sites
• HTTP protocol

HTTP
SMTP
NNTP
FTP
TCP
IP
4
Web Architecture
Web Server Machine
Browser
HTTP
Internet/ Intranet
Browsers Internet Explorer Netscape Mosaic
Web Servers Microsoft IIS Apache Lotus
Domino Many others..
5
Web Object Naming
http//www.microsoft.com/seminar/1033/default.htm
protocol used to access the object
the object, a html file
directory in which object is stored
name of the web server (note, this could be
replaced with the ip address 207.46.230.219)
6
Web Addresses

• Domain Names
• www.microsoft.com International company
• www.microsoft.co.uk UK company
• www.microsoft.co.nz New Zealand company
• www.cit.ac.nz Academic
  institution in NZ
• www.maf.govt.nz Govt establishment in
  NZ
• www.internic.net Net services company
• www.savethechildren.org Organisation (non
  profit)

7
Internet Vs Intranet
Internal web servers
Browser
Intranet
Firewall
Internet
8
Intranet Vs Extranet
Browser
Internal web servers
Intranet
Extranet
Extranet web servers
Internet
9
Convergence of Technology
Browser
Internet
Web TV
WAP
10
Web Publishing
Web Server Machine
Browser
FTP
Internet/ Intranet
Publishing tools FTP command line Publishing
Wizards FrontPage
Publishing languages HyperText Markup Language
(HTML) Javascript Active Server Pages
(ASP) Java CGI/Perl
11
Web Publishing (2)

• Get an Internet Service Provider (ISP) or Web
  Host
• Create web pages in HTML/ASP etc
• FTP them to web server
• Register a domain name
• Domainz (www.domainz.net.nz)
• Network Solutions (www.networksolutions.com)
• Promote web site

12
Promoting Web Sites

• Traditional methods
• Newspapers
• TV
• Business cards/letter heads
• Web methods
• Register with search engines/portals
• Advertising banners (reciprocal)
• Usenet groups/discussion forums
• Targetted emails (do not Spam!)

13
Searching The Web

• Search Engines/Portals
• Yahoo
• Excite
• Altavista
• Lycos
• Usenet groups/discussion forums
• Bots compare prices, etc.

14
Marketing on the Web

• Communities
• Sticky sites, get users to come back
• Get users to provide content for you
• Users advise each other, self service
• Customer/Partner Relationship Management
  (CRM/PRM)
• Online interaction with Customer Services via
  chat/discussion groups
• Self service facilities
• Online documentation, support, downloadable help
  files etc.

15
Marketing on the Web

• Personalisation
• Users choose content they are interested in
  more likely to return
• You can track their behaviour once they have
  logged in
• Targetted Marketing
• Offer personalised products, special offers and
  promotions
• Associative marketing suggest customer might
  consider x if buy y
• Push Technologies

16
Problems on the Internet

• No centralised infrastructure
• Huge global scale - millions of potential users
• Initial conception was openness and robustness -
  not security
• Organisations must provide a window into their
  networks
• Many will look for non public items
• A few will step through and cause havoc

17
Bandits on the Internet

• Must avoid
• Impostors
• Spies
• Vandals
• Moving targets
• New and ingenious mechanisms for attacks
• Technology rapidly increasing
• Severe damage usually detected when it is too
  late!!

18
The Technical Solutions

• Access controls
• Cryptography
• Encryption
• Digital signatures/certificates
• Authentication

19
Symmetric Cryptography
20
Asymmetric Cryptography
21
Digital Signatures
22
Secure Channels (SSL)

• Provides
• Client Authentication
• Server Authentication
• Encryption
• Message Authentication
• Stops
• Imposters
• Spies
• Vandals

23
Secure Sockets

• TCP/IP - designed to operate in layers

• Security protocols e.g. Secure Sockets Layer
  (SSL)
• Encryption
• Authentication of messages
• Authentication of end-points i.e.client and server

24
Certificate Authorities

• Trusted third parties
• Certificate contents include
• Certificate Authority name
• Certificate serial number
• Identity of subject name/organization/address
• Public key of subject
• Validity timestamps
• Signed by Certificate Authoritys private key
• X.509 defines the standards

25
Other Technologies

• Firewalls
• Password authentication
• File/Directory access controls
• Web Server configuration
• Network configuration
• Audit logs

26
Management Solutions

• Technologies on their own not enough
• Must have procedures in place to back them up and
  be following them
• Physical security of web servers and data is
  crucial
• Procedures for what is done with credit card
  numbers after receipt must be defined and
  followed
• Security Video

27
Summary

• Many facets
• Biggest danger is internal
• Not implementing or fully understanding the
  available technologies
• Risk assessment
• Suitable response
• Process that must evolve

28
Resources

• Websites
• Sign up to our Ebusiness group at our site
• Books
• Michelles book published soon
• Us
• Michelle.Johnston_at_firebirdservices.com