Unit 28 Week 3

Keeping Websites
Secure
What are the top 3 security
dangers for websites?
(in your opinion!)
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20

Objectives
• explain the security risks and
protection mechanisms involved in
website performance (P3)


To achieve a pass grade the
To achieve a merit grade the
evidence must show that the evidence must show that, in
learner is able to:
addition to the pass
criteria, the learner is able
to:

To achieve a distinction
grade the evidence must
show that, in addition to the
pass and merit criteria, the
learner is able to:

P1 outline the web architecture
and components which enable
internet and web Functionality

M1 explain the role of web
architecture in website
communications

D1 explain the role of the TCP/IP
protocol and how it links to
application layer protocols

P4 using appropriate design
tools, design an interactive
website to meet a client need

M2 explain the tools and
techniques used in the creation
of an interactive website

D2 discuss the techniques that
can be used on web pages to aid
user access to information

P5 create an interactive website
to meet a client need.

M3 improve the effectiveness of
a website on the basis of a client
review.

P2 explain the user side and
server side factors that
influence the performance of a
website
P3 explain the security risks and
protection mechanisms involved
in website Performance

D3 demonstrate that a created
website meets the defined
requirements and achieves the
defined purpose.

P3 – Assignment 3
• You have 3 tasks to complete, each of
which will require some research and
may well take more than 1 hour each
BUT:
• If we are going to learn the skills
necessary for the other 2 pass marks we
have a lot to learn!
• We cannot spare more than 1 hour next
week for either U1,2,3 catch up or
U28A3

Task 1 - Dangers:
You should research each of the following terms –
hacking, viruses, identity theft – and produce a
definition of each in your own words in a leaflet
suitable for distribution to a small business that
intends to develop an online presence.
You should also find examples of organisations or
websites that have experienced these threats and
identify how the threats were dealt with and any
consequences. You should add these case studies
to your leaflet.

How it might look…
ima
ge
ima
ge

ima
ge
image

ima
ge

ima
ge
ima
ge


Check basic understanding:
• Hacking means – unauthorised
access to computer systems
• While there may not be intent to
commit another crime, this access
often damages files such as logs and
operating systems

• Viruses are programs that are
designed to spread and infect other
computers
• They may be used to allow other
criminal access to a computer
• This could include taking copies of
confidential data or destroying files

• Identity theft is a form of fraud where a
criminal can impersonate someone else,
usually for financial gain
• Phishing is a form of identity theft
where convincingly designed emails and
websites are sent to convince users to
enter their usernames and passwords
into fake sites so criminals can use them

Create your leaflet!
• Use your own words, especially for
definitions!
• Aim it at small business owners who do
not necessarily have good technical
knowledge
• Prompt questions are on the brief
• Share resources like case studies that
could be useful to others
• Reference the source of those things

Task 2 – Protection:
• You should research each of the
following terms – firewalls, SSL,
strong passwords and CAPTCHA –
and produce a short information
leaflet or a poster suitable for issuing
to YellowZebra clients.

• Separate leaflet, please!
• If you decide on a poster, don’t
skimp on detail – make it A3 if you
need to fit more information on!


• Firewalls use rules to allow or block
data to/from different IPs & ports
based on rules
• Legitimate HTTP requests will be on
port 80, HTTPS on 25 – other access
might be suspicious/hacking

• SSL means Secure Socket Layer and
it’s a way of encrypting data between
webserver & browser so passwords,
personal information etc. is more
secure
• If an address starts https:// and if
you have a little lock on your
browser it’s using HTTPS

• A good password takes longer for a
hacker to guess or crack
• More letters are more difficult, use
of numbers & characters on
keyboard is even better – more
complexity, more possible options

• CAPTCHA (and others too) is a puzzle
that only a human should be able to
do
• They stop hackers using scripts to
automatically set up thousands of
new accounts e.g. on email for spam

Make your leaflet/poster!
• Use your own words, especially for
definitions!
• Aim it at small business owners who do
not necessarily have good technical
knowledge
• Prompt questions are on the brief
• Share resources if they’re especially
good
• Reference sources

Task 3 - DPA
• Choose one website from following list and
describe in a short report (with the use of
screen shots) how that organisation complies
with this law.
• For example, you could include the data
collection and privacy policy, the registration
and purchase/transaction process, and
permission to use the data collected.
• You should look for areas on the website where
information is given to the user covering, at
least, some parts of the Data Protection Act.

• Report typed in Word
• Screenshots should
be small enough not
to dominate your text
but big enough to
make them clear to
read

How Amazon UK complies
with the Data Protection Act


About the DPA
• Check out the links on the VLE
• Look back at older work!
• Start your report with a summary of
the law, its principles
• Then show what your chosen site
does to comply

Unit 28 Week 3

Recommended

Recommended

More Related Content

What's hot

What's hot (11)

Viewers also liked

Viewers also liked (13)

Similar to Unit 28 Week 3

Similar to Unit 28 Week 3 (20)

More from MrJRogers

More from MrJRogers (13)

Recently uploaded

Recently uploaded (20)

Unit 28 Week 3