1. Keeping Websites
Secure
What are the top 3 security
dangers for websites?
(in your opinion!)
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
2. Objectives
• explain the security risks and
protection mechanisms involved in
website performance (P3)
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
3. To achieve a pass grade the
To achieve a merit grade the
evidence must show that the evidence must show that, in
learner is able to:
addition to the pass
criteria, the learner is able
to:
To achieve a distinction
grade the evidence must
show that, in addition to the
pass and merit criteria, the
learner is able to:
P1 outline the web architecture
and components which enable
internet and web Functionality
M1 explain the role of web
architecture in website
communications
D1 explain the role of the TCP/IP
protocol and how it links to
application layer protocols
P4 using appropriate design
tools, design an interactive
website to meet a client need
M2 explain the tools and
techniques used in the creation
of an interactive website
D2 discuss the techniques that
can be used on web pages to aid
user access to information
P5 create an interactive website
to meet a client need.
M3 improve the effectiveness of
a website on the basis of a client
review.
P2 explain the user side and
server side factors that
influence the performance of a
website
P3 explain the security risks and
protection mechanisms involved
in website Performance
D3 demonstrate that a created
website meets the defined
requirements and achieves the
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
defined purpose.
4. P3 – Assignment 3
• You have 3 tasks to complete, each of
which will require some research and
may well take more than 1 hour each
BUT:
• If we are going to learn the skills
necessary for the other 2 pass marks we
have a lot to learn!
• We cannot spare more than 1 hour next
week for either U1,2,3 catch up or
U28A3
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
5. Task 1 - Dangers:
You should research each of the following terms –
hacking, viruses, identity theft – and produce a
definition of each in your own words in a leaflet
suitable for distribution to a small business that
intends to develop an online presence.
You should also find examples of organisations or
websites that have experienced these threats and
identify how the threats were dealt with and any
consequences. You should add these case studies
to your leaflet.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
6. How it might look…
ima
ge
ima
ge
ima
ge
image
ima
ge
ima
ge
ima
ge
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
7. Check basic understanding:
• Hacking means – unauthorised
access to computer systems
• While there may not be intent to
commit another crime, this access
often damages files such as logs and
operating systems
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
8. Check basic understanding:
• Viruses are programs that are
designed to spread and infect other
computers
• They may be used to allow other
criminal access to a computer
• This could include taking copies of
confidential data or destroying files
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
9. Check basic understanding:
• Identity theft is a form of fraud where a
criminal can impersonate someone else,
usually for financial gain
• Phishing is a form of identity theft
where convincingly designed emails and
websites are sent to convince users to
enter their usernames and passwords
into fake sites so criminals can use them
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
10. Create your leaflet!
• Use your own words, especially for
definitions!
• Aim it at small business owners who do
not necessarily have good technical
knowledge
• Prompt questions are on the brief
• Share resources like case studies that
could be useful to others
• Reference the source of those things
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
11. Task 2 – Protection:
• You should research each of the
following terms – firewalls, SSL,
strong passwords and CAPTCHA –
and produce a short information
leaflet or a poster suitable for issuing
to YellowZebra clients.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
12. How it might look…
• Separate leaflet, please!
• If you decide on a poster, don’t
skimp on detail – make it A3 if you
need to fit more information on!
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
13. Check basic understanding:
• Firewalls use rules to allow or block
data to/from different IPs & ports
based on rules
• Legitimate HTTP requests will be on
port 80, HTTPS on 25 – other access
might be suspicious/hacking
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
14. Check basic understanding:
• SSL means Secure Socket Layer and
it’s a way of encrypting data between
webserver & browser so passwords,
personal information etc. is more
secure
• If an address starts https:// and if
you have a little lock on your
browser it’s using HTTPS
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
15. Check basic understanding:
• A good password takes longer for a
hacker to guess or crack
• More letters are more difficult, use
of numbers & characters on
keyboard is even better – more
complexity, more possible options
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
16. Check basic understanding:
• CAPTCHA (and others too) is a puzzle
that only a human should be able to
do
• They stop hackers using scripts to
automatically set up thousands of
new accounts e.g. on email for spam
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
17. Make your leaflet/poster!
• Use your own words, especially for
definitions!
• Aim it at small business owners who do
not necessarily have good technical
knowledge
• Prompt questions are on the brief
• Share resources if they’re especially
good
• Reference sources
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
18. Task 3 - DPA
• Choose one website from following list and
describe in a short report (with the use of
screen shots) how that organisation complies
with this law.
• For example, you could include the data
collection and privacy policy, the registration
and purchase/transaction process, and
permission to use the data collected.
• You should look for areas on the website where
information is given to the user covering, at
least, some parts of the Data Protection Act.
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
19. How it might look…
• Report typed in Word
• Screenshots should
be small enough not
to dominate your text
but big enough to
make them clear to
read
How Amazon UK complies
with the Data Protection Act
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20
20. About the DPA
• Check out the links on the VLE
• Look back at older work!
• Start your report with a summary of
the law, its principles
• Then show what your chosen site
does to comply
Image from: http://antiqueradios.com/forums/viewtopic.php?f=1&t=188309&start=20