Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning

Outcome: 1. Candidates will be able to consider the Internet and its associated technologies

Indicative Content: 1.1 Explain what is meant by the term Internet and evaluate the available technologies for accessing it A set of interconnected networks is called an internet; the worldwide collection of interconnected networks based on the TCP/IP protocols is a specific internet called the Internet Access to it is through Internet Service Providers (ISPs) Available connection technologies include: Digital Subscriber Line (xDSL); cable networks; wireless links to access points (802.11); Integrated Digital Service Networks (ISDN); analogue telephone links; cellular phone links; satellite phone links. Students should be able to compare and contrast each technologys advantages and disadvantages 1.2 Demonstrate an understanding of how the Internet Protocol (IP) provides a best effort service to move packets from source to destination Internet hosts are identified by a unique IP address, which is a 32-bit binary number that is normally written in dotted decimal notation IP addresses may be fixed or allocated dynamically using the Dynamic Host Configuration Protocol (DHCP) IP is a connectionless protocol: messages are broken into packets; each packet carries a source and destination address and is routed independently; therefore, they can arrive at their destination in a different order from that in which they were originally sent; packets can be lost/corrupted 1.3 Describe the mechanism that ensures packets are delivered to the correct application at their destination When a data packet arrives at the Transport Layer, it must be forwarded to the correct application process; this is achieved by adding the destination port number to which the application process is attached; for example, an HTTP server is attached to port 80. A source port is also included so that a reply can be sent Examiners Tips: Students should be encouraged to use diagrams wherever possible when explaining packet-switching networks.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 1. continued Candidates will be able to discuss the Internet and its associated technologies Indicative Content: 1.4 Demonstrate an understanding of how the Transmission Control Protocol (TCP) provides a reliable service to applications A reliable service means that all packets reach their destination in the correct order and without duplicates The source TCP entity establishes a connection with the destination TCP entity It is responsible for: detecting errors or losses and requesting retransmission; detecting duplicate packets; flow control to minimise congestion and subsequent packet loss; reordering packets into their original sequence Sequence numbers are added to packets so that each one can be identified 1.5 Demonstrate an understanding of the Domain Name System (DNS) Internet hosts understand only numerical IP addresses; however, they are hard for humans to remember and lack flexibility For example, if a users email address was jim@194.128.111.5 and the administrator moved the mail server software to a different machine that had a different IP address, Jims email address would have to change ASCII names decouple machine names from their IP addresses; Jims email address might become jim@abeuk.com; however, a mechanism is needed to translate ASCII names to IP addresses A single file with name-to-IP mappings would be too large and would need to be co-ordinated centrally to avoid name conflicts; this approach would be unmanageable on the world-wide Internet The solution was to introduce a hierarchical, domain-based naming system; the name space is divided into a number of top-level domains, e.g. com; each of these is subdivided into subdomains and so on The system is implemented as a distributed database 1.6 Understand the concept of the Universal Resource Locator (URL) URLs comprise: scheme, server name, path to the file and the file itself; absolute versus relative URLs

019026

Examiners Tips: Students should be encouraged to use diagrams wherever possible; for example, when explaining the DNS hierarchical structure.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 2. Candidates will be able to discuss and assess the World Wide Web in terms of its business benefits

Indicative Content: 2.1 Explain what is meant by the term World Wide Web It is a model for accessing information across the Internet using the HyperText Transfer Protocol (HTTP); documents (web pages) are linked together with hyperlinks and web browsers are used to display those documents 2.2 Describe the role and functions of the HyperText Transfer Protocol HTTP is based on the client-server model When a user clicks on a hyperlink, a request is sent to a web server; the server returns the document and the browser displays it Pages are named using a Uniform Resource Locator (URL ) HTTP is stateless; a browser sends a request to a server and receives a page; the server does not remember the request Cookies can be used to identify previous requests 2.3 Explain what is meant by the terms Intranet and Extranet An intranet is a private network, internal to an organisation, that is used to share information; it is based on Internet technology; unauthorised access is prevented by a firewall (see 8.2) An extranet is an extension of an intranet, via the public communications system, so that some of an organisations private information can be shared with suppliers etc.; secure access implies authentication, encryption (Virtual Private Network) and strict access privileges 2.4 Discuss the business benefits that Intranets and Extranets can provide The main intranet benefits are: better internal communications in that information can be stored centrally; sharing of resources and best practice; fast access to accurate and consistent information means improved customer service; reduced paperwork The main extranet benefits are: it enables a company to communicate and collaborate more effectively with business partners, suppliers and customers

019026

Examiners Tips: Students should be made aware that the World Wide Web and the Internet are not synonymous; the World Wide Web uses the Internet to convey information.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 3. Candidates will be able to assess the concepts and practice of other major Internet applications protocols

Indicative Content: 3.1 Identify and explain the purpose of the electronic mail application protocols Email systems comprise: user agents, which enable people to send and read email messages in RFC 822 format, and message transfer agents, whose job is to move messages from source to destination Messages are sent by user agents to message transfer agents via the Simple Mail Transfer Protocol (SMTP); message transfer agents exchange mail with other message transfer agents or arrange for final delivery to mailboxes User agents retrieve messages from mailboxes using the Post Office Protocol v 3 (POP3); it is assumed that the messages will be deleted from the server after downloading Users who have a single account, e.g. at work, but wish to access messages from home and work could end up with messages on various machines; an alternative final delivery protocol, Internet Message Access Protocol (IMAP) assumes that messages stay on the server indefinitely; it accepts outgoing mail Webmail is implemented by normal message transfer agents that present the browser with a login form; on successful login, the server builds a listing of the mailboxs contents and presents it formatted as a normal web page Early email messages were English ASCII text; nowadays, messages may, for example, be in non-Latin alphabets; they may also contain binary data (images) etc. Multipurpose Internet Mail Extensions (MIME) define encoding rules for non-ASCII content whilst continuing to use the RFC 822 format 3.2 Discuss the File Transfer Protocol (FTP) FTP is used to up/download text and binary files to/from an FTP server; it is a robust and efficient protocol, which makes it particularly suitable for handling large files FTP servers may allow anonymous access or require a user to login; however, usernames and passwords are not encrypted 3.3 Discuss the remote login application protocol (TELNET) It is a client-server protocol that allows users to perform remote logins, to machines running Telnet Server Software, and execute

019026

commands; by default, it does not encrypt passwords and data; therefore, it is insecure Examiners Tips: Students may get a better feel for SMTP/POP3 if they telnet into a mail server and login manually, e.g. TELNET pop3.tiscali.co.uk 110

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 4. Candidates will be able to develop web pages using the HyperText Markup Language (HTML) and Cascading Style Sheets (CSS)

Indicative Content: 4.1 Describe the main characteristics of the HyperText Markup Language (HTML), XHTML and XML Concept of a markup language and formatting; predefined tags; concept of a hyperlink; HTML/XHTML standards and equivalence XML is a specification for creating custom markup languages; no predefined tags; concerned with structuring and transporting data; users define their own tags 4.2 Create reliable, static web pages using HTML Web page building blocks: elements, attributes and values; blocklevel versus in-line elements; parent and child elements; content: text, links, images Basic document structure: head: Doctypes; document encoding; title; body: headers; paragraphs; spans; line breaks; horizontal rules; attributes: id; class Minimally, candidates will be expected to be familiar with the following: links: to another web page; to a specific anchor; to URLs; using images to label links; client-side image maps and their shapes: rectangle; circle; polygon; lists: ordered; unordered; nested; tables: rows; cells; setting width using pixels or %; spanning cells across columns; spanning cells across rows 4.3 Select the most appropriate image type for a given application Image formats: GIF; JPEG; PNG; advantages and disadvantages of each format; when to use each format; alternative text; thumbnails Examiners Tips: The recommended text book HTML, XHTML and CSS by Elizabeth Castro, publisher Peachpit Press, ISBN 0-321-43084-0 gives a comprehensive introduction to the concepts involved in producing reliable web pages. Chapter 1 gives examples of absolute and relative URLs. Students should pay particular attention to chapter 16, which gives a detailed explanation of how tables should be constructed. The following site contains numerous HTML tutorials and an interactive editor: http://www.w3schools.com

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 4. continued Candidates will be able to develop web pages using HTML and CSS Indicative Content: 4.4 Create forms to collect user data for submission to a web-server Forms comprise three distinct parts: the form tag, which contains the processing scripts URL, and the submission methods get or post; the Forms elements: Text Boxes; Password Boxes; Labels; Radio Buttons: grouping menu options and default selection; Checkboxes and default selection(s); hidden fields: when to use; the submit and reset buttons; including an image file 4.5 Use CSS to format and structure web pages Style Sheet Building Blocks: selector: identifies the elements that are to be formatted; declaration: comprises one or more property/value pairs; these define the formatting that is to be applied to the selected element; colours: predefined colours; specifying colours using RGB values in hexadecimal format Where to locate Styles: external Style Sheets: write desired rules and save as a text file with a CSS extension; link with an entry in the html pages head; internal Style Sheets: desired rules written within the style tag that is located in the html pages head section; local Styles: use style=rule within the tag to be formatted, where rule is the appropriate style rule; precedence: candidates will be expected to demonstrate an understanding of the importance of location, i.e. style rules applied to html elements override those defined in a local style sheet, which in turn override those defined in an external style sheet Elements: minimally, candidates will be expected to be familiar with the following: font family, size, colour, background colour, horizontal alignment, style and weight properties; setting link elements according to their state. Beware of using px to set a fixed font size (see 7.3) Structuring Pages: divide pages into logical elements with div; the box model: content, padding, border and margin; block-level and inline boxes; relative and absolute positioning of elements; floating elements

019026

Examiners Tips: Chapter 10 of the recommended text book HTML, XHTML and CSS by Elizabeth Castro, publisher Peachpit Press, ISBN 0-321-43084-0 shows how to perform basic formatting using styles, whereas Chapter 11 concentrates on how to structure a web page using styles. The World Wide Web Consortiums web site, http://www.w3.org, contains numerous tutorials and other resources to help students.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 5. Candidates will be able to develop interactive web pages using clientside scripting

Indicative Content: 5.1 Demonstrate an understanding of the Document Object Model (DOM) JavaScript is an object-oriented scripting language that can be embedded directly in a web page in order to provide interactivity JavaScript treats a web page as a group of objects that are located inside a window, which itself is an object and referred to as a container Objects inside the window object can contain other objects, i.e. they too are containers Objects store information about the elements of a web page; these are called properties One of the main objects is the document; it contains all the details of the current web page, e.g. forms and their associated elements; images etc. The document object also provides functions, called methods, which enable the programmer to manipulate elements such as radio buttons and text boxes and alter an elements position (dynamic HTML) The World Wide Web Consortium (W3C) produces the official DOM standard; however, proprietary ones exist for most browsers Most modern browsers offer good support for the official DOM Objects can be referenced using the dot notation or by using the official DOMs method document.getElementById("string"), where "string" is the elements id 5.2 Construct functions to open and control windows A new window object can be created using the method open(), which takes a number of optional arguments. See the first reference in the Examiners tips section below for details of the various options The close() method is used to close the current window The focus() method gives focus to the current window; similarly, the blur() method removes focus from the current window Examiners Tips: This w3schools link explains the various options for the open() method: http://www.w3schools.com/htmldom/met_win_open.asp

019026

To be able to reference an object using document.getElementById("string"), the object must be given a unique ID e.g.: <img id="firstImage" src="image1.jpg"> That image can be referenced as follows:
document.getElementById("firstImage").src=newImage1.src

Static web pages display elements in the order in which they were coded; using the DOM, it is possible to move elements while leaving the remainder to be displayed in the order in which they were coded.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 5. continued Candidates will be able to develop interactive web pages using client-side scripting Indicative Content: 5.3 Construct functions to manipulate pre-loaded images An HTML <img> tag causes the browser to send an HTTP request for the referenced image The image can be changed when the mouse cursor is placed over the original image (in response to the MouseOver event); however, the first time this occurs there could be a noticeable delay as the new image is fetched from the server The way to avoid the delay is to pre-load the new image into the local cache; this can be achieved by instantiating a JavaScript Image object and assigning it the URL of the required image in the <head> section By embedding an <img> tag inside an <a> tag, appropriate JavaScript functions (event handlers) can be called in response to MouseOver and MouseOut events; the event handlers are called by including their respective event-handling attributes, onMouseOver and onMouseOut, in the HTML tag; the event-handling attributes value is the functions name 5.4 Construct functions to validate forms JavaScript can save bandwidth by validating user input before a form is submitted to the server An event-handling function is called in response to the submit event (i.e. when the form is submitted) Examiners Tips: This w3schools link gives example code showing how to change images: http://www.w3schools.com/js/js_animation.asp This example code shows how to instantiate a new Image object in the <head> section:
nextImage = new Image()//use the constructor to create the new image nextImage.src = "skyBlue.jpg"// assign it a URL

Although the document.getElementById("string") method is the official way to reference objects, it may be more convenient to cycle through an array of radio buttons to check if any have been checked, e.g.

019026

for (var i=0;i<document.roomType.RoomGroup.length;i++){ if (document.roomType.RoomGroup[i].checked){ ok=true } }

Students should be confident of the difference between the = and == operators.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 6. Candidates will be able to critically compare the technologies associated with web servers

Indicative Content: 6.1 Discuss the Common Gateway Interface (CGI) Standard When a user submits a form, its contents are sent to the web server for processing; the result is that a new web page is created dynamically, based on the users data CGI is a protocol for interfacing external programs to, usually, a web server; the server reacts to a client request by calling a CGI program, passing user data to it and returning the programs output, an HTML page, to the client browser; the CGI program may itself interface to a database server (3-tier architecture). CGI programs can be written in any programming language and normally reside in the cgi-bin directory CGI is considered to be inefficient because each request creates a new process. The FastCGI interface uses a single process to handle multiple requests; therefore, it is more efficient than CGI 6.2 Discuss alternative approaches to creating dynamic web pages Server-side scripting refers to scripts that are embedded inside web pages; an interpreter built into the web server software executes these scripts (e.g. Apache is distributed with a PHP module called mod_php); this is more efficient because there is no need to create a new process PHP is a powerful, open source scripting language; it is particularly good at handling forms; it supports many database management systems Active Server Pages (ASP) is a proprietary server-side scripting engine designed to interface with Microsofts Internet Information Server (IIS); most pages are written in VB Script; however, other scripting languages can be used; database access is achieved via proprietary ActiveX Data Objects (ADO) Java Server Pages (JSP) technology is similar to ASP; however, it is designed to be independent of platform and server. JSPs are compiled into java servlets and executed by the java virtual machine. The JDBC API is a standard SQL database access interface Most web servers include proprietary application programming interfaces (API); these allow the creation of web applications, including database access, which are tightly integrated with the server and therefore run efficiently

019026

Examiners Tips: Students should be made aware that CGI programs are run by the server machines operating system as opposed to being under the control of the web server program. Whatever technology is used to access a relational database, an SQL statement will be sent to the database server. Students should be encouraged to use diagrams when explaining such a mechanism.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 6. continued Candidates will be able to critically compare the technologies associated with web servers Indicative Content: 6.3 Compare and contrast the relative merits of JSP and ASP in developing web applications JSP applications are independent of the platform and server; it is a mature technology with a large development community ASP is restricted to a Microsoft platform and server; earlier versions had some speed advantages over JSP; however, with the advent of .NET, any performance advantage is no longer so clear-cut 6.4 Identify issues of significance in selecting appropriate hosting and development strategies Essential criteria for selecting a co-hosting web service or for developing a dedicated hosting environment, e.g. in-house expertise, cost, server capacity and storage, available bandwidth and allocation, security, file type and size limitations, FTP access, 24x7 operation and support, remote support, reliability and speed of access, backups etc. 6.5 Describe the concept of a Java applet and understand how they are used within a web application An applet is a program that executes within the context of another program Java applets are downloaded and normally run within a browsers context and extend its functionality; they are written in the Java language and compiled to an intermediate code called bytecode; the Java Virtual Machine executes this code; any platform with a Java Virtual Machine can execute Java applets Applets have restricted security permissions and cannot access the local file system; this approach is known as sandboxing Applets are used to provide enhanced interactivity Examiners Tips: Good examples of Java applets can be found on financial web sites such as http://www.iii.co.uk; they are used to display share price information in complex, interactive graphical formats that can be selected by the user.

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 7. Candidates will be able to analyse and draw conclusions on web site design issues

Indicative Content: 7.1 Discuss navigational guidelines It is most important that consistent methods are used across a site Information should be structured from a users viewpoint Aids to navigation include: navigation panels, site maps and a search facility; visited links should change colour to aid orientation A site comprising an ordered sequence of pages should include Previous and Next buttons on all pages to aid visitors who arrive in the middle of the sequence from another site 7.2 Discuss international issues The visitor should be able to choose his/her native language Although there has been much standardisation, care must be taken with units of measurement and date/time formats Cultural sensitivities and legal issues must be observed 7.3 Discuss disability discrimination issues The use of nested tables for page layout causes software which is designed to assist blind users to produce garbled output; tables should be simple and clearly labelled; similarly, frames can cause confusion Fixed font sizes cannot be scaled by partially-sighted users (see 4.5) Colour schemes should take into account colour blindness Non-text elements reduce a pages accessibility to the visually impaired; provide ALT text for images 7.4 Discuss performance issues Images greatly enhance web pages; however, image files can be large and download times over slow connections may be unacceptable It is very important that the home page should load quickly Ensure the most appropriate file format (see also 4.3) to minimise file size and consider using thumbnails where possible Examiners Tips: The following link gives a good overview of site design guidelines: http://www.webstyleguide.com

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 8. Candidates will be able to make judgements on the security threats associated with the Internet and evaluate techniques designed to minimise them

Indicative Content: 8.1 Discuss the methods used to steal or compromise private data and the damage that may result If an unauthorised person reads data, the result is a loss of confidentiality. If it is altered, either maliciously or unintentionally, it suffers a loss of integrity. If it is lost or cannot be accessed by an authorised person due to a denial-of-service attack, it suffers a loss of availability (see also 8.4) An intruder (hacker) exploits weaknesses in computer operating systems and application software in order to gain unauthorised access to a machine in order to steal, destroy or alter private data or to take over the machine for, say, denial-of-service attacks Malicious code, which is also designed to compromise or delete data, can be introduced into computer systems; such code includes: spyware, viruses, worms, trojan horses and rootkits 8.2 Discuss firewall technologies Firewalls comprise hardware and software components that restrict access to/from the Internet and a protected network according to a sites security policy. At its simplest, it may comprise a single, packetfiltering router or dual-homed host; however, more complex architectures may include proxy servers running on bastion hosts. All traffic passes through the firewall; therefore, it can log Internet activity effectively Firewalls cannot guard against the following: rogue insiders and infected floppies or CDs; users who implement insecure paths through and around them, e.g. via a dial-up connection; services that are intentionally allowed through (e.g. email) may contain viruses and web-server worms; however, a firewall may be able to limit the damage caused by a virus or worm by minimising propagation; firewalls are a single point of failure Examiners Tips: Chapter 6 of the text book Building Internet Firewalls (2nd edition) by Elizabeth D Zwicky, Simon Cooper and D Brent Chapman, OReilly, ISBN 1-56592-871-7 contains a set of diagrams that clearly describe possible firewall architectures.

019026

Although a little dated, the following article provides a concise description of internet security threats: http://www.cert.org/encyc_article/tocencyc.html

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 8. continued Candidates will be able to make judgements on the security threats associated with the Internet and evaluate techniques designed to minimise them Indicative Content: 8.3 Compare and contrast symmetric and asymmetric encryption techniques Symmetric cryptography uses a single, private key to encrypt plaintext; the same key is required to decrypt the resulting cipher-text; distributing the shared secret key is problematic because it must remain confidential to the two parties Asymmetric cryptography (Public-key) uses a pair of related keys: a private key, which is confidential to a particular party, and a public key Plain-text that has been encrypted with a public key can only be decrypted with the related private key; similarly, plain-text that has been encrypted with a private key can only be decrypted with the related public key Asymmetric cryptography has a much greater computational overhead than symmetric cryptography; therefore, the former is often used to distribute session keys, e.g. when using Transport Layer Security (Secure Sockets Layer or https) 8.4 Explain how encryption techniques can be used to provide data confidentiality, authentication and non-repudiation Data confidentiality: if a sender encrypts a message with the intended recipients public key, only the intended recipient can decrypt it using the related private key Authentication: a hash function takes a variable length message and returns a fixed length hash code (digest); the digest is then encrypted using the senders private key; if the message is altered, the digest changes. The recipient decrypts the digest with the senders public key and compares it with one that he has calculated from the message; if they are identical, the message has not been altered. The message has also been digitally signed because only the sender could have generated the encrypted digest; this enforces nonrepudiation A Digital Certificate, issued by a trusted 3rd party, is required to authenticate the sender, i.e. they are who they claim to be

019026

Examiners Tips: The following sites contain links concerning cryptography and general security: http://williamstallings.com/Crypto/Crypto4e.html; http://www.uscert.gov/cas/tips/

019026

Unit Title: Internet Systems Development Unit Code: ISD Level: Advanced Diploma in Business Information Systems Learning Outcome: 8. continued Candidates will be able to make judgements on the security threats associated with the Internet and evaluate techniques designed to minimise them Indicative Content: 8.5 Describe a strong authentication protocol and the context in which this should be used An authentication factor is a piece of information or an action that can be used to verify a persons identity The use of two different types of factor is called two-factor authentication or strong authentication Human factors can be classified as something which the person: possesses, e.g. an ID card or security token knows, e.g. a password or PIN has or does, e.g. fingerprint or signature Can be used to provide stronger assurance that financial transactions are performed by known parties than can be achieved by username/password Examiners Tips: The following sites contain links concerning cryptography and general security: http://williamstallings.com/Crypto/Crypto4e.html; http://www.uscert.gov/cas/tips/

019026