Sie sind auf Seite 1von 28

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 1

Assignment Answered for Course 412 - PGDCLIPR: 2014 Batch


Name: Ashvin P N
Coordinator: Dr. Rajeev Warkar
Enroll. No.: 19CL01129-14
Program/ Course: PGDCLIPR 2013-14/ DCL 412

DCL412 Q1:
Briefly describe the categories of computer networks?
A network allows computers to exchange data where networked computing devices pass
data to each other along data connections. It helps to share hardware, software, data,
information or communication. Following are broadly classified types of computer
networks,

Local Area Network (LAN)


A LAN is a network that is used for communicating among Computer devices,
usually within an office building or home. LANs enable the sharing of resources
such as files or hardware devices that may be needed by multiple users. LAN is
limited in size, typically spanning a few hundred meters, and no more than a
mile. LAN is fast, with speeds from 10 Mbps to 10 Gbps. It might require little
wiring, wiring typically a single cable connecting to each device has lower cost
compared to MANs or WANs. LANs can be either wired or wireless. Twisted
pair, coax or fiber optic cable can be used in wired LANs. Every LAN uses a
protocol a set of rules that governs how packets are configured and
transmitted.
Nodes in a LAN are linked together with a certain topology. Topologies include:
o
o
o

Bus
(Linear Architecture; Bidirectional Communication; Non-Recipient station
discards the information frame if not intended based on address)
Ring
(Closed Loop Architecture; Unidirectional transmission; Each Active
station receives & re-transmits frames in the ring, if disrupted data is lost)
Star
(LAN Architecture in which end points on network are connected to a
common central hub; Bidirectional Point-to-point Communication; Ease
to detect failure of station and rectify but if central controller fails network)
Tree
(LAN Architecture identical to bus topology except that it branches with
multiple nodes; Hierarchical Architecture: existence of a central node
(root) and of various sets of level organized nodes (intermediary nodes);
the leaves of the tree are the workstations. The data flow between any
two nodes goes up-down using the upper levels nodes.)
Mesh
(Mesh topology: there are at least two nodes with two or more paths
between them)

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 2

Wide Area Network (WAN)


WAN covers a large geographic area such as country, continent or even whole of
the world. A WAN is two or more LANs connected together. The LANs can be
many miles apart. To cover great distances, WANs may transmit data over
leased high-speed phone lines or wireless links such as satellites. Multiple LANs
can be connected together using devices such as bridges, routers, or gateways,
which enable them to share data. The world's most popular WAN is the Internet.

Internetwork (Internet)
An internetwork is the connection of multiple computer networks via a common
routing technology using routers.

Metropolitan Area Network (MAN)


A metropolitan area network (MAN) is a large computer network that usually
spans a city or a large campus. A MAN is optimized for a larger geographical
area than a LAN, ranging from several blocks of buildings to entire cities. A MAN
might be owned and operated by a single organization, but it usually will be used
by many individuals and organizations. A MAN often acts as a high speed
network to allow sharing of regional resources. A MAN typically covers an area of
between 5 and 50 km diameter. Examples of MAN: Telephone company network
that provides a high speed DSL to customers and cable TV network.

Personal Area Network (PAN)


PAN is a computer network used for communication among computer and
different information technological devices close to one person. It is a network
that is used for communicating among computers or electronic devices (including
telephones) in close proximity of around a few meters within a room. Some
examples of devices used in a PAN are PCs, printers, fax machines, telephones,
PDAs, scanners, and even video game consoles. The reach of a PAN typically
extends to 10 meters. It can be used for communicating between the devices
themselves, or for connecting to a larger network such as the internet. PANs can
be wired or wireless.

Home Area Network (HAN)


HAN is a residential LAN used for communication between digital devices
typically deployed in the home, usually a small number of personal computers
and accessories, such as printers and mobile computing devices. An important
function is the sharing of Internet access, often a broadband service through a
cable TV or digital subscriber line (DSL) provider.

Intranet
An intranet is a set of networks that are under the control of a single
administrative entity. The intranet uses the IP protocol and IP-based tools such
as web browsers and file transfer applications. The administrative entity limits
use of the intranet to its authorized users. Commonly, an intranet is the internal
LAN of an organization. A large intranet typically has at least one web server to
provide users with organizational information. An intranet is also anything behind
the router on a LAN.

Extranet
An extranet is a network that is also under the administrative control of a single
organization, but supports a limited connection to a specific external network. For
example, an organization may provide access to some aspects of its intranet to

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 3


share data with its business partners or customers. These other entities are not
necessarily trusted from a security standpoint. Network connection to an extranet
is often, but not always, implemented via WAN technology.
DCL412 Q2:
Describe the basics of conducting a search?
A network allows computers to exchange data where networked computing devices pass
data to each other along data connections. It helps to share hardware, software, data,
information or communication. Following are broadly classified types of computer
networks,

Search Tools and Methods - describes the means used in conducting a search.
Key word search operators - describes use of operators to compose queries.
Preferred search tools - Lists preferred search tools their keyword operators.
Planning and conducting a search - Provides a guide for conducting search.
Hints and information - Useful facts about the working of the internet.
Comments - Useful information

Advanced information:

Search tool descriptions - Describes contents and use of preferred search


tools.
Conducting searches - A guide on use of operators and composing queries.
Home page - Explains home page and popular site contents.
Glossary of search terms - Defines terms used in the search processes.

A search tool is a computer program that perform searches using a search method which
is the way a search request and retrieves information from web site. There are different
types of methods to conduct the search as mentioned above. There are 4 types search
tools each of them has its own search method.
1. Directory search: It is a hierarchical that starts with general subject heading &
follows with succession of increasingly more specific sub headings. The search
method it employs is Subject Search. Its advantage is the ease of use & indexing of
the information placed in its database by skilled persons to ensure its value.
Disadvantage is it is time consuming limiting the number of directory reviews and
indexing & also limiting the descriptive information about its site because of
comparatively small directory data base & low updating frequency.
2. Search engine tool: It uses keywords and responds with list of references or
heads. The search method it employs is known as Key word search. Advantages
being its information content or database is substantially larger & more current than
that of directory such tool. However, disadvantage is it is not very exacting in the way
it indexes and retrieves induction in its data base, which makes finding relevant
documents more difficult. Key word searches required far more explanation than
subject searches because of their broader scope & greater complexity.
3. A directory with search engine: It uses both subject & key word search method
interactively. In the directory search part the search follows the directory path
through increasingly more specific subject matter; at each stop along the path, a
search engine option is provided to enable the searcher to convert to a key word
search. The subject & key word search is thus said to be coordinated. Advantage of
this kind is its ability to narrow the search field to update to better results & relevant

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 4


hits. Disadvantage for it may not succeed for difficult searches as some search tools
use search engine & directory search independently making them non-coordinated
4. Multi Engine search: It is also called a Meta- search as it utilizes a number of
search engines in parallel the search is conducted via keywords employing
commonly used operators or playing language. It than lists the hits either by search
engine employed or by integrating the results in to a single listing its advantage Is
that it is tolerant of imprecise search questions and provides fewer hits of likely
greater relevance & only Disadvantage Being it might not be as effect as a search
engine for difficult searches.
KEYWORD SEARCH OPERATORS
Operators are the rules or specific instructions used for composing a query in a key word
search. A well defined query greatly improves the chances of finding the information.
While each search engine has its own operators, some operators are used in common
by a number of search engines. Following are among the most used operators in specific
or in combination of Boolean, wildcard, other search engine specific operators.
In a Boolean search, keywords are combined by the operators AND, OR, NEAR and
NOT to narrow or broaden the search.
AND: The operator AND narrows the search by instructing the search engine to search
for all the records containing the first keyword, then for all the records containing the
second keyword, and show only those records that contain both the keywords .
OR: The operator OR broadens the search to include records containing either keyword,
or both. The OR search is particularly useful when there are several common synonyms
for a concept, or variant spellings of a word.
NEAR: (Synonym '~'): near retrieves records that contain the specified words or
phrases within ten words of each other in the same indexed field. If the words occur
further apart in the same field or they appear in separate fields in a given record, then
that record would not be retrieved.
NOT: Combining search terms with the NOT operator narrows the search by excluding
unwanted terms.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 5

Stemming (Truncation): Use the truncation symbols to create searches where you want
to retrieve all variants of a word stem. The most commonly used truncation symbol is the
asterisk (*). E.g.: A search for educat* will retrieve: educate, educating, education,
educational, educator, educators, etc.
Wildcards: A wildcard symbol is used within a word to provide for all possible spellings
or variations inside a word or word stem. The most commonly used wildcard symbols for
internal truncation are the number symbol (#) and the question mark (?).
E.g.: a search for wom?n will retrieve: woman and women

Proximity operators
You can use proximity operators to search for words that occur within a specified number
of words of each other in a database record. The most commonly used are within (w) or
near (n). You combine the proximity operator with a number and place it between two
words or phrases to specify how many words should be between them. The NEAR
operator looks for words within a specified number of each other in any order.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 6

Above are examples for we can use more specific searches through natural language,
case-sensitiveness, more professional search tools or increasing complex searches

DCL412 Q3:
Define HTML, What does a Basic HTML document contain?
HTML (Hypertext Markup Language) is a formatting language that is used to create
documents for the World Wide Web. It is the set of markup symbols or codes inserted in
a file intended for display on a World Wide Web browser page. The markup tells the Web
browser how to display a Web page's words and images for the user. Each individual
markup code is referred to as an element (but many people also refer to it as a tag).
Some elements come in pairs that indicate when some display effect is to begin and
when it is to end. It can include formatting, graphics, and links to documents or sound or
video clips.
HTML documents are made up of elements called tags, which define the presentation of
the web page. Most tags in an HTML document must be followed somewhere in the file
with a closing tag. HTML is a relatively simple implementation of Standard Generalized
Markup Language (SGML). For example:
This is an opening tag: <blockquote>.
This is a closing tag: </blockquote>.
Note that the difference between these two tags is only the presence of a forward slash
after the opening bracket of the tag. The forward slash is what makes this a closing tag.
SGML is a system for defining markup languages. Authors mark up their documents by
representing structural, presentational, and semantic information alongside content.
HTML is one example of a markup language. Here is an example of an HTML document:
A basic HTML Document structure Contains following elements,
HEAD
o INDEX
o REFERENCES
o LINKS or META-INFORMATION
o TITLE
BODY
o PRAGRAPHS

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 7


CONTENT AND TESTS
ALIGNMENTS
BREAKS
SIZE
WIDTH
LINES
SHADIHNG
REFERENCE LINKS
FORMATTING
LOGICAL STYLES
PHYSICAL STYLES
ADDRESS elements
PRETEXT
BLOCKQUOTE
SPECIAL REFERENCES
COMMENTS

o BACKGROUND
o TABLES and related TABLE FROMATTING
o LINKS or ANCHOR elements
o IMAGES or MULIMEDIA/JAVA APPPLETS
o FORMS and FRAME SETS
Example of a HTML document:
o

<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"


"http://www.test.org/TR/test-html40/test.dtd"> --- Checks syntax XML DTD Schema
<HTML>
<HEAD>
<TITLE>Test HTML document</TITLE>
content
</HEAD>
<BODY>
<BODY BACKGROUND = image URL>
<H1> </H2>
Heading
<H2> </H3>
<H3> </H4>
<H5> </H6>
<P>Hello world!
<P ALIGN=alignment> </P>
<CENTER> </CENTER>
</BODY>
</HTML>

--- HTML Document Begins


--- Heading Section Opens
--- Title Section Open & close with
--- Heading Section Closes
--- Body Section Begins
--- Body background image section
--- Most Prominent Header /Section
--- Next level Prominent Header
--- Next level Prominent Header
--- Least Prominent Header
--- Paragraph section
--- Paragraph with alignment
--- Center Alignment
--- Body Section Closes
--- HTML Document Closes

An HTML document is divided into a head section (here, between <HEAD> and
</HEAD>) and a body (here, between <BODY> and </BODY>). The title of the document
appears in the head (along with other information about the document), and the content
of the document appears in the body. The body in this example contains just one
paragraph, marked up with <P>.
We could also use ISINDEX for interfacing to a simple script. The script itself is not
discussed here, but it is of course essential that it can handle the queries generated.
e.g. <ISINDEX PROMPT="Search string :">

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 8

The REV attribute specifies the relationship between the linked document and the current
document. The rev attribute is the reverse of the REL attribute.
e.g. <link rev="value"> However, the support for this syntax has been seized with
HTML5.0
Dynamic HTML, or DHTML, is an umbrella term for a collection of technologies used
together to create interactive and animated web sites by using a combination of a static
markup (such as HTML), a client-side scripting language (such as JavaScript), a
presentation definition language (such as CSS), and the Document Object Model.
DHTML allows scripting languages to change variables in a web page's definition
language, which in turn affects the look and function of otherwise "static" HTML page
content, after the page has been fully loaded and during the viewing process. Thus the
dynamic characteristic of DHTML is the way it functions while a page is viewed, not in its
ability to generate a unique page with each page load.
By contrast, a dynamic web page is a broader concept, covering any web page
generated differently for each user, load occurrence, or specific variable values. This
includes pages created by client-side scripting, and ones created by server-side
scripting (such as PHP, Perl, JSP or ASP.NET) where the web server generates content
before sending it to the client.

DCL412 Q4:
Why do people go in for websites? Build a website of your choice following the
elements of good website.
Website marks our presence on the internet who ever we are whether a company or an
individual. It is the address we need to have to let the million other finders. Like any other
identity cards, website address is our identity on the net. Any information that we wish to
spread over a wide area, economically, could be done through our website. Just put in
the site in an organized way. The benefits of website include, cost advantages, time
advantage, & Personal reach & also feedback we can get. A recent survey on internet
usage statistics, suggests internet has become a means in our daily lives. So many
business websites skimp on valuable information and just list products or services as
though that is enough. Business owners often feel like their sales pitch should be
sufficient to lure in a customer. However if we asked anyone else they would probably
give us a list of other top reasons they use the internet such as,
staying updated on news
connecting with friends
killing time
research
be entertained
And the study shows that is exactly the case. Sadly, killing time ranks as the #1 reason to
go online, which also means millions of people being present online. Well, this was
followed closely by educating yourself, connecting with others and research. This
particular context entrusts significance of individual presence online and increasing online
community means a medium for more opportunities and connecting with more people
and what not! The internet is growing rapidly, in 1993 it was just 130 WWW addresses in

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 9


the world and today more than 7 million website vying for attention offering more
information at faster speech.
Let us discuss about an individual website to be built for providing and Advisory in
Information Security, GRC or Cyber Law space,
Here are the following considerations that we would be working with to build this website,

High level Requirements: The Home page should reflect the following structure,
o A public web site portraying services offered for client in IS & law
advisory. The web site should cover following components
About us (displays),
Leadership
Management
Key Pointers
Services Offered (displays),
Security and GRC Advisory Services
Cyber Law and Regulatory Advisory
Forensics Research and Support
Contact Us (displays),
Locations, Addresses, and contact details
Request Contact

This site will be targeting all those audience individual or corporate looking to get services
from the independent service advisory group and personnel.

Home.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>ashvin</title>
<a href="AboutUs.html">ABOUT
US</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;
<a
href="Services.html">SERVICES</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="ContactUs.html">CONTACT US</a></head>
<body style="background-color: #FFFFCC">
<br /><hr />
<p> Ashvin is passionate to drive Audits, Advisory and Process Re-Engineering initiatives and help
individuals to imbibe value-based and holistic approach for achieving Excellence in Security and GRC
Practices. Look to leverage Leadership and drive Key GRC Initiatives to accelerate business growth and
gain competitive edge. </p>
<hr />
<iframe name="Iframe1" style="width: 1067px" src="homeText.htm">
This page doesnot support inframes
</iframe><hr />
<p>Honored for Asia-Pacific Information Security Leadership Achievement in 2011, by (ISC) 2 for
contribution towards global Information Security Workforce.</p>
Successfully Grand-fathered to C|CISO in 2014, given by EC-Council USA.
</body>
</html>

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 10

HomeText.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Home</title>
</head>
<body>
<p>A Governance, Risks, Compliance (GRC) and Security Executive with proven ability to Lead
Programs in Global Assurance and Advisory Engagements. .Strong Partnering skills and keen insight to
Drive Practice(s) and Key GRC Initiative(s) to facilitate Corporate Growth, Excellence through various
Process-Technology-Business alignment. 12+ years of progressive experience in implementing Effective
Governance and Well-Defined, Right-Sized Risk based Solutions through Profit-Oriented approach.
Global Enterprise Security, Compliance, Data-center and Business Transformation Experience. Managed
role of an Advisory CISO and have Led Asias largest Tier4 Datacenter client; Exposure in handling
clients in India, EMEA, USA and Asian regions.
Ashvin and team help our customers bring the best of GRC parctices across our
clientele.</p>
</body>

Aboutus.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>About Us</title>
ABOUT US
DCL412 Q5:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
What does a webnbsp;&nbsp;
server do? How does it work? How do you choose a web server
platform?
<a href="ContactUs.html">CONTACT
US</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a
A web server is a href="Services.html">SERVICES</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
server used to communicate with Web Browsers as its clients and the
<a href="Home.html">HOME</a></head>
communication protocol
used in this case is HTTP (Hyper Text Transfer Protocol). This is
why a Web Server</head>
is also called an HTTP Server.
<body>
<body style="background-color:
#FFFFCC">
HTTP a stateless request-response
based communication
protocol. It's used to send and
<br /><hr />
<iframe name="Iframe1" style="width: 1067px" src="aboutText.html">
<p> About Ashvin and Team </p>
<hr /></iframe>
<hr />
</body>
</html>

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 11


AboutusText.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>AboutUs Text</title>
</head>
<body>This is text to explain Ashvin and Team</body>
</html>

Services.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="en-us" http-equiv="Content-Language" />
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Services</title>
SERVICES
DCL412 Q5:
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
What does a web<a
server
do? How does it work? How do you choose a web server
href="ContactUs.html">CONTACT
platform?
US</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp
<a
href="Services.html">SERVICES</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
A web server is a &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
server used to communicate with Web Browsers as its clients and the
<a href="Home.html">HOME</a></head>
communication protocol
used in this case is HTTP (Hyper Text Transfer Protocol). This is
why a Web Server</head>
is also called an HTTP Server.
<body>
<body style="background-color:
#FFFFCC">
HTTP a stateless request-response
based communication
protocol. It's used to send and
<br /><hr />
<iframe name="Iframe1" style="width: 1067px" src="servicesText.html">
<p> About Ashvin and Team </p>
ServicesText.html<hr /></iframe><hr />
</body>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
</html>
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>serviceText</title>
</head>
<body><ul>
<li>IT Infrastructure Audits and Support</li>
<li>&nbsp;Risk Advisroy and GRC Solutions</li>
<li>Continual Compliance Support Services</li>
<li>Forensics Research and Support</li>
<li>Security Operations and Outsourcing </li>
</ul></body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
ContactUs.html <html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>ContactUs</title>
CONTACT
US&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="AboutUs.html">ABOUT
US</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp
<a href="Services.html">SERVICES</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
DCL412 Q5:
<a href="Home.html">HOME</a></head>
</head>
<body>
<body style="background-color: #FFFFCC">
<br /><hr /> <iframe name="Iframe1" style="width: 1067px" src="contactText.html">
<p> About Ashvin and Team </p><hr /></iframe><hr />
</body>
</html>

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 12


What does a web server do? How does it work? How do you choose a web server
platform?
A web server is a server used to communicate with Web Browsers as its clients and the
communication protocol used in this case is HTTP (Hyper Text Transfer Protocol). This is
why a Web Server is also called an HTTP Server.
HTTP a stateless request-response based communication protocol. It's used to send and
ConactText.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>This is text to explain Ashvin a</title>
</head>
<body>
Ashvin PN<p>&nbsp;</p>
&nbsp;203, Raheja Vistas
Nacharam
<p>&nbsp;</p>
Ph No: 9246566616
<p>&nbsp;</p>
email: ashvin.parankusha@gmail.com
</body>
</html>

DCL412 Q5:
What does a web server do? How does it work? How do you choose a web server
platform?
A Web server is a system that delivers content or services to end users over the Internet.
A Web server consists of a physical server, server operating system (OS) and software
used to facilitate HTTP communication. A Web server is also known as an Internet server.
Web server handles the HTTP protocol. When the Web server receives an HTTP request,
it responds with an HTTP response, such as sending back an HTML page. To process a
request, a Web server may respond with a static HTML page or image, send a redirect,
or delegate the dynamic response generation to some other program such as CGI
scripts, JSPs (Java Server Pages), servlets, ASPs (Active Server Pages), server-side
JavaScript, or some other server-side technology. Whatever their purpose, such serverside programs generate a response, most often in HTML, for viewing in a Web browser.
Depending on context, the term can refer to the hardware or Web server software on the
server. In terms of software, there have been literally hundreds of Web servers over the
years, but Apache and Microsoft's IIS have emerged as two of the most popular systems.
The term web server, can refer to either the hardware (the computer) or the software (the
computer application) that helps to deliver web content that can be accessed through the
Internet. Understand that a Web server's delegation model is fairly simple. When a
request comes into the Web server, the Web server simply passes the request to the
program best able to handle it. The Web server doesn't provide any functionality beyond
simply providing an environment in which the server-side program can execute and pass

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 13


back the generated responses. The server-side program usually provides for itself such
functions as transaction processing, database connectivity, and messaging. While a Web
server may not itself support transactions or database connection pooling, it may employ
various strategies for fault tolerance and scalability such as load balancing, caching, and
clusteringfeatures oftentimes erroneously assigned as features reserved only for
application servers.
Working Explained:
Web server uses HTTP protocol receive data on the Web i.e., over the Internet. This
protocol uses reliable TCP connections either for the transfer of data to and from clients
which are Web Browsers in this case. HTTP is a stateless protocol means the HTTP
Server doesn't maintain the contextual information about the clients communicating with it
and hence we need to maintain sessions in case we need that feature for our Webapplications.
As is the case with any client-server communication, in this case also the client (i.e., the
Web Browser) and the server (i.e., HTTP/Web Server) should be able to communicate
with each other in a defined way. This pre-defined set of rules which form the basis of the
communication are normally termed as a protocol and in this case the underlying protocol
will be HTTP. Irrespective of how the client or the server has been implemented, there will
always be a way to form a valid HTTP Request for the client to work and similarly the
server needs to be capable of understanding the HTTP Requests sent to it and form valid
HTTP Responses to all the arrived HTTP Requests. Both the client and the server
machines should also be equipped with the capability of establishing the connection to
each other (in this case it'll be a TCP reliable connection) to be able to transfer the HTTP
Requests (client -> server) and HTTP Responses (server -> client).
For instance, the Browser may use the java.net.Socket class to establish itself as one
endpoint of the communication on a TCP reliable connection (the other endpoint will be
another Socket instance returned by the accept() method of the Server Socket class at
the server).
For creating a socket and being able to communicate to a machine, we need to know two
things - the IP Address and the Port Number. In our case, a part of the URL will help us
getting the IP Address of the server and for HTTP protocol the default port is assumed to
be 80. The DNS server gives the IP Address for a valid URL entered into the address bar
of a typical Web Browser. In HTTP/1.0, a connection must to be made to the web server
for each object the browser wishes to download. Many web pages are very graphic
intensive, which means that in addition to downloading the base HTML page (or Frames),
the browser must also retrieve a number of images. Establishing a connection for each
one is wasteful, as several network packets have to be exchanged between the web
browser and web server before the image data can ever start transmitting. In contrast:
opening a single TCP connection that transmits the HTML document and then each
image one by one is more efficient, as the negotiation of starting new TCP connections is
eliminated. In this process, a web server apart from its communication, a web server
serves up content. This content must be identified in a way such that web browser can
download and display that content in correctly. The primary mechanism for deciding how
to display content is the MIME (Multi-purpose Internet Mail Extension) type header which
tells browser what sort of document is being sent. Such type identification (>370) is not
limited to graphics or HTML.
Web servers are designed around a certain set of basic goals,
Accept network connections from browsers
Retrieve content from disk
Run local CGI programs

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 14

Transmit data back to clients


Be as fast as possible

Unfortunately, these goals are not totally compatible. For example, a simple web server
could follow the logic below,
Accept connection
Generate static or dynamic content and return to browser
Close connection
Accept connection Back to start
How to choose the Web Server Platform:
Though this works for simple web sites, the server would start encountering problems as
soon as clients started hitting the site in numbers, or if a dynamic page takes long time to
generate. Although this model works, it would need to be re-designed to serve more
users than just few at a time. Web servers tend to take advantage of two different ways of
handling this concurrency; multi-threading and multi-processing. Early web servers used
inetd to spawn a web server process that could handle each web browser request. They
were fairly simple applications, and there was no expectation of than having to cope with
high number of hits, so this was a totally reasonable design decision to make at the time.
The easiest way to write a server applications for unix system that need to handle
multiple connections is to take advantage of the field domain, which manages all needed
TCP/IP communication.
Using this method also makes administration of the machine easier. On most UNIX
machines, inetd is rule by default, and is a very stable process. Web servers on the other
hand, are more complex proglains and can be prone to crashing or dying unexpectedly. It
also means that administrator doesnt have to worry about starting and stopping the web
server; as long as inetd is running. It will be automatically run each time an HTTP request
is received on the given port. On the downside, having a web server process run for each
HTTP request is expensive on the web host, and is completely impractical for modern
popular web sites. These days, most web sites run a Web server that supports either
multi-processing or multi-threading, and are thus able to handle a much higher loan. Web
server is chosen based on the loads it handles, type of applications and business
requirements.
DCL412 Q6:
"The potential of world wide web (WWW) on the internet has led to an explosion in
Commercial activity". Discuss
The World-Wide Web is a collection of documents and services, distributed across the
Internet and linked together by hypertext links. The web is therefore a subset of the
Internet, not the same thing.
The potential of the World Wide Web on the Internet as a commercial medium and
market has been widely documented in a variety of media. However, a critical
examination of its commercial development has received little attention. First, we explore
the role of the Web as a distribution channel and a medium for marketing
communications. Second, we examine the factors that have led to the development of the
Web as a commercial medium, evaluating the benefits it provides to both consumers and
firms and its attractive size and demographic characteristics. Third, we discuss the
barriers to commercial growth of the Web from both the supply and demand side
perspectives. This analysis leads to a new classification of commercialization efforts that
categorizes commercial Web sites into six distinct types including 1) Online Storefront,
2)Internet Presence, 3)Content, 4)Mall, 5)Incentive Site, and, 6)Search Agent. The first
three comprise the Integrated Destination Site," and the latter three represent forms of
"Web Traffic Control." Let us discuss in the context of integrated marketing, facilitates

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 15


greater understanding of the Web as a commercial medium, and allows examination of
commercial Web sites in terms of the opportunities and challenges firms face in the rush
towards commercialization
Commercialization of the Internet involved not only the development of competitive,
private network services, but also the development of commercial products implementing
the Internet technology. The tremendous growth of the Internet, and particularly the World
Wide Web, has led to a critical mass of consumers and firms participating in a global
online marketplace. The rapid adoption of the Internet as a commercial medium has
caused firms to experiment with innovative ways of marketing to consumers in computermediated environments. These developments on the Internet are expanding beyond the
utilization of the Internet as a communication medium to an important view of the Internet
as a new market (Ricciuti, 1995). The Internet is a massive global network of
interconnected packet-switched computer networks. Kroland Hoffman (1993) offer three
(mutually consistent) definitions of the Internet: "1) a network of networks based on the
TCP/IP protocols; 2) a community of people who use and develop those networks; 3)
collection of resources that can be reached from those networks". The user-friendly
consumer-oriented homepages of the WWW utilize the system of hyperlinks to simplify
the task of navigating among the offerings on the Internet. The present popularity of the
WWW as a commercial medium (in contrast to other networks on the Internet) is due to
its ability to facilitate global sharing of information and resources, and its potential to
provide an efficient channel for advertising, marketing, and even direct distribution of
certain goods and information services
Anecdotal evidence suggests that Web-based commercial efforts are more efficient and
possibly even more effective than efforts mounted in traditional channels. Initial
conjectures on efficiencies generated by online commercial efforts suggests that
marketing on the Web results in "10 times as many units [sold] with 1/10 the advertising
budget" (Potter, 1994). It is about one-fourth less costly to perform direct marketing
through the Net than through conventional channels (Verity & Hof, 1994). This fact
becomes especially critical in the face of shrinking technology and product lifecycles and
increasing technological complexity (IITA, 1994). Consider the example of
SunSolveOnline, which has saved Sun Microsystems over $4 million in FAQs alone since
they "re-engineered information processes around the WWW" (Neece, 1995)

Figure 1

Figure 2

Figure 1.Traditional Mass Media Model of One-to- Many Marketing Communications


Figure 2. suggests that the Internet offers an alternative to mass media communication.
Some applications on the Internet (e.g., personal homepages) represent "narrowcasting"
to the extreme with content created by consumers and for consumers. As a marketing
and advertising medium, the Web has the potential to change radically the way firms do
business with their customers by blending together publishing, real-time communication
broadcast and narrowcast. As an operational model of distributed computing, supports:

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 16

Discussion groups (e.g., USENET news, moderated & unmodulated mailing


lists),
Multi-player games and communications systems (e.g., MUDs, irc, chat,
MUSEs),
File transfer (ftp) and remote login (telnet),
Electronic mail ("email"), and
Global information access and retrieval systems (e.g., Archie, veronica, gopher,
and the World Wide Web)

The Internet, a revolution in distributed computing and interactive multimedia many-tomany communication, is dramatically altering this traditional view of communication
media. As Figure 2indicates, the new many-to-many marketing communications model
defining the Web offers a radical departure from traditional marketing environments
(Hoffman & Novak, 1995). From a business and marketing perspective, the most exciting
developments are occurring on that portion of the Internet known as the World Wide
Web.
Business houses observed following benefits as result of WWW potential,
Reduced costs and Better Quality
Wider business coverage and reduced time of communication
Access to huge information and Enhanced Decision Making
Efficient handling potential for Demand and Supply chain
Revolutionized Distribution and Marketing using web as a channel
Reduced errors, time, and overhead costs in information processing
Buyer/End Consumer also started enjoying following benefits as result of WWW potential,
Availability of searchable and precise information
Reduced uncertainty in purchase decision
Wider options and reduced spends
Ease of access
The statistic shows the trend in the global number of internet hosts in the domain name
system from 1993 to 2014. In January 2014, approximately 1 billion internet hosts were
available on the DNS, almost double the amount of five years prior to that compared to
6.64 million hosts in 1995
Thought the trend also observed few barriers listed below, WWW growth and internet has
not stopped growing into the lives of people and continues to grow globally in complexity
commercial usage and day to day necessity through its ease of access & plethora of
benefits in todays world. Here are few barriers that continues to float around the context,
Concerns over security of information stored and transmitted over internet
Uncertainty of usage of information by the kind, type or state of people
Rapid advancements in technology and challenges involved in its usage
Modes and means of competition and risks questioning the viability
No or limited control over public information, etc.
Still the internet and WWW continues to grow with huge business and commercial
activities happening around the world with few of them being listed below,
Cloud technologies Infrastructure/Software/Product/Security as a Service
E-commerce online Ads/ classified, e-shopping sites, e-Marts, Banking, etc.
Hosting/Development Application Development, Mail, Web hosting, ERP, etc

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 17

Technology Convergence WiFi, Bluetooth, SMART Devices, Mobile Apps, etc.


Content and Information Search engines, Ad words, SEO, online marketing
Security Technologies VA/PT, Risk Assessments, Compliance, Tech Audits
Automation and Manufacturing Remote Automations, IT Device Manufacturing,

The inter active nature of the Web is especially conducive to relationship building and
offers marketers new opportunities to create stronger brand identities which have the
potential to translate to brand loyalty (Upshaw, 1995). Research efforts should be
especially concentrated at developing integrated marketing approaches that specify the
ways in which these different elements can be combined for maximum advantage. The
Internet, especially that portion known as the World Wide Web, has the potential to
change radically the way businesses interact with their customers. The Web frees
customers from their traditionally passive role as receivers of marketing communications,
gives them much greater control over the information search and acquisition process,
and allows them to become active participants in the marketing process. However,
significant adoption barriers to commercialization preclude predictable and smooth
development of commercial opportunities in this emerging medium. Commercial
development of the Web must follow the demand ("demand pull"), instead of being driven
by "gold fever." Firms have and will reap the benefits of innovation in interactivity by being
closer to the customer than ever.
DCL412 Q7:
Discuss the uses of internet activity?
We will focus on three classes of Internet activity. The first is that of electronic
communications - the use of the networks for person-to-person communications as an
alternative to the traditional services. The second class is that of electronic publishing using the networks as an alternative or supplement to traditional publishing methods. The
third is that of hybrid uses that combine elements of both electronic communications and
electronic publications.
1. Electronic communications
The Internet provides an alternative means of person-to-person communication to the
telephone, fax, telex and postal services. Interestingly, the power of electronic mail,
known as 'email' (Suarez 1994, section 2), lies in its plasticity. The technology can be
moulded and shaped in such a way as to provide the benefits of any or all the traditional
services mentioned above.
Email can be set up to provide instantaneous, 'real-time' communication, known as
'Internet Relay Chat' or 'IRC'. Equally, it can be sent out of hours or whilst the recipient is
away and then stored in an electronic mailbox until accessed by that recipient. Email can
take the form of no more than a textual message or can be used as a vehicle to which to
'attach' or enclose files containing processible documents, diagrams, graphics,
photographs, sounds, video and software. The email message itself is capable of being
conveyed as sound instead of text and, in this situation, is known as 'voice mail'. Voice
mail itself can be combined with moving images of the correspondents to produce video
communications.
How does email manifest itself?
At the simplest level, it takes the form of one-to- one communication. One individual
sends a message to another, who may then reply. At the second level, email may be
distributed on a one-to-many basis. It is possible manually to address an identical or very
similar message to a number of recipients at the same time.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 18


The third, more sophisticated level is that of pre- prepared one-to-many mailing lists
(Suarez 1994, section 7). Here a number (possibly a large number) of subscribers who
may be widely dispersed geographically are gathered into a group and the group is given
its own email address. Mail sent by any individual member of the group addressed to the
mailing list then passes through a 'mail exploder' which automatically addresses and
sends the same message to every other individual member of the mailing list.
Interchanges that take place amongst members of such mailing lists often develop into
impromptu discussions. An interesting question or observation by one member of the
group may cause a number of other members to respond and to raise fresh issues. This
first wave of group interest can lead to a second wave and so on - the whole process
sometimes 'snowballing' into a full-scale, ad hoc conference.
At the fourth level of sophistication, Internet-based discussions are increasingly run on a
pre-planned basis as formal electronic conferences. A special mailing list may be set up
and 'delegates' invited to sign up and participate in the conference. A conference agenda
together with papers and other initial material may then be circulated before the
conference starts. Then, over a period of days or weeks, delegates are encouraged to
read the contributions of other members of the conferencing group and make their own
contributions to the discussion without ever leaving their normal workplace. Such
electronic conferences can be enhanced by the selection of a designated chairperson or
facilitator who is responsible for initiating various stages of the conference, summarizing
discussion at the end of each stage and at the end of the entire conference and steering
delegates back towards the agenda if they stray. Further enhancement can be achieved
by the use of dedicated conferencing software that can support several 'threads' of
discussion running simultaneously without the whole conference descending into
irresolvable confusion.
Finally, combining the ability to transmit sound and video, it is possible to shape the
technology to provide video conferencing. Here, typically, a delegate participates in a
conference in real time, viewing other speakers in action from the computer monitor on
his/her own desk (or lap). When the delegate in question makes a contribution, a video
camera on his/her computer relays voice, moving image of that delegate and any other
relevant information to all the other delegates.
2. Electronic publishing
Unlike email where messages and attachments are delivered to the mail boxes of one or
more designated recipients, the essence of electronic publishing is that information is
made available at a central location in such a way as to give either open access to that
information to the entire Internet community or closed access to a pre-determined group
of Internet users. Just as the power of electronic communications lies in its plasticity, so
too electronic publishing technology can be moulded and shaped not only to replicate
traditional methods of publishing but also to create new and hybrid varieties.
At the simplest level, electronic publishing can amount to no more than providing Internet
users with access to existing 'in-house' databases of processible documents, diagrams,
graphics, photographs, sounds, videos, software etc. The next level up from there
involves developing new databases specifically for access by those exploring the
Internet. To facilitate navigation by such outsiders, catalogues, menus, indexes and
instructions with attendant help text are often placed at the entry points to these
databases. These tailor-made 'front ends' have further evolved into 'home pages'
containing information about the host institution, its staff, location, activities, publications
and any commercial or non-commercial services that it offers.
A striking feature of the Internet is that every goal has the potential to be a gateway to
somewhere else. For this reason, one often finds that these home pages are like crossroads, containing not only sources of information but also access points to other parts of
the Internet thought likely by the authors of the home pages in question to be of interest

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 19


and use to Internet users. Moving up the scale towards more organized forms of
electronic publishing we arrive at electronic periodicals such as newspapers, magazines
and journals (The Web journal is, of course, the first electronic law journal based in
Britain). How do electronic periodicals compare with their paper-based equivalents?
3. Hybrid systems
If Internet technology is sufficiently plastic to enable us to create blends that transcend
the limitations of traditional means of communication and of publishing, that plasticity also
extends to permitting the hybridization of electronic communications and electronic
publishing. A simple example is the Usenet. The Usenet comprises a large number of
newsgroups - collections of mail messages with are organized by topic. Unlike mailing
lists, however, there is no need to subscribe to these groups. Messages, together with
any attached files, are posted up on the Internet in the form of a 'bulletin board' which is
then accessible by the public at large. To read these messages and explore any attached
files of information, one obtains access to the bulletin board by linking into to the on-line
computer upon which it is held. It can be seen that the Usenet possesses characteristics
both of electronic communications and of electronic publishing.
Another blend of electronic publishing and communications produces the potential for
lively, participatory 'readers letters' pages in electronic periodicals. Such pages may be
set up to permit the development of ongoing discussion around, and evolving from, an
article or note in a periodical. The next step, of course, is to provide formal electronic
conferencing facilities to readers. Periodicals then merge into conferences and
conferences into periodicals creating exciting new possibilities for the development of
learned discourse.
Again, a combination of Internet technologies can produce the electronic shopping
Centre (or 'electronic shopping mall' as it is known in America). Electronic 'home pages'
have evolved from being front-ends to accessible databases and now can, and
increasingly do, take the form of on-line catalogues of goods and services for sale.
Electronic periodicals can contain advertisements. Either forms of publishing can contain
email links which provide the means whereby would be purchasers can place orders
directly through the home pages or advertisements. Payment for those goods or services
over the Internet by means of electronic funds transfer or EFT technology is also
possible. EFT describes the process whereby computer systems are used to transfer
credits and debits between banks, companies, shops and individuals (British Computer
Society 1991, para 1.1.11). The use of EFT over the Internet has, however, been held up
somewhat by the pressing need to find sufficiently secure ways of transmitting electronic
funds. Delivery of goods (as defined in Sale of Goods Act 1979 s 61(1)) over the Net is,
of course, impossible. Teleportation is one technology, at least, that remains firmly in the
realm of science fiction! On the other hand, many services involve the provision of
digitizable information in one form or another and so electronic delivery is entirely
possible in these cases.
DCL412 Q8:
How is internet used by legal practitioners?
In considering the use of the Internet in the law office, it is helpful to draw a fundamental
distinction between three main areas of activity. The first two of these are case work and
research - the 'front-line' fee-earning activities. The third activity is that of administration anything that supports the front-line activities. Following are summarized synopsis of how
internet is being used by the legal practitioners.
USAGE OF INTERNET IN CASE WORKS

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 20


How can case work management in legal practice benefit from the speed and flexibility of
electronic communications (Kirkwood 1993a), (Kirkwood 1993b)? Clearly, the technology
provides an excellent means of keeping fee earners and stakeholders to keep in touch,
Ease of co-ordination, ready inter-connectivity helps Legal professionals manage
time efficiently and enhancing quality of timely and reviewed documentation drafts
within the building or across cities/ cross-border offices. e.g.: Clifford Chance, the
largest City firm, has offices in some twenty locations across the world in addition to their
London office. Given the problems of both distance and time differences, an
email/electronic conferencing system is the only effective way of resolving a logistical
nightmare (MacLeod 1990).
Instructions can be sought from clients and progress reports can provided to them
periodically or on demand and not limited to with 'in-house' colleagues.
Instructions to counsel can be transmitted via the Internet and resulting opinions,
draft documents and draft pleadings be returned to the firm in word processible
form for completion.
Electronic conferences can be set up between clients, solicitors and counsel on an
ad hoc or a pre-arranged basis and can continue over a period of days or even
weeks if the need is there. The implications of full-blown video conferencing on costs
and the speed of working have been grasped by many in the legal professions and
facilities appear to be in increasing demand (Christian 1993).
Internet helps keeping in touch with client and counsel, a fee earner will undoubtedly
be concerned to communicate electronically with solicitors acting for other parties to a
transaction or a dispute. If computers are moving into courtrooms (Plotnikoff &
Woolfson 1993)? How long will it be before courtrooms move into computers? It is
only necessary to add the judge or arbitrator in order to have a full-scale electronic or
video trial.
Direct access to court lists if produced online by the listing offices has an obvious benefit
to counsel and instructing solicitors. Equally, legal practitioners will be greatly assisted by
the facility to search on-line databases of information held by such institutions as
HM Land Registry, Companies House, Trade Marks Registry, local authorities etc.
Access to commercial company searching and credit rating searching services,
such as those offered by Dun and Bradstreet, can now be obtained via a new 'value
added' legal network service called 'Link' (Legal Information Network 1994).
USAGE OF INTERNET IN RESEARCH AND EDUCATION
The power of having an email link to a large number of other practitioners and law
academics on a one-to-one basis should not be underestimated (Millard & Carolina
1995).
One must add to this the value in research terms of participating in some of the growing
numbers of topic-specific mailing lists or in electronic conferencing (Louis-Jacques 1994).
Any of these technologies might well provide the means to obtain an answer to a problem
or at least some important leads. The new 'Link' service provides one possible medium
for research interchange whether in the form of one-to-one enquiry, informal discussion or
outright conferencing (Predavec 1994a), (Predavec 1994b).
Alternatively, through researching or seeking on internet, it is possible to access a
substantial number of law library catalogues across the Net. The 'National Information

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 21


Services and Systems' information service (NISS) provides access to 85 British academic
library catalogues from Aberdeen to York.
Increasingly, electronic libraries comprising full text documents are themselves
accessible across the Internet. On-line access to electronic publishing services such as
'Lexis' and Context System's 'Justis' databases have been available for a number of
years. Now, however, the number and variety of such published sources in rapidly
increasing.
More and more international and domestic sources of primary materials (treaties,
conventions, constitutions, legislation, secondary legislation, case reports etc.) and
secondary materials (publications by various governments and international bodies,
commentaries, journal articles, research papers, newsletters etc.) can be tracked down
and examined. The problem is now how to filter these materials to find what is useful.
There are a few examples of directories and lists that are of particular relevance to legal
practitioners,
World Wide Web Virtual Law Library (Indiana University 1995) discussed in
(Cameron 1995).
Cornell Law School's home pages (Cornell Law School 1995a) and, in Britain,
those of Strathclyde Law School (Strathclyde Law School 1995).
Both academics and research students stand to benefit substantially from the increase
in accessibility of - and speed of access to - other academics via one-to-one email
and mailing lists (Louis-Jacques 1994).
Electronic conferencing is an area of particular interest because of the facility it
provides (as we have seen) to enable delegates to participate actively in
international conferences whilst located in their workplaces and undertaking their
normal workloads. A small amount of experimental activity has already occurred in the
area of formal, electronic conferencing for law academics (Hardy, 1993). However, there
is also a desperate need for high-quality directories and other search tools to help law
academics and research students to navigate around the Internet.
Academics are already exploring ways in which electronic communications can enhance
their teaching (O'Donnell 1994). Encouraging students to raise queries and problems
with their lecturers and tutors via the privacy of one-to-one email looks likely to enrich the
interaction between staff and students.
Small groups can be formed into mailing lists by means of which students, with or without
their teachers, are requested or required to post papers and discuss questions and
problems perhaps with a view to enhancing subsequent face-to-face teaching sessions.
Rather more formally, some experiments have been carried out which involve using
electronic conferencing techniques and/or software to conduct electronic tutorials and
seminars in place of their face-to-face equivalents (Hardy 1994), (Widdison & Pritchard
1995). There are a number of advantages to using the technology which include:

Neither staff nor students are to be in a particular location at any particular time;
Tutorials and seminars do not have to be squeezed into one short, timetabled slot.
Discussion can take place over a period of time in a more relaxed and considered
way;
Where text is the primary or sole method of communication, students will get practice
in composing their views in written form; and

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 22

Whilst traditional face-to-face tutorials and seminars require tutors to operate


'consecutively', electronic equivalents permit them to operate 'concurrently', i.e.
participating in several tutorials or seminars simultaneously.

Let us turn, now, to electronic publishing (O'Donnell 1994). Twenty-four hour access to
primary and secondary sources based on campus can be offered in order to help
alleviate the pressures caused by large numbers of students squeezing into law libraries
designed for smaller numbers and all attempting to get hold of the same required or
recommended reading at the same time.
USAGE OF INTERNET IN ADMINISTRATION
Following are the points of advantageous usage of internet with law offices,
Enhanced Public Relations and Marketing Organizations with websites
providing necessary first means of contact, timely/online customer relationship
management, Publishing and Communications to clients via internet. E.g. British
law firms, Law firm publically accessible in USA (Cornell Law School 1995b).
It is likely that some law offices will develop EFT links with their major clients.
Periodic billing can be generated automatically by a law firm's accounts system
and then communicated electronically to the client. The client will then be able to
authorize the appropriate credit transfer to be made by its bank to the law firm.
Online availability of supplies. Suppliers such as Hammicks bookshop offer
hybrid systems which take the form of on-line catalogues coupled with an email
link enabling customers to order items via Internet (Legal Information Network
1994)
In legal education, development of home pages on the Internet provides a new
and exciting forum in which law schools can advertise and would-be students can
'shop' for suitable courses. We are also seeing a rise in online universities.
Automating the student admission processes evades the soul-destroying task of
wading through thousands of application forms trying to identify the very able
from amongst the able - the highly suitable from amongst the suitable to reduce
all the involved paperwork. More quick and ease of sorting and selection is
enabled.
Enabling online connect with potential employers online and available online
references which are sought to help students who apply for vacation placements.
CONCLUSION
Just as frequently, futurists forecast developments that stubbornly refuse to happen.
Three striking examples of the latter category are: (i) the wholesale dematerialization of
paper-based information resulting in the evolution of the 'paperless office'; (ii) the
widespread move towards on-line shopping and banking; and (iii) the universal exodus
from the traditional education establishment and workplace in favour of tele studying and
teleworking. At this moment, however, a new generation is growing up for whom the
screen is as natural a medium as the page. This and later generations may well be as
comfortable in the electronic world as they will be in the physical world. For a long time,
the technologies that are essential to the development of the Internet - one of the key
components of cyberspace - were slow, unreliable and insecure. In some respects, they
still are (Millard & Carolina 1995). Just from being a hobby, we are seeing all this change
before our eyes. Indeed, the rate of both technological and cultural change is increasing
so fast that there is some risk of it creating a blur in our minds. At this point, it then
becomes essential for us to refocus our understanding to ensure not only that we keep
control of our technology but also that we can exploit its potential for the utmost benefit.
DCL412 Q9:
Define networking. Highlights the issues of Network security.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 23


A Network has been defined any set if interlinking lines resembling a net, network of
roads an interconnected system, a network of alliances. This definition suits our
purpose well: a computer network is simply a system of interconnected computers. How
theyre connected is irrelevant, and as well soon see, there are number of ways to do
this.
The International Standards Organization (ISO) Open Systems Interconnect (OSI)
Reference Model defines seven layers of communications types, and the interfaces
among them. (See below Figure) Each layer depends on the services provided by the
layer below it, all the way down to the physical network hardware, such as the computer's
network interface card, and the wires that connect the cards together.

Application
Presentation
Session
Transport
Network

One of the early popular known networks was


UUCP (Unix-to-Unix CoPy) was originally developed
to connect UNIX hosts together. UUCP has since
been ported to many different architectures, including
PCs, Macs, Amigas, Apple IIs, VMS hosts, everything
else you can name, and even some things you can't.
Additionally, a number of systems have been
developed around the same principles as UUCP.
UUCP supported Batch-Processing and dialup (modem) connections.

Data Link

The Internet is the world's largest network of


networks. When you want to access the resources
offered by the Internet, you don't really connect
Physical
to the Internet; you connect to a network that is
eventually connected to the Internet backbone,
This is an important point: the Internet is a network of networks -- not a network of hosts.
TCP/IP: The Language of the Internet
TCP/IP (Transport Control Protocol/Internet Protocol) is the ``language'' of the Internet.
Anything that can learn to ``speak TCP/IP'' can play on the Internet. This is functionality
that occurs at the Network (IP) and Transport (TCP) layers in the ISO/OSI Reference
Model. One of the most important features of TCP/IP isn't a technological one: The
protocol is an ``open'' protocol, and anyone who wishes to implement it may do so freely.
IP: As noted, IP is a ``network layer'' protocol. This is the layer that allows the hosts to
actually ``talk'' to each other. Such things as carrying datagrams, mapping the Internet
address (such as 10.2.3.4) to a physical network address and routing, which takes care
of making sure that all of the devices that have Internet connectivity can find the way to
each other. IP has a number of very important features which make it an extremely robust
and flexible protocol. For our purposes, though, we're going to focus on the security of IP,
or more specifically, the lack thereof.
Attacks against IP
A number of attacks against IP are possible. Typically, these exploit the fact that IP does
not perform a robust mechanism for authentication, which is proving that a packet came
from where it claims it did. A packet simply claims to originate from a given address, and
there isn't a way to be sure that the host that sent the packet is telling the truth. This isn't
necessarily a weakness, per se, but it is an important point, because it means that the
facility of host authentication has to be provided at a higher layer on the ISO/OSI
Reference Model. Today, applications that require strong host authentication (such as
cryptographic applications) do this at the application layer.
IP Spoofing.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 24


This is where one host claims to have the IP address of another. Since many systems
(such as router access control lists) define which packets may and which packets may
not pass based on the sender's IP address, this is a useful technique to an attacker: he
can send packets to a host, perhaps causing it to take some sort of action.
IP Session Hijacking.
This is a relatively sophisticated attack. This is very dangerous, however, because there
are now toolkits available in the underground community that allow otherwise unskilled
bad-guy-wannabes to perpetrate this attack. IP Session Hijacking is an attack whereby a
user's session is taken over, being in the control of the attacker. If the user was in the
middle of email, the attacker is looking at the email, and then can execute any commands
he wishes as the attacked user. The attacked user simply sees his session dropped, and
may simply login again, perhaps not even noticing that the attacker is still logged in and
doing things.
TCP: TCP is a transport-layer protocol. It needs to sit on top of a network-layer protocol,
and was designed to ride atop IP. (Just as IP was designed to carry, among other things,
TCP packets.) Because TCP and IP were designed together and wherever you have one,
you typically have the other, the entire suite of Internet protocols are known collectively
as ``TCP/IP.'' TCP itself has a number of important features to be highlighted is its
Guaranteed Packet Delivery (3 way handshake)
It is not suited well toward other applications, such as streaming audio or video, however.
In these, it doesn't really matter if a packet is lost (a lost packet in a stream of 100 won't
be distinguishable) but it does matter if they arrive late (i.e., because of a host resending
a packet presumed lost), since the data stream will be paused while the lost packet is
being resent. Once the lost packet is received, it will be put in the proper slot in the data
stream, and then passed up to the application.
:
UDP: UDP (User Datagram Protocol) is a simple transport-layer protocol. It does not
provide the same features as TCP, and is thus considered ``unreliable.'' Again, although
this is unsuitable for some applications, it does have much more applicability in other
applications than the more reliable and robust TCP with few of its key features,
Lower Overhead than TCP
UDP nice is its simplicity (as it does not track sequence of packets)
Because it doesn't need to keep track of the sequence of packets,
It is more suited to streaming-data applications: there's less screwing around that needs
to be done with making sure all the packets are there, in the right order, and that sort of
thing.
Risk Management: The Game of Security
It's very important to understand that in security, one simply cannot say ``what's the best
firewall?'' There are two extremes: absolute security and absolute access. Unfortunately,
this isn't terribly practical, either: the Internet is a bad neighborhood now, and it isn't long
before some bonehead will tell the computer to do something like self-destruct, after
which, it isn't terribly useful to you.
This is no different from our daily lives. We constantly make decisions about what risks
we're willing to accept. E.g. When we get on an airplane, we're accepting the level of risk
involved as the price of convenience. Every organization needs to decide for itself where
between the two extremes of total security and total access they need to be. A policy
needs to articulate this, and then define how that will be enforced with practices and
such. Everything that is done in the name of security, then, must enforce that policy
uniformly.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 25

Types and Sources of Network Threats


Denial-of-Service
DoS (Denial-of-Service) attacks are probably the nastiest, and most difficult to address.
These are the nastiest, because they're very easy to launch, difficult (sometimes
impossible) to track, and it isn't easy to refuse the requests of the attacker, without also
refusing legitimate requests for service. Keeping up-to-date on security-related patches
for your hosts' operating systems to ensure we have some level of preventive controls.
Unauthorized Access
``Unauthorized access'' is a very high-level term that can refer to a number of different
sorts of attacks. The goal of these attacks is to access some resource that your machine
should not provide the attacker. For example, a host might be a web server, and should
provide anyone with requested web pages. However, that host should not provide
command shell access without being sure that the person making such a request is
someone who should get it, such as a local administrator. Both physically and logically it
poses few threats as followed,
Executing Commands Illicitly
Confidentiality Breaches
Unscrupulous competitor attacks
Destructive Behavior
Among the destructive sorts of break-ins and attacks, there are two major categories.
Data Diddling.
The data diddler is likely the worst sort, since the fact of a break-in might not be
immediately obvious. Perhaps he's toying with the numbers in your spreadsheets, or
changing the dates in your projections and plans. Maybe he's changing the account
numbers for the auto-deposit of certain paychecks. In any case, rare is the case when
you'll come in to work one day, and simply know that something is wrong. An accounting
procedure might turn up a discrepancy in the books three or four months after the fact.
Data Destruction.
Some of those perpetrate attacks are simply twisted jerks who like to delete things. In
these cases, the impact on your computing capability -- and consequently your business
-- can be nothing less than if a fire or other disaster caused your computing equipment to
be completely destroyed.
Where Do They Come From?
How, though, does an attacker gain access to your equipment? Through any connection
that you have to the outside world. This includes Internet connections, dial-up modems,
and even physical access. (How do you know that one of the temps that you've brought
in to help with the data entry isn't really a system cracker looking for passwords, data
phone numbers, vulnerabilities and anything else that can get him access to your
equipment?)
In order to be able to adequately address security, all possible avenues of entry must be
identified and evaluated. The security of that entry point must be consistent with your
stated policy on acceptable risk levels.
We should take relevant preventive and corrective measures as part of lessons learnt
and ensure we implement controls at people, process and technology aspects and their
integrations in line with business and regulatory needs.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 26

DCL412 Q10:
"Security is a term with both business meaning and technical meaning". Discuss
the statement in terms of security basics?
Security is term with both a business meaning and a technical meaning. In this paper we
will discuss the issue on both levels, and discuss the relationship between technology
and business process where appropriate. Security depends, however, on more than just
technology. It depends on the proper administration of systems, client and server, as well
as the faithful obsenance of related business procedures, physical access controls, and
audit functions.
As business matter, security usually means;
Legitimate use
Confidentiality
Data integrity
Auditability
Looking at each of these, legitimate use requires the authentication of users. It requires
granular controls over which users can access what data, and execute which programs.
Confidentiality implies that a system will provide appropriate services, such as data
encryption, to ensure that only authorized personnel can see sensitive data. Data
integrity requires a robust file system, and ways for files or databases hosted on the
operating system to recover from system, application and network faults and failures,
Auditability requires that systems have the ability to log a wide variety of events for
review, that these log files are themselves secure and that actions (alerts) can be
triggered by certain events which may indicate that a system, account or application is
under attack.
SECURITY IS NOT ABSOLUTE
There is not one standards that will fill all business and industries. National defense
applications, or funds transfer in a financial institution, will require a more secure system
than order entry in small business, for example. While Windows NT server provides a
wide range of features and settings, individual enterprises and government accounts will
need to carefully assess their security needs and make appropriate security decisions
about standards and/ or optional security products.
CORPORATE I.T OBJECTIVES
The general requirements of information Technology necessary for a corporation to
effectively meet its business objectives may be stated as the corporate IT objectives. By
varying the degree of emphasis it places on each of these requirements adding ifs user
needs and regulatory requirements, a corporation can tailor the following general IT
objectives in to its own unique corporate IT objectives. Once formulated_ technology
systems strategy. General components of these objectives are described in below table,
Effectiveness: Deals with information being relevant and pertinent to the business
process as well as being delivered in a timely, correct, consistent and usable manner.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 27


Efficiency: Concerns the provision of information through the optional (most productive
and economical) use of resources.
Compliance stare: Deals with complying with those laws, regulations and contractual
managements to which the business process is subject, i.e., externally imposed business
criteria.
Reliability of information: Relates to the provision of complete and accurate information
for management to operate the entity and for management to exercise its financial and
compliance reporting responsibilities.
Confidentiality: Concerns the protection of sensitive information from unauthorized
disclosure.
Integrity: Relates to the accuracy and completeness of information as well as to its
validity is accordance with business values and expectations.
Availability: Relates to information being available when required by the business
process now and in the future; it also concerns safeguarding of necessary resources and
associated capability.
INFORMATION SECURITY REQUIREMENTS
Of the general requirements for information technology to effectively meet its business
objectives, the following three are necessary for effective security; confidentiality,
integrity, and availability. Depending on a corporations IT and business objectives, the
emphasis of each security requirement differs. For e.g., a highly sensitive system, such
as a national defense system, has a greater need for confidentiality of classified
information, while an electronic funds transfer system or a medical system has a greater
need for strong integrity controls and an automated teller machine has a greater need for
all three,
i) Confidentiality: Protecting information from unauthorized disclosure: The system
should be designed and implemented to ensure the optimum control over computer, data
and program files. Privacy, sensitivity and secrecy are issues hero.
ii) Integrity: Provide adequate protection from unauthorized, unanticipated ir
unintentional modification ensuring data is accurate and complete, including:
Ensuring consistency of data values within a computer system
Recovering to a known consistent state in the event of a system failure
Ensuring that data is modified only in authorized ways;
Maintaining consistency between information internal to the computer system and the
realities of the outside world.
iii) Availability: information must be available on a timely basis wherever it is needed to
meet business requirements or to avoid substantial losses. Uninterrupted access to
information & system resources, like data, program and equipment, is a fundamental
need.
IT SECURITY CONTORL OBJECTIVES
The IT Security control objectives are desired security goals to be achieved by
implementing IT security controls. The achievement of these goals will help a corporation
meet its overall IT control Objectives and satisfy the security requirements as given
below:
Security monitoring: Management should monitor whether a secure computer
environment is maintained.
Security management: Management should ensure the implementation of access
control policies, which are based on the level of risk arising from access to programs
and data.

19CL01129-14 PGDCLIPR/2013-14 Assignment DCL 412 | 28

System level access control: Access to the computer system programs and data
should be appropriately restricted.
Application level access controls: access to particular functions within applications
should be appropriately restricted to ensure segregation of duties and prevent
unauthorized activity.
Sensitive facilities: Use of sensitive facilities, such as master passwords, powerful
utilities, and system manager facilities, should be adequately controlled.
Physical access: Physical access to computer facilities and data should be
appropriately restricted.
External network connections: External network connections should be used for valid
business connections purpose only and controls should be in place to prevent these
connections from undermining system security.

Das könnte Ihnen auch gefallen