Chapter 7

hurtpotatocreekSecurity

Nov 5, 2013 (3 years and 7 months ago)

69 views

The Web and E
-
mail

Chapter 7

7

Chapter 7: The Web and E
-
mail

2

Chapter Contents


Section A: Web Technology


Section B: Search Engines


Section C: E
-
commerce


Section D: E
-
mail


Section E: Web and E
-
mail Security

7

Chapter 7: The Web and E
-
mail

4

Web Basics


The Web is an interlinked collection of
document, image, video, and sound files


A Web site contains a collection of related
information


Podcasts


RSS vs. Atom


Videocasting

7

Chapter 7: The Web and E
-
mail

5

Web Basics


A
Web page

is the product or output of one or more
Web
-
based files displayed in a format similar to a
page in a book


A
Web browser

is
client software

that displays Web
page elements and handles links between pages


Every Web page has a unique address called a
URL

7

Chapter 7: The Web and E
-
mail

6

HTML


Set of specifications for creating documents
that a browser can display as a Web page


Markup language


HTML tags


XHTML


Extensible HTML


DHTML


Dynamic HTML


Ajax


Asynchronous JavaScript and XML

7

Chapter 7: The Web and E
-
mail

7

HTML

UTA
Example

7

Chapter 7: The Web and E
-
mail

8

HTTP

HTTP messages flow

between a browser

and a Web server.

7

Chapter 7: The Web and E
-
mail

9

Web Browsers


Help you access Web pages


Upgrade to new browser

versions as they become

available


Popular browsers:


Internet Explorer


Mozilla Firefox


Apple Safari


Netscape Navigator


Opera

7

Chapter 7: The Web and E
-
mail

11

Cookies


Small chunk of data generated by a Web
server and stored on computer’s hard disk


Fix problems caused by HTTP’s stateless
protocol


Relatively safe


Your computer does not have to accept
cookies

7

Chapter 7: The Web and E
-
mail

12

Web Page Authoring


Text editor


HTML conversion tool


Online Web authoring
tools


Web authoring software


Microsoft FrontPage


Adobe Dreamweaver

7

Chapter 7: The Web and E
-
mail

13

HTML Scripts


HTML scripts can perform complicated tasks
and respond to user actions


HTML forms


Server
-
side script


Client
-
side script


Java applet


ActiveX control


Digital Certificate

7

SECTION

B

Chapter 7: The Web and E
-
mail

14

Search Engines


Search Engine Basics


Formulating Searches


Citing Web
-
based Source Material

7

Chapter 7: The Web and E
-
mail

16

Search Engine Basics


A
Web crawler

is a computer program that is automated to
methodically visit Web sites


A search engine
indexer

is software that culls keywords from
a Web page and stores them in a database


A search engine’s
query processor

looks for your search
terms in search engine’s indexed database and returns list of
relevant Web sites


Link popularity is measured by quantity and quality of links
from one Web page to others


A
meta keyword

is entered into a header section of a Web
page when it is created and is supposed to describe the
page contents


Keyword stuffing

7

Chapter 7: The Web and E
-
mail

17

Formulating Searches


Most search engines
work with keyword
queries in which you
enter one or more
words, called search
terms

7

SECTION

C

Chapter 7: The Web and E
-
mail

21

E
-
commerce


E
-
commerce Basics


Online Shopping


Online Auctions


Online Payment

7

Chapter 7: The Web and E
-
mail

22

E
-
commerce Basics


Business transactions

conducted
electronically over a computer

network


B2C (business
-
to
-
consumer)


C2C (consumer
-
to
-
consumer)


B2B (business
-
to
-
business)


B2G (business
-
to
-
government)

7

Chapter 7: The Web and E
-
mail

24

Online Shopping Transactions

In a typical shopping

session, you connect to

an online
storefront

and

use navigation controls

to browse through the

merchant’s
catalog
. As

you browse, you can

drop items into your

electronic shopping cart
.

At the checkout counter,

you enter the information

necessary to
pay

for the

items you selected.

7

Chapter 7: The Web and E
-
mail

25

Online Shopping

7

Chapter 7: The Web and E
-
mail

26

Shopping Carts

7

Chapter 7: The Web and E
-
mail

29

Online Payment


A
secure connection

encrypts the data
transmitted between your computer and a
Web site


SSL (Secure Sockets Layer)


S
-
HTTP (secure HTTP)

7

SECTION

D

Chapter 7: The Web and E
-
mail

32

Web Technology (bonus)


The Internet Protocol Stack


Application Ports

7

Chapter 7: The Web and E
-
mail

33

Internet Protocol Stack


Nodes attached to the Internet implement a
standard

set of capabilities to allow
communications between dissimilar systems
across dissimilar communications links


The standard protocol “stack” is implemented
in a
layered

design to support
modularity

and
ease of implementation

in many different
environments.

7

Chapter 7: The Web and E
-
mail

34

Internet Protocol Stack


Think of each layer as
a different
system
software program

that
runs on your
computer.


The
upper layers

allow
like applications

to
communicate


The
lower layers

allow
like devices

to
communicate

application


transport


network


link


physical

APPLICATION

CATEGORY

DEPENDENT

OPERATING

SYSTEM

CONTROLLED

NETWORKE

HARDWARE

DEPENDENT

HTTP, etc.


TCP or UDP


IP


Ethernet


UTP, fiber, etc.

7

Chapter 7: The Web and E
-
mail

35

Internet Protocol Stack

application


transport


network


link


physical

application


transport


network


link


physical

Your Client
Application

Target Server
Application

Your Messages

Your Messages

packets

packets

The

Internet

Web browser,
email client, etc.

Web server, email
server, etc.

7

Chapter 7: The Web and E
-
mail

36

Internet Ports

transport


network


link


physical


The means by which
a single
physical

node differentiates
multiple requests,
like email, web, file
transfer, etc.


The
transport

layer
passes requests to
specific “ports” into
the application layer

80

File Transfer

Application

Email

Application

Web Server

Application

7

SECTION

D

Chapter 7: The Web and E
-
mail

37

E
-
mail


E
-
mail Overview


Netiquette


E
-
mail Technology

7

Chapter 7: The Web and E
-
mail

44

E
-
mail Technology


E
-
mail systems carry and manipulate e
-
mail
messages


E
-
mail servers


Based on
store
-
and
-
forward

technology (SMTP)


Three types of e
-
mail client systems widely
used today:


POP


IMAP


Web
-
based e
-
mail

7

Chapter 7: The Web and E
-
mail

45

E
-
mail Technology


A
POP server

is a
computer that stores
your incoming
messages until they
can be transferred to
your hard disk


E
-
mail client software


An
SMTP server

is a
server that forwards
emails that you send

7

Chapter 7: The Web and E
-
mail

46

1) Alice uses an email client
program to compose a
message and “to”
bob@someschool.edu

2) Alice’s mail client sends the
message to her mail server
where it is placed in a
message queue (SMTP)

3) Client side of opens a
“connection” with Bob’s
mail server

4) The client
-
side mail server
sends Alice’s message over
the connection (SMTP)

5) Bob’s mail server places the
message in Bob’s mailbox on
the server

6) Bob opens his email client
program to download and
read Alice’s message (POP3)


user

agent

mail

server

mail

server

user

agent

1

2

3

4

5

6

E
-
mail Technology: SMTP mail

Slide from
Computer Networks: A Tops
-
Down Approach
, Kurose and Ross

7

Chapter 7: The Web and E
-
mail

47

E
-
mail Technology: Web mail


Web
-
based e
-
mail accounts allow you to use
a browser to access your e
-
mail messages


Messages are sent as form data between
the client and the server using HTTP (not
SMTP/POP).



Your Web server re
-
formats and then
forwards your email using SMTP.

Web

Client

Mail

SMTP

mail

server

user

agent

1

2

5

6

7

Web

HTTP

4

3

HTTP

SMTP

7

SECTION

E

Chapter 7: The Web and E
-
mail

48

Web and E
-
mail Security


Cookie Exploits


Fake Sites


Spam


Phishing

7

Chapter 7: The Web and E
-
mail

49

Cookie Exploits


An
ad
-
serving cookie

can track your activities
at any site containing banner ads from a third
party


7

Chapter 7: The Web and E
-
mail

52

Fake Sites


A
fake Web site

looks legitimate, but
has been created by
a third party to be a
very clever replica of
a legitimate Web site


Pharming

is an
exploit that redirects
users to fake sites
by “poisoning” a
domain name server
with a false IP
address

7

Chapter 7: The Web and E
-
mail

53

Spam


Spam is
unwanted electronic junk mail

about
medical products, low
-
cost loans, and fake
software upgrades that arrives in your online
mailbox


A
spam filter

is a type of utility software that
captures unsolicited e
-
mail messages before
they reach your inbox


Local filtering


ISP filtering

7

Chapter 7: The Web and E
-
mail

55

Phishing


Phishing is an
e
-
mail based scam

designed
to persuade you to reveal confidential
information, such as your bank account
number or Social Security number


If you don’t want to become a phishing victim,
be suspicious of e
-
mail messages that
supposedly come from
banks
,
ISPs
,
online
payment services
, operating system
publishers, and online merchants

Chapter 7 Complete

The Web and E
-
mail