Hi,
A1)
Style Sheets, or CSS is a method of controlling how an Internet
document is displayed on the web. The CSS controls are available for
just about every tag, which makes up an HTML document. Tags such as
<body>, <table> <td> and even <hr> and <b> can be controlled, as far
as their visual appearance, beyond the normal controls already
available to HTML.
For instance, in our document, lets say for a <b> tag, meaning bold,
we could also change the color of the words in between the bold tags
to green or blue or pink.
Style sheets have been around since 1994, introduced by Håkon and by
a programmer for NCSA Mosaic named Marc Andreesen. Although the idea
wasn't new, the separation of document structure from the document's
layout had been a goal of HTML from its inception in 1990. Tim
Berners-Lee wrote his NeXT browser/editor in such a way that he could
determine the style with a simple style sheet. However, he didn't
publish the syntax for the style sheets, considering it a matter for
each browser to decide how to best display pages to its users. In
1993, NCSA Mosaic, the browser which made the Web popular, came out.
Stylewise, however, it was a backwards step as it only allowed its
users to change certain colors and fonts.
Style sheets have only become truly useful and popular in the last few
years however, because the many browsers out there didn't support much
of the CSS tool box, and those they did support, they rendered
differently, so it tended to be more frustrating than it was worth to
build maintainable websites with CSS controls. This has changed
drastically however, with browsers giving more support and the ability
to control the CSS sheets with languages such as Javascript and PHP.
Usage of Style sheets offers a level of control not only in the
viewing of a webpage, meaning, how it looks in a browser window, but
also in maintaining the look and feel of a website. You can place
Style controls right inside a tag, such as
<H1 style="font:arial; font-size:14px; color:blue"> Hello World</H1>
This is direct control, specifying how the H1 tag will be represented.
Better however is controlling the whole website through a single file.
With the above example, if we decided that H1 tags should be green or
yellow, we would have to change every file in our website. If you have
a website with hundreds of pages, this can be a large project, and
prone to typos and errors. But style sheets can be linked in the
Header area of an HTML document.
<link rel="stylesheet"
href="http://www.yourdomain.com/styles-site.css" type="text/css" />
This method allows the webmaster of a large site to change what ever
she needs to change in a single location, thus keeping the errors down
and the uniformity of the site high. Linking to a single file such as
this in one area of the website, gives single point of editing
control. You can also place the CSS styles in the Header of the
document, but again, this is not the best idea. Most browsers also
only download the external CSS document once, and then refer to it on
each refresh, making the pages load much faster, then if the CSS
instructions are in the header of each page.
CSS works not only with HTML documents, but also with XML documents,
and SVG documents, bringing completely new levels of control and
perfection to web design.
A great example page as to the power of CSS can be found on
Movabletype.org
http://www.movabletype.org/default_styles.shtml
Notice on this page that there are several CSS styles given as the
default available styles. The data and the content of the pages never
changes, nor do the table and header information, just the CSS setups
do, but the power of CSS over the look of the pages is amazing. On
sending the menu to one side, the other to the top, or bottom. Really,
there is very little you can not do with a patiently thought out CSS
document.
Links :
Fisrt Draft Cascading HTML style sheets
http://www.w3.org/People/howcome/p/cascade.html
Syntax of CSS rules in HTML
http://www.w3.org/TR/2000/WD-css-style-attr-20001025
Movabletype.org
http://www.movabletype.org/default_styles.shtml
a2)
Security report for E-Com on the Internet
soft Solutions Ltd
Basic Overview of Network security:
Network security is far more available and reliable now than it was
only a few short years ago. It is also far less expensive, thanks to
the hard work of many folks in the open source movements of the
community. Many watchdog organizations are also on the Internet and
produce lists of vulnerabilities every month, which can be checked
easily and adapted to systems.
The largest threat in our systems today is not keeping up with the
required upgrades and current reports from these available systems of
information. The ability, for example, of the Code Red virus to do as
much damage as it did, was based solely on systems that were not
upgraded with changes known a year before hand.
Below is a fast list of the common Vulnerabilities currently known at
this point. All of which have an answer.
Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
IIS is prone to vulnerabilities in three major classes: failure to
handle unanticipated requests, buffer overflows, and sample
applications.
W2 Microsoft Data Access Components (MDAC) -- Remote Data Services
W3 Microsoft SQL Server
W4 NETBIOS-Unprotected Windows Networking Shares
W5 Anonymous Logon-Null Sessions
W6 LAN Manager Authentication-Weak LM Hashing
W7 General Windows Authentication-Accounts with No Passwords or Weak
Passwords
W8 Internet Explorer
W9 Remote Registry Access
W10 Windows Scripting Host
Top Vulnerabilities to Unix Systems
U1 Remote Procedure Calls (RPC)
U2 Apache Web Server
U3 Secure Shell (SSH)
U4 Simple Network Management Protocol (SNMP)
U5 File Transfer Protocol (FTP)
U6 R-Services-Trust Relationships
U7 Line Printer Daemon (LPD)
U8 Sendmail
U9 BIND/DNS
U10 General Unix Authentication-Accounts with No Passwords or Weak
Passwords
List Provided by SANS Document
FBI Twenty Most Critical Internet Security Vulnerabilities
http://www.sans.org/top20/
Information on all 20 of these can be found at that site.
Groups such as SANS have been around for year, reporting most security
holes on the web long before they become a problem. Staying on top of
these can sometimes prove to be an arduous job, and the balance
between security and profit margin is sometimes thin as well.
Best Practices to Network Security
1. Less is more
Installing the least amount of software possible on an exposed
machine, especially those that would be exposed to the Internet, such
as web severs, means the fewer programs needed to be watched for
possible security problems. Xservers and games, and anything which is
not absolutely required to run the system, should never be installed
2. Closed Access
Most systems install with several ports open which are never used by
the users of that system. Again, less is more and anything that is not
required to be open for a specific need of the company should be
close.
3. Limit Access even further
Access such as FTP and Telnet send passwords across the network in
open text format. Services such as these should be replaced with
secure connection equivalents. For instance, these two can both be
replaced by SSH clients. (SSH is discussed in greater detail later in
this report.). Once they have been replaced the ports used for these
services should also be closed.
4. Admin access
Admin access should not be granted to any server away from the main
console. This means, in order to log on to the server as Root, you
should have to be sitting at the main console of that computer. Su'ing
to root, should not be an option, if at all possible.
5. Physical Servers should be secured.
The physical location of a server should be secured, enough so that
there is some control over who is sitting at the server and who is
not. Physical control often solves most hacking problems, and the lack
there of, is the largest cause of hacking problems on the Internet
today.
6. configuration documentation:
It is a good practice to document any change in the system
configuration either hardware or software. Although this is very
helpful in situations like disaster recovery, detection for an
intruder, trouble-shooting etc., it also helps if you loose and have
to replace a system administrator. It saves a great deal of time and
doesn't leave your system as vuneralble during the learning curve
time. If you have several System Administrators, it is more important
to have every thing documented. It is recommended to maintain
additional copy of the documentation on a CD ROM or as a hard copy.
7. Backup and Disaster Recovery:
In spite of reliable hardware, software and administration, there are
times when systems crash or fail. The failure may be due to hacking
also. Always good system administration involves reliable backup and
recovery procedure. Depending upon the business need, you have to plan
backup procedures. You may use built-in backup and recovery tools in
the Operating System or dedicated software from a different vendor.
Some times you may require, an additional hardware for backing up the
data.
Some of the important facts to consider while planning backup are,
· How frequently you have to back up data and what is the best time
to backup
· How much data to be backed up
· Off-site storage of the data in case of catastrophe
· How long the backup data to be stored
· Security of the backup data: Backup media should be stored in a
secured place. If
the data is stored on-line, securing the data from a hacker/intruder
is equally
important.
· Good documentation for backup and recovery procedure
Many of the considerations depends upon the business need and the
corporate goal. Any backup and disaster recovery plan/procedure is not
complete unless it is tested. Periodically you have to test if the
data recovery is working. When you are planning for backup and
disaster recovery, basic rules are, how fast you have to rebuild the
system to the latest working state, if the entire system is destroyed
and how much data you can afford to lose.
Doing business on the Web:
The major tool for securing e-commerce sites on the Internet is the
use of encryption. This will ensure that security and integrity is
maintained throughout the e-commerce process.
The protocol used to implement security is based on digital
certificates that are used at the Session layer of the OSI model. This
system is called Secure Sockets Layer (SSL) and fully encrypts:
All HTTP request and response information, including the URL that the
client requests
Submitted content from forms, such as credit card numbers, email
address and telephone numbers
HTTP access authorization information, such as username and passwords
All data returned from the server to the client
SSL provides a security "handshake" that is initiated during the
TCP/IP connection. This results in the client and server agreeing the
level of security and encryption that they will use for the
connection. After this, the only role of SSL is to encrypt and decrypt
the stream of data between the client and the server.
While SSL ensures that all data passed between the customer and the
merchant website is secure, it is the role of the Secure Electronic
Transaction (SET) specification to ensure that the authentication of
credit card purchases remains secure. SET uses digital certificates to
authenticate all parties involved in a credit card transaction
ensuring that all details remain confidential and secure.
Links
Common Vulnerabilities and Exposures
http://cve.mitre.org/
The Beautiful Features of SSL And Why You Want to Use Them?
Http://www.lucidmatrix.com/ossctalk.pdf
SSH
http://www.ssh.org
thanks,
webadept-ga |
