| Internet Structure |
| The trend towards internet connectivity Clever computer users started connecting personal computers together through Local Area Networks (sometimes abbreviated LAN) and through telephone connections and special hardware devices. The personal computers could then be used again as communication tools, but only with other computers they were directly tied to. Gradually, LANs became more powerful, and were often tied together to make Wide Area Networks (WANs). Most businesses today use a combination of LAN and WAN technology. At the same time, educational and defense institutions were working on ways to connect the large research machines. They had a special problem. During the height of the cold war, these computers were used in support of nuclear defense initiatives. It was vital that there be many paths between the computers, and that messages could get through even if some of the communications hubs were brought down by the bad guys. An underlying protocol The earliest form of the Internet was based on an ingenious idea called TCP/IP. This stands for Transfer Control Protocol / Internet protocol. TCP/IP is a big name for a simple idea. Essentially, a message is automatically broken into small parts, which are called 'packets.' A packet is labeled with its source and destination, as well as some other information. Each packet finds its own way from the starting machine to the destination, and if it finds itself blocked, it has the capacity to back up and find a new path. When the packets arrive at the destination, they are pieced back together, and the message can be read. The entire Internet from email to web pages and streaming video, is currently based on TCP/IP packets. Anything you see or hear on the Internet was broken into these packets and sent to you. The TCP/IP protocol is invisible and automatic. Most users never see it and never have to know it is there. This has some interesting side effects. A message that goes from one machine to another in the next room might find its way to France in the meantime (not too often, but it happens). The other side effect of this is that messages you send might temporarily reside on dozens of computers you will never see before they get to the destination. The 'traffic cops' of the Internet As scientists were developing TCP/IP and networking technology became more prevalent among personal machines, it became apparent that there ought to be a way to connect the two. Essentially, the solution was a special class of computer called a router. The router's job is to sit between a network and the rest of the internet, and act as a kind of mailman to the network. Any traffic the network sends to the Internet goes through the router, and any messages destined for sites on the network only get there through the router. Routers are connected through high-speed cables to even more powerful machines, which are eventually connected to a number of special high-end machines, often referred to as the 'Internet Backbone'. (This network was originally called the NSF backbone, after the National Science Foundation, which provided much of the original funding. Currently, the NSF is backing a brand new version of the Internet backbone with a research focus called the 'Internet II' or 'Abilene network'. ) Hi, what's your number? Since there are literally millions of computers connected to the Internet, it could be nearly impossible to locate just one. Fortunately, the original planners of the Internet had some clever ideas. Every machine on the Internet was assigned a number. The number would be composed of four smaller numbers between 0 and 255, separated by dots. (There are some wonderful urban legends about why the numbers don't go to 999, but the real answer is related to the vagaries of base two mathematics. Let's leave that for another session.) The number is called an IP (for internet protocol) number. IP numbers work like zip codes. They are easy for computers to understand, and they make it reasonably easy for packets to be routed to the appropriate destinations. The Domain name solution The problem with IP numbers is they are, well, numbers. People tend to be not good with numbers. They much prefer characters and words. For this reason, computer scientists developed the Domain Name Service (often called DNS). DNS is just a big database (actually several) that contains a bunch of computer names and the IP addresses associated with those names. The interNIC (www.internic.net) is currently the organization which manages the assignment of domain names, although the process is being privatized, and others will soon have the capacity to assign domain names. There is a registration fee for a domain name, which is currently $70.00 for two years, but that may change as competition enters the marketplace. The good news is that most of us do not need to worry about a domain name. We are usually given an account by our employer or some kind of provider, and the domain name we use reflects that entity. Part of your email address is usually your domain name. For example, I used to have an email address like this: andyharris@aol.com The part after the @ sign is domain name of my organization. Domain names have a number of parts, and they can actually give you a lot of information about the person or entity attached to them. They usually end with a two or three digit code. The two digit codes refer to countries, so .fr means 'France' and .ca means 'Canada.' In the United States, we generally leave off the two digit country code '.us' The three digit code refers to the type of organization that owns the computer. These fall into a number of standard categories. Mine ends in '.com', which stands for 'commercial enterprise'. In addition, you often see domain names ending with '.gov' (government organization), '.edu' (educational institution), '.org' (non-profit organization), or '.net' (Internet service provider). The first part of a domain name (the 'aol' part in the example above) is the name of a particular computer or organization. Sometimes there are a number of intermediate words, that can give you more clues. For example, 'stats.math.indiana.edu' would most likely refer to the statistics section of the math department of Indiana University. (such a machine does exist, but its name has changed). Domain names, as you can see, are used as part of email addresses, and they also make up part of the address of a web page. When used in a web address, the domain name usually comes near the beginning. We will look more closely at how web addresses work in a moment. When are you here? Is existence essence? It is important to determine what it means for a person or a computer to be 'on the internet,' because there is some potential for confusion. If you can use a computer to send email, is it on the Internet? Is it on the net because it has a web browser (like Internet Explorer or Netscape) installed? Is a computer always on the Internet? Servers and clients Some computers stay on the Internet all the time, but these tend to be large expensive machines. The computers that store information like web pages should stay on all the time, and should always have some kind of connection to the Internet. Such machines are called servers. It can be complicated and expensive to manage a permanent connection, and even more complex to manage a server. Most ordinary people don't want to do it, and want to leave those jobs to a professional. We would usually just prefer to connect our computer to a server for short periods of time, and use the services of a professional to ensure our connection stays valid and we have all the right programs in place. For example, you probably turn your home computer off at night. What if you get an email at two o'clock in the morning, when your computer is not turned on? Likewise, you might have a small business and want to host a homepage. You will want people to be able to get to that page any time of the day, not simply when your computer is turned on and 'hooked up.' In addition to servers, the internet is also full of clients. You will frequently hear the term 'client-server' used in Internet conversation. The good news is you already know what this means: A client-server analogy Imagine driving up to a fast-food restaurant. You get to the speaker and the sixteen-year-old bored kid mumbles something incomprehensible into the microphone. You then order a 'cholesto-burger supreme' special, hear something that resembles a request for some cash, and you drive to the window. You then exchange the money for your meal and drive off. The cashier eagerly leaps to his microphone awaiting the opportunity to serve another customer. In this example, the customer is the client and the cashier is the server. The server sits around waiting for a client. A client shows up and makes a request. The client and server follow a ritualized conversation (a protocol) to make a transaction. Finally, the transaction is complete, the client moves on, and the server prepares to receive another client. Your machine is a client. The Internet programs on your own machine (like netscape, a telnet program, or an FTP program) are also considered clients. Clients exist to talk to servers. Servers can also be both machines and special programs. You will almost never directly talk to a server program, but use a client program to communicate with. So how do I get my client talking to a server? What most people do is subscribe to some sort of internet service provider. There are two main flavors in common use. One is the HUGE services such as America Online, Prodigy, Compuserve, and many others. These guys offer connections to the internet, and they also offer customized content only for members of the service. They can be a great choice if you are just starting out, and you have probably already gotten some software from one or more of them in the mail or when you purchased your computer. You can often get free hours to try out a service, and then you will need to pay a monthly service plan, or perhaps pay by the hour. Be very careful as you read the plan to understand its terms, particularly if you are sharing an account with members of your family. If you are unaware of an hourly service charge, you could be in for a big shock when the bill comes due. The other main approach to connecting to the Internet is through some sort of commercial Internet Service Provider (ISP). These have sprung up all over the country, and they often offer cheaper service than the larger services, but usually without custom software or content. Many experienced Internet users prefer using an ISP, but it can often be an intimidating choice for beginners. One other source of Internet access you might pursue is free access. Often employers, schools, or libraries will offer some kind of limited free Internet access. Most universities now include Internet access as a standard student perk, like a library card. Your employer may have free or reduced-rate Internet access available to you. Local schools, libraries, and community centers sometimes also offer some kind of access. Often these accounts are limited in some way, but they can get you started. Is there a free lunch? There are a few commercial ventures that get you on the Internet for free as well, but most already require you to have some kind of access to begin with. One notable exception is juno (www.juno.com) which is a free email-only service. This service includes special software to connect your machine to the internet. Of course, you will have to endure some advertising in order to receive this 'free' service, but it's not a bad trade-off, particularly if all you want right now is email. The software you might need You probably already have some Internet software (clients) on your machine. All of these programs 'know' how to speak one or more of the protocols and connect to the appropriate servers. That's all that internet programs are!! Once you are connected, your machine has an IP number (and maybe also a domain name) assigned to it. This means that you can now send TCP/IP packets to and from your machine. Of course, most of us don't really want to deal directly with TCP/IP, we would prefer the packages to be put together in a more usable format. TCP/IP is the most basic of the internet protocol, but it is used to put together fancier and more powerful protocols. A protocol is simply a name for an agreement about how a communication will ensue. Formal meetings have a very different protocol than discussions on a basketball court, for example. There are a number of protocols in common use on the Internet, but you only need to know a few. In fact, you don't need to know the protocols at all, only which clients are used for them!! We'll discuss a few anyway, just in case it comes up on a quiz show ("Internet protocols for a thousand, please.") The wild, wonderfully wacky world wide web!! The protocol most of us know best is called HTTP (Hyper Text Transfer Protocol) by the People Who Like Big Names For Simple Ideas. The rest of us call it the world-wide-web. HTTP is a truly wonderful protocol, because it allows us to have links and images, and gives us a chance to make much more interesting documents than we could have made in the old 'text-only' days. If you only have one Internet client program on your computer, you should get a good web browser. Browsers are powerful because the HTTP protocol can be used to handle some other protocols (although in limited ways) and because HTTP itself is just so cool. If your computer can handle it, you should definitely have one of the latest versions of the big two browsers (Netscape 4.5 or later, or Microsoft Internet Explorer 4.0+). For ordinary personal users, both are free. This takes us back to the idea of web addresses. Addresses on the web are also called URLs (for Uniform Resource Locator). You have probably blindly typed http:// at the beginning of every web address, and you never knew why. (It's a ritual. Throw salt over your shoulder, wave a chicken over the monitor, and type http://). Now perhaps you can see why we type this. HTTP is the name of the protocol we want to use. Since web browsers are primarily for the web, we almost always type http:// (Oooooooh!!) Ocaisionally you will use a web browser to use another protocol, so you sometimes see other things there (like news:// or gopher://) These things are just other protocols. You've got mail Email is familiar. It actually uses a number of protocols. It is an acceptable simplification to say that email primarily uses smtp (simple mail transfer protocol) as a protocol to send email messages and pop3 to recieve them. (Don't worry, there won't be a quiz. I'm only telling you this because you may run across the terms some time). Email clients (like Eudora or the email clients built into Netscape and IE) already know how to read and write the appropriate protocols, but sometimes you need to set them up so they know where your server is. Don't forget newsgroups Newsgroups are an important part of the Internet that are often overlooked. These are special communication forums that are widely distributed across the web. Most of the browsers have built-in capability to work with these newsgroups, but you might want to investigate a special program to do so. Newsgroups are especially wonderful for connecting to people with similar interests as you. If you are interested in something, there is probably a global discussion going on about the subject that you can participate in. Sometimes you want to send stuff The File Transfer Protocol (FTP) is a protocol designed for transferring files between machines on the Internet. If will not be doing much of this, the FTP capability of your web browser will probably be enough. Some people like to use Internet accounts as a place to back up important documents, and an FTP client is a good way to handle the transfers between two accounts you own. A classic protocol Telnet is one of the oldest protocols on the Internet. What it does is allow one computer to act as a 'dumb terminal' to another. In the pre-web days of the Internet, telnet was the most common way to use the Internet. It was not for the faint-of heart, though, because you had to be able to use whatever machine you were connected to, which often had arcane operating systems such as unix or VMS. It is still common to use telnet if you are operating a web site, particularly if you are doing some web programming, but most beginners do not need to worry too much about the telnet protocol. Summing it up The Internet is by any account an exceptional thing. It is a complex, dynamic organism with no real head that still manages to work together pretty well. The core technology that makes the Internet possible is the TCP/IP protocol. This provides an underlying framework that can be packaged together in complex ways to form other protocols. The Internet contains two main classes of computers and software: clients and servers. Servers are the machines and programs that are on all the time and are run by professionals. Clients are the machines and programs that mere mortals use to connect to servers. Hooking up to the Internet entails enlisting the services of a server, establishing the basic TCP/IP connection, and running one or more client programs. There is still plenty of magic left, when we consider how exactly the protocols work, how the communications happen, and how all the various programs are written, but it is possible to understand the basic workings of the Internet. One of the most exciting things about technology is that when you understand the magic, it doesn't go away. The new insight and ability that you earn make you appear to be much more effective as a user of the technology. Maybe we could say that when we take some of the magic out of the Internet, we transfer that magic to the people who have learned the concepts. This article can be found in full at http://wally.cs.iupui.edu/n241-new/webMag/internetMagic.html The 30-Minute Marketing Miracle Discover the secret process used by the world's best copywriters to turn any ad into a goldmine! Learn how to turn your ordinary, poor-response ads into killer money-making machines in just 30 minutes. |
| Secured Servers - SSL |
|
SSL What is SSL? Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website (e.g. your website's URL) and your company (e.g. your company's name and location). Your web server then creates two cryptographic keys - a Private Key and a Public Key. Your Private Key is so called for a reason - it must remain private and secure. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer's web browser. Displaying the SSL Secure Padlock The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock: As seen by users of Internet Explorer Clicking on the Padlock displays your SSL Certificate and your details: All SSL Certificates are issued to either companies or legally accountable individuals. Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiry date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user. |
| Trusted Methods to secure your website |
|
Keep Hackers away from your site If you are running your own server you need to make sure it is protected from hackers. Defenses Against Hackers by Roy Troxel We're not talking about script-kiddies here. You know, the fourteen-year-old kids who can slip little programs into you server that leave obscene messages on your web site? We're talking about dedicated criminals, mean-spirited ex-employees, organized crime - these guys are going after the big enchilada. They want to take down defense systems, banks, brokerages, and corporations. These are the kind of guys that hacked Amazon and Microsoft. They're also the kind of characters that divert electronic funds transfers. Or maybe they work on a smaller scale. Maybe they just go after small business. If they go after enough of them, then they make money. One thing they all have in common is patience. In this article, I'll try to explain briefly ( a few sentences) how various hacking methods work so that you can learn to recognize them. For the more technically-minded, I've included several web references that contain more detailed explanations. Please remember that the methods you use to locate hacking attempts on your system are similar or, in some cases, identical to the methods used by the hackers themselves. But that's how you catch the crooks sometimes: determine what their methods are, and then proceed logically as they would, step-by-step. Sources of Information: So how do you defend yourself against such attacks as Denial of Service, spoofing, sniffing, and password theft. This article is intended as a guideline to several methods of protecting your servers. There are other more detailed sources, such as "Counter Hack", an excellent manual on hacker defense strategies by Ed Skoudis, as well as the following websites: www.sans.org www.eeye.com www.securify.com www.atomictangerine.com www.cert.org I've tried to limit the site references to "safe" ones. There are numerous sites on the 'net, set up by and for hackers. Professional security experts often visit these sites to download hacker software. Don't do this unless you have taken a number of precautions. Many of these sites will record the IP addresses of all visitors, and these aren't the kind of people who should have that kind of information! If you're interested in investigating these sites, or even downloading their software to become familiar with hacking methods, set up a separate "lab" network and use a different ISP than you use for your professional network. Let's now discuss the number one defense against hackers: Plug up Those Ports! We all know what ports are, right? Those spaces in computer programs set aside for input and output of data. The operating systems Windows NT and 2000, for example, each have 65,535 ports. They are used by Windows to perform numerous tasks, most of them invisible to the user. Some of the ports however, are visible to the user, and are called "well-known" ports. For example, the default port for the HTTP protocol is 80. For example, if you're running MS Internet Information Server as your web server (or, for that matter, Apache), then you will probably use port 80 for the input and output of data to your site. Now, there's nothing that says some hacker couldn't use that same port for input and output of data, only in the hacker's case, the data could be a virus or a Trojan Horse. (We'll discuss the ways that this can be done later.) One defense against someone entering your server through port 80 is to run your web site from a port that is not "well-known", like, say, port 5555. If you do this however you will have to notify your visitors to enter your site through that port. So the URL would look something like this: www.yoursite.com:5555 Now suppose you aren't running a site on your server; i.e., you're just using it for a gateway. In that case, there's no need to have either port 80 or the HTTP service running at all! So, just shut it off. The same goes for FTP, Telnet or any other service that you don't really use. Protect Passwords, Logs and Accounting Files If hackers can reach the files and folders containing your users' passwords they can be copied (by FTP or Telnet, for example) to the hacker's PC and then decoded. A similar situation exists with accounting files in which file permissions are set (give name of file in UNIX and Windows), and logs which record the files that users access or services that the server runs. All of these tidbits are pieces of a puzzle to the hacker, enabling him to build a total picture of your network. This defense here consists of initiating a strong password policy for your users and making sure, via memo or email, that users are aware of the dangers of password cracking and should follow the policy to the closest letter. The more sensitive the information the users work with, the more stringent the policy should be. Hide the password database: This is located in the \SYSTEM32\CONFIG directory of the Windows 2000 server. In UNIX or Linux it is in /etc/groups or /etc/passwd. Conduct your own password - cracking tests with software like L0phtCrack. This can be purchased at the following site: http://www.sunbelt-software.com/ Other authentication methods, like voice recognition or security cards, can be used for highly confidential information. Or you can store your password files and logs on write-once CD-ROMs. Make your important files difficult to find, using the .htaccess directory. (UNIX machines do not see files or directories preceded by a dot.) (Hiding files works both way, of course. Both the attackers and the attacked can hide files. If you think that hackers have left hidden files on your servers, use file-integrity checking software to locate hidden files.) Windows' checks and balances: Like the US legal system, Windows NT/2000 security is based on a system of checks and balances. NTFS file properties, user properties and account properties can override each other, if not set properly. This can create confusion in the mind of the systems administrator: "Why am I denied access to this file, when I know it's part of the Administrator group?" Well, it's because the file properties themselves are set to "Access Denied", and that overrides everything else. "But how did THAT happen??" Well, someone hacked into your system and changed the permissions! Conclusion: Permissions for Users and Permissions for Processes must both be monitored. Beware of Denial of Service (DoS) attacks! Denial of Service attacks have become very popular with hackers during the past few years. They're relatively easy to perform, for one thing. The most basic kind of attack consists of repeatedly pinging a server's IP address, until the server stops under the burden of having to reply to so many requests. A more sophisticated form of this attack includes the creation of "zombies." These are servers or workstations that have had special communications software installed on them, by stealth. The software enables the hacker to communicate with machine and order it to begin executing pings to a specific server. Let's suppose that the hacker has created a team of zombies by installing his communications software on eight servers, located on the internet. He now has eight servers at his command, and when he executes his order to each server to begin pinging, say, a server or servers on a large corporate network, you can bet that they will come down very swiftly! And, because the attacker has used servers randomly located on the 'net, it will be difficult to find the perpetrator of this attack. There are several lines of defense against DoS attacks, but they can be expensive. You can purchase wider bandwidth from your ISP. This can extend the length of time it takes for your server to crash during an attack. Or, you can sign up with multiple ISPs and create redundant paths to them from your server(s). The second line of defense is simply to have a rapid incident response set up with your ISP. This way, you can notify your ISP immediately when any server slowdown or other intrusion is detected. Copyright 2002 (c) Roy Troxel, All rights Reserved. Roy is webmaster of Cyber-Routes, an online newsletter for Internet professionals, specializing in issues about web design and web security. You can also receive Cyber-Routes weekly by email by subscribing from our home page at http://www.cyber-routes.com This and many other articles can be found at: http://www.davidbartosik.com |
| Resources |
|
Search engine optimization links and SEO resources
The list of Web sites and books that follow are SEO resources that I consistently use as references whenever I build a new Web site or redesign an existing one. These resources contain books, marketing companies, and reputable search engine marketing newsletters that will help Web site owners build search-engine friendly Web sites that enhance the end-user experience. Web sitesHigh Rankings Advisor Microsoft bCentral Daily Digest Microsoft bCentral Submit It! PositionPro Position Technologies, Inc. Interactive Marketing, Inc. Search Engine Forums Search Engine Optimization Tips Search Engine Watch SearchDay SEO Consultants Directory Ten Steps to Building Links to Your Site Traffick.com URLWire Webmaster World BooksDesigning Web Usability: The Practice of Simplicity Search engines, directory editors, and end users prefer sites that are simple and easy to use. Though not all advice presented in this book is search-engine friendly, the information will help Web site owners create sites that enhance the end-user experience and increase sales conversions. Don't Make Me Think: A Common Sense Approach to Web Usability If I had to select only one book that would be required reading in a Web site design class, this one would be it. Even though Don't Make Me Think is classified as a usability book, it is a must-read for all Web site designers who plan on creating user-friendly Web sites. Provides usability reviews and site design problem-solving. Homepage Usability: 50 Websites Deconstructed Usability gurus Jakob Nielson and Marie Tahir present 113 guidelines for a user-friendly home page and analyze the home pages of popular Web sites such as About.com and Microsoft. Great book for determining the effectiveness of your home page. The Invisible Web: Uncovering Information Sources the Search Engines Can't See Enormous expanses of the Internet are unreachable with standard Web search engines. This book provides the key to finding these hidden resources by identifying how to uncover and use invisible Web resources. Mapping the invisible Web, when and how to use it, assessing the validity of the information, and the future of Web searching are topics covered in detail. Net Words - Creating High-Impact Online Copy Nick Usborne speaks, writes, and consults on strategic copy issues for business online. For Web sites, emails and newsletters, he crafts messages that drive results. This book is a guide to creating copy that connects with customers and increases sales conversions. One of the best Web copywriting books available. Speed Up Your Site: Web Site Optimization Web site optimization (WSO) is the process of reducing web site size and complexity to maximize speed. Decreasing a site's download time is one of the basic rules of web site design, and Andy's great book teaches your how to do that: your graphic images, your code, your scripts. Web Redesign | Workflow that Works Planning is of the most cost-effective things a Web site owner can do, especially when it comes to search-engine friendly design. Kelly Goto and Emily Cotler provide a framework for a cohesive Web workflow plan that save Web site owners time, money, and headaches. Read this book before designing your Web site. Profit Pulling Reports |