THE OPEN UNIVERSITY OF SRI LANKA

DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

Assignment 1 – 2010-11

ECI5266 – Advanced database systems

Q2).
1).
• The browser sends a request for a resource of some kind to the web server.
• The web server decides what to do with the request.
a. Static resources such as images, CSS and static web pages are read from disk and returned
directly to the browser.
b. Requests for dynamic resources such as an AppThena Edit screen are forwarded to an
application server.
• The application server passes the request to the correct web application. e.g. AppThena.
• The web application constructs a response using data from the database server when necessary.
• The response is passed back up the chain to the browser.
• The browser displays the response.

2).

• To view a web site or a web page in a browser, you would either type in the URL or click on a
link and hit the Go button.
• Now, the page you have asked the browser to display would probably be located on a Server
computer far far away.
• The web browser program sends a request to a web server program running on the remote
computer. Newbies may be baffled here due to similarity of names... the computer on which
the web site is stored is called a Server and it runs a program also called a server .
• The server program, gathers the request from the web browser, tries to hunt for the web page
and then formulates a response.
• This response will differ depending on whether the server program was able to find the
requested web page or web file. Assuming, the server was able to locate the web page, it sends
the HTML file to the web browser. The browser picks up all the information coming in from
the server and does its best to display the web page.
• A typical web page not only has text but also images and these are separate files that need to be
transferred from the server to the browser. So the browser-server communication goes on till
all the files have been transferred to the browser. Once the files arrive at computer, the
browser-server connection is severed - cut - chopped!
Q4).

1. Adopt a risk management methodology – ou can't know what to protect and how much to
spend if you don't know what assets are at risk.
2. Layer your security measures – Complement firewalls with host and application security.
3. Compartmentalize your network and data –
4. Implement stronger authentication – Authentication is the enabler of all security,
5. Implement admission and endpoint controls – Only allow devices that pass admission criteria
to connect to our network.
6. Improve the granularity of your access controls –
7. Develop a secure software methodology – Secure code review and testing are as important to
Web applications as operating systems.
8. Be proactive with security – Routinely scan networks, servers and clients.
9. Develop an "attack anticipation" mentality – Prevention is better than detection.
10. Ensure information integrity, privacy, availability –

-------------------------------------

The OSI network management model categorizes five areas of function, sometimes referred to as the
FCAPS model:

[edit] Fault

The goal of fault management is to recognize, isolate, correct and log faults that occur in the
network.

Errors primarily occur in the areas of fault management and configuration management.

Fault management is concerned with detecting network faults, logging this information, contacting
the appropriate person, and ultimately fixing a problem. A common fault management technique is to
implement an SNMP-based network management system - such as HP OpenView or Sun Solstice
(formerly Net Manager) - to collect information about network devices. In turn, the management
station can be configured to make a network administrator aware of problems (by email, paging, or
on-screen messages), allowing appropriate action to be taken.
[edit] Configuration

The goals of configuration management are to gather/set/track configurations of the devices.

Configuration management is concerned with monitoring system configuration information, and any
changes that take place. This area is especially important, since many network issues arise as a direct
result of changes made to configuration files, updated software versions, or changes to system
hardware. A proper configuration management strategy involves tracking all changes made to
network hardware and software. Examples include altering the running configuration of a device,
updating the IOS version of a router or switch, or adding a new modular interface card. While it is
possible to track these changes manually, a more common approach is to gather this information using
configuration management software, such as CiscoWorks 2000.

[edit] Accounting

The goal is to gather usage statistics for users. Accounting management is concerned with tracking
network utilization information, such that individual users, departments, or business units can be
appropriately billed or charged for accounting purposes. While this may not be applicable to all
companies, in many larger organizations the IT department is considered a cost center that accrues
revenues according to resource utilization by individual departments or business units.

[edit] Performance

The goal is to both prepare the network for the future, as well as to determine the efficiency of the
current network. Performance management is focused on ensuring that network performance
remains at acceptable levels. This area is concerned with gathering regular network performance data
such as network response times, packet loss rates, link utilization, and so forth. This information is
usually gathered through the implementation of an SNMP management system, either actively
monitored, or configured to alert administrators when performance move above or below predefined
thresholds. Actively monitoring current network performance is an important step in identifying
problems before they occur, as part of a proactive network management strategy.....

[edit] Security

The goal of security management is to control access to assets in the network. It uses firewalls to
monitor and control external access points to one's network.Security management is not only
concerned with ensuring that a network environment is secure, but also that gathered security-related
information is analyzed regularly. Security management functions include managing network
authentication, authorization, and auditing, such that both internal and external users only have access
to appropriate network resources. Other common tasks include the configuration and management of
network firewalls, intrusion detection systems, and security policies such as access lists.