c





 




: Dynamic Hyper Text Markup
Language can be described as a combination of
severaltechnologies like HTML client-side java
script and cascading Style Sheets. Most of the pages
and multimedia content on the web are created using
DHTML.
: eXtensible Hyper Text Markup Language.
Traditional HTML does not impost much structural
strictness, sometimes resulting in poorly-displayed
pages. The use of XHTML enagles content to be
displayed similarly across different browsers.

: Used in Voice interaction between
humans and computer, mainly in systems that enable
you to, for example check your credit card balance
over the phone. the logive- like dialogue
management and speech recognition- is defined by
voiceXML


: A document markup language used mainly
bye mathematicians, authors, etx to typeset their
content. It is suitable for representing mathematical
formulas.
=




 !="
The =

  

  markup
language [SVG] is a way to describe vector graphics
data over the web. Current methods
(e.g. GIF, JPEG, PNG) use  
, which have a
fixed resolution and cannot be scaled without a loss
in image quality. Vector graphics describe graphical
information in terms of lines, curves, etc. which can
be scaled and printed quite easily. Think PostScript
for pictures.
If your browser is Mozilla (Version 0.9 or higher) or
Internet Explorer (Version 4.0 or higher), Adobe
provide a free plug-in for rendering SVG documents.
The plug-in is available at www.adobe.com/svg/. A
static demonstration ishere (1747 bytes) and an
animated demonstration is here (2054 bytes). Both
are from the Deitel book.
=  
 

#





!=#"
The =    

 


 [SMIL] (pronounced "smile") enables
web authors to co-ordinate the presentation of a wide
range of multimedia elements. In SMIL, multimedia
elements can work together; this enables authors to
specify when and how these multimedia elements
appear in the document.

#$
=
 

Visa [Visa] has developed this to enable its business
customers to exchange credit-card purchase
information between businesses over the Internet in
a secure and standardised form. Currently, the
specification provides a framework that describes
credit-card purchases in the areas of procurement
(i.e. business-to-business purchasing) and travel &
entertainment (T&E) expenses.
%
Motorola's VoxML [VoxML] is an XML application
for the spoken word, in particular for automated
telephone response systems. VoxML enables the
same data on the web to be served up via the
telephone.
A


 


!A"
The A 


 [WML] allows web
pages to be displayed on wireless devices such as
cellular phones and PDAs. WML works with
the A 
    (WAP) to deliver
the content.
c
A





 



$



$


   

%







!V ¢

=

: With a proven multi-chassis
architecture, the Cisco CRS-3 can deliver up to
322 tbps of capacity, more than tripling the 92
tbps capacity of the Cisco CRS-1 and
representing more than 12 times the capacity of
any other core router in the industry.
!V ¢&
'



'

(' =
$

#


 In addition to capacity
requirements, the growths of mobile and video
applications are creating new multidirectional
traffic patterns with the increasing emergence of
the data center cloud. The new Cisco Data
Center Services System provides tight linkages
 between the Cisco CRS-3, Cisco Nexus family
and Cisco Unified Computing System (UCS) to
enable unified service delivery of cloud
services. This intelligence also includes carrier-
grade IPv6 (CGv6) and core IP/MPLS
technologies that permit new IP NGN
architectural efficiencies required to keep pace
with the rapidly growing cloud services market.
Unique capabilities include:
!V Network Positioning System (NPS) -- provides

Layers 3 to 7 application information for best

path to content, improving consumer and
business experiences while reducing costs.
!V Cloud virtual private network (VPN) for

Infrastructure as a Service (IaaS)-enables 'pay-

as-you-go' for compute, storage and network
resources by automating Cisco CRS-3 and
Cisco Nexus Inter-Data center connections for
Cisco UCS.
!V Unprecedented Savings: The Cisco CRS-3

offers dramatic operational expense savings and

up to 60 percent savings on power consumption
compared to competitive platforms. The Cisco
CRS-3 also delivers significant capital
expenditures savings and investment protection
 for existing Cisco CRS-1 customers. The new
capabilities in the platform can be achieved by
reusing the existing chassis, route processors,
fans and power systems with the addition of new
line cards and fabric. These upgrades can be
performed in-service and be provided by Cisco
Services to ensure a smooth transition.
!V =#$
 The Cisco CRS-3 is
powered by the new Cisco QuantumFlow Array
Processor, which unifies the combined power of
six chips to work as one, enabling
unprecedented levels of service capabilities and
processing power. Making this implementation
even more unique is its ability to deliver
capabilities with a fraction of the power required
by lesser performing chipsets. The Cisco
QuantumFlow Array chipset was designed to
provide the new system the ability to scale with
the ever increasing demands being placed on the
IP NGN by the many different applications and
billions of devices being used by both
businesses and consumers in the Zettabyte era.
Question: Prepare short notes on:

1.Evesdropping
 As long as people have engaged in private
conversations, eavesdroppers have tried to listen
in. When important matters were discussed in
parlors, people slipped in under the eaves²
literally within the ³eavesdrop´²to hear what
was being said. When conversations moved to
telephones, the wires were tapped. And now that
so much human activity takes place in
cyberspace, spies have infiltrated that realm as
well.
Unlike earlier, physical frontiers, cyberspace is a
human construct. The rules, designs and
investments we make in cyberspace will shape
the ways espionage, privacy andsecurity will
interact. Today there is a clear movement to give
intelligence activities a privileged position,
building in the capacity of authorities to
intercept cyberspace communications. The
advantages of this trend for fighting crime and
terrorism are obvious.

2.Network Sniffing
Description
Network sniffing is a network layer attack consisting
of capturing packets from the network transmitted
by others' computers and reading the data content in
search of sensitive information like passwords,
session tokens, or any kind of confidential
information.
The attack could be done using tools called network
sniffers. These tools collect packets on the network
and, depending on the quality of the tool, analyze the
collected data like protocol decoders or stream
reassembling.
Depending on the network context, for the sniffing
to be the effective, some conditions must be met:
' 
$
 ¢ 
This is the ideal case because the hub is a network
repeater that duplicates every network frame
received to all ports, so the attack is very simple to
implement because no other condition must be met.
' 
$
 

To be effective for eavesdropping, a preliminary
condition must be met. Because a switch by default
only transmits a frame to the port, a mechanism that
will duplicate or will redirect the network packets to
an evil system is necessary. For example, to
duplicate traffic from one port to another port, a
special configuration on the switch is necessary. To
redirect the traffic from one port to another, there
must be a preliminary exploitation like the arp spoof
attack. In this attack, the evil system acts like a
router between the victim¶s communication, making
it possible to sniff the exchanged packets.
'A 
$

In this case, to make a network sniff it's necessary
that the evil system becomes a router between the
client server communications. One way to
implement this exploit is with a DNS spoof attack to
the client system.
Network Eavesdropping is a passive attack which is
very difficult to discover. It could be identified by
the effect of the preliminary condition or, in some
cases, by inducing the evil system to respond a fake
request directed to the evil system IP but with the
MAC address of a different system.
Risk Factors
TBD
Examples
When a network device called a HUB is used on the
Local Area Network topology, the Network
Eavesdropping become easier because the device
repeats all traffic received on one port to all other
ports. Using a protocol analyzer, the attacker can
capture all traffic on the LAN discovering sensitive
information.

Figure 1. Local Eavesdropping attack.

Description
Initially confined to the realms of academia and the
military, cryptography has become ubiquitous
thanks to the Internet. Common every day uses of
cryptography include mobile phones, passwords,
SSL, smart cards, and DVDs. Cryptography has
permeated everyday life, and is heavily used by
many web applications.
Cryptography (or crypto) is one of the more
advanced topics of information security, and one
whose understanding requires the most schooling
and experience. It is difficult to get right because
there are many approaches to encryption, each with
advantages and disadvantages that need to be
thoroughly understood by web solution architects
and developers. In addition, serious cryptography
research is typically based in advanced mathematics
and number theory, providing a serious barrier to
entry.
The proper and accurate implementation of
cryptography is extremely critical to its efficacy. A
small mistake in configuration or coding will result
in removing a large degree of the protection it
affords and rending the crypto implementation
useless against serious attacks.
A good understanding of crypto is required to be
able to discern between solid products and snake oil.
The inherent complexity of crypto makes it easy to
fall for fantastic claims from vendors about their
product. Typically, these are ³a breakthrough in
cryptography´ or ³unbreakable´ or provide "military
grade" security. If a vendor says "trust us, we have
had experts look at this,´ chances are they weren't
experts!
Cryptographic Functions
Cryptographic systems can provide one or more of
the following four services. It is important to
distinguish between these, as some algorithms are
more suited to particular tasks, but not to others.
When analyzing your requirements and risks, you
need to decide which of these four functions should
be used to protect your data.
 


Using a cryptographic system, we can establish the
identity of a remote user (or system). A typical
example is the SSL certificate of a web server
providing proof to the user that he or she is
connected to the correct server.
The identity is not of the user, but of the
cryptographic key of the user. Having a less secure
key lowers the trust we can place on the identity.
 )*
 

The concept of non-repudiation is particularly
important for financial or e-commerce applications.
Often, cryptographic tools are required to prove that
a unique user has made a transaction request. It must
not be possible for the user to refute his or her
actions.
For example, a customer may request a transfer of
money from her account to be paid to another
account. Later, she claims never to have made the
request and demands the money be refunded to the
account. If we have non-repudiation through
cryptography, we can prove ± usually through
digitally signing the transaction request, that the user
authorized the transaction.
' 

 
More commonly, the biggest concern will be to keep
information private. Cryptographic systems were
originally developed to function in this capacity.
Whether it be passwords sent during a log on
process, or storing confidential medical records in a
database, encryption can assure that only users who
have access to the appropriate key will get access to
the data.
#
 
We can use cryptography to provide a means to
ensure data is not viewed or altered during storage or
transmission. Cryptographic hashes for example, can
safeguard data by providing a secure checksum.
Question: Why does the development of the browser
so significant for the growth of web?
Recently, Pinoys were cited as the fifth heaviest
social networking users in the world (not text
messaging anymore). Now lets do some computer
lesson for a while. What is a Web Browser? A web
browser is defined as a software application used for
retrieving, presenting, and traversing information
resources on the World Wide Web or Internet. A
web browser is an important tool for visiting web
pages. Over 24 million Filipino Internet users rely
on the power of the browser to access the World
Wide Web. The first widely used web browser was
NCSA Mosaic. The Mosaic programming team then
created the first commercial web browser called
Netscape Navigator, later renamed Communicator,
then renamed back to just Netscape. The Netscape
browser led in user share until Microsoft Internet
Explorer took the lead in 1999 due to its distribution
advantage. A free open source software version of
Netscape was then developed called Mozilla, which
was the internal name for the old Netscape browser,
and released in 2002. Mozilla has since gained in
market share, particularly on non-Windows
platforms, largely due to its open source foundation,
and in 2004 was released in the quickly popular
FireFox version.
Pinoys sometimes overlook the importance of the
web browser. Before the advent of the Web, users
had to download software applications to their PC in
order to chat, watch a video, and listen to music. But
recent innovations have allowed these activities to
be done online within the browser. We don¶t even
need to install software to write documents anymore.
Thanks to the power of the cloud and the browser,
users can access word processing applications
online.
Major Web Browsers Used by Most Internet Visitors
Internet Explorer ± founded in 1995
Mozilla Firefox ± debuted in 1998
Apple Safari ± established January 2003
Google Chrome ± debuted in September 2008
Opera ± founded in 1996
=


 A browser should be able to
quickly load webpages, no matter how dynamic the
content. ³Over 65% of today¶s Web content is made
up of images and videos. Over 35 hours of video is
uploaded to Youtube every minute. This is a far cry
from text-based Web pages of the past. As the web
becomes more interactive, so should the browser
evolve to handle the increased amount of data going
through it.´
Speed and stability is particularly important for
people given their Internet activities. According to a
research, People engage in heavy web applications,
as 99% watch videos online, 61% upload videos,
and 85% upload photos. The study, which conducted
the survey in 30 countries, cited that Filipinos are on
the top of online photo, video sharing, and social
networking activities.
=
A browser should also be simple and easy to use. It
shouldn¶t take up a lot of screen space, which would
be better saved for the Web page a user is actually
trying to view. Google Chrome, for instance, has
stripped away everything but the bare minimum in
order to let users focus on web content and not on
the browser itself.
=
 
Browsers should also be very secure, as malware is a
constant threat on the Internet. According to the
2009 X-Force Mid-Year Trend and Risk Report by
IBM, malicious web links has risen by 508% in the
first half of 2009. There are two ways browsers can
mitigate this. A browser can keep itself up to date
with the latest security patches without having to
rely on a user to download these patches every time
a vulnerability needs to be addressed. With Google
Chrome, for instance, a user always gets the latest
version on his machine, automatically.
Question: Name and describe 5 services currently
available through web.

+

(HyperText Transfer Protocol) The communications

protocol used to connect to servers on the Web. Its
primary function is to establish a connection with a
Web server and transmit HTML pages to the client
browser or any other files required by an HTTP
application. Addresses of Web sites begin with an
http:// prefix; however, Web browsers typically
default to the HTTP protocol. For example,
typingwww.eitbuzz.co m is the same as
typing http://www.eitbuzz.com.
Standard application-level protocol used for
exchanging files on the World Wide Web. HTTP
runs on top of the TCP/IP protocol.

 ,+

(File Transfer Protocol) A protocol used to transfer

files over a TCP/IP network (Internet, Unix, etc.).
For example, after developing the HTML pages for a
Web site on a local machine, they are typically
uploaded to the Web server using FTP.
FTP includes functions to log onto the network, list
directories and copy files. It can also convert
between the ASCII and EBCDIC character codes.
FTP operations can be performed by typing
commands at a command prompt or via an FTP
utility running under a graphical interface such as
Windows. FTP transfers can also be initiated from
within a Web browser by entering the URL preceded
with ftp://.

=+

(Simple Mail Transfer Protocol) The standard e-mail

protocol on the Internet and part of the TCP/IP
protocol suite. SMTP defines the message format
and the message transfer agent (MTA), which stores
and forwards the mail. SMTP was originally
designed for only plain text (ASCII text), but MIME
and other encoding methods enable executable
programs and multimedia files to be attached to and
transported with the e-mail message.

-+.+
(Post Office Protocol 3) A standard interface
between an e-mail client program and the mail
server. POP3 and IMAP4 are the two common
access protocols used for Internet e-mail. POP3
provides a message store that holds incoming e-mail
until users log on and download it. POP3 is a simple
system with limited selectivity. All pending
messages and attachments are downloaded when
users check their mail.

·


A program that searches for file names and resources

on the Internet and presents hierarchical menus to
the user. As users select options, they are moved to
different Gopher servers. Where links have been
established, Usenet news and other information can
be read directly from Gopher. Originally introduced
in 1991 at the University of Minnesota, there were
more than 7,000 Gopher servers on the Internet in its
heyday. Gopher popularity declined as content on
the World Wide Web increased throughout the
1990s.