DOCSLIB.ORG

Web Application Assessment Report

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Web Application Assessment Report HPE Fortify WebInspect Compliance Web Application Assessment Report Scan Name: Zero 1 Policy: Standard Crawl Sessions: 600 Scan Date: 10/5/2017 11:35:08 AM Vulnerabilities: 181 Scan Version: 17.10.283.0 Scan Duration: 21 minutes : 23 seconds Scan Type: Site Client: FF Template Name: NIST FISMA SP 800-53 Revision 4 Description: CAUTIONARY NOTE: IMPLEMENTING CHANGES BASED ON REVISIONS TO SPECIAL PUBLICATION 800-53 http://dx.doi.org/10.6028/NIST.SP.800-53r4 When NIST publishes revisions to Special Publication 800-53, there are four primary types of changes made to the document: (i) security controls or control enhancements are added to or withdrawn from Appendices F and G and/or to the low, moderate, and high baselines; (ii) supplemental guidance is modified; (iii) material in the main chapters or appendices is modified; and (iv) language is clarified and/or updated throughout the document. When modifying existing tailored security control baselines at Tier 3 in the risk management hierarchy (as described in Special Publication 800-39) and updating security controls at any tier as a result of Special Publication 800-53 revisions, organizations should take a measured, risk-based approach in accordance with organizational risk tolerance and current risk assessments. Unless otherwise directed by OMB policy, the following activities are recommended to implement changes to Special Publication 800-53: - First, organizations determine if any added security controls/control enhancements are applicable to organizational information systems or environments of operation following tailoring guidelines in this publication. - Next, organizations review changes to the supplemental guidance, guidance in the main chapters and appendices, and updated/clarified language throughout the publication to determine if changes apply to any organizational information systems and if any immediate actions are required. - Finally, once organizations have determined the entirety of changes necessitated by the revisions to the publication, the changes are integrated into the established continuous monitoring process to the greatest extent possible. The implementation of new or modified security controls to address specific, active threats is always the highest priority for sequencing and implementing changes. Modifications such as changes to templates or minor language changes in policy or procedures are generally the lowest priority and are made in conjunction with established review cycles. [HP WebInspect Operator Notes] This compliance template maps the current capabilities of HP WebInspect to applicable controls included in NIST FISMA SP 800-53 Revision 4. Use of this compliance template is not intended to provide a holistic compliance rating; but a guide for application security-relevant components of NIST FISMA SP 800-53 Revision 4. Compliance Summary Passed Failed Indeterminate Percentage AC-3: Access Enforcement The information system enforces approved authorizations for logical 104 2 325 98.1% access to information and system resources in accordance with applicable access control policies. IA-2: Identification and Authentication (Organizational Users) The information system uniquely identifies and authenticates 26 3 158 89.6% organizational users (or processes acting on behalf of organizational users). (8) identification and authentication | network access to privileged 6 0 1 100% accounts - replay resistant The information system implements replay-resistant authentication mechanisms for network access to privileged accounts. (9) identification and authentication | network access to 6 0 1 100% non-privileged accounts - replay resistant The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts. IA-6: Authenticator Feedback The information system obscures feedback of authentication 12 1 66 92.3% information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. IA-8: Identification and Authentication (Non-Organizational Users) Report Date: 12/12/2017 2 The information system uniquely identifies and authenticates 26 3 158 89.6% non-organizational users (or processes acting on behalf of non-organizational users). IR-9: Information Spillage Response The organization responds to information spills by: 47 2 4 95.9% a. Identifying the specific information involved in the information system contamination; b. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill; c. Isolating the contaminated information system or system component; d. Eradicating the information from the contaminated information system or component; e. Identifying other information systems or system components that may have been subsequently contaminated; and f. Performing other [Assignment: organization-defined actions]. [HP WebInspect Operator Notes] The intent of this category is to alert the HP WebInspect operator of potentially sensitive content that was discovered throughout the execution of the scan. HP WebInspect cannot discern whether information is classified or sensitive with absolute certainty, so further analysis is required above and beyond running HP WebInspect. SC-5: Denial of Service Protection The information system protects against or limits the effects of the 6 0 63 100% following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. SC-7: Boundary Protection (10) boundary protection | prevent unauthorized exfiltration 5 3 1 62.5% The organization prevents the unauthorized exfiltration of information across managed interfaces. Supplemental Guidance: Safeguards implemented by organizations to prevent unauthorized exfiltration of information from information systems include, for example: (i) strict adherence to protocol formats; (ii) monitoring for beaconing from information systems; (iii) monitoring for steganography; (iv) disconnecting external network interfaces except when explicitly needed; (v) disassembling and reassembling packet headers; and (vi) employing traffic profile analysis to detect deviations from the volume/types of traffic expected within organizations or call backs to command and control centers. Devices enforcing strict adherence to protocol formats include, for example, deep packet inspection firewalls and XML gateways. These devices verify adherence to protocol formats and specification at the application layer and serve to identify vulnerabilities that cannot be detected by devices operating at the network or transport layers. This control enhancement is closely associated with cross-domain solutions and system guards enforcing information flow requirements. Related control: SI-3. SC-8: Transmission Confidentiality and Integrity The information system protects the [Selection (one or more): 15 3 0 83.3% confidentiality; integrity] of transmitted information. SC-18: Mobile Code (1) mobile code | identify unacceptable code / take corrective actions 33 0 2 100% The information system identifies [Assignment: organization-defined unacceptable mobile code] and takes [Assignment: organization-defined corrective actions]. Supplemental Guidance: Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code. Report Date: 12/12/2017 3 such macros have been defined to be unacceptable mobile code. SC-23: Session Authenticity (1) session authenticity | invalidate session identifiers at logout 5 0 0 100% The information system invalidates session identifiers upon user logout or other session termination. Supplemental Guidance: This control enhancement curtails the ability of adversaries from capturing and continuing to employ previously valid session IDs. (3) session authenticity | unique session identifiers with 1 0 1 100% randomization The information system generates a unique session identifier for each session with [Assignment: organization-defined randomness requirements] and recognizes only session identifiers that are system-generated. Supplemental Guidance: This control enhancement curtails the ability of adversaries from reusing previously valid session IDs. Employing the concept of randomness in the generation of unique session identifiers helps to protect against brute-force attacks to determine future session identifiers. Related control: SC-13. SI-10: Information Input Validation (1) information input validation | predictable behavior 437 6 542 98.6% The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. SI-11: Error Handling The information system: 27 5 12 84.3% a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveals error messages only to [Assignment: organization-defined personnel or roles]. SI-15: Information Output Filtering The information system validates information output from 409 6 422 98.5% [Assignment: organization-defined software programs and/or applications] to ensure that the information is consistent with
Load more

Recommended publications
  • SEO Footprints
    SEO Footprints Brought to you by: Jason Rushton Copyright 2013 Online - M a r k e t i n g - T o o l s . c o m Page 1 Use these “Footprints” with your niche specific keywords to find Backlink sources. Some of the footprints below have already been formed into ready made search queries. TIP* If you find a footprint that returns the results you are looking for, there is no need to use the rest in that section. For example if I am looking for wordpress sites that allow comments and the search query “powered by wordpress” “YOUR YOUR KEYWORDS” returns lots of results there is no need to use all of the others that target wordpress sites as a lot of them will produce similar results. I would use one or two from each section. You can try them out and when you find one you like add it to your own list of favourites. Blogs “article directory powered by wordpress” “YOUR YOUR KEYWORDS” “blog powered by wordpress” “YOUR YOUR KEYWORDS” “blogs powered by typepad” “YOUR YOUR KEYWORDS” “YOURYOUR KEYWORDS” inurl:”trackback powered by wordpress” “powered by blogengine net 1.5.0.7” “YOUR YOUR KEYWORDS” “powered by blogengine.net” “YOUR YOUR KEYWORDS” “powered by blogengine.net add comment” “YOUR YOUR KEYWORDS” “powered by typepad” “YOUR YOUR KEYWORDS” “powered by wordpress” “YOUR YOUR KEYWORDS” “powered by wordpress review theme” “YOUR YOUR KEYWORDS” “proudly powered by wordpress” “YOUR YOUR KEYWORDS” “remove powered by wordpress” “YOUR YOUR KEYWORDS” Copyright 2013 Online - M a r k e t i n g - T o o l s .
    [Show full text]
  • Hacker Public Radio
    hpr0001 :: Introduction to HPR hpr0002 :: Customization the Lost Reason hpr0003 :: Lost Haycon Audio Aired on 2007-12-31 and hosted by StankDawg Aired on 2008-01-01 and hosted by deepgeek Aired on 2008-01-02 and hosted by Morgellon StankDawg and Enigma talk about what HPR is and how someone can contribute deepgeek talks about Customization being the lost reason in switching from Morgellon and others traipse around in the woods geocaching at midnight windows to linux Customization docdroppers article hpr0004 :: Firefox Profiles hpr0005 :: Database 101 Part 1 hpr0006 :: Part 15 Broadcasting Aired on 2008-01-03 and hosted by Peter Aired on 2008-01-06 and hosted by StankDawg as part of the Database 101 series. Aired on 2008-01-08 and hosted by dosman Peter explains how to move firefox profiles from machine to machine 1st part of the Database 101 series with Stankdawg dosman and zach from the packetsniffers talk about Part 15 Broadcasting Part 15 broadcasting resources SSTRAN AMT3000 part 15 transmitter hpr0007 :: Orwell Rolled over in his grave hpr0009 :: This old Hack 4 hpr0008 :: Asus EePC Aired on 2008-01-09 and hosted by deepgeek Aired on 2008-01-10 and hosted by fawkesfyre as part of the This Old Hack series. Aired on 2008-01-10 and hosted by Mubix deepgeek reviews a film Part 4 of the series this old hack Mubix and Redanthrax discuss the EEpc hpr0010 :: The Linux Boot Process Part 1 hpr0011 :: dd_rhelp hpr0012 :: Xen Aired on 2008-01-13 and hosted by Dann as part of the The Linux Boot Process series.
    [Show full text]
  • Ispconfig 3 Manual]
    [ISPConfig 3 Manual] ISPConfig 3 Manual Version 1.0 for ISPConfig 3.0.3 Author: Falko Timme <[email protected]> Last edited 09/30/2010 1 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH. You may keep backup copies of the manual in digital or printed form for your personal use. All rights reserved. This copy was issued to: Thomas CARTER - [email protected] - Date: 2010-11-20 [ISPConfig 3 Manual] ISPConfig 3 is an open source hosting control panel for Linux and is capable of managing multiple servers from one control panel. ISPConfig 3 is licensed under BSD license. Managed Services and Features • Manage one or more servers from one control panel (multiserver management) • Different permission levels (administrators, resellers and clients) + email user level provided by a roundcube plugin for ISPConfig • Httpd (virtual hosts, domain- and IP-based) • FTP, SFTP, SCP • WebDAV • DNS (A, AAAA, ALIAS, CNAME, HINFO, MX, NS, PTR, RP, SRV, TXT records) • POP3, IMAP • Email autoresponder • Server-based mail filtering • Advanced email spamfilter and antivirus filter • MySQL client-databases • Webalizer and/or AWStats statistics • Harddisk quota • Mail quota • Traffic limits and statistics • IP addresses 2 The ISPConfig 3 manual is protected by copyright. No part of the manual may be reproduced, adapted, translated, or made available to a third party in any form by any process (electronic or otherwise) without the written specific consent of projektfarm GmbH.
    [Show full text]
  • Luigi Documentation Release 2.8.13
    Luigi Documentation Release 2.8.13 The Luigi Authors Apr 29, 2020 Contents 1 Background 3 2 Visualiser page 5 3 Dependency graph example 7 4 Philosophy 9 5 Who uses Luigi? 11 6 External links 15 7 Authors 17 8 Table of Contents 19 8.1 Example – Top Artists.......................................... 19 8.2 Building workflows........................................... 23 8.3 Tasks................................................... 28 8.4 Parameters................................................ 33 8.5 Running Luigi.............................................. 36 8.6 Using the Central Scheduler....................................... 38 8.7 Execution Model............................................. 41 8.8 Luigi Patterns............................................... 43 8.9 Configuration............................................... 48 8.10 Configure logging............................................ 60 8.11 Design and limitations.......................................... 61 9 API Reference 63 9.1 luigi package............................................... 63 9.2 Indices and tables............................................ 248 Python Module Index 249 Index 251 i ii Luigi Documentation, Release 2.8.13 Luigi is a Python (2.7, 3.6, 3.7 tested) package that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization, handling failures, command line integration, and much more. Run pip install luigi to install the latest stable version from PyPI. Documentation for the latest release is hosted on readthedocs. Run pip install luigi[toml] to install Luigi with TOML-based configs support. For the bleeding edge code, pip install git+https://github.com/spotify/luigi.git. Bleeding edge documentation is also available. Contents 1 Luigi Documentation, Release 2.8.13 2 Contents CHAPTER 1 Background The purpose of Luigi is to address all the plumbing typically associated with long-running batch processes. You want to chain many tasks, automate them, and failures will happen.
    [Show full text]
  • Volume 108, Issue 12
    BObcaTS TEAM UP BU STUDENT WINS WITH CHRISTMAS MCIE AwaRD pg. 2 CHEER pg. 3 VOL. 108 | ISSUE NO.12| NOVEMBER 28TH, 2017 ...caFFEINE... SINCE 1910 LONG NIGHT AG A INST PROCR A STIN A TION ANOTHER SUCCESS Students cracking down and getting those assignments out of the way. Photo Credit: Patrick Gohl. Patrick Gohl, Reporter am sure the word has spread Robbins Library on Wednesday in the curriculum area. If you of the whole event. I will now tinate. I around campus already, ex- the 22nd of November. were a little late for your sched- remedy this grievous error and Having made it this far in ams are just around the cor- The event was designed to uled session you were likely to make mention of the free food. the semester, one could be led ner. ‘Tis the season to toss your combat study procrastination, get bumped back as there were Healthy snacks such as apples to believe, quite incorrectly, amassed library of class notes in and encourage students to be- many students looking for help and bananas were on offer from that the home stretch is more of frustration, to scream at your gin their exam preparation. It all to gain that extra edge on their the get go along with tea and the same. This falsehood might computer screen like a mad- started at 7:00PM and ran until assignments and exams. coffee. Those that managed be an alluring belief to grasp man, and soak your pillow with 3:00AM the following morn- In addition to the academic to last until midnight were re- hold of when the importance to tears of desperation.
    [Show full text]
  • Mobile Telemedicine and Wireless Remote Monitoring Applications
    İSTANBUL TECHNICAL UNIVERSITY INSTITUTE OF SCIENCE AND TECHNOLOGY MOBILE TELEMEDICINE AND WIRELESS REMOTE MONITORING APPLICATIONS M.Sc. Thesis by Taner SOYUGENÇ, B.Sc. Department : Electronics and Communication Engineering Programme : Biomedical Engineering NOVEMBER 2006 PREFACE In this project, my main goal is to implement a mobile sample application by defining the related global standards for telemedicine. The work is focused on recommendations of technology associated with a feasibility study. First of all, I would like to thank Assoc. Prof. Dr. Selçuk PAKER for his valuable advice, support and encouragement to accomplish the project. Besides, I would like to thank my family who is always with me giving support at every step of my life. November 2006 Taner SOYUGENÇ iii CONTENTS ACRONYMS vi LIST OF TABLES viii LIST OF FIGURES ix SUMMARY xi ÖZET xii 1. INTRODUCTION 1 1.1. Technology Overview 2 1.1.1. Communication Infrastructure 5 1.1.2. Overview of GSM-GPRS 6 1.1.2.1. Brief History of GSM 8 1.1.2.2. GPRS 12 1.1.3. Mobile Solutions 14 1.1.4. Wireless Medical Sensors 15 1.2. Aim of the Project 16 2. WORLDWIDE APPLICATIONS, VENDORS AND STANDARDS 18 2.1. Available Products 19 2.1.1. ECG 19 2.1.2. Pulse Oximeter 20 2.1.3. Blood Pressure Sensor 23 2.1.4. Various Sensor Brands 24 2.1.5. Advanced Research 27 2.1.6. Home Care Monitoring Systems 31 2.2. Medical Information Standards and Organizations 35 2.2.1. ASTM 39 2.2.2. CEN/TC251 Health Informatics 39 2.2.3.
    [Show full text]
  • Lightweight Django USING REST, WEBSOCKETS & BACKBONE
    Lightweight Django USING REST, WEBSOCKETS & BACKBONE Julia Elman & Mark Lavin Lightweight Django LightweightDjango How can you take advantage of the Django framework to integrate complex “A great resource for client-side interactions and real-time features into your web applications? going beyond traditional Through a series of rapid application development projects, this hands-on book shows experienced Django developers how to include REST APIs, apps and learning how WebSockets, and client-side MVC frameworks such as Backbone.js into Django can power the new or existing projects. backend of single-page Learn how to make the most of Django’s decoupled design by choosing web applications.” the components you need to build the lightweight applications you want. —Aymeric Augustin Once you finish this book, you’ll know how to build single-page applications Django core developer, CTO, oscaro.com that respond to interactions in real time. If you’re familiar with Python and JavaScript, you’re good to go. “Such a good idea—I think this will lower the barrier ■ Learn a lightweight approach for starting a new Django project of entry for developers ■ Break reusable applications into smaller services that even more… the more communicate with one another I read, the more excited ■ Create a static, rapid prototyping site as a scaffold for websites and applications I am!” —Barbara Shaurette ■ Build a REST API with django-rest-framework Python Developer, Cox Media Group ■ Learn how to use Django with the Backbone.js MVC framework ■ Create a single-page web application on top of your REST API Lightweight ■ Integrate real-time features with WebSockets and the Tornado networking library ■ Use the book’s code-driven examples in your own projects Julia Elman, a frontend developer and tech education advocate, started learning Django in 2008 while working at World Online.
    [Show full text]
  • Cherrypy Documentation Release 8.5.1.Dev0+Ng3a7e7f2.D20170208
    CherryPy Documentation Release 8.5.1.dev0+ng3a7e7f2.d20170208 CherryPy Team February 08, 2017 Contents 1 Foreword 1 1.1 Why CherryPy?.............................................1 1.2 Success Stories..............................................2 2 Installation 5 2.1 Requirements...............................................5 2.2 Supported python version........................................5 2.3 Installing.................................................5 2.4 Run it...................................................6 3 Tutorials 9 3.1 Tutorial 1: A basic web application...................................9 3.2 Tutorial 2: Different URLs lead to different functions.......................... 10 3.3 Tutorial 3: My URLs have parameters.................................. 11 3.4 Tutorial 4: Submit this form....................................... 12 3.5 Tutorial 5: Track my end-user’s activity................................. 12 3.6 Tutorial 6: What about my javascripts, CSS and images?........................ 13 3.7 Tutorial 7: Give us a REST....................................... 15 3.8 Tutorial 8: Make it smoother with Ajax................................. 17 3.9 Tutorial 9: Data is all my life...................................... 19 3.10 Tutorial 10: Make it a modern single-page application with React.js.................. 22 3.11 Tutorial 11: Organize my code...................................... 25 4 Basics 27 4.1 The one-minute application example.................................. 28 4.2 Hosting one or more applications...................................
    [Show full text]
  • Tutorial Penggunaan Cpanel Hosting
    TUTORIAL PENGGUNAAN CPANEL (WEBHOSTING ACCOUNT CONTROL PANEL) HOSTING Control Panel atau Web Manager merupakan tool yang paling popular untuk mengelola website Anda. Dengan adanya Control Panel, Anda tidak perlu menggunakan metode manual lagi untuk mengelola website Anda. Anda juga tidak perlu lagi menghubungi staff kami untuk pembuatan alamat email baru, subdomain, backup, pembuatan database baru, pergantian password FTP/Control Panel dan sebagainya. Semuanya dapat Anda lakukan sendiri dengan login ke Control Panel . cPanel adalah Control Panel yang populer untuk mengelola account webhosting. Mudah digunakan dan memiliki banyak fitur serta sering di-update oleh penerbitnya. Catatan: • Setup awal cPanel untuk account hosting selalu menggunakan thema "light" yang terdiri dari teks tanpa icon, agar lebih mudah dimengerti bagi yang belum terbiasa, dan memakai bhs. Inggeris. User dapat merubah theme dan language ini setelah login. Untuk bahasa, user bisa memilih bahasa Indonesia, dll. • Fungsi untuk perubahan thema cPanel, dapat dilakukan di menu "Preferences", pilih "Change Look and Feel". Terdapat beberapa jenis thema yang terpasang: rvskinlight, rvskin, x2 (versi lama, tidak dianjurkan), x3 (versi baru, dianjurkan). • Untuk merubah tampilan (style) dari thema yang dipilih tersebut, bisa dilakukan dari menu "Prefenrences", pilih "Change Style". Setiap account webhosting memiliki akses ke cPanel masing-masing, yang diakses melalui web-browser dengan URL: http://<domain-anda>/cpanel atau, http://<domain-anda>:2082 atau, https://<domain-anda>:2083 untuk akses melalui SSL (secure). Akses ke cPanel memerlukan username dan password. Di layar utama cPanel setelah login, anda bisa mengelola: * mengganti password akses ke cPanel (sama dengan password FTP). * e-mail/mailbox (buat baru, ganti password, hapus). * setup email forwarder, dll.
    [Show full text]
  • Web Vulnerabilities (Level 1 Scan)
    Web Vulnerabilities (Level 1 Scan) Vulnerability Name CVE CWE Severity .htaccess file readable CWE-16 ASP code injection CWE-95 High ASP.NET MVC version disclosure CWE-200 Low ASP.NET application trace enabled CWE-16 Medium ASP.NET debugging enabled CWE-16 Low ASP.NET diagnostic page CWE-200 Medium ASP.NET error message CWE-200 Medium ASP.NET padding oracle vulnerability CVE-2010-3332 CWE-310 High ASP.NET path disclosure CWE-200 Low ASP.NET version disclosure CWE-200 Low AWStats script CWE-538 Medium Access database found CWE-538 Medium Adobe ColdFusion 9 administrative login bypass CVE-2013-0625 CVE-2013-0629CVE-2013-0631 CVE-2013-0 CWE-287 High 632 Adobe ColdFusion directory traversal CVE-2013-3336 CWE-22 High Adobe Coldfusion 8 multiple linked XSS CVE-2009-1872 CWE-79 High vulnerabilies Adobe Flex 3 DOM-based XSS vulnerability CVE-2008-2640 CWE-79 High AjaxControlToolkit directory traversal CVE-2015-4670 CWE-434 High Akeeba backup access control bypass CWE-287 High AmCharts SWF XSS vulnerability CVE-2012-1303 CWE-79 High Amazon S3 public bucket CWE-264 Medium AngularJS client-side template injection CWE-79 High Apache 2.0.39 Win32 directory traversal CVE-2002-0661 CWE-22 High Apache 2.0.43 Win32 file reading vulnerability CVE-2003-0017 CWE-20 High Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425 CWE-20 High Apache 2.x version equal to 2.0.51 CVE-2004-0811 CWE-264 Medium Apache 2.x version older than 2.0.43 CVE-2002-0840 CVE-2002-1156 CWE-538 Medium Apache 2.x version older than 2.0.45 CVE-2003-0132 CWE-400 Medium Apache 2.x version
    [Show full text]
  • Network Administration IP Addresses
    Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Outline Introduction Network Administration IP addresses Toward IPv6 Grégory Mounié Host name SCCI - Master-2 Routing <2013-09-17 mar.> Services Integration between different OS 1 / 75 2 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Challenge Introduction IP addresses For people with sufficient background: Toward IPv6 easy Chat on google talk (or facebook) with XMPP on wifi-campus/eduroam of the campus Host name hard Surf on ipv6.google.com on wifi-campus/eduroam of the campus Routing Services Integration between different OS 3 / 75 3 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Networks Networks of networks Definition (network) group of interconnected machines Definition (Internet) • network of networks • based on TCP (Transmission Control Protocol) and IP (Internet Protocol) protocols Figure : Interconnection of networks 4 / 75 5 / 75 Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS Introduction IP addresses Toward IPv6 Host name Routing Services Integration between different OS TCP/IP IP address • unique number identifying a Network interface • eg. IPv6: 2a00:1450:4009:804::1007; Internet Protocol • IPv4: 74.125.230.130 • identifies network interfaces • eg. IPv6: fe80::2677:3ff:fe2e:22c0/64; • handles routing • IPv4: 192.168.0.1 • eg.
    [Show full text]
  • Appendix a the Ten Commandments for Websites
    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
    [Show full text]