ORAL By: Karaiskos Kostas

(M.N 00/4364)

December 2002

Department of Computing and Information SystemsMSc in Information Technology

with WEB Technology

Project Title:

Analysis and Design of a Distributed System for Athens Land Registry on the needs of Fictitious Pawn (mortgage for mobile property without delivery) via the Internet.

By Karaiskos Kostas

(M.N 00/4364)

June 2002

The term “Fictitious Pawn” Real estate finance and investments is a field of study that requires an understanding of many important subjects: property law, mortgage underwriting practices, mortgage insurance programs, financial analysis, valuation principles, income tax lows, investments analysis, real estate development and capital markets. The “Fictitious Pawn” is part of the above fields.

“Pawn” is a sum of money borrowed from a bank in order to purchase a property. The Lender keeps the goods of the Borrower for assurance. Then the money paid back to the Lender over a fixed period of time together with the accrued interest. The Lender gives back to the Borrower his goods.

“Fictitious Pawn” is a sum of money borrowed from a bank in order to purchase a property. The Lender does not keep the goods of the Borrower for assurance, but in this case an agreement is occurred between Lender and Borrower. This agreement is registered in a “Public Book” by Manual form -that there is in the Land Registries-. Then the money paid back to the Lender over a fixed period of time including the accrued interest. The Lender “writes off “the agreement.

Description of the WorkBasic aim of the work is the analysis and the design of a distributed system for Athens Land Registry through the Internet. The system will handle the data and processes needed for the implementation of the “Fictitious Pawn” in Greece. The system should have an open architecture, it will be based on Internet technologies, it should vouch for secure transactions and it must be user friendly. The project should give proposals concerning the network infrastructure and data design of the system. A prototype will be developed in order to demonstrate the whole system. Land Registries in Greece are Public Services that belong to the Ministry of Justice. The central L.R is the Land Registry of Athens and consists of 400 and more that are located in the Country. The main purpose is to register title-deeds and to record dealings (as sales and mortgages). The principal aims are:•to maintain and develop a stable and effective land registration system as the cornerstone for the creation and free movement of interests in land •to guarantee registered bonds and interests in land•to provide online access for updating and guaranteed land information in order to secure confident dealings in properties and security of titles•to achieve improved performance targets progressively, so that high quality services and lower cost are provided to users•to keep “public book” for the “fictitious pawn”

THE TWO PROPOSALSIn this project, two different proposals are analyzed and described: The First proposal, (henceforth it will be reported as VPN Solution) has to do with the description of the Regional Services connection with the Central Service, via a VPN (Virtual Private Network) that is implemented over the public internet.The second one (henceforth Mixed Solution) constitutes to an alternative proposal, where the Land Registries with the bigger traffic of data will be connected via a VPN (as above) with a Central Service. At the same time the rests will be connected via the Public Telephone Network.

SWOT Analysis

SWOT analysis is a tool for auditing an organization and its environment. It is the first stage of planning and helps marketers to focus on key issues.Once key issues have been identified, they feed into marketing objectives. It can be used in conjunction with other tools for audit and analysis, such as PEST analysis and Porter's Five-Force analysis. It is a very popular tool because it is quick and easy to learn. SWOT consists of strengths, weaknesses, opportunities, and threats. Strengths and weaknesses are internal factors

Strengths •Knowledge. The central L.R has the knowledge for systems, networks, connectivity, programming, all the VARs, and data management. •Relationship. The central L.R knows his clients, as better as possible, one by one. •History. The Central Land Registry in Athens has a history for 150 years. Weaknesses •Costs. The contracts cost more.•Price and volume. The State of every contract has a 7,5 %0 tax in the total price.•Brand power. There is not a national advertising. Opportunities •Local area networks. LANs become common place in small business, and in home offices. Nowadays, business assumes LANs as part of normal office work. This is an opportunity to extend, because LANs are more familiar and the service is more intensive. •The Internet. The increasing possibilities of the Internet offer another area of opportunity. •Training. The public servants could use new methods of technology through the internet.•Service. This business model includes better service, as the client service is the main target. Threats Political reasons could effect negatively.

F.P SWOT Analysis

Technology review of this project

In this project have developed the following technologies:

•Virtual Private Networks •Active Server Pages•HTML •VB Scripting•Global.asa file •ADO

We will not discuss and compare the advantages and the disadvantages of different technologies but only the pros and cons of the above.

What is a Virtual Private Network?

There are many definitions of a VPN and some of the more common of them are as follows: •       IP tunnels between a remote user and a corporate firewall with tunnel creation and deletion controlled by the user's computer and the firewall •       IP tunnels between an Internet service provider and a corporate firewall with tunnel creation and deletion controlled by the ISP •        IP tunnels among sites over the public Internet, or over a service provider's IP network that is separate from the public Internet •        ISDN, Frame Relay or ATM connections among sites with ISDN B channels, PVCs or SVCs used to separate traffic from other users. Basically, a VPN (sometimes known as an extranet) is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee.  

There are three main types of VPN:

•Intranet VPNs allow private networks to be extended across the Internet or other public network service in a secure way. Intranet VPNs are sometimes referred to as site-to-site or LAN-to-LAN VPNs.

•Remote access VPN allows individual dial-up users to connect to a central site across the Internet or other public network service in a secure way. In this way Remote access VPNs are sometimes referred to dial VPNs as

the user is connected to a public IP network via a dial-up PSTN or ISDN link, and user packets are tunnelled across the public network to the desired site, giving the impression to the user of being ‘directly’ connected into

that site.•Extranet VPNs allow secure connections with business partners, suppliers and customers for the purpose of e-

commerce. Extranet VPNs are an extension of intranet VPNs with the addition of firewalls to protect the internal network.

Advantages of using VPN connections

Cost advantagesOne way a VPN lowers costs is by eliminating the need for expensive long-distance leased lines.Another way VPNs reduce costs is by lessening the need for long-distance telephone charges for remote access. A third, more subtle way that VPNs may lower costs is through offloading of the support burden. The benefits of secure access to private data are ensured by additional VPN-required authenticated access, encryption, and user data compression.

Outsourcing dial-up networks It is the telephone company or ISP that manages the modems and telephone lines required for dial-up access.

Enhanced security Sensitive data is hidden from Internet users, but made securely accessible to appropriate users through a VPN.

Network protocol support Because the most common network protocols (including TCP/IP and IPX) are supported, you can remotely run any application.

Scalability and VPNsHowever, as an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. VPNs that utilize the Internet avoid this problem by simply tapping into the geographically-distributed access already available.

IP address security

Because the VPN is encrypted, the addresses you specify are protected, and the Internet only sees the external IP address.

Disadvantages of using VPN connections

•VPNs require an in-depth understanding of public network security issues and proper deployment of precautions. •The availability and performance of an organization's wide-area VPN (over the Internet in particular) depends on factors largely outside of their control. •VPN technologies from different vendors may not work well together due to immature standards. •VPNs need to accomodate protocols other than IP and existing ("legacy") internal network technology.

A well-designed VPN can greatly benefit a company. For example, it can: Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN Reduce transit time and transportation costs for remote users Improve productivity Simplify network topology Provide global networking opportunities Provide telecommuter support Provide broadband networking compatibility Provide faster ROI (return on investment) than traditional WAN

What features are needed in a well-designed VPN? It should incorporate:Security Reliability Scalability Network management Policy management It's fast. It's easy to take with you wherever you go. It's able to completely hide you from any other boats or submarines. It's dependable. It costs little to add additional submarines to your fleet once the first is purchased.

ASP is Web server based technology that pre-processes web pages before they are returned to a browser.This technology contains three maijor components. These components are defined as:•Server Side Scripting Code and Include Files•Server Base Objects•Server Side ComponentsWith Active Server Pages (ASP), you can create a server-side script that extracts the contents of a user's client certificate and saves this information in a text file. By adding this script to SSL-secured Web pages, you can effectively catalog and manage the client certificates of users accessing your server.

What is Active Server Pages ?

What is Global.asa file?

The Global.asa file is an optional file that can contain declarations of objects, variables, and methods that can be accessed by every page in an ASP application.

The Global.asa file can contain only the following:•Application events •Session events •<object> declarations  •TypeLibrary declarations

The Global.asa file must be stored in the root directory of the ASP application, and each application can only have one Global.asa file.

The Global.asa file can contain four types of events:•Application_OnStart •Session_OnStart •Session_OnEnd •Application_OnEnd

What is ADO?

The ActiveX® Data Objects (ADO) programming model represents the best of the existing Microsoft data access programming models. ADO provides the following benefits:•Easier development using a simple object model•Reduction in network traffic and client memory requirements•Improvement scalability and built-in support for resource pooling•Saving of records sets to a physical file•Support of local find, sort, and filter operation by record sets•Fabrication of record sets without a database connection.

Average of Contracts /Land Registry /Day

1.1

Bad Day Case: Average of Contracts /Land Registry / Day

4.7

Average of Contracts /Land Registry /Day (Athens)

3.7

Bad Day Case: Average of Contracts /Land Registry / Day (Athens)

41.6

Average of Contracts /Land Registry /Day(Thessalonica)

9.0

Bad Day Case: Average of Contracts /Land Registry / Day (Thessalonica)

28.7

Average of Contracts /Land Registry /Day (Patra)

5.2

Bad Day Case: Average of Contracts /Land Registry / Day (Patra)

26.7

For the requirements and the needs of the project (the architecture of the network and the application), we have a preliminary study of the existing elements concerning the traffic and the expected data.Receiving the estimate of the transactions (Mortgages, Attachments-Cheque) in Land Registries of the countries (386 records of TIRESIAS COMPANY) 120.000 transactions for year 2001 (not included purchases and sales) and with an increase 60%, the transactions are about 200.000 per year. According to these estimations for the current number of 120.000 deeds per year we have the following elements.

A. Detailed problem statement An estimate of Land Registries Data Traffic

For 200.000 contracts per year we have the following elements:

Average of Contracts /Land Registry /Day

1.7

Bad Day Case: Average of Contracts /Land Registry / Day

7.5

Average of Contracts /Land Registry /Day (Athens)

6.0

Bad Day Case: Average of Contracts /Land Registry / Day (Athens)

66.5

Average of Contracts /Land Registry /Day(Thessalonica)

14.4

Bad Day Case: Average of Contracts /Land Registry / Day (Thessalonica)

45.9

Average of Contracts /Land Registry /Day (Patra)

8.2

Bad Day Case: Average of Contracts /Land Registry / Day (Patra)

42.7

Conclusion: We observe that in Panhellenic level (except big centres) the averages of the contracts do not exceed the 1.7 contracts/Land Registry/Day. Receiving this number in combination with the 20 Kbytes of Data /Deed (this resulted from the "Publication of Law 2844/2000"), which are estimated to be dispatched in the Central System for each contract, we have 34 Kb total volume of traffic data/ Land Registry/Day. This volume is minimal in the level of Land Registry. These numbers are expected for the bad case, considering that each Land Registry will send 34 Kb each day for 200.000 contracts in the year.

Analysis of the provided services

Basic requirement of the Land Registry is the fast, easy and friendly data interchange that is required by the legal platform.Daily the Central Service contacts with all Land Registries. (about 400) Because of it, a more expedient and effective solution that is proposed, is the creation of a new information system. This system will be installed in the Central Service and will allow the data input of the Regional Services in a central DataBase.The Inetrnet access will be successed using the appropriate tools and devices. In this project a Web Server in the Central Service must be installed, to be updated the Database by the Regional Services.

The proposed system will provide the following services: •Input data•Confirmation •Data Storage •DataBase Management

By the proposed system, the Regional Services will use a PC, with an Internet connection and a navigation program.Each user must know to use only the browser application for the connection and navigation on the Web. (Internet Explorer, Netscape Navigator or some similar program of navigation).

The proposed architecture of the system is shown below:

The proposed architecture

Input The user from a Regional Service when he will connect with the system he must have in his disposal an electronic prefabricated form that it will be structured according to the requirements of the Central Service. In this form he will write the elements that are required (the information that he has predetermined and it be considered essential from the Central Service). The user’s entry in the system and the fill of the form will become with the use of some concrete name in combination with the proportional code for access.

Confirmation The process of confirmation begins afterwards the data are forwarded in the server. Concretely the system checks the elements that have been input in the form with a unique field of the elements of the Region Service.

Data Storage The data that will be collected by the Regional Services, as well as the names of user and the proportional code access will be stored in a central database in a server at the Central Service.

DataBase Management The proposed system will offer possibilities management of the elements of the database that will be collected by the Regional Services.

Data Protection The solution that is proposed for data protection is implemented via the backup system with Software and Hardware.

B. Solution Design – Implementation

There are a variety of different process models for software engineering.

The Linear Sequential ModelThe Prototype Model

The RAD ModelThe Incremental Montel

The Spiral ModelThe WINWIN Spiral Model

The Concurrent Development ModelThe Formal Methods Model

In this project we will follow the Linear Sequential

Model (Waterfall Model).The Waterfall model has five

stages. •Requirements analysis and definition. •System and software design. •Implementation and "unit" testing •System testing •Operation and maintenance

Software requirements analysis:The system specifications were carefully documented and reviewed with

the customer. The analysts developed refined system specifications after the review, this aims to produce software that would be most

similar to the customer’s needs. The analysts also drew up a use case diagram and object diagram to facilitate the designers.

Design:The design process translated the system specifications into a

representation of the software that can be assessed for quality before coding begins. Like requirements, the design is documented and

becomes part of the software configuration. The designers refined the system specifications, refined the use-case diagrams and refined the

object diagrams. The designers also drew collaboration diagrams.

Code:The design must be translated into a machine readable code. The

programmers came up with the coding for the software and implemented it. The programmers, the analysts and the designers

decide the main programming language. A bug-free code was finally generated.

Testing:Once the code was generated, program testing began. The testers drew

up test cases and proceeded with White and Black Box Testing. The testing process focuses on the logical internals of the software, ensuring that all the statements have been tested, and on the

functional externals; that is, conducting tests to uncover errors and ensure that defined input will produce actual results that agree with the

required results.

Requirements of the Network•VPN (Virtual Private Network) interconnection is provided by ISP (OTENET).•Use of ISDN (64 kbps are proposed) for the server of the Central System or dial-up connections for the Regional Systems. •Protection of the internal network with the use of firewals.•Network devices as routers, switches, and modems are worked out.

Requirements of Hardware/Software•Server: Compaq Proliant ML 350 •Operating system: MS Windows 98, 2000 , XP •DataBase: Access 2000, MS SQL Server 2000 •Firewall software: MS Internet Security and Acceleration Server 2000 •Web Server: MS Internet Information Server 5.0 •UPS 1KVA.

Requirements of the Application• Platform: Microsoft. • Technology: n-tier, web based, client-server application with the use of technologies ASP, COM components and Transaction Server. • Desirable operations of the system: Data Input, Input Confirmation, Data Storage, DataBase Management. • The safety is ensured through the users’ certification (authentication - username, password). However it will be supposed that the safety of the entire system is increased considerably by the use of VPN.• the use of SSL protocol .

Requirements Analysis

Network Architecture of the Proposed SolutionsConcisely two alternative solutions are proposed for the architecture of the network in order to support the operation of the application. •VPN Solution: The connection of the Central System with the Regional Services through VPN, is provided by a third provider (ISP). The functionality and the safety of VPN are ensured by the provider, while the connection of the Central Service with the VPN takes place also with ISDN lines and the Regional Services with the VPN via dial-up connections. (Modem) •Mixed Solution: A mixed "situation" is proposed, in which some Regional Units (these with max volume of traffic) are connected with the Central via VPN, while the rest are connected directly through dial-up connections (Modem) with the Central System.

Router

PWR

OK

WIC0ACT/CH0

ACT/CH1

WIC0ACT/CH0

ACT/CH1

ETHACT

COL

BasebandModem

PWR

OK

WIC0ACT/CH0

ACT/CH1

WIC0ACT/CH0

ACT/CH1

ETHACT

COL

BasebandModem

VPNLeased

Line

Client PC

dial-up connection

Client PC

Client PC

Firewall

DMZ SwitchWeb Server

DB Server

Main Switch

VPN Solution

Comparative advantages:Easy installation.

Less investment costs.Security due to the use of the guaranteed infrastructure of the

ISP. Security in the level of application.

Unlimited number of Regional Services that can be connected to the Central System.

Easy interfaceComparative disadvantages:

Most functional costs.Costs for servers, devices and software programs.

Estimate of Data using VPN SolutionFor the data transactions of 12.8 Mb/day (as it was calculated more or less) are required 4.6 hours using 64Kbits/sec line. To

avoid the above time we can use 128 Kbits/sec ISDN line.

Router

PWR

OK

WIC0ACT/CH0

ACT/CH1

WIC0ACT/CH0

ACT/CH1

ETHACT

COL

BasebandModem

PWR

OK

WIC0ACT/CH0

ACT/CH1

WIC0ACT/CH0

ACT/CH1

ETHACT

COL

BasebandModem

VPNLeased

Line

Client PC

Client PC

Client PC

Client PC

Client PC

Access Server

DMZ Switch

HubModem

Pool

Firewall

Main Switch

Web Server

DB Server

PSTN

Mixed Solution

Comparative advantages:Low functional cost.

Comparative disadvantages:The research and the installation require more time and are technically

difficult.High investment cost.

The security of the data distribution through the direct telephone connections is not ensured (contrary to the distribution through VPN).

There is a restriction of the 256 simultaneous direct telephone connections. (Practically they are calculated around the 10-15 maximum

simultaneous connections.)Estimate Data Volume of Mixed Solution

Average time is considered the time that is needed for the achievement of the connection with the Central System, the data input and finally the

dispatch of the elements to the Central System.We consider the following parameters for each Regional Service:

average time/ contract the 16 minutes,connection cost with the VPN 15 € /monthly,

telephone cost 0.006 € /per min and telephone cost of provinces call 0.08 € per min (prices without VAT).

On the bases of these parameters, we have the following diagram:

Break-Even Analysis

We observe that the direct call is better when there are up to 12 contracts / month.

If we perform this analysis for different time/ contract, with minimal time 3 min/ contract and max 29 min/ contract we have the Threshold points.

Threshold Points

From the above diagram we observe that time per contract and volume of contracts per month are inversely.The total time of data dispatch with the direct connection, is estimated 59 min per day. (with the assumption of : 16 min/ contract) and the volume of the Land Registries that will be connected directly (and no via VPN) with the Central System, it is appreciated in roughly 200 Land Registries

Time of Connections per day

8:00 until 14:00 total 6 Hours

Duration of connection 0,5 Hours (30 min.)

Total of connections /modem

6 Hours/0,5 Hour Duration of connection = 12 connections per modem

Total of connections/day

16 modem x 12 connections per modem per day = 192 connections per day.

Clear service time for each connection

30 min. per connection -5 min Delay of connection of modem = 25 min Clear

time of service per connection.

Total max service time per day

192 Connections of x 25 min = 4800 min service per day

From the elements of the above table we conclude that an available number from 16 modems (Pool of Modems) are enough to have satisfaction of the requirements. (users/modem: 12,5:1, when for ISPs is forecasted 10:1)With the same number of Modem (16) they can be served less connections/day, but with increased time of service.

Daily service of connections

The volume of the contracts that will be sent with direct connection, in point of the total volume (estimate 2001) is very small (4.195 and 119.853 ). So, the main movement of the data will be with the leased line.

Estimate of the Costsa. VPN Solution Network Infrastructure

Central Service

Regional Service

Functional Monthly Cost

b. Mixed Solution Network Infrastructure

Products and Technologies

Network Equipment

The connection with the internet will become via the router Cisco 1720 which will be connected with the Firewall Server in the local network via an Ethernet. The same router will be also used for the connection with the VPN network of OTENET.

The modem Campus-RS will be used for the connection in the INTERNET and in the VPN network of OTENET.

For the role of the convector, the model that has been selected is the PS220A of Compex.

Proliant ML of 350 Compaq is the computer that will be used for the role of Web Server.

UPSThe offered equipment is Pulsar

EX10 of Marlin Cerin.

Printer The offered equipment is the HP 1200 LaserJet.

Description of the ApplicationThe users can execute the following operations (Menu of Users): •Input of a new registration (new pawn). •Change of an existing registration (correction, change of elements, changes etc) •Depreciation – obliteration of the existing registration.•Search for registrations that have some criteria.•All the users must have access (search) in the database, independent from Land Registry.

The administrators can execute the following operations (Menu of Administrators): •New user addition.•Change of elements for an existing user.•Deletion of existing user.•Review of the contracts that became in a time period per Land Registry. •Review of the contracts that became from all the Land Registries in a time period.

Input elements Flow Chat

This flow chart describes the process of the input elements by electronic form, through user’s web browser, the control of the locally correction (that they can be checked before the dispatch), the dispatch and the central control of the data and finally a briefing of the result of the process for the user.

DataBase ENTITY RELATIONSHIP DIAGRAM and DesignThe entity relationship model views the Organisation as a set of data elements, known as entities, which are the things of interest to the organisation, and relationships among these entities. This model helps the computer specialist to design appropriate computer systems for the organisation and to provide management for the perceiving aspects of the business.

As soon as the user tries to acquire access in the operations of the application (to connect in the web server) it is asked from him the following elements (in level of application): Name of access (username) Code Access (password) The inputted elements will be compared with that in the database and if the user " not locked himself", it will be presented to him, (proportionally if he is administrator or simply user), a suitable menu. If the user gives error elements in the system moreover 5 times the system will prohibit him to access (it locks him) and it will communicate directly with the administrator..

Navigation Forms of the prototype

default.html Backdoor.asp

login.asp main.asp emplist.asp

emplform.aspemplglst.aspSignup.asp

addnewmember.aspconfirm.asp Disk file

Disk file

Disk file

UML Diagrams of the prototypeThe heart of object-oriented problem solving is the construction of a model. The model abstracts the essential details of the underlying problem from its usually complicated real world. Several modelling tools are wrapped under the heading of the UML, which stands for Unified Modelling Language.A model is an abstraction of the underlying problem. The domain is the actual world from which the problem comes. Models consist of objects that interact by sending each other message. Think of an object as "alive." Objects have things they know (attributes) and things they can do (behaviours or operations). The values of an object's attributes determine its state. Classes are the "blueprints" for objects. A class wraps attributes (data) and behaviours (methods or functions) into a single distinct entity. Objects are instances of classes.

Use case diagrams describe what a system does from the standpoint of an external observer. The emphasis is on what a system does rather than how.

Activity diagrams and statechart diagrams are related. While a statechart diagram focuses attention on an object undergoing a process (or on a process as an object), an activity diagram focuses on the flow of activities involved in a single process. The activity diagram shows the how those activities depend on one another.

Deployment diagrams show the physical configurations of software and hardware. The following deployment diagram shows the relationships among software and hardware components involved in the “Fictitious Pawn” transactions.

Class diagram gives an overview of the system by showing its classes and the relationships among them. Class diagrams are static -- they display what interacts but not what happens when they do interact.

Sequence Diagram is an interaction diagram that details how operations are carried out - what messages are sent and when. Sequence diagrams are organized according to time.

Electronic Forms of the prototype

The use cases have been completed, the problem has been analyzed, and a suitable design for the architecture has been defined. It is time for implementation. The activities of implementation include:

•Mapping the design into code and components•Unit testing•Reverse engineering

The principal responsibility and activity of the implementer is to map the artefacts of design into executable code. Every implenmenter is responsible for unit testing his own work. The final step in the sequence is reverse engineering any code changes that affect the artefacts in the model.

The following prototype has implemented only the administrator and user registration to the system: This is the folder with all the files of the application.

PRESS THIS BUTTON FOR THE APPLICATION

C. TestingIs a process of executing a program with the intent of finding an error. A good test is one that has a high probability of finding an as yet undiscovered error. The objective is to design tests that systematically uncover different classes of errors and do so with a minimum amount of time and effort.Secondary benefits include:Demonstrate that software functions appear to be working according to specification. The performance requirements to have been met. Data collected during testing provides a good indication of software reliability and some indication of software quality.

System testing may involve testing website performance, testing and debugging software, and testing new hardware.

An important part of testing is the review of prototypes of displays, reports, and other output. Prototypes should be reviewed by end users of the proposed systems for possible errors. Of course, testing should

not occur only during the system’s implementation stage, but throughout the system’s development process.

We have many types of testing:Exercising the code

Performance testing. The black box

Usability testingload testing

acceptance testing security testing

D. Security The term security describes the protection of our data and system. A secure system is a properly fuctioning software application that does only what it is supposed to do, without compromising the integrity of our data to those who are not authorized to have that information.For the creation a site in the Internet, should be ensured certain terms of safety.Initially it should be evaluated the needs, and to be answered questions, as: how sensitive are the data? What ways of access in the data exist? Who wants this data and on what reason? What users need to have access in the data? To understand the areas of risk in our application, we need to understand where our system is vulnerable. The basic Web architecture, being a variant of a client/server architecture, has three principal architectural elements; the client, the network, and the server.

VPN SecurityUsing VPNs places most of the security responsibilities, such as network traffic encryption, on the infrastructure rather than on the individual applications. Some Web applications may use VPNs as part of their security measures. VPNs can be implemented with a combination of software and hardware or just as software. A well-designed VPN uses several methods for keeping your connection and data secure: Firewalls - A firewall provides a strong barrier between your private network and the Internet. You can set firewalls to restrict the number of open ports, what types of packets are passed through and which protocols are allowed through. Some VPN products, such as Cisco's 1700 routers, can be upgraded to include firewall capabilities by running the appropriate Cisco IOS on them. You should already have a good firewall in place before you implement a VPN, but a firewall can also be used to terminate the VPN sessions. Encryption - This is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Most computer encryption systems belong in one of two categories:Symmetric-key encryption Public-key encryption

Technology behind VPNs

Several network protocols have become popular as a result of VPN developments:

•PPTP •L2TP •IPsec •SOCKS

These protocols emphasize authentication and encryption in VPNs. Authentication allows VPN clients and servers to correctly establish the identity of people on the network. Encryption allows potentially sensitive data to be hidden from the general public. Many vendors have developed VPN hardware and/or software products. Unfortunately, immature VPN standards mean that some of these products remain incompatible with each other. These protocols attempt to close some of the security holes inherent in VPNs. These protocols continue to compete with each other for acceptance in the industry.

The Future of VPN

Increased network capability is a major priority of companies as they look to strengthen their electronic ties with an ever- expanding network of business partners and a growing proportion of remote workers. Companies need networks that can handle higher transmission speeds over greater distances and with greater reliability all in an efficient manner. They also look for networks that can handle a growing number of data types and have the flexibility to meet future requirements. To manage these diverse needs, companies are upgrading their networks to handle voice and multiple data types in a controlled manner. The emphasis is on meeting current needs in a cost- effective way while building a foundation to support future needs. A number of different solutions are emerging as a result, including IP virtual private networks (IP VPNs), 10 GB ethernet (10GbE), and fiber-optic networks.

E. CONCLUSION

Bibliography

WEB SECURITY: A Step-by-step Reference GuideLincoln D.Stein, Addison Wesley Longman, 1998 INFORMATION SYSTEMS DEVELOPMENTD.E Avison and G.Fitzgerald Computer Networks Tanenbaum, Andrew S. ISBN 0133942481 Communications Networks: A First Course Walrand, Jean ISBN 0256088640 Managing IP Networks with Cisco Routers Ballew, Scott ISBN 1565923200   Implementing Virtual Private Networks:PRAC BIRD ISBN 0735700478 Virtual Private Networks 2/ed SCOTT ISBN 1565925297 ASP in Nutshell: A Desktop Quick Reference, Second EditionA.Keyton Weissinger. O’Reilly & Associates July 2000Beginning ASP DatabasesJohn Kaufman UML FOR V.B6.0 DEVELOPERS (Visual Modeler & Rational Rose)Paul Harmon and Brian Sawyer

Software Engineering: A Practitioner’s Approach (European [12] Adaptation)Pressman S R.(2000) McGraw-HillInformations Systems Requirements: Determination and Analysis (2nd edition)Flynn D J. (1997) McGraw-HillInformation Systems Development: Methodologies, Techniques and toolsAvison D E & Fitzgerald G. (1995) McGraw-HillA Database System: A practical approach to design, implementation and management Reading.Connolly, Begg, Strachan. Addison-Wesley (1996)Fundamentals of Database Systems USA : World Student Series EditionElmasri/Navathe Engineering Design Dhillon, Balbir S. ISBN 0256183120 Τεχνολογία Λογισμικού Τόμος Α'  ΓΙΑΚΟΥΜΑΚΗΣ ISBN  420-0304-1 Τεχνολογια Λογισμικου Β'  ΓΙΑΚΟΥΜΑΚΗ ISBN 420-0304-2

By Karaiskos Kostas

(M.N 00/4364)

December 2002