Rozprawy doktorskie na temat „Extranets (Computer networks)”

This thesis focuses on efficient provisioning of resilient Virtual Private Network (VPN) services. It first confirms the intuition that network resources can be more efficiently utilized when resilience mechanisms are implemented by a network provider in the physical network than by its VPN customers in their VPNs. Next, a Multiprotocol Label Switching-based programmable VPN architecture is presented that delivers virtual links as resilient quality of service (QoS) connections and virtual sites. Virtual sites allow customers to implement functionality like customized routing and content adaptation ???in the cloud???, as opposed to the current network model where all functionality is implemented at the network edge. To provision a resilient QoS connection, two paths need to be computed from the ingress to the egress nodes, such that both paths meet the given QoS constraints. Two different frameworks have been proposed in the literature to compute resilient QoS connections when the QoS constraints are bandwidth and end-to-end delay. They both use a preprocessing step whereby either all links with less residual capacity than the given bandwidth constraint are pruned, or the given end-to-end delay is converted to an effective bandwidth. The frameworks thus reduce the problem to one with only a single constraint. We argue in this thesis that these frameworks individually lead to poor network utilization and propose a new framework where both constraints are considered simultaneously. Our framework exploits the dependency between endto- end delay, provisioned bandwidth and chosen path through using the provisioned bandwidth as a variable. Here, two link-disjoint paths are computed together with their respective minimum bandwidths such that both the bandwidth and end-to-end delay constraints are satisfied. Given our framework we first propose a new generic algorithm that decomposes the problem into subproblems where known algorithms can be applied. Then we propose two new linear programming (LP) formulations that return the two paths and their respective bandwidths such that they have the minimum combined cost. To make our framework applicable in a production environment, we develop two new algorithms with low run times that achieve even higher network performance than their LP formulation counterpart. These algorithms systematically use an algorithm that computes non-resilient QoS connections. As no algorithm for computing nonresilient QoS connections with sufficiently low run time has been proposed in the current literature we develop two new algorithms and their respective heuristics with a run time comparable to Dijkstra???s shortest-path algorithm. Our simulations show that exploiting the dependency between end-to-end delay, provisioned bandwidth and chosen path can significantly improve the network performance.

This thesis presents the analysis and experimental results for an evaluation of the performance and Quality of Service (QoL) levels of a virtual private network( QoL) levels of a Virtual Private Network (VPN) implementation of an IEEE 802.11b wireless infrastructure. The VPN tunnelling protocol considered for the above study is IP security (IPSec). The main focus of the research is to identify the major performance limitations and their underlying causes for such VPN implementations under study. The experimentation and data collection involved in the study spans over a number of platforms to suit a range of practical VPN implementations over a wireless medium. The collected data includes vital QoS and performance measures such as the application throughput, packet loss, jitter, and round-trip delay. Once the baseline measure is established, a series of experiments are conducted to analyse the behaviour of a single IPSec VPN operating over an IEEE 802.11b infrastructure, after which the experimentation is extended by investigating the trends of the performance metrics of a simultaneously multiple VPN setup. The overall results and analysis of the investigation concludes that the CPU processing power, payload data size, packet generation rate and the geographical distance are critical factors affecting the performance of such VPN tunnel implementations. Furthermore, it is believed that these results may give vital clues for enhancing and achieving optimal performance and QoS levels for VPN applications over WLANs
Master of Science (Hons.)

Thesis (M.S.)--University of Florida, 2001.
Title from title page of source document. Document formatted into pages; contains x, 188 p.; also contains graphics. Includes vita. Includes bibliographical references.

This thesis presents the analysis and experimental results for an evaluation of the performance and Quality of Service (QoL) levels of a virtual private network( QoL) levels of a Virtual Private Network (VPN) implementation of an IEEE 802.11b wireless infrastructure. The VPN tunnelling protocol considered for the above study is IP security (IPSec). The main focus of the research is to identify the major performance limitations and their underlying causes for such VPN implementations under study. The experimentation and data collection involved in the study spans over a number of platforms to suit a range of practical VPN implementations over a wireless medium. The collected data includes vital QoS and performance measures such as the application throughput, packet loss, jitter, and round-trip delay. Once the baseline measure is established, a series of experiments are conducted to analyse the behaviour of a single IPSec VPN operating over an IEEE 802.11b infrastructure, after which the experimentation is extended by investigating the trends of the performance metrics of a simultaneously multiple VPN setup. The overall results and analysis of the investigation concludes that the CPU processing power, payload data size, packet generation rate and the geographical distance are critical factors affecting the performance of such VPN tunnel implementations. Furthermore, it is believed that these results may give vital clues for enhancing and achieving optimal performance and QoS levels for VPN applications over WLANs

Thesis (M.Sc. (Hons.)) -- University of Western Sydney, 2005.
A thesis submitted in fulfillment of the requirements for the award of the degree Master of Science (Honours) to the University of Western Sydney on March 2005. Includes bibliography.

The subject of this diploma thesis is the implementation of the intranet to support business processes. At the beginning are defined the basic concepts of the topic. Then I analyzed the situation in the company and the current status of ICT. Based on these analyses, I proposed the intranet implementation process leading to simplify and streamline business operations.

En 2012, le trafic mobile mondial représentait 70% de plus qu'en 2011. L'arrivée de la technologie 4G a multiplié par 19 le volume de trafic non 4G, et en 2013 le nombre de mobiles connectés à l'Internet a dépassé le nombre d'êtres humains sur la planète. Les fournisseurs d'accès Internet (FAI) subissent une forte pression, car ils ont pour obligations d'assurer à leurs clients l'accès au réseau et le maintien de la qualité de service. À court/moyen terme, les opérateurs doivent délester une partie de leur trafic sur des réseaux d'accès alternatifs afin de maintenir les mêmes caractéristiques de performances. Ainsi, pour désengorger les réseaux d'accès radio (RAN), le trafic des clients peut être préférentiellement pris en charge par d'autres réseaux d'accès disponibles. Notons cependant que les réseaux d'accès sans fil offrent des niveaux de sécurité très différents. Pour les femtocells, WiFi ou WiMAX (parmi d'autres technologies sans fil), il doit être prévu des mécanismes permettant de sécuriser les communications. Les opérateurs peuvent s'appuyer sur des protocoles (tels que IPsec) afin d'étendre un domaine de sécurité sur des réseaux non sécurisés. Cela introduit de nouveaux défis en termes de performances et de connectivité pour IPsec. Cette thèse se concentre sur l'étude des mécanismes permettant de garantir et améliorer les performances du protocole IPsec en termes de continuité de service. La continuité de service, aussi connu comme résilience, devient cruciale lorsque le trafic mobile est dévié depuis un réseau d'accès RAN vers d'autres réseaux d'accès alternatifs. C'est pourquoi nous nous concentrons d'abord dans l'ensemble de protocoles assurant une communication IP: IKEv2 et IPsec. Ensuite, nous présentons une étude détaillée des paramètres nécessaires pour maintenir une session VPN, et nous démontrons qu'il est possible de gérer dynamiquement une session VPN entre différentes passerelles de sécurité. L'une des raisons qui justifient la gestion des sessions VPN est d'offrir de la haute disponibilité, le partage de charge ou l'équilibrage de charge pour les connexions IPsec. Ces mécanismes ont pour finalité d'augmenter la continuité de service de sessions IPsec. Certains nouveaux mécanismes ont été récemment mis en oeuvre pour assurer la haute disponibilité sur IPsec. Le projet open source VPN, StrongSwan, a mis en place un mécanisme appelé ClusterIP afin de créer un cluster de passerelles IPsec. Nous avons fusionné cette solution basée sur ClusterIP avec nos propres développements afin de définir deux architectures : une architecture permettant la Haute Disponibilité et une deuxième architecture présentant la gestion dynamique d'un contexte IPsec. Nous avons défini deux environnements : le Mono-LAN où un cluster de noeuds est configuré sous une même adresse IP unique, et le Multi-LAN où chaque passerelle de sécurité dispose d'une adresse IP différente. Les mesures de performance tout au long de la thèse montrent que le transfert d'une session VPN entre différentes passerelles évite les délais supplémentaires liés à la ré-authentification et réduit la consommation CPU, ainsi que les calculs par le matériel cryptographique. D'un point de vue FAI, le transfert de contexte IPsec/IKEv2 pourrait être utilisé pour éviter la surcharge des passerelles, et permettre la redistribution de la charge, de meilleures performances du réseau ainsi que l'amélioration de la qualité de service. L'idée est de permettre à un utilisateur de profiter de la continuité d'un service tout en conservant le même niveau de sécurité que celui initialement proposé
During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed

During 2012, the global mobile traffic represented 70\% more than 2011. The arrival of the 4G technology introduced 19 times more traffic than non-4G sessions, and in 2013 the number of mobile-connected to the Internet exceeded the number of human beings on earth. This scenario introduces great pressure towards the Internet service providers (ISPs), which are called to ensure access to the network and maintain its QoS. At short/middle term, operators will relay on alternative access networks in order to maintain the same performance characteristics. Thus, the traffic of the clients might be offloaded from RANs to some other available access networks. However, the same security level is not ensured by those wireless access networks. Femtocells, WiFi or WiMAX (among other wireless technologies), must rely on some mechanism to secure the communications and avoid untrusted environments. Operators are mainly using IPsec to extend a security domain over untrusted networks. This introduces new challenges in terms of performance and connectivity for IPsec. This thesis concentrates on the study of the mechanism considering improving the IPsec protocol in terms of continuity of service. The continuity of service, also known as resilience, becomes crucial when offloading the traffic from RANs to other access networks. This is why we first concentrate our effort in defining the protocols ensuring an IP communication: IKEv2 and IPsec. Then, we present a detailed study of the parameters needed to keep a VPN session alive, and we demonstrate that it is possible to dynamically manage a VPN session between different gateways. Some of the reasons that justify the management of VPN sessions is to provide high availability, load sharing or load balancing features for IPsec connections. These mechanisms increase the continuity of service of IPsec-based communication. For example, if for some reason a failure occurs to a security gateway, the ISP should be able to overcome this situation and to provide mechanisms to ensure continuity of service to its clients. Some new mechanisms have recently been implemented to provide High Availability over IPsec. The open source VPN project, StrongSwan, implemented a mechanism called ClusterIP in order to create a cluster of IPsec gateways. We merged ClusterIP with our own developments in order to define two architectures: High Availability and Context Management over Mono-LAN and Multi-LAN environments. We called Mono-LAN those architectures where the cluster of security gateways is configured under a single IP address, whereas Multi-LAN concerns those architectures where different security gateways are configured with different IP addresses. Performance measurements throughout the thesis show that transferring a VPN session between different gateways avoids re-authentication delays and reduce the amount of CPU consumption and calculation of cryptographic material. From an ISP point of view, this could be used to avoid overloaded gateways, redistribution of the load, better network performances, improvements of the QoS, etc. The idea is to allow a peer to enjoy the continuity of a service while maintaining the same security level that it was initially proposed

The aim of the study is to investigate what impact the use of VPN has on network performance. An empirical investigation using quantitative research methods was carried out. Two sample scenarios were involved in the study: scenario without VPN and scenario with VPN. In both scenarios, three applications were used in turns, an HTTP, an FTP, and a CBR. FTP was configured to use window size and packet size, while CBR used connection rate and packet size. On the other side, the number of connection was the only parameter used for HTTP. These applications were injected in a 100 Mbps fixed link of an NS2 simulation environment. Throughput and delay averages were measured respectively for the two scenarios and values compared using Student’s t-test. While the TCP and HTTP throughputs were found decreasing, the UDP throughput was not affected by the presence of this VPN. Concerning the delay; the TCP, UDP and HTTP delay were found increasing.
Electrical Engineering
M. Tech. (Electrical Engineering (Computer Systems))

by Tam Scott Kin Lun.
Thesis submitted in: October 2005.
Thesis (M.Phil.)--Chinese University of Hong Kong, 2006.
Includes bibliographical references (leaves 58-64).
Abstracts in English and Chinese.
Chapter 1. --- Introduction --- p.1
Chapter 1.1. --- Optical Networks --- p.1
Chapter 1.1.1. --- IP over Optical Networks --- p.1
Chapter 1.1.2. --- Challenges in Optical Networks --- p.4
Chapter 1.2. --- Virtual Private Networks (VPN) --- p.5
Chapter 1.2.1. --- CE Based VPN --- p.6
Chapter 1.2.2. --- Network Based VPN --- p.7
Chapter 1.2.2.1. --- MPLS Layer 2 VPN --- p.8
Chapter 1.2.2.2. --- MPLS Layer 3 VPN --- p.9
Chapter 1.2.3. --- Optical VPN --- p.9
Chapter 1.2.4. --- Challenges in VPN Technologies --- p.11
Chapter 1.3. --- Objective of this Thesis --- p.11
Chapter 1.4. --- Outline of this Thesis --- p.12
Chapter 2. --- Architecture of an All-Optical VPN --- p.13
Chapter 2.1. --- Introduction --- p.13
Chapter 2.2. --- Networking Vendor Activities --- p.13
Chapter 2.3. --- Service Provider Activities --- p.15
Chapter 2.4. --- Standard Bodies Activities --- p.16
Chapter 2.5. --- Requirements for All-Optical VPN --- p.17
Chapter 2.6. --- Reconfigurability of an All-Optical VPN --- p.19
Chapter 2.7. --- Switching Methods in All-Optical VPN --- p.20
Chapter 2.8. --- Survivability of an All-Optical VPN --- p.23
Chapter 3. --- Maximizing the Utilization Of A Survivable Multi-Ring WDM Network --- p.25
Chapter 3.1. --- Introduction --- p.25
Chapter 3.2. --- Background --- p.25
Chapter 3.3. --- Method --- p.26
Chapter 3.3.1. --- Effect on packet based services --- p.28
Chapter 3.3.2. --- Effect on optical circuit based services --- p.28
Chapter 3.4. --- Simulation results --- p.29
Chapter 3.5. --- Chapter Summary --- p.36
Chapter 4. --- Design of an All-Optical VPN Processing Engine --- p.37
Chapter 4.1. --- Introduction --- p.37
Chapter 4.2. --- Concepts of Optical Processors --- p.38
Chapter 4.3. --- Design Principles of the All-Optical VPN Processing Engine --- p.40
Chapter 4.3.1. --- Systolic System --- p.41
Chapter 4.3.2. --- Design Considerations of an Optical Processing Cell --- p.42
Chapter 4.3.2.1. --- Mach-Zehnder Structures --- p.43
Chapter 4.3.2.2. --- Vertical Cavity Semiconductor Optical Amplifier --- p.43
Chapter 4.3.2.3. --- The Optical Processing Cell --- p.44
Chapter 4.3.3. --- All-Optical VPN Processing Engine --- p.47
Chapter 4.4. --- Design Evaluation --- p.49
Chapter 4.5. --- Application Example --- p.50
Chapter 4.6. --- Chapter Summary --- p.54
Chapter 5. --- Conclusion --- p.55
Chapter 5.1. --- Summary of the Thesis --- p.55
Chapter 5.2. --- Future Works --- p.56
Chapter 6. --- References --- p.58

D. Litt. et Phil.
Today, more and more organisations are adopting the use of the Internet and webbased technologies in the management of and provision of access to information and knowledge resources and services in digital formats. However, it appears that innovative use of the web is more pronounced in corporate organisations. For example, corporate organisations are using portals or sophisticated websites to conduct electronic commerce via the web and provide access to both internal and external information resources and services, accessed via the Internet, intranets, and extranets. The view of the researcher is that innovative use of the Internet and web-based technologies, such as portals, should not be the domain of the corporate world alone. The focus of this thesis is, therefore, to establish the potential application possibilities of portals in other types of organisations, especially agricultural research organisations in the Southern African Development Community (SADC) region. The main research problem addressed in this thesis was What is the nature and application possibility of agricultural information portals in the provision of webbased, value-added information services for researchers? To address the above research problem, literature relating to the historical development of the Internet and the World Wide Web, intranet and extranet applications in organisations, as well as portals and their applications, was reviewed. In addition, a study was made of international trends regarding the provision of access to digital agricultural information resources and services via the web, and a questionnaire survey was conducted to establish whether it was necessary to use portals to provide access to digital-based agricultural information resources and services in agricultural research organisations in the SADC region. ii Resulting from the literature reviews, the study of websites of international agricultural organisations, and the survey on the need for portals in agricultural research organisations in the SADC region, the study established that: · There are several potential applications of portals in agricultural research organisations. This led to the definition of the nature and major components of the type of portal that could serve the needs of researchers in agricultural research organisations. · There is a need for portals in agricultural research organisations in the SADC region. The current use of the web in these organisations in the region is largely limited to the development of brochureware types of websites, providing access to information contained in the organisations’ brochures. Therefore, there is need to upgrade from basic Web sites to advanced sites or portals, and the study concluded that in this regard there is a need for clear guidelines to assist agricultural research organisations to plan the deployment of their information portals. Currently, most organisations are using ad hoc approaches when developing their Web sites. The dissertation, furthermore, develops the definition of an agricultural information portal as a web-based application that is accessed via the intranet or extranet and provides a personalised and adaptive interface that enables agricultural researchers to discover, track, and interact with colleagues and other people, software applications, information resources, services and tools relevant to their research interests and work. Taking into account the major components and definition of an agricultural information portal, the study proposes guidelines for use in planning the deployment of portals in agricultural research organisations. The proposed guidelines are independent of specific portal design or development methodology, application domains, and techniques.

Cheung Yu Hoi Ocean.
Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.
Includes bibliographical references (leaves 65-70).
Abstracts in English and Chinese.
Chapter 1 --- Introduction --- p.1
Chapter 1.1 --- Motivation --- p.1
Chapter 1.2 --- Aims --- p.2
Chapter 1.3 --- Contributions --- p.3
Chapter 1.4 --- Thesis Outline --- p.3
Chapter 2 --- Virtual Private Network and FreeS/WAN --- p.4
Chapter 2.1 --- Introduction --- p.4
Chapter 2.2 --- Internet Protocol Security (IPSec) --- p.4
Chapter 2.3 --- Secure Virtual Private Network --- p.6
Chapter 2.4 --- LibDES --- p.9
Chapter 2.5 --- FreeS/WAN --- p.9
Chapter 2.6 --- Commercial VPN solutions --- p.9
Chapter 2.7 --- Summary --- p.11
Chapter 3 --- Cryptography and Field-Programmable Gate Arrays (FPGAs) --- p.12
Chapter 3.1 --- Introduction --- p.12
Chapter 3.2 --- The Data Encryption Standard Algorithm (DES) --- p.12
Chapter 3.2.1 --- The Triple-DES Algorithm (3DES) --- p.14
Chapter 3.2.2 --- Previous work on DES and Triple-DES --- p.16
Chapter 3.3 --- The IDEA Algorithm --- p.17
Chapter 3.3.1 --- Multiplication Modulo 2n + 1 --- p.20
Chapter 3.3.2 --- Previous work on IDEA --- p.21
Chapter 3.4 --- Block Cipher Modes of operation --- p.23
Chapter 3.4.1 --- Electronic Code Book (ECB) mode --- p.23
Chapter 3.4.2 --- Cipher-block Chaining (CBC) mode --- p.25
Chapter 3.5 --- Field-Programmable Gate Arrays --- p.27
Chapter 3.5.1 --- Xilinx Virtex-E´ёØ FPGA --- p.27
Chapter 3.6 --- Pilchard --- p.30
Chapter 3.6.1 --- Memory Cache Control Mode --- p.31
Chapter 3.7 --- Electronic Design Automation Tools --- p.32
Chapter 3.8 --- Summary --- p.33
Chapter 4 --- Implementation
Chapter 4.1 --- Introduction --- p.36
Chapter 4.1.1 --- Hardware Platform --- p.36
Chapter 4.1.2 --- Reconfigurable Hardware Computing Environment --- p.36
Chapter 4.1.3 --- Pilchard Software --- p.38
Chapter 4.2 --- DES in ECB mode --- p.39
Chapter 4.2.1 --- Hardware --- p.39
Chapter 4.2.2 --- Software Interface --- p.40
Chapter 4.3 --- DES in CBC mode --- p.42
Chapter 4.3.1 --- Hardware --- p.42
Chapter 4.3.2 --- Software Interface --- p.42
Chapter 4.4 --- Triple-DES in CBC mode --- p.45
Chapter 4.4.1 --- Hardware --- p.45
Chapter 4.4.2 --- Software Interface --- p.45
Chapter 4.5 --- IDEA in ECB mode --- p.48
Chapter 4.5.1 --- Multiplication Modulo 216 + 1 --- p.48
Chapter 4.5.2 --- Hardware --- p.48
Chapter 4.5.3 --- Software Interface --- p.50
Chapter 4.6 --- Triple-DES accelerator in LibDES --- p.51
Chapter 4.7 --- Triple-DES accelerator in FreeS/WAN --- p.52
Chapter 4.8 --- IDEA accelerator in FreeS/WAN --- p.53
Chapter 4.9 --- Summary --- p.54
Chapter 5 --- Results --- p.55
Chapter 5.1 --- Introduction --- p.55
Chapter 5.2 --- Benchmarking environment --- p.55
Chapter 5.3 --- Performance of Triple-DES and IDEA accelerator --- p.56
Chapter 5.3.1 --- Performance of Triple-DES core --- p.55
Chapter 5.3.2 --- Performance of IDEA core --- p.58
Chapter 5.4 --- Benchmark of FreeSAVAN --- p.59
Chapter 5.4.1 --- Triple-DES --- p.59
Chapter 5.4.2 --- IDEA --- p.60
Chapter 5.5 --- Summary --- p.61
Chapter 6 --- Conclusion --- p.62
Chapter 6.1 --- Future development --- p.63
Bibliography --- p.65

M.Comm.
This study was conducted with the intent of understanding and evaluating the commercial use and possibilities that the Internet offers, as well as the strategic approach businesses should take when commencing with electronic commerce on the Internet. The potential value of Intranets and Extranets has also been examined briefly. The Internet is a very useful mechanism for marketing as well as sales of products or services on a domestic or international basis. Various other commercial possibilities and uses exist for the Internet, as well as for its derivatives — the Intranet and Extranet. In the fiercely competitive market of today, companies research, develop and invest resources in various methods and tools in the hope to gain competitive advantage over their rivals. The Internet, Intranet and Extranet, used in isolation or conjunction, pose an extremely attractive alternative to gaining competitive advantage in a specific sector or market niche.The success of the Internet as a business tool depends directly on the overall business strategy that is driving the approach. For optimum success the main business strategy must be aligned with the Information Technology Strategy, and especially include thorough consideration as well as planning when implementing the Internet or one of its derivatives as a business tool.

M.Sc. (Information Technology)
The internet grew exponentially over the last decade. With more information available on the web, search engines, with the help of web crawlers also known as web bots, gather information on the web and indexes billions of web pages. This indexed information helps users to find relevant information on the internet. An extranet is a sub-set of the internet. This part of the web controls access for a selected audience to a specific resource and are also referred to as restricted web sites. Various industries use extranets for different purposes and store different types of information on it. Some of this information could be of a confidential nature and therefore it is important that this information is adequately secured and should not be accessible by web bots. In some cases web bots can accidently stumble onto poorly secured pages in an extranet and add the restricted web pages to their indexed search results. Search engines like Google, that are designed to filter through a large amount of data, can accidently crawl onto access restricted web pages if such pages are not secured properly. Researchers found that it is possible for web crawlers of well known search engines to access poorly secured web pages in access restricted web sites. The risk is that not all web bots have good intentions and that some have a more malicious intent. These malicious web bots search for vulnerabilities in extranets and use the vulnerabilities to access confidential information. The main objective of this dissertation is to develop a prototype web bot called Ferret that would crawl through a web site developed by a web developer(s). Ferret will try to discover and access restricted web pages that are poorly secured in the extranet and report the weaknesses. From the information and findings of this research a best practice guideline will be drafted that will help developers to ensure access restricted web pages are secured and invisible to web bots.

M. Tech. Business Information Systems
The banking sector allocates a great deal of their annual budget to Information Technology. To maintain and optimise activities such as software licensing, data security, business continuity and upgrading of computer hardware and general technology infrastructure to meet new organisational requirements, huge financial resources are deployed. One innovative approach to meeting these demands is using virtual desktop technology to extend the computer life, reduce IT costs, improve security and increase availability of technology. One may surmise from the experiences of these companies that if banks replace the current personal computers with virtual desktops they may realise the same benefits. With the introduction of Virtual Desktop Infrastructure (VDI) technology; the premise is that it will alleviate these issues currently faced by banks as all these functions can be done in one place instead of doing it on every individual PC. This study seeks to explore factors of VDI adoption and its impact in terms of reducing cost, hardware and software management, remote access, improved data security and recovery, better compliance and reduced energy consumption.

M.Comm.
Business have traditionally relied on private leased lines to link remote office together so that distant workers could share information over a Wide Area Network (WAN). However, while providing a high degree of privacy, leased lines are expensive to set up and maintain. The Internet is fast becoming a requirement for supporting business operations in the global economy. The major concern in using a public network, like the Internet, for data exchange is the lack of security. The Internet was designed to be an "open" network, accessible to anyone with low or none security consideration. Virtual Private Networks (VPN) using Point-to-Point Tunneling Protocol (PPTP) has emerged as a relatively inexpensive way to solve this problem. The primary objective of this dissertation is to evaluate validity and accuracy issues in electronic commerce using VPN as a secure medium for data communication and transport over the Internet. The inherent control features of PPTP were mapped to data communication control objectives and the control models show how these address validity, completeness and accuracy. After analysing and evaluating the inherent control features of PPTP, the overall result is that: PPTP enables a valid communication link to be established with restricted access (validity); the PPTP communication link remains private for the full time of the connection (validity); data can be sent accurately and completely over the PPTP connection and remains accurate during transmission (accuracy); and all data sent is completely received by the receiver (accuracy). By deploying a Point-to-Point Tunneling Protocol for virtual private networking, management can mitigate the risk of transmitting private company and business data over the Internet. The PPTP analysis and evaluation models developed intend to give the auditor a control framework to apply in practice. If the auditor needs to perform a data communication review and finds that a virtual private network has been established using PPTP, the control models can assist in providing knowledge and audit evidence regarding validity and accuracy issues. The auditor should however, not review PPTP in isolation. Validity and accuracy control features inherent to TCP/IP and PPP should also be considered as well as controls on higher levels, e.g. built-in application controls.

A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary.
Computing
M. Sc. (Information Systems)