Systems Development – Basic concepts

 

Learning Outcomes:

• Describe the phases involved in systems development using the Waterfall Model.
• By using suitable case studies, students should experience the processes and activities involved in various phases of systems development.
• Explore the limitations and shortcomings of the Waterfall Model.
• Recognise the benefits and limitations of other approaches.
• Other approaches include Prototyping and Rapid Application Development (RAD).

 

Waterfall Model

 

Steps:

1. System requirement Analysis: Compile user requirements. Document: Requirement documentation.
2. System Design: Establish software and hardware requirements.
3. Implementation: implement the design. Program coding is written.
4. Testing and Integration: Look for any errors in the coding. All units are integrated.
5. Deployment: Deployed to users.
6. Maintenance: Further updates if issues arise.

Each phase is completed before going to the next one.

Documentation is integrated into all the phases.

 

Relevant past paper:

DSE ICT Elect B(SP-2017):  SP 4a. 2013 3b. 2016 1ai-iii.

AL CS2(2003-2012): 2007 1a. 2008 3. 2010 3a,bii,c. 2012 2, 8a.

Learn more: AL CS2 2004 13ab.

  

Limitations and shortcomings of the Waterfall Model

 

The model goes forward only and does not support going backward for revision or improvement.

Requirements defined in the initial phases. Cannot accommodate requirement changes.

Development time is usually longer than other approaches. (no overlapping of different phases)

 

Prototyping

 

After knowing the basic requirement, a prototype of the system is built. Users can try the system and provide feedback to refine the system requirements.

 

Rapid Application Development (RAD)

 

Uses prototyping approach.

Aim at quick development while reducing cost and maintaining quality.

 

Drawback:

• require active user involvement
• RAD not applicable if the system cannot be modularized
• need highly skilled developers for modelling

 

Relevant past paper:

DSE ICT Elect B(SP-2017):  SP 4b. 2014 1aiv. 2016 1aiv.

AL CS2(2003-2012): 2007 1b. 2010 8f. 2012 8b.

 

References:

https://www.tutorialspoint.com/sdlc/sdlc_waterfall_model.htm

http://tryqa.com/what-is-prototype-model-advantages-disadvantages-and-when-to-use-it/

http://cisaexamstudy.com/prototype-rapid-application-development-rad-point-remember/

https://marutitech.com/rapid-application-development/#Disadvantages_Of_Rapid_Application_Development

 

Elective B - Compulsory topics that appear in the elective part

 Elective B - Compulsory topics that appear in the elective part

 

Transfer speed calculation

 

MB/s ≠ Mbps

 

• Mbps = megabits per second
• MB/s = megabytes per second

• 1 GB = 1024 MB
• 1 MB = 1024 KB
• 1 KB = 1024 B
• 1 B = 8 bits ***

 

You are usually provided with

• Data size e.g. 20 MB
• Transfer speed e.g. 10 Mbps

Calculate the transfer time

 

Steps:

1. Convert the data size to bits.
   20 MB = 20 x 1024 KB = 20 x 1024 x 1024 B = 20 x 1024 x 1024 x 8 bits
   
   
2. Convert the transfer speed to bits.
   Actually it is already in bits! Mega- here stands for 1000000. i.e. 10 Mb = 10 x 1000000 bits
   
   
3. Data size/transfer speed is the answer.
   20 x 1024 x 1024 x 8 / (10 x 1000000) = 16.78 seconds.

 

Other calculations: 

• Calculate data size from transfer time and speed. 
• Calculate the number of users the devices can support using transfer speed (calculate using individual device’s speed instead of the total speed).

 

Relevant past paper:

DSE ICT Elect B(SP-2017): 2015 2b. 2016 3bi. 2017 2a, 3c.

CE CIT Elec C(2005-2011): 2006 1g. 2007 4di. 2008 3b. 2009 3dii. 2010 3ai.

 

Methods for Internet access

• Wireless network: e.g. Satellite, mobile phone network, 2G – 5G network
• Leased line (compared with broadband): fixed bandwidth (not shared with others), secure, stable and expensive

 

Relevant past paper:

DSE ICT Elect B(SP-2017): SP 3d.

CE CIT Elec C(2005-2011): 2010 2bii.

AS CA(2000-2013): 2006 10d.

 

References:

https://www.rfwireless-world.com/Terminology/wired-network-vs-wireless-network.html

https://www.actcorp.in/blog/what-is-leased-line-and-how-it-works

Network Security

 

Learning Outcomes:

• Describe the potential risks caused by the common network security threats.
• The threats include virus, worm and Trojan programs, spyware, unauthorised access, interception, and Denial of Service (DoS) attack, etc.
• Propose effective measures to improve network security for both wired and wireless networks.
• The measures include anti-virus software, authentication, access and user right control, packet filtering, firewall, public and private key encryption, Wired Equivalent Privacy (WEP), and IPsec used in Virtual Private Network (VPN), etc.
• Encryption mechanisms to guarantee a message is both authentic and private should be known. Detailed implementation algorithms of public and private key encryption are not required. Technical details on how a VPN is constructed are not required.

 

Network security threats

 

Virus: malicious program that injects malicious code into existing applications in order to spread.

Worm: malicious program that can self-replicate and infect other computers. This affects system performance and consumes network bandwidth.

Trojan programs: malware that disguises as legitimate software.

Spyware: malware that tries to keep itself hidden and steals sensitive information.

Adware: malware that hijacks your system and displays advertisements in your computer.

Denial of Service (DoS) attack: prevent users from accessing resources by overloading the network/system with fake communication requests. E.g. ping flood – overwhelm the victim with huge number of ping requests.

 

Relevant past paper:

DSE ICT Elect B(SP-2017): SP 4g. 2015 2cii. 2016 4d.

CE CIT Elec C(2005-2011): 2006 4g. 2008 1h. 

Network security measures

 

Antivirus

• Mechanism e.g. signature analysis: identify the specific code/pattern that the virus carries.
• Therefore, it is important to keep it up-to-date and active.

 

Authentication

• Password recommendations:
• Minimum 8-character length
• Multi-factor authentication
• Avoid common passwords or using personal information as password
• (regularly changing password and mixing uppercase/lowercase/non-alphanumeric characters are not recommended now)

 

Access and user right control

• Software control: block different ports e.g. USB port. Block certain IP addresses. User rights of operating system.
• Hardware control: MAC filtering (feasible if MAC addresses of devices known and infrequent update needed)

 

Firewall

• Mechanism: Packet filtering based on access control list. (Control inbound and outbound communications)
• Block packets based on criteria such as source IP addresses and port number.
• In terms of security, proxy server helps to hide the internal network IP addresses and restrict access to certain websites, while firewall filters unwanted packets.

 

Public and private key encryption (Asymmetric key encryption)

 

Sender A	Receiver B	Result
Use B’s public key for encryption	Use own private key for decryption	Only B can read the message
Use own private key for encryption	Use A’s public key for decryption	Message is really from A. (Digital signature)

Encrypt twice with both methods can serve both purposes. But it is also more time consuming.

 

Wired Equivalent Privacy(WEP)

See wireless network

 

IPsec used in Virtual Private Network (VPN)

• IPsec is used to set up encrypted connections between devices. IPsec is also implemented in IPv6.
• Virtual Private Network (VPN) establishes communication channel between you and the VPN server with the data encrypted.
• Disadvantages: complicated in configuration and connection speed can be slow.

 

Protocols with encryption

• HyperText Transfer Protocol Secure (HTTPS). Encrypted using TLS.
• Secure Sockets Layer (SSL). The newer one is Transport Layer Security (TLS).
• Secure Shell (SSH). For communication between computers.

 

Relevant past paper:

DSE ICT Elect B(SP-2017): SP 3b,ci, 4f. PP 2a(P1), 3ai,b,c, 4c. 2012 1bii. 2013 1bii,ci. 2014 3abii,c, 4aiii,ci. 2015 1bii, 2ci, 3c. 2016 2ci. 2017 1bii,c, 2cii.

CE CIT Elec C(2005-2011): 2005 4efg. 2006 3g, 4f. 2007 4f. 2008 2e, 4de. 2009 1bd. 2010 3e, 4bvi.

AS CA(2000-2013): 2003 10dii. 2004 9ci. 2006 4b, 10ceg. 2007 7, 9e. 2009 1a, 9f. 2010 9fii. 2011 8dg. 2013 10f.

For interest only: AS CA: 2003 10abcdi. 2005 2.

 

References:

https://securitytrails.com/blog/top-10-common-network-security-threats-explained

https://www.usnews.com/360-reviews/antivirus/how-does-antivirus-software-work

https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide

https://www.tutorialspoint.com/network_security/network_security_firewalls.htm

https://www.preveil.com/blog/public-and-private-key/

https://www.gov.hk/en/residents/communication/infosec/digitalcert.htm

https://www.cloudflare.com/learning/network-layer/what-is-ipsec/

https://www.usnews.com/360-reviews/vpn/what-is-a-vpn

https://blog.robertelder.org/what-is-ssh/