header image
 

Cyber Crime

 October 4, 2007 • No Comments

Although the term cybercrime is usually restricted to describing criminal activity in which the computer or network is an essential part of the crime, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity.

Examples of cybercrime in which the computer or network is a tool of the criminal activity include spamming and criminal copyright crimes, particularly those facilitated through peer-to-peer networks.
Examples of cybercrime in which the computer or network is a target of criminal activity include unauthorized access (i.e, defeating access controls), malicious code, and denial-of-service attacks.
Examples of cybercrime in which the computer or network is a place of criminal activity include theft of service (in particular, telecom fraud) and certain financial frauds.
Finally, examples of traditional crimes facilitated through the use of computers or networks include Nigerian 419 or other gullibility or social engineering frauds (e.g.,[ hacking ] “phishing“), identity theft, child pornography, online gambling, securities fraud, etc. Cyberstalking is an example of a traditional crime — harassment — that has taken a new form when facilitated through computer networks.

Additionally, certain other information crimes, including trade secret theft and industrial or economic espionage, are sometimes considered cybercrimes when computers or networks are involved.

Cybercrime in the context of national security may involve hacktivism (online activity intended to influence policy), traditional espionage, or information warfare and related activities.

Another way to define cybercrime is simply as criminal activity involving the information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud 

Introduction to Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard’s employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!

Viruses

A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a “virus”.

Many people use the term loosely to cover any sort of program that tries to hide its (malicious) function and tries to spread onto as many computers as possible. Viruses are very dangerous; they are spreading faster than they are being stopped, and even the least harmful of viruses could be fatal. For example, a virus that stops a computer and displays a message, in the context of a hospital life-support computer, could be fatal. Even the creator of a virus cannot stop it once it is “in the wild”.

The main types of PC viruses

Generally, there are two main classes of viruses. The first class consists of the file infectors, which attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS, .OVL, .PRG, & .MNU files. File infectors can be either direct action or resident. A direct-action virus selects one or more other programs to infect each time the program that contains it is executed. A resident virus hides itself somewhere in memory the first time an infected program is executed, and thereafter infects other programs when they are executed (as in the case of the Jerusalem 185 virus) or when certain other conditions are fulfilled. The Vienna virus is an example of a direct-action virus. Most other viruses are resident. The second category is system or boot-record infectors: those viruses that infect executable code found in certain system areas on a disk, which are not ordinary files. On DOS systems, there are ordinary boot-sector viruses, which infect only the DOS boot sector, and MBR viruses which infect the Master Boot Record on fixed disks and the DOS boot sector on diskettes. Examples include Brain, Stoned, Empire, Azusa, and Michelangelo. Such viruses are always resident viruses. Finally, a few viruses are able to infect both (the Tequila virus is one example). These are often called “multi-partite” viruses, though there has been criticism of this name; another name is “boot-and-file” virus.

File system or cluster viruses (e.g. Dir-II) are those that modify directory table entries so that the virus is loaded and executed before the desired program is. Note that the program itself is not physically altered; only the directory entry is. Some consider these infectors to be a third category of viruses, while others consider them to be a sub-category of the file infectors.

Stealth virus

A stealth virus is one that hides the modifications it has made in the file or boot record, usually by monitoring the system functions used by programs to read files or physical blocks from storage media, and forging the results of such system functions so that programs which try to read these areas see the original uninfected form of the file instead of the actual infected form. Thus the viral modifications go undetected by anti-viral programs. However, in order to do this, the virus must be resident in memory when the anti-viral program is executed.

The very first DOS virus, Brain, a boot-sector infector, monitors physical disk I/O and redirects any attempt to read a Brain-infected boot sector to the disk area where the original boot sector is stored. The next viruses to use this technique were the file infectors Number of the Beast and Frodo.

Polymorphic virus

A polymorphic virus is one that produces varied (yet fully operational) copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus. The most sophisticated form of polymorphism discovered so far is the MtE “Mutation Engine” written by the Bulgarian virus writer who calls himself the “Dark Avenger”.

Fast and slow infectors

A typical file infector (such as the Jerusalem) copies itself to memory when a program infected by it is executed, and then infects other programs when they are executed. A fast infector is a virus which, when it is active in memory, infects not only programs which are executed, but also those which are merely opened. The result is that if such a virus is in memory, running a scanner or integrity checker can result in all (or at least many) programs becoming infected all at once.

The term “slow infector” is sometimes used for a virus that, if it is active in memory, infects only files as they are modified (or created). The purpose is to fool people who use integrity checkers into thinking that the modification reported by the integrity checker is due solely to legitimate reasons. An example is the Darth Vader virus

Computer’s Vulnerability

Computers, despite being such high technology devices, are extremely vulnerable. In fact it may be easier to steal national secrets from military computers than to steal “laddoos” from a “mithai” shop. Let us examine the reasons for the vulnerability of computers.

Computers store huge amounts of data in small spaces

Lakhs of pages of written matter can be stored in a CD ROM. Walking out of a godown with one lakh pages would be exceedingly difficult, but walking out of a secure location with a CD ROM containing a lakh of pages would be much simpler.

Ease of access

A bank’s vault, which usually contains a few lakh rupees is well guarded from unauthorized persons. The vault itself is made of very strong materials, located in a reinforced room, guarded by gun toting security personnel. Trusted employees jealously guard the keys and / or access codes. The bank’s servers, on the other hand, which ‘virtually’ control hundreds of crores of rupees, are far easier to break into. The strongest of firewalls and biometric authentication systems have been cracked in the past and will probably continue to be cracked in the future. A secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders, retina imagers etc. that can fool biometric systems can be utilized to get past many a security system.

Complexity

Operating systems are composed of millions of lines of code and no single individual can claim to understand the security implications of every bit of these computer instructions. Hackers easily exploit the numerous weaknesses in operating systems and security products. When one weakness is exposed and exploited openly by the ‘black hat’ community, the operating system (OS) manufacturer patches it up. The hackers then find another weakness to exploit and the cycle goes on and on. It is far easier to find weaknesses in existing operating systems rather than designing and developing a secure operating system.

Human error

People who guard confidential papers with their lives would not think twice about using simple passwords. Most people don’t realize the security implications and ramifications of a simple ‘guessable’ password.

Application Security and Application Networks

Would your organization benefit from application security and the Application Network?

Consider your answer to the following hypothetical question from a line of business or the CIO:

“Our business demands that we use [insert any application here]; can we allow our [remote or internal] users access to it?”

“No, those users aren’t trusted.” “No, traffic is not encrypted.” “No, we can’t extend a VPN because of security.” “No, we don’t want to put that database server in the DMZ.” “No, we can’t route the traffic because of NAT and private IP addresses.” “No, we’d have to open non-standard ports and we can’t do that.” “No, that application is not webified.” “No, our firewall can’t handle dynamic port requests.” “No, we don’t allow any direct touch between networks.” “No…”

If any of these answers sound familiar, then application security and the Application Network can help.

The Access and security trade-off

Today, extending access to applications for the users who need them is no longer a “nice to have” - but a key determinant of who will win and who will lose. Legacy applications and databases, for example, contain invaluable customer information and provide a great resource for partners and other trusted third parties; email and other messaging applications are indispensable for seemingly instantaneous communication; and ‘emerging’ applications, such as audio and video conferencing, are now the critical enabler of ‘real-time business,’ resulting in huge gains in both productivity and profitability. Facilitating the rollout and accessibility of these applications, IP networks - both private and public, wired and wireless - make access to applications possible for any user from any corner of the globe. Why, then, are CIOs constantly refereeing a tug-of-war between the lines of business who want to realize the value of their applications by extending them to the users who need them and the network administrators who want to insulate their network from attack by increasingly limiting access for untrusted third parties?

What is driving this zero sum game where any access gained by the business results in a corresponding decrease in network security? The answer lies in the use of network security to deploy applications. That is, network security, which by its design disrupts and limits connectivity between networks, is also used to enable connectivity. These products - while critical for protecting the physical network - were not intended to protect and extend applications and consequently using them to deploy applications inevitably results in the access and security trade off.

The solution, however, is not to increase the IT budget to buy more point solutions or deploy an army of network administrators to provide the highly-oxymoronic ‘brute force flexibility,’ but to deploy a new conceptual network called the Application Network. The Application Network is a logical network that overlays the physical IP network and leverages its communications infrastructure while not undermining its physical security. The Application Network also underlies the applications that need the physical network for connectivity, providing robust and extensible application-layer security. When deployed, the Application Networks allow enterprises to use the applications their businesses require and securely extend those to the users who need them - while taking advantage of, not compromising, the network security infrastructure.

A Little History

Thirty years have passed since the U.S. Defense Advanced Research Projects Agency (DARPA) initiated the project to determine a method of linking together many disparate packet networks to enable cross-network communication. According to history, the initiative was referred to as the Internetworking project and the resulting mesh of linked packet networks was called the Internet. The Internet at that time was an aggregation of packet networks funded and hosted by government and educational enterprises throughout the United States. Enabling this inter-communication was the development of the Internet Protocol (IP), which defined how data packets are routed across the various networks. Until the 1980’s the Internet was a combination of public networks that allowed primarily academic and government to communicate freely and openly. Applications utilizing the TCP/IP protocol suite could be extended to users with routable IP addresses, a requirement of the early Internet. Soon, however, and by design, the Internet and its obvious business benefits began to get the attention of commercial enterprises as well as foreign governments and soon these organizations began to adhere to the IP protocol and connect their local networks to this public communications infrastructure. Now, users were diverse, unknown and not necessarily trusted while the information accessible was no longer academic, but sensitive business and governmental intelligence. Network security was born.

The Purpose of Network Security

Necessity certainly bred invention with the advent of network security. At a very high level, organizations needed to protect their physical networks from this ‘untrusted’ Internet and were eager to find solutions that allowed them limited access to the public networks while insulating their networks from potential attack and information theft. Answering this demand, firewalls were developed to protect the physical network. Firewalls, often utilizing Network Address Translation (NAT) for non-routable addresses that are hidden from the outside,were designed to limit network access by breaking the two fundamental rules of IP routing - that is that all network nodes must know of other nodes and all addresses of devices must be known. From the outset, the purpose of basic network security was to protect the physical network from attack by limiting connectivity between the two networks.

Emergence of the Security and Access Trade Off

The unfortunate downside of physical security that limits connectivity for untrusted users is that it also limits connectivity for trusted users. To provide access for trusted users,network administrators were forced to start ‘fixing’ the networking rules broken by the physical security as required by the users and the access they required. Opening holes in the perimeter security, however, to allow ingress and egress is exactly that: opening holes. Network administrators quickly realized that the amount of access granted to users was inversely proportional to the security of their network. A seemingly zero sum game, this network security and application access trade off is now a common dilemma within organizations large and small, domestic and international.

Web Designing

 October 3, 2007 • 1 Comment

Welcome to Web Designing blog |  swaonilonline.comHistoryTim Berners-Lee, the inventor of the World Wide Web, published a website in August 1991.[1] Berners-Lee was the first to combine Internet communication (which had been carrying email and the Usenet for decades) with hypertext (which had also been around for decades, but limited to browsing information stored on a single computer, such as interactive CD-ROM design).Websites are written in a markup language called HTML, and early versions of HTML were very basic, only giving websites basic structure (headings and paragraphs), and the ability to link using hypertext. This was new and different to existing forms of communication - users could easily navigate to other pages by following hyperlinks from page to page.As the Web and web design progressed, the markup language used to make it became more complex and flexible, giving the ability to add objects like images and tables to a page. Features like tables, which were originally intended to be used to display tabular information, were soon subverted for use as invisible layout devices. With the advent of Cascading Style Sheets (CSS), table-based layout is increasingly regarded as outdated. Database integration technologies such as server-side scripting and design standards like CSS further changed and enhanced the way the Web is made.

Web site design

A Web site is a collection of information about a particular topic or subject. Designing a website is defined as the arrangement and creation of Web pages that in turn make up a website. A Web page consists of information for which the Web site is developed. A website might be compared to a book, where each page of the book is a web page.There are many aspects (design concerns) in this process, and due to the rapid development of the Internet, new aspects may emerge. For typical commercial Web sites, the basic aspects of design are:

  • The content: The substance, and information on the site should be relevant to the site and should target the area of the public that the website is concerned with.
  • The usability: The site should be user-friendly, with the interface and navigation simple and reliable.
  • The appearance: The graphics and text should include a single style that flows throughout, to show consistency. The style should be professional, appealing and relevant.
  • The visibility: The site must also be easy to find via most, if not all, major search engines and advertisement media.

A Web site typically consists of text and images. The first page of a website is known as the Home page or Index. Some websites use what is commonly called a Splash Page. Splash pages might include a welcome message, language/region selection, or disclaimer. Each web page within a Web site is an HTML file which has its own URL. After each Web page is created, they are typically linked together using a navigation menu composed of hyperlinks. Faster browsing speeds have led to shorter attention spans and more demanding online visitors and this has resulted in less use of Splash Pages, particularly where commercial websites are concerned.Once a Web site is completed, it must be published or uploaded in order to be viewable to the public over the internet. This may be done using an FTP client. Once published, the Web master may use a variety of techniques to increase the traffic, or hits, that the website receives. This may include submitting the Web site to a search engine such as Google or Yahoo, exchanging links with other Web sites, creating affiliations with similar Web sites, etc.

Multidisciplinary requirements

Web site design crosses multiple disciplines of information systems, information technology and communication design. The website is an information system whose components are sometimes classified as front-end and back-end. The observable content (e.g page layout, user interface, graphics, text, audio) is known as the front-end. The back-end comprises the organization and efficiency of the source code, invisible scripted functions, and the server-side components that process the output from the front-end. Depending on the size of a Web development project, it may be carried out by a multi-skilled individual (sometimes called a web master), or a project manager may oversee collaborative design between group members with specialized skills.

Issues

As in most collaborative designs, there are conflicts between differing goals and methods of web site designs. These are a few of the ongoing ones.

Lack of collaboration in design

In the early stages of the web, there wasn’t as much collaboration between web designs and larger advertising campaigns, customer transactions, social networking, intranets and extranets as there is now. Web pages were mainly static online brochures disconnected from the larger projects.Many web pages are still disconnected from larger projects. Special design considerations are necessary for use within these larger projects. These design considerations are often overlooked, especially in cases where there is a lack of leadership, understanding or concern for the larger project to facilitate collaboration. This often results in unhealthy competition or compromise between departments, and less than optimal use of web pages.

Liquid versus fixed layouts

On the web the designer has no control over several factors, including the size of the browser window, the web browser used, the input devices used (mouse, touch screen, voice command, text, cell phone number pad, etc.) and the size and characteristics of available fonts.Some designers choose to control the appearance of the elements on the screen by using specific width designations. This control may be achieved through the use of a HTML table-based design, or through the use of CSS. Whenever the text, images, and layout of a design do not change as the browser changes, this is referred to as a fixed width design. Proponents of fixed width design prefer the control over the look and feel of the site and the precision placement of objects on the page. Other designers choose a liquid design. A liquid design is one, like Wikipedia, where the design moves to flow content into the whole screen, or a portion of the screen, no matter what the size of the browser window. Proponents of liquid design prefer to use all the screen space available. Liquid design can be achieved through the use of CSS, by avoiding styling the page altogether, or by using HTML tables set to a percentage of the page. Both liquid and fixed design developers must make decisions about how the design should degrade on higher and lower screen resolutions. Sometimes the pragmatic choice is made to flow the design between a minimum and a maximum width. This allows the designer to avoid coding for the browser choices making up the long tail, while still using all available screen space.Similar to liquid layout is the optional fit to window feature with Adobe Flash content. This is a fixed layout that optimally scales the content of the page without changing the arrangement or text wrapping when the browser is resized.

Flash

Adobe Flash (formerly Macromedia Flash) is a proprietary, robust graphics animation/application development program used to create and deliver dynamic content, media (such as sound and video), and interactive applications over the web via the browser.Flash is not a standard produced by a vendor-neutral standards organization like most of the core protocols and formats on the Internet. Flash is much more restrictive than the open HTML format, though, requiring a proprietary plugin to be seen, and it does not integrate with most web browser UI features like the “Back” button unless a hyperlink is programmed to link a new html page from the Flash file, in which case the animation of the previous page would reset. However, those restrictions may be irrelevant depending on the goals of the web site design.According to a study [2], 98% of US Web users have the Flash Player installed [3], with 45%-56%[4] (depending on region) having the latest version. Numbers vary depending on the detection scheme and research demographics[5].Many graphic artists use Flash because it gives them exact control over every part of the design, and anything can be animated and generally “jazzed up”. Some application designers enjoy Flash because it lets them create applications that don’t have to be refreshed or go to a new web page every time an action occurs. Flash can use embedded fonts instead of the standard fonts installed on most computers. There are many sites which forgo HTML entirely for Flash. Other sites may use Flash content combined with HTML as conservatively as gifs or jpegs would be used, but with smaller vector file sizes and the option of faster loading animations. Flash may also be used to protect content from unauthorized duplication or searching.Flash detractors claim that Flash websites tend to be poorly designed, and often use confusing and non-standard user-interfaces. Up until recently, search engines have been unable to index Flash objects, which has prevented sites from having their contents easily found. This is because many search engine crawlers rely on text to index websites. It is possible to specify alternate content to be displayed for browsers that do not support Flash. Using alternate content also helps search engines to understand the page, and can result in much better visibility for the page. However, the vast majority of Flash websites are not disability accessible (for screen readers, for example) or Section 508 compliant. An additional issue is that sites which commonly use alternate content for search engines to their human visitors are usually judged to be spamming search engines and are automatically banned.The most recent incarnation of Flash’s scripting language (called “ActionScript“, which is an ECMA language similar to JavaScript) incorporates long-awaited usability features, such as respecting the browser’s font size and allowing blind users to use screen readers. Actionscript 2.0 is an Object-Oriented language, allowing the use of CSS, XML, and the design of class-based web applications.

CSS versus tables

For more details on this topic, see Tableless web design.Back when Netscape Navigator 4 dominated the browser market, the popular solution available for designers to lay out a Web page was by using tables. Often even simple designs for a page would require dozens of tables nested in each other. Many web templates in Dreamweaver and other WYSIWYG editors still use this technique today. Navigator 4 didn’t support CSS to a useful degree, so it simply wasn’t used.After the browser wars were over, and Internet Explorer dominated the market, designers started turning toward CSS as an alternate means of laying out their pages. CSS proponents say that tables should be used only for tabular data, not for layout. Using CSS instead of tables also returns HTML to a semantic markup, which helps bots and search engines understand what’s going on in a web page. All modern Web browsers support CSS with different degrees of limitations.However, one of the main points against CSS is that by relying on it exclusively, control is essentially relinquished as each browser has its own quirks which result in a slightly different page display. This is especially a problem as not every browser supports the same subset of CSS rules. For designers who are used to table-based layouts, developing Web sites in CSS often becomes a matter of trying to replicate what can be done with tables, leading some to find CSS design rather cumbersome due to lack of familiarity. For example, at one time it was rather difficult to produce certain design elements, such as vertical positioning, and full-length footers in a design using absolute positions. With the abundance of CSS resources available online today, though, designing with reasonable adherence to standards involves little more than applying CSS 2.1 or CSS 3 to properly structured markup.These days most modern browsers have solved most of these quirks in CSS rendering and this has made many different CSS layouts possible. However, some people continue to use old browsers, and designers need to keep this in mind, and allow for graceful degrading of pages in older browsers. Most notable among these old browsers are Internet Explorer 5 and 5.5, which, according to some web designers, are becoming the new Netscape Navigator 4 — a block that holds the World Wide Web back from converting to CSS design. However, the W3 Consortium has made CSS in combination with XHTML the standard for web design.

How it Looks vs. How it Works

Some web developers have a graphic arts background and may pay more attention to how a page looks than considering other issues such as how visitors are going to find the page via a search engine. Some might rely more on advertising than search engines to attract visitors to the site. On the other side of the issue, search engine optimization consultants (SEOs) obsess about how well a web site works technically and textually: how much traffic it generates via search engines, and how many sales it makes, assuming looks don’t contribute to the sales. As a result, the designers and SEOs often end up in disputes where the designer wants more ‘pretty’ graphics, and the SEO wants lots of ‘ugly’ keyword-rich text, bullet lists, and text links. One could argue that this is a false dichotomy due to the possibility that a web design may integrate the two disciplines for a collaborative and synergistic solution. Because some graphics serve communication purposes in addition to aesthetics, how well a site works may depend on the graphic designer’s visual communication ideas as well as the SEO considerations.Another problem when using lots of graphics on a page is that download times can be greatly lengthened, often irritating the user. This has become less of a problem as the internet has evolved with high-speed internet and the use of vector graphics. This is an engineering challenge to increase bandwidth in addition to an artistic challenge to minimize graphics and graphic file sizes. This is an on-going challenge as increased bandwidth invites increased amounts of content.

 Accessible Web design

Main article: Web accessibilityAccessible Web design is the art of creating webpages that are accessible to everyone, using any device. It is especially important so that people with disabilities - whether due to accident, disease or old age - can access the information in Web pages and be able to navigate through the website.To be accessible, web pages and sites must conform to certain accessibility principles. These can be grouped into the following main areas:

  • use semantic markup that provides a meaningful structure to the document (i.e. web page)
  • Semantic markup also refers to semantically organizing the web page structure and publishing web services description accordingly so that they can be recognized by other web services on different web pages. Standards for semantic web are set by IEEE
  • use a valid markup language that conforms to a published DTD or Schema
  • provide text equivalents for any non-text components (e.g. images, multimedia)
  • use hyperlinks that make sense when read out of context. (e.g. avoid “Click Here.”)
  • don’t use frames
  • use CSS rather than HTML Tables for layout.
  • author the page so that when the source code is read line-by-line by user agents (such as a screen readers) it remains intelligible. (Using tables for design will often result in information that is not.)

However, W3C permits an exception where tables for layout either make sense when linearized or an alternate version (perhaps linearized) is made available.

Website Planning

Before creating and uploading a website, it is important to take the time to plan exactly what is needed in the website. Thoroughly considering the audience or target market, as well as defining the purpose and deciding what content will be developed are extremely important.

Purpose

It is essential to define the purpose of the website as one of the first steps in the planning process. A purpose statement should show focus based on what the website will accomplish and what the users will get from it. A clearly defined purpose will help the rest of the planning process as the audience is identified and the content of the site is developed. Setting short and long term goals for the website will help make the purpose clear and plan for the future when expansion, modification, and improvement will take place. Also, goal-setting practices and measurable objectives should be identified to track the progress of the site and determine success.

Audience

Defining the audience is a key step in the website planning process. The audience is the group of people who are expected to visit your website – the market being targeted. These people will be viewing the website for a specific reason and it is important to know exactly what they are looking for when they visit the site. A clearly defined purpose or goal of the site as well as an understanding of what visitors want to do/feel when they come to your site will help to identify the target audience. Upon considering who is most likely to need/use the content, a list of characteristics common to the users such as:

  • Audience Characteristics
  • Information Preferences
  • Computer Specifications
  • Web Experience

Taking into account the characteristics of the audience will allow an effective website to be created that will deliver the desired content to the target audience.

Content

Content evaluation and organization requires that the purpose of the website be clearly defined. Collecting a list of the necessary content then organizing it according to the audience’s needs is a key step in website planning. In the process of gathering the content being offered, any items that do not support the defined purpose or accomplish target audience objectives should be removed. It is a good idea to test the content and purpose on a focus group and compare the offerings to the audience needs. The next step is to organize the basic information structure by categorizing the content and organizing it according to user needs. Each category should be named with a concise and descriptive title that will become a link on the website. Planning for the site’s content ensures that the wants/needs of the target audience and the purpose of the site will be fulfilled.

Compatibility and restrictions

Because of the market share of modern browsers (depending on your target market), the compatibility of your website with the viewers is restricted. For instance, a website that is designed for the majority of websurfers will be limited to the use of valid XHTML 1.0 Strict or older, Cascading Style Sheets Level 1, and 1024×768 display resolution. This is because Internet Explorer is not fully W3C standards compliant with the modularity of XHTML 1.1 and the majority of CSS beyond 1. A target market of more alternative browser (e.g. Firefox and Opera) users allow for more W3C compliance and thus a greater range of options for a web designer.Another restriction on webpage design is the use of different Image file formats. The majority of users can support GIF, JPEG, and PNG (with restrictions). Again Internet Explorer is the major restriction here, not fully supporting PNG’s advanced transparency features, resulting in the GIF format still being the most widely used graphic file format for transparent images.Many website incompatibilities go unnoticed by the designer and unreported by the users. The only way to be certain a website will work on a particular platform is to test it on that platform.

Planning documentation

Documentation is used to visually plan the site while taking into account the purpose, audience and content, to design the site structure, content and interactions that are most suitable for the website. Documentation may be considered a prototype for the website – a model which allows the website layout to be reviewed, resulting in suggested changes, improvements and/or enhancements. This review process increases the likelihood of success of the website.First, the content is categorized and the information structure is formulated. The information structure is used to develop a document or visual diagram called a site map. This creates a visual of how the web pages will be interconnected, which helps in deciding what content will be placed on what pages. There are three main ways of diagramming the website structure:

  • Linear Website Diagrams will allow the users to move in a predetermined sequence;
  • Hierarchical structures (of Tree Design Website Diagrams) provide more than one path for users to take to their destination;
  • Branch Design Website Diagrams allow for many interconnections between web pages such as hyperlinks within sentences.

In addition to planning the structure, the layout and interface of individual pages may be planned using a storyboard. In the process of storyboarding, a record is made of the description, purpose and title of each page in the site, and they are linked together according to the most effective and logical diagram type. Depending on the number of pages required for the website, documentation methods may include using pieces of paper and drawing lines to connect them, or creating the storyboard using computer software.Some or all of the individual pages may be designed in greater detail as a website wireframe, a mock up model or comprehensive layout of what the page will actually look like. This is often done in a graphic program, or layout design program. The wireframe has no working functionality, only planning.