In this undergraduate dissertation it has been worked out how to carry out a Mobile Traffic-Management and Dispo-System for Trucks and to find out what the possibilities are. This diploma thesis was initiated by the company Cantaluppi & Hug (Software and Consulting) and has been undertaken by the University of Applied Sciences Winterthur (ZHW). A very important field has been to study the possibilities of technologies how to communicate between the truck and the head office.

To get some inspirations to start this work on the right way, a interview section has been started. To get the needed information, a transport contractor, a truck driver, some experts and producers of System-Solutions have been interviewed. And an important and great information-basis was the search on the internet. The object of this work was, to find out an optimal solution for all participants.

It was necessary to study all of the relevant technologies of wireless data transfer for local and wide areas. Some possible variants of solutions are to use a Wireless LAN System or to work with a GSM-based (GPRS, HSCSD, ...) solution for use in a wide area. An other aspect was to analyse and evaluate different software and hardware solutions, which are in relation with this diploma thesis and which are available on the current market. An additional theme has been to analyse the possibility of technologies to register trucks on a fixed place or to locate trucks by GPS.

Another important element of this dissertation was to sensitive to the psychological and ethical aspects which refers to such a system; driver and labourers on the head office are directly on touch with these theme.

As a result we have worked out an idea of a complete solution with calculations on the initial and annual costs of it. There are some calculations about possible software and hardware solutions and a survey of communication costs.

Management Summary (English) Is your IT infrastructure a complete chaos? Does anybody know how many workstations are installed in your company? Then this thesis will be of great help to you.

This documentation is divided into seven chapters. First we will comment on the starting situation, problem description, risk assessment and project planning. The second chapter outlines the IT management tasks of a company. We will explain how different components work together. IT infrastructure can only work at its best if IT processes are optimised. In this regard the term Asset Management and what is behind it will be explained in the third chapter.

The main part of our thesis begins with chapter four. It gives a brief explanation of what inventory actually is, why it is needed and what its advantages are. Another part of this chapter deals with inventory programs and how they function. We will discuss the different standards and explain what is needed to make a snapshot of your inventory at any time. An important point in the evaluation of standard inventory solutions is the functional specification which will be outlined in this part as well. As a next step we have analysed standard inventory programs available on the market and added a short description about each package.

An evaluation of the test results can be found in chapter six. Using diagrams, it can easily be determined which product fits best certain functional requirements.

The last chapter will take a look into the future. Our documentation ends with an appendix including a glossary of the technical terms.

This final year project for the University of Applied Sciences Winterthur (ZHW) contains a concept for providing centrally managed accounting in a heterogeneous environment. Particular attention was paid to security: communication between the systems takes place via a secure connection, so that user credentials cannot be obtained by other users listening in to the network.

In this case a Microsoft Active Directory Sevice (ADS) is used as the central master. The goal was to authenticate linux users by passing the encrypted user information to the ADS. It should also be possible to authorize users for server services such as mail, ftp, web and so on. Winbind was tested as a possible solution. Winbind is now able to authenticate linux users on the ADS using encrypted user information. The user identification is mapped between the operating systems to grant access. Winbind cannot provide any authorization for server services, however.

As an alternative solution some tests were made on Lightweight Directory Access Protocol (LDAP). LDAP is a powerful directory service, which allows company structures, user information, infrastructures and so on to be stored. The Microsoft ADS also offers an integrated LDAP, but this has no password option, unlike an openLDAP server. A part of the work was therefore an attempt to synchronize an openLDAP, used as master, with ADS. OpenLDAP can authenticate and authorize users through their user identification and password. The connection between the server and the client can be encrypted. Passwords are encrypted by default. Used with these techniques openLDAP offers sgood encryption of sensitive data.

Today's businesses depend on the fast delivery of information through cyberspace to enhance productivity and extend global reach.

However, these benefits are accompanied by new risks. When a company exchanges a substantial amount of communication online, it runs a proportionate risk that this communication will be compromised and exploited by outsiders.

Thus companies need e-security to get the most out of online business. But how do they deal with the maze of vendors, technologies, deployment options and resource constraints to tackle this key issue?

How can we identify and trust business partners if we cannot see or hear them or get their signature? How can we keep the business transactions confidential? How should we know whether the recipient has received the message unchanged and agreed on the content?

This dissertation has enabled us to get in touch with a topic which is in its infancy, at least in Europe. Thanks to this work we have gained a lot of practical knowledge.

Along with the test of different solutions we have been working on a manual about secure email solutions for small and middle-sized companies.

My order has three parts: redistributing of routes, basic and enhanced functions of BGP. Eight Cisco Routers where available for my work. Three of them where connected as a core. Each of them had one or two routers for simulate a company-network. The core had IP-addresses from the private A-class-area, each of the subnets had his own private C-class-area. The first part of the exercise had little results, the redistributing works amazing problemless between the above-mentioned protocols. Only the static routes had to treat specially, I had to define default-metrics before they where passed on. The basic functions of BGP had no surprises, with a little additional configuration we win a lot of possibilities. We can control the Datatraffic or the informations about our AS, which are announced. BGP-Configuration has a more static character. The static routes must be supported with default-metrics as by redistributing. I saw, that iBGP (Interior Border Gateway Protocol) isn’t as easy to handle as eBGP (Exterior Border Gateway Protocol). It needs nevertheless an IGP. We can say, that iBGP unite all iBGP-routers to a virtual BGP-router. The enhanced functions of BGP where achieved to break the need of being fully meshed. These methods, BGP-confederations and BGP-route-reflectors, worked perfect as the ability to filtering. BGP is able to support CIDR, but only if the Router is static configured. Usually it is strive to unite IP-Ranges to huge IP-Classes.

It is our goal to evaluate and present one or more state-of-the-art solutions for the provision of a professional grade email service at the ZHW. Besides the fulfillment of customer requirements, it is even more crucial to achieve a high level of security and reliability, which are probably the most important criteria for professional and sophisticated IT-Services in general. This means best possible protection against soft- and hardware failure, any kind of email abuse and viruses in particular. Administrative interfaces are complex, but often neglected. We attempt to give them proper consideration, gain insight into the existing structures and identify weak points. Furthermore we develop a development plan including an analysis of costs and other expenditures.

We first analyze the state of the existing service. In a simultaneous survey, we collect the specific requirements of the different user groups. With the collected data we are able to define the user profiles, which then will be merged into a desirable target state. From this, we derive the more detailed functional specification. Based on the specification, we examine various functions of available software solutions in the light of essential criteria. Within the final solution, we suggest a possibility to implement the proposed system in the context of the existing IT-Infrastructure.

On the basis of our survey, which gave us unexpected much and quality feedback, we were able to define quite accurate user profiles and in the process of the evaluation, in contrast to the common belief, we found alternatives to the Microsoft Exchange product, even on the business level solutions sector.

The enormous success of today?s e-business technology predicted by consultant companies has not taken place as desired or hoped for.

The aim of this diploma project has been to find out the reasons for this slow growth and only partial success, and to look for possible solutions to increase e-business in the near future. The analysis considers economic, technical as well as legal aspects and is also concerned with the influence of risk communication on social trust.

E-commerce with its segments B2B and B2C represents the environment in which this work has been carried out. The aspect of risk communication is focused on corporations and the media.

Our research has clearly shown that the main cause of the sluggishly growing e-business is the users? lacking trust in technology. Security problems in the data transmission or non-existing legal bases increase the mistrust. Sensationalism and the emotional reporting of the media about technical and legal failures exert yet another negative influence on the risk perception of e-business users.

The best way of establishing trust in e-business technology is to specifiy the companies? risk communication about technical developments and legal apects to their users. Labels and customer loyality programs are further means to reduce the complexity of the new market to its customers.

Our diploma work shows that risk communication has an enormous potential to build confidence and establish the new market. Based on a concrete example we will show how companies have to outline strategies and concepts to keep customer trust and to improve their e-business on a longterm basis.

Management Summary (English)

Nowadays a lot of people travel around the world in order to meet business partners or simply to go on holidays. Regarding to the growth of railways and airlines, travellers have a multiple choice of travelling routes. Because of the decreasing demand for hotel rooms, there is a need of offering a better service in providing hotel rooms, especially in cities where fairs and exhibitions take place. Unfortunately it happens very often that visitors wanting to make spontaneous hotel reservations cannot find a hotel room.

The new room reservation system developed by us will be only applied in the business-to-business market. This system represents an information technology solution for booked up hotels. Also travel agencies are able to gain from our studies in the future. Owning the optimum of room bookings and the arrangement commission.

In our diploma work we tried to analyse the problem of booked up hotels in order to find an economic and user-friendly solution. As a result of this solution we are able to offer a prototype.

The IT environment of SR Technics is mainly based on the aged Token Ring technology. To adapt with the latest developments, investigations about the re-placement and the generated cost have to be made.

How can a new LAN be set up? Is WLAN a possible solution and what about the performance in the given surrounding? Can we find several solutions based on the Ethernet? Can all the questions about the migration to a new LAN to be an-swered?

After getting familiar with the environment, a feasibility study with regards to the network technology and the financing was conducted. WLAN, as a solution for the whole site, did not prove to be usable. Several Ethernet versions however, were found suitable. We prefer of course a solution, which can be realized in a short time and does not create high cost.

Even though, the airline business has suffered a lot in the recent weeks, we have successfully concluded our studies. We hope that our proposal will be helpful, when it comes to the decision about the new LAN.

In today's market situation, a lasting customer relationship turns into a strategically success factor. Since lacking service performances are the most-named reason for the migration of the customers it becomes more important to take care of them as fast and comfortably as possible. Growing marketing costs force to find continuously new ways, to adress the customer. An important contribution to the aimed treatment of the customers be done by the direct marketing. This discipline contains the systematic determining and appraising of information about existing and potential customers. With help of different direct marketing instruments a messagen can be conveyed to the recipient. However it is important that the information and data flows can circulate seamlessly between the organization units.

This diploma work looks after this problem. In the first part we give the fundamental understanding of direct marketing. The attention turns not only towards the classic instruments like mailings and ad-coupons. Also some new instruments are discussed additionally on the basis of concrete examples.

The second part of the work analyses concepts and instruments of the conventional direct marketing. The taken realizations are then put together to an universal model solution.

At last, in the third part, a prototype shows a possible solution for the integration of old and new direct marketing models. With it, as they often were created between the different organization units until now, media breaks should be eliminated. The efficiency of current webtechnologies is tested additionally for this use scenario.

Security tools for Health Checking, Network Scanning and Intrusion Detection are a must in a network environment. To get an overview of all the liable security information it is necessary to save all the logdata to a central place for archiving and reporting.

The aim of this diploma thesis was to build concepts for comprehensive logdata processing. We devised criteria for the logging and archiving process which take into account legal requirements and support reporting flexibility. This resulted in a common set of formats for all kinds of logdata.

The central archive is a database system to which all collected logdata is fed. Due to the different information structures of each system, the information will be saved in separate tables. The design of the database also allows logdata analysis against corresponding customers and to create reports with different degree of detail.

The functionality of the designed prototype aims at visualizing the developed concepts and demonstrate their feasibility. It also can be used as base for further development.

Security in information technology is becoming increasingly important. Especially after the terrorist attacks on the World Trade Center and the Pentagon in the United States on September 11, security industry is booming, as Symantec reports in a recent press release. [1]

Intrusion Detection Systems (IDS) function as guards within the Internet which check incoming and outgoing data packages for suspicious content and also survey critical data and weak points on hosts. In case of danger, it is their job to raise an alarm. In addition, vulnerability of computer systems is screened regularly in so called Vulnerability Assessments, which means that attacks on well known weak points are raised and passwords are checked for their suitability.

It is well known that the World Wide Web generated new problems by connecting most of the computers all over the world. Nowadays, terms as ‚Firewall’ or ‚Virus Scanner’ are in common use. But hardly anyone knows what an IDS exactly is. This thesis is aimed to address this.

First, an overview of the different sub-systems is presented. By pointing out their typical drawbacks, the effects of each security module is explained. Subsequently, the market-conditions for Intrusion Detection Systems is analyzed, followed by test results obtained with selected products.

All the tested products – ISS RealSecure, Snort, Symantec ESM, Nessus, and ISS Internet Scanner – met our criteria as expected. The strongest distinctions between the programs were found in the field of reporting, where the OpenSource programs in particular can still improve.

In our opinion, the market for Intrusion Detection Systems still has huge potential for development, particularly with regard to compatibility of sub-systems which could be improved by use of a standardized language in log files or which would benefit from a common communication interface between sub-systems.

The common login procedures using a password, called one factor authentication systems, do not meet the security requirements of nowadays. This is not only caused by technical faults, but also by the convenience of the user who are often not willing to devise and remember safe passwords and change them periodically. Also problematical is the transmission of the password in plain text by the today common network protocols.

Two factor authentication systems offer more security as the user has to own a kind of key in addition to remembering the password. In a previous project we developed such a system for linux. It allows to login to a computer using a RSA smartcard. We advanced this solution during our diploma thesis to enhance the system so that it fulfills all requirements and can be used on networks.

A certificate and its appropriate key pair are created for each user and stored on a smartcard. During a login procedure the password is asked for unlocking the encryption functions of the smartcard. If it was correct, the saved certificate of the user is read from the card. This is verified with the local stored root certificate and a network wide available certificate revocation list (CRL). If all these tests are passed, the computer sends a random number as a challenge to the card, which signs it with the private key and returns the computed value. The result is decrypted with the public key and compared with the original random number. If they match, the user is authenticated.

For a secure remote access we modified the existing OpenSSH project to our requirements. We now send X.509 certificates instead of public keys. The necessary signing to authenticate the user is done by the smartcard.

Apart of the PAM Module, which is responsible for the login procedure, several administration and installation tools were implemented. The changes made at the OpenSSH project are provided as a patch, which is also part of our package.

Today, when a notebook user wants to access wirelessly his company's computer network it could easily be achieved by using a wireless card and one or several base stations located in the company. This raises three substantial questions: where is the user right now, where will he be a moment later and does he has the permission to access the network at all. The first two questions concern forwarding of data traffic and handoff, but there exist only Layer I+II solutions, nowadays. This means that the base stations can be arranged only in a flat topology which causes the loss of the advantages of a hierarchical IP network. Thus, it's impossible to realize wireless LANs of campus or metropolitan sizes. Concerning the problem of user authentication and authorization an answer hasn't been given yet.

This diploma thesis deals with the analysis, design and implementation of a system prototype which shall solve the mentioned problems. Therefore two concepts have been applied. The routing and handoff aspects are realized with the concept of "Cellular IP", whereas the user authentication is done with the concept of "Cellular IPnG". Because "Cellular IP" doesn't cover the latter area we have created "Cellular IPnG" in a preceding project thesis. "Cellular IPnG" covers the area of authentication, authorization and accounting (AAA).

The whole system is a virtual network that lies upon a normal IP network. This way, an existing IP network and its subnets aren't affected. The mentioned routing is done by encapsulating the original data traffic according a certain rule. The user authentication is done by using a X.509 certificate based solution. A user can only access the network with a valid certificate which can be revoked by the administrator. Packet authentication is used to ensure secure wireless traffic.

For every company it is of utmost importance to protect its critical and confidential data. Loss, theft, unauthorized manipulation or disclosure of customer data, sensitive information, or intellectual property can have a most negative impact on the company's reputation and its ability to do business.

Therefore it has become a stringent requirement that employees and business partners can be reliably authenticated, that sensitive data can be locked and decrypted again and that electronic documents can be unrevocably signed. Personal certificates based on the X.509 standard help to meet these expectations, especially when they are stored together with the corresponding private key on a tamper-proof smartcard.

Currently there are quite a numbero of trust centers, also known as Certification Authorities (CAs), which issue certificates to private and/or business customers. Certificates come in different grades of quality, depending on the kind of identification that is requested by the issuer: E.g. a class 3 certificate requires personal identification of the user, whereas a class 1 certificate is usually issued on the basis of a valid e-mail address.

This diploma thesis formulates a catalog of mandatory and optional requirements that a certification authority must fulfill in a secure banking environment. On the basis of these evaluation criteria a recommendation list of possible CA candidates has been compiled.

By creating an internal network system it is worthwhile to consider whether to connect its individual branches by expensive rented lines or the more reasonable Internet. However, this raises the question about the security of such connections, since the media informs us about regular abuses by means of the Internet. The usage of Virtual Private Networks (VPN) guarantees outstanding security without causing additional expenditure for the user of the company's internal network.

One problem which arises when using such complex networks consisting of many security gateways, is to keep the administration of all certificates and configuration files of the involved gateways consistent.

We developed an administration tool, with which the specifications and parameters needed in order to describe a VPN can be stored and administered centrally in a data base. Moreover, the configuration files of the security gateways can be generated on the basis of the stored data and distributed over an encrypted connection within the whole network. A Certificate Authority (CA) can be maintained with which X.509 certificates can be generated and administered. Modifications of the network topology can be made simply and efficiently without any longer downtime of individual connections.

Within this work we implemened a filter, which is able to generate the configuration files used by Linux IPSec solution FreeS/WAN. In order to be able to support further and above all future products, we attached great importance to the specification of our tool and to the structure of modular components. Consequently, it is possible to use data bases of other manufacturers. Data which are needed to generate the configuration files are stored as xml-files which in their turn form a universal interface with the generation filter.

The company Supercomputing Systems would like to be able to service the digital signal processor (Texas Instruments TMS320C6211), which is used in their products, with a network connection over a telephone link. For this purpose in this degree dissertation a TCP/IP stack has to be ported on the digital signal processor (DSP). In addition, a Link Layer Protocol like PPP is necessary for the communication over the serial interface.

Task Based on an previous work, in which a suitable TCP/IP stack and an operating system for the digital signal processor were selected, the necessary porting has to be done. In addition, the stack must be unitized into necessary and unnecessary functions as well as to adapt the system-interfaces. Furthermore a suitable PPP stack for the communication over a modem has to be ported. Intention is to implement and test PPP and TCP/IP independently. Subsequently the two parts have to be merged, completed with necessary interface functions and tested thoroughly.

Results For the data communication via modem a suitable PPP stack has been selected and slimmed. The TCP/IP stack has been reduced to the necessary modules. Both parts were adapted individually to the operating system and ported on the DSP system. After first tests, the interfaces were adapted and the two stacks have been merged.

So far the PPP stack is able to dial in to the internet-provider and negotiate the necessary communication options. Thus it can provide the IP data communication for the TCP/IP stack. The TCP/IP stack handles local connections successfully and transfers data streams. After combining TCP/IP and PPP, connections to a web server could be initiated and data could be exchanged.

The main task of this project was to determine the possibilities and limits of a relatively new technology called VoiceXML. This technology bridges two global networks namely the public telephone network and the World Wide Web.

It allows a user to access applications located on the web even trough a conventional telefone. No personal computer is needed, nor an intelligent device such as a "Personal Digital Assistant (PDA)" or a new generation mobile phone with capabilities of WAP and SMS. Remarkable technology improvements in the field of voice recognition and "text-to-speech" make the communication flow more natural compared to older "touche tone IVRs" which were based on touchtone imputs.

The complexity of this new technology is much lower than that of the common programming languages like C++ or Java. Even unexperienced developers which are new in the field of telephony could write applications in no time.

The commercial potential of this technology is enormeous. Most consumers have access to a public telefone. Internet based suppliers of goods or services could simply enhance their revenue by adding this new channel to their existing infrastructure. VoiceXML applications can be hosted on every webserver. The gateway technology could be outsourced. Specialized companies offer access to their clients' VoiceXML applications.

The first stage of the project was to evaluate a gateway product based on technologies (java) of open systems. This product should be used on open platforms (linux). The second and main task was to set up a reference system and write some basic applications in VoiceXML to measure the technology.

The following research gives the basis for the decision about a future system of telecommunication at the University of Applied Sciences Winterhur, based on a GSM-Intranet-Solution.

The primary advantage of GSM-Intranet is the possibility to integrate mobile phones (GSM-Handies) into corporate number schedules. This integration guarantees beside of exceptional availability of all employees, additional services like corporate calls, conference calls or forwarding calls despite of the fact that the wanted person calls from a stationary terminal can be taken up by mobile-phone-users too.

At first it can be said that a GSM-Intranet-Solution without the Integration of the developed advantage on financial basis can't compete with the existing solution.

The additional costs that result from a GSM-Intranet-Solution can be saved by the resulting advantages. This solution guarantees exceptional availability of all involved persons and saves the needed time for communication. The lecturer that don't have to be present and the technical employees are directly available on their mobile phones. External business partners can profit from this fact, that any wanted employee is directly available at any place. The University of Applied Sciences Winterthur takes a position that as an exemplary institution with a future-oriented concept on the actual market. This has not to be underestimated signal effects that will be inspired by such trend-orientated solutions.