2. General E-Business Security Issues
• Any E-Business needs to be concerned about network security.
• The Internet is a “public” network consisting of thousands of
interconnected private computer networks.
• Private computer network systems are exposed to threats from
anywhere on the public network.
• Businesses must protect against the unknown.
• New methods of attacking networks and Web sites, and new network
security holes, are being constantly discovered or invented.
• An E-Business cannot expect to achieve perfect security for its network
and Web site.
Friday, 11 March 2016 2
3. Security Questions
• Several aspects of E-Business computer systems security need to be
addressed:
– How secure is the server software?
– How secure are communications?
– How is the data protected once it is delivered to the E-Business?
– How are credit card transactions authenticated and authorized?
Friday, 11 March 2016 3
4. Network and Web Site Security
• An entire glossary of words and phrases identifies network and Web
security risks, such as hacker, cracker, Trojan horse, and more.
• As part of planning a startup E-Business’s security, management
should become familiar with network and Web server security risk
terminology.
Friday, 11 March 2016 4
5. Denial of Service Attacks (DoS)
• Designed to disable a Web site by flooding it with useless traffic or
activity.
• Distributed denial of service (DDoS) attack uses multiple computers to
attack in a coordinated fashion.
• Risk is primarily centered around downtime or lack of Web site
availability.
• Defenses exist for these attacks.
– Routers used to filter out certain types of network traffic
Friday, 11 March 2016 5
6. Viruses
• A common threat that is not unique to networks.
• Networks facilitate the spread of viruses.
• Potential for harm is high including loss of data and downtime.
• Good software defenses are available.
• Defenses require diligence.
Friday, 11 March 2016 6
7. Viruses
• Virus – small program that inserts itself into other program files that
then become “infected”
• Trojan Horse – type of virus that emulates a benign application, that
appears to do something useful, but is actually harmful (destroy files or
creates a “back door”
• Worm – type of virus that replaces a document or application with its
own code and then uses that code to replicate itself.
Friday, 11 March 2016 7
8. Viruses
• Logic bomb – virus whose attach is triggered by some event such as a
date on a computer’s system clock
• Macro virus – malicious macro written in MS Office that run upon
opening that MS Office document
Friday, 11 March 2016 8
9. Web Site Defacement
• Occurs when a hacker penetrates the system and replaces text or
graphics with “other” material.
• Risk is primarily down time and repair costs.
• There have been many well publicized examples, including high profile
industry and government sites.
• Ordinary defenses against unauthorized logins are a first line defense.
• Total security may be difficult to achieve.
Friday, 11 March 2016 9
10. Electronic Industrial Espionage
• A very serious problem, especially considering that “professional”
hackers may be involved.
• Must implement and diligently maintain industry standard “best
practices”.
• Additional recommendations:
– Don’t open questionable or suspicious e-mail attachments.
– Keep security software and virus checkers updated.
Friday, 11 March 2016 10
11. Credit Card Fraud & Data Theft
• E-Business is at risk from credit card fraud from stolen data.
• Secure your own data.
• Verify the identity of your customers and the validity of the incoming
credit card data.
• Identity theft by a someone masquerading as someone else is also a
common problem.
Friday, 11 March 2016 11
12. Data Spills
• A security problem caused, ordinarily by a bug or other “system” failure,
occasionally hackers are behind this problem
• This is an unintended disclosure of customer or corporate data through
the Web or other Internet service
• May expose firm to legal liability
Friday, 11 March 2016 12
13. Network and Web Site Security
• Tools such as passwords, firewalls, intrusion detection systems (IDS),
and virus scanning software should be used to protect an E-Business’s
network and Web site.
• Firewall – hardware or software used to isolate a private network from
the public network
• IDS – ability to analyze real-time data to detect, log, and stop
unauthorized network access as it happens.
Friday, 11 March 2016 13
15. Transaction Security and Data Protection
• Tools to protect transaction/customer data:
– Use a predefined key to encrypt and decrypt the data during transmission.
– Use the secure sockets layer (SSL) protocol to protect data transmitted over the
Internet.
– Move sensitive customer information such as credit card numbers offline or
encrypting the information if it is to be stored online.
Friday, 11 March 2016 15
16. Transaction Security and Data Protection
• Remove all files and data from storage devices including disk drives
and tapes before getting rid of the devices.
• Shred all hard-copy documents containing sensitive information before
trashing them.
– Shredder market up
• Security is only as strong as the weakest link.
Friday, 11 March 2016 16
17. Security Audits and Penetration Testing
• Can provide an overall assessment of the firm’s current exposure and
vulnerabilities.
• This is an outsourced item.
• Consultant will provide a comprehensive recommendation to address
list of vulnerabilities.
Friday, 11 March 2016 17
18. Risk Management Problems
• The list of potential risks is long and includes:
• Business interruptions caused by Web site defacement or denial of
service attacks
• Litigation and settlement costs over employees’ inappropriate use of e-
mail and the Internet
• Product or service claims against items advertised and sold via a Web
site.
• Web related copyright, trademark, and patent infringement lawsuits
• Natural or weather-related disasters
•
Friday, 11 March 2016 18
19. Risk Management Problems
• Network and Web site security and intruder detection programs
• Antivirus protection
• Firewalls
• Sound security policies and procedures
• Employee education
Friday, 11 March 2016 19
21. Front-End Systems
• Front- end systems are those processes with which a user interfaces,
and over which a customer can exert some control.
• For an E-Business, front-end systems are the Web site processes that
customers use to view information and purchase products and
services.
Friday, 11 March 2016 21
22. Back-End Systems
• Back-end systems are those processes that are not directly accessed
by customers.
• Back-end systems include the business’s ERP and CRM systems that
handle the accounting and budgeting, manufacturing, marketing,
inventory management, distribution, order-tracking, and customer
support processes.
Friday, 11 March 2016 22
24. Legacy System Integration
• There are several issues involving the integration of Web site systems
with existing systems (legacy systems):
– Real-time requirements vs. batch mode
– Security
• Trust protections – method of securing system connection between supplier/shipping agent
and e-business servers
– Technology issues
• Integrating different systems sometimes requires middleware to allow for communication
Friday, 11 March 2016 24
25. Business Records Maintenance
• All businesses must keep records.
• Records of orders, payment and delivery, and customer data are
necessary. Various regulations or laws require transaction records,
such as sales tax records.
Friday, 11 March 2016 25
26. Backup and Disaster Recovery
• Most of the time things run well, but sometimes:
– Computers “crash;” hardware or software fails.
• What is the failure rate of a hard drive?
– “Mother Nature” happens: hurricanes, earthquakes, and tornados.
• The firm must have in place procedures to back-up and restore key
data.
Friday, 11 March 2016 26
27. Backup and Disaster Recovery (cont’d)
• Some firms go to the extent of having backup data centers.
• If you outsource your Web and Internet services, be sure to review your
vendor’s policies and plans for disaster recovery.
• Disaster Recovery
– 9/11
– Power outage last fall
Friday, 11 March 2016 27
28. Disaster Recovery Plans
• Disaster Recovery Plans address several issues:
– Access to telephones and communication lines
– Scaled-down functional servers
– Networking software and hardware
– Relevant data and databases
– Network configuration information
Friday, 11 March 2016 28
29. Disaster Recovery Plans (cont’d)
• Emergency duty rosters
• Procedure for notifying employees where to report following a disaster
• Contact information and building blueprints and specifications provided
to police and fire departments
• Emergency service agreements with outside electrical, telephone, and
Internet service providers
Friday, 11 March 2016 29
30. Disaster Recovery Options
• Hot-swappable drives
• Redundant array of independent disks (RAID)
• Uninterruptible power supplies (UPS)
• Generators
• Spare system (fail-over system)
• Mirrored servers
Friday, 11 March 2016 30
31. Order Fulfillment
• Order fulfillment may be the most critical part of an E-Business's
operations.
• Failure to handle the order fulfillment process well can result in
unhappy customers and bad-will.
• Fulfillment issues include inventory management, order picking and
packaging, and shipping.
Friday, 11 March 2016 31
32. Inventory Management
• Many issues:
– How is inventory stored?
– How is inventory arranged in order to find specific items when they are ordered?
– How is inventory movement (sales and replenishment) tracked?
Friday, 11 March 2016 32
33. Order Picking
• Firms that manage their own inventory have to manage any number of
issues in addition to tracking and storage.
• Picking the correct items is a key element.
• Mis-picks are expensive.
Friday, 11 March 2016 33
34. Shipping and Delivery
• There are many shipping options
– Post office
– UPS
– FedEx
• Many approaches to pricing shipping costs:
– Build into cost of product
– Charge as a % of order
– Charge actual rate
– Charge flat fee
Friday, 11 March 2016 34
35. Returns Processing
• Most firms have a significant return rate; 10% is typical.
• Issues:
– How to facilitate the customer return
– How to minimize returns in the first place
– How to resell or dispose of returned goods
• Must state a clear return policy
Friday, 11 March 2016 35
36. International Shipping
• International shipping adds a layer of problems.
• Different shipping companies may be used.
• Additional paperwork needed for Customs clearances.
• Customs duties or taxes may be incurred.
• Export controls may effect transactions depending on the product and
country of destination.
Friday, 11 March 2016 36
37. Outsourcing Fulfillments Management
• Fulfillment Houses (Third-party logistics – 3PL)
– ShipMax.com
– Fingerhut Business Services
• Outsourcing order fulfillment may be cost effective.
• Many large firms outsource at least part of fulfillment process.
• May be combined with shipping services.
Friday, 11 March 2016 37
38. Virtual Inventory
• An alternative to holding inventory either in-house or outsourcing
• The wholesaler keeps the inventory and ships on the order to the end
consumer
• Advantages
– Infinite scalability
• Disadvantages
– Loss of control
Friday, 11 March 2016 38
40. Mobile Commerce
• Mobile commerce (m-commerce, m-business)—any e-commerce done
in a wireless environment, especially via the Internet
– Can be done via the Internet, private communication lines, smart cards, etc.
– Creates opportunity to deliver new services to existing customers and to attract
new ones
Friday, 11 March 2016 40
41. Mobile commerce from the Customer‘s point of view
• The customer wants to access information, goods and services any
time and in any place on his mobile device.
• He can use his mobile device to purchase tickets for events or public
transport, pay for parking, download content and even order books and
CDs.
• He should be offered appropriate payment methods. They can range
from secure mobile micropayment to service subscriptions.
Friday, 11 March 2016 41
42. Mobile commerce from the Provider‘s point of view
• The future development of the mobile telecommunication sector is
heading more and more towards value-added services. Analysts
forecast that soon half of mobile operators‘ revenue will be earned
through mobile commerce.
• Consequently operators as well as third party providers will focus on
value-added-services. To enable mobile services, providers with
expertise on different sectors will have to cooperate.
• Innovative service scenarios will be needed that meet the customer‘s
expectations and business models that satisfy all partners involved.
Friday, 11 March 2016 42
43. M-Commerce Terminology
• Generations
• 1G: 1979-1992 wireless technology
• 2G: current wireless technology; mainly accommodates text
• 2.5G: interim technology accommodates graphics
• 3G: 3rd generation technology supports rich media (video clips)
• 4G: will provide faster multimedia display
Friday, 11 March 2016 43
44. Terminology and Standards
• GPS: Satellite-based Global Positioning System
• PDA: Personal Digital Assistant—handheld wireless computer
• SMS: Short Message Service
• EMS: Enhanced Messaging Service
• MMS: Multimedia Messaging Service
• WAP: Wireless Application Protocol
• Smartphones—Internet-enabled cell phones with attached applications
Friday, 11 March 2016 44
45. Attributes of M-Commerce and Its Economic Advantages
• Mobility—users carry cell phones or other mobile devices
• Broad reach—people can be reached at any time
• Ubiquity—easier information access in real-time
• Convenience—devices that store data and have Internet, intranet,
extranet connections
• Instant connectivity—easy and quick connection to Internet, intranets,
other mobile devices, databases
• Personalization—preparation of information for individual consumers
• Localization of products and services—knowing where the user is
located at any given time and match service to them
Friday, 11 March 2016 45
51. What Is Mobile Computing?
• A simple definition could be:
Mobile Computing is using a computer (of one kind or another) while on
the move
• Another definition could be:
Mobile Computing is when a (work) process is moved from a normal
fixed position to a more dynamic position.
• A third definition could be:
Mobile Computing is when a work process is carried out somewhere
where it was not previously possible.
Friday, 11 March 2016 51
52. Comparison
• Wired Networks
– high bandwidth
– low bandwidth variability
– can listen on wire
– high power machines
– high resource machines
– need physical access(security)
– low delay
– connected operation
Friday, 11 March 2016 52
• Mobile Networks
– low bandwidth
– high bandwidth variability
– hidden terminal problem
– low power machines
– low resource machines
– need proximity
– higher delay
– disconnected operation
53. Challenges
• Disconnection
• Low bandwidth
• High bandwidth variability
• Low power and resources
• Security risks
• Wide variety terminals and devices with different capabilities
• Device attributes
• Fit more functionality into single, smaller device
Friday, 11 March 2016 53
54. Applications of Mobile Computing
• Vehicles
• Nomadic user
• Smart mobile phone
• Invisible computing
• Wearable computing
• Intelligent house or office
• Meeting room/conference
• Taxi/Police/Fire squad fleet
• Service worker
• Lonely wolf
• Disaster relief and Disaster alarm
• Games
• Military / Security
Friday, 11 March 2016 54
56. Wireless Web
• The wireless Web refers to use of the World Wide Web through a
wireless device, such as a cellular telephone or personal digital
assistant (PDA).
• Wireless Web connection provides anytime/anywhere connection to e-
mail, mobile banking, instant messaging, weather and travel
information, and other services.
• In general, sites aiming to accommodate wireless users must provide
services in a format displayable on typically small wireless devices.
Friday, 11 March 2016 56
58. WiFi
Wireless Fidelity = wireless LAN
Wireless Connection to access a Network
Wireless LAN
Standard for transmitting information in the form of radio waves over
distances up to about 100 - 300 feet
63. VOIP
Voice Over Internet Protocol
VOIP Phones are connected to the internet using n/w cables or WiFi
Preferred over normal cabled telephone
Interactive user interface
Easy connectivity
64. VOIP
Cost Reduction
Quality
Parallel calls using same connection
No limitation on location
65. GPS
Global Positioning System
Satellite based tracking
Used for navigation
Applications:
Fleet Management
Logistics
Asset tracking
66. RFID
Radio Frequency Identification
Transmitting signal over Radio Wave from an object connected to RFID device to the reader
Objective is to keep track
Applications :
Inventory Management
Retail Store
Logistics
68. Bluetooth
Bluetooth is a wireless technology standard for exchanging data over short distances (using
short-wavelength radio transmissions in the ISM band from 2400–2480 MHz) from fixed and
mobile devices, creating personal area networks (PANs) with high levels of security.
69. Infrared
Infrared (IR) light is electromagnetic radiation with longer wavelengths than those of visible
light, extending from the nominal red edge of the visible spectrum at 700 nanometres (nm) to
1 mm.
Data transmission is employed in short-range communication among computer peripherals
and personal digital assistants.
Infrared is the most common way for remote controls to command appliances.
IR does not penetrate walls and so does not interfere with other devices in adjoining rooms.
72. Types of Networks
• Some of the different networks based on size
– Personal area network, or PAN
– Local area network, or LAN
– Metropolitan area network, or MAN
– Wide area network, or WAN
• Some of the different networks based on their main purpose
– Storage area network, or SAN
– Enterprise private network, or EPN
– Virtual private network, or VPN
Friday, 11 March 2016 72
73. Topology
• Three fundamental shapes:
– Bus
– Ring
– Star
• May create hybrid topologies
Friday, 11 March 2016 73