Security

1. Defining Security Issues
Friday, 11 March 2016 1

2. General E-Business Security Issues
• Any E-Business needs to be concerned about network security.
• The Internet is a “public” network consisting of thousands of
interconnected private computer networks.
• Private computer network systems are exposed to threats from
anywhere on the public network.
• Businesses must protect against the unknown.
• New methods of attacking networks and Web sites, and new network
security holes, are being constantly discovered or invented.
• An E-Business cannot expect to achieve perfect security for its network
and Web site.
Friday, 11 March 2016 2

3. Security Questions
• Several aspects of E-Business computer systems security need to be
addressed:
– How secure is the server software?
– How secure are communications?
– How is the data protected once it is delivered to the E-Business?
– How are credit card transactions authenticated and authorized?
Friday, 11 March 2016 3

4. Network and Web Site Security
• An entire glossary of words and phrases identifies network and Web
security risks, such as hacker, cracker, Trojan horse, and more.
• As part of planning a startup E-Business’s security, management
should become familiar with network and Web server security risk
terminology.
Friday, 11 March 2016 4

5. Denial of Service Attacks (DoS)
• Designed to disable a Web site by flooding it with useless traffic or
activity.
• Distributed denial of service (DDoS) attack uses multiple computers to
attack in a coordinated fashion.
• Risk is primarily centered around downtime or lack of Web site
availability.
• Defenses exist for these attacks.
– Routers used to filter out certain types of network traffic
Friday, 11 March 2016 5

6. Viruses
• A common threat that is not unique to networks.
• Networks facilitate the spread of viruses.
• Potential for harm is high including loss of data and downtime.
• Good software defenses are available.
• Defenses require diligence.
Friday, 11 March 2016 6

7. Viruses
• Virus – small program that inserts itself into other program files that
then become “infected”
• Trojan Horse – type of virus that emulates a benign application, that
appears to do something useful, but is actually harmful (destroy files or
creates a “back door”
• Worm – type of virus that replaces a document or application with its
own code and then uses that code to replicate itself.
Friday, 11 March 2016 7

8. Viruses
• Logic bomb – virus whose attach is triggered by some event such as a
date on a computer’s system clock
• Macro virus – malicious macro written in MS Office that run upon
opening that MS Office document
Friday, 11 March 2016 8

9. Web Site Defacement
• Occurs when a hacker penetrates the system and replaces text or
graphics with “other” material.
• Risk is primarily down time and repair costs.
• There have been many well publicized examples, including high profile
industry and government sites.
• Ordinary defenses against unauthorized logins are a first line defense.
• Total security may be difficult to achieve.
Friday, 11 March 2016 9

10. Electronic Industrial Espionage
• A very serious problem, especially considering that “professional”
hackers may be involved.
• Must implement and diligently maintain industry standard “best
practices”.
• Additional recommendations:
– Don’t open questionable or suspicious e-mail attachments.
– Keep security software and virus checkers updated.
Friday, 11 March 2016 10

11. Credit Card Fraud & Data Theft
• E-Business is at risk from credit card fraud from stolen data.
• Secure your own data.
• Verify the identity of your customers and the validity of the incoming
credit card data.
• Identity theft by a someone masquerading as someone else is also a
common problem.
Friday, 11 March 2016 11

12. Data Spills
• A security problem caused, ordinarily by a bug or other “system” failure,
occasionally hackers are behind this problem
• This is an unintended disclosure of customer or corporate data through
the Web or other Internet service
• May expose firm to legal liability
Friday, 11 March 2016 12

13. Network and Web Site Security
• Tools such as passwords, firewalls, intrusion detection systems (IDS),
and virus scanning software should be used to protect an E-Business’s
network and Web site.
• Firewall – hardware or software used to isolate a private network from
the public network
• IDS – ability to analyze real-time data to detect, log, and stop
unauthorized network access as it happens.
Friday, 11 March 2016 13

14. Firewall
Friday, 11 March 2016 14

15. Transaction Security and Data Protection
• Tools to protect transaction/customer data:
– Use a predefined key to encrypt and decrypt the data during transmission.
– Use the secure sockets layer (SSL) protocol to protect data transmitted over the
Internet.
– Move sensitive customer information such as credit card numbers offline or
encrypting the information if it is to be stored online.
Friday, 11 March 2016 15

16. Transaction Security and Data Protection
• Remove all files and data from storage devices including disk drives
and tapes before getting rid of the devices.
• Shred all hard-copy documents containing sensitive information before
trashing them.
– Shredder market up
• Security is only as strong as the weakest link.
Friday, 11 March 2016 16

17. Security Audits and Penetration Testing
• Can provide an overall assessment of the firm’s current exposure and
vulnerabilities.
• This is an outsourced item.
• Consultant will provide a comprehensive recommendation to address
list of vulnerabilities.
Friday, 11 March 2016 17

18. Risk Management Problems
• The list of potential risks is long and includes:
• Business interruptions caused by Web site defacement or denial of
service attacks
• Litigation and settlement costs over employees’ inappropriate use of e-
mail and the Internet
• Product or service claims against items advertised and sold via a Web
site.
• Web related copyright, trademark, and patent infringement lawsuits
• Natural or weather-related disasters
•
Friday, 11 March 2016 18

19. Risk Management Problems
• Network and Web site security and intruder detection programs
• Antivirus protection
• Firewalls
• Sound security policies and procedures
• Employee education
Friday, 11 March 2016 19

20. Understanding
Back-End Systems
Friday, 11 March 2016 20

21. Front-End Systems
• Front- end systems are those processes with which a user interfaces,
and over which a customer can exert some control.
• For an E-Business, front-end systems are the Web site processes that
customers use to view information and purchase products and
services.
Friday, 11 March 2016 21

22. Back-End Systems
• Back-end systems are those processes that are not directly accessed
by customers.
• Back-end systems include the business’s ERP and CRM systems that
handle the accounting and budgeting, manufacturing, marketing,
inventory management, distribution, order-tracking, and customer
support processes.
Friday, 11 March 2016 22

23. Front- & Back-End Systems
Friday, 11 March 2016 23

24. Legacy System Integration
• There are several issues involving the integration of Web site systems
with existing systems (legacy systems):
– Real-time requirements vs. batch mode
– Security
• Trust protections – method of securing system connection between supplier/shipping agent
and e-business servers
– Technology issues
• Integrating different systems sometimes requires middleware to allow for communication
Friday, 11 March 2016 24

25. Business Records Maintenance
• All businesses must keep records.
• Records of orders, payment and delivery, and customer data are
necessary. Various regulations or laws require transaction records,
such as sales tax records.
Friday, 11 March 2016 25

26. Backup and Disaster Recovery
• Most of the time things run well, but sometimes:
– Computers “crash;” hardware or software fails.
• What is the failure rate of a hard drive?
– “Mother Nature” happens: hurricanes, earthquakes, and tornados.
• The firm must have in place procedures to back-up and restore key
data.
Friday, 11 March 2016 26

27. Backup and Disaster Recovery (cont’d)
• Some firms go to the extent of having backup data centers.
• If you outsource your Web and Internet services, be sure to review your
vendor’s policies and plans for disaster recovery.
• Disaster Recovery
– 9/11
– Power outage last fall
Friday, 11 March 2016 27

28. Disaster Recovery Plans
• Disaster Recovery Plans address several issues:
– Access to telephones and communication lines
– Scaled-down functional servers
– Networking software and hardware
– Relevant data and databases
– Network configuration information
Friday, 11 March 2016 28

29. Disaster Recovery Plans (cont’d)
• Emergency duty rosters
• Procedure for notifying employees where to report following a disaster
• Contact information and building blueprints and specifications provided
to police and fire departments
• Emergency service agreements with outside electrical, telephone, and
Internet service providers
Friday, 11 March 2016 29

30. Disaster Recovery Options
• Hot-swappable drives
• Redundant array of independent disks (RAID)
• Uninterruptible power supplies (UPS)
• Generators
• Spare system (fail-over system)
• Mirrored servers
Friday, 11 March 2016 30

31. Order Fulfillment
• Order fulfillment may be the most critical part of an E-Business's
operations.
• Failure to handle the order fulfillment process well can result in
unhappy customers and bad-will.
• Fulfillment issues include inventory management, order picking and
packaging, and shipping.
Friday, 11 March 2016 31

32. Inventory Management
• Many issues:
– How is inventory stored?
– How is inventory arranged in order to find specific items when they are ordered?
– How is inventory movement (sales and replenishment) tracked?
Friday, 11 March 2016 32

33. Order Picking
• Firms that manage their own inventory have to manage any number of
issues in addition to tracking and storage.
• Picking the correct items is a key element.
• Mis-picks are expensive.
Friday, 11 March 2016 33

34. Shipping and Delivery
• There are many shipping options
– Post office
– UPS
– FedEx
• Many approaches to pricing shipping costs:
– Build into cost of product
– Charge as a % of order
– Charge actual rate
– Charge flat fee
Friday, 11 March 2016 34

35. Returns Processing
• Most firms have a significant return rate; 10% is typical.
• Issues:
– How to facilitate the customer return
– How to minimize returns in the first place
– How to resell or dispose of returned goods
• Must state a clear return policy
Friday, 11 March 2016 35

36. International Shipping
• International shipping adds a layer of problems.
• Different shipping companies may be used.
• Additional paperwork needed for Customs clearances.
• Customs duties or taxes may be incurred.
• Export controls may effect transactions depending on the product and
country of destination.
Friday, 11 March 2016 36

37. Outsourcing Fulfillments Management
• Fulfillment Houses (Third-party logistics – 3PL)
– ShipMax.com
– Fingerhut Business Services
• Outsourcing order fulfillment may be cost effective.
• Many large firms outsource at least part of fulfillment process.
• May be combined with shipping services.
Friday, 11 March 2016 37

38. Virtual Inventory
• An alternative to holding inventory either in-house or outsourcing
• The wholesaler keeps the inventory and ships on the order to the end
consumer
• Advantages
– Infinite scalability
• Disadvantages
– Loss of control
Friday, 11 March 2016 38

39. Mobile Commerce
Friday, 11 March 2016 39

40. Mobile Commerce
• Mobile commerce (m-commerce, m-business)—any e-commerce done
in a wireless environment, especially via the Internet
– Can be done via the Internet, private communication lines, smart cards, etc.
– Creates opportunity to deliver new services to existing customers and to attract
new ones
Friday, 11 March 2016 40

41. Mobile commerce from the Customer‘s point of view
• The customer wants to access information, goods and services any
time and in any place on his mobile device.
• He can use his mobile device to purchase tickets for events or public
transport, pay for parking, download content and even order books and
CDs.
• He should be offered appropriate payment methods. They can range
from secure mobile micropayment to service subscriptions.
Friday, 11 March 2016 41

42. Mobile commerce from the Provider‘s point of view
• The future development of the mobile telecommunication sector is
heading more and more towards value-added services. Analysts
forecast that soon half of mobile operators‘ revenue will be earned
through mobile commerce.
• Consequently operators as well as third party providers will focus on
value-added-services. To enable mobile services, providers with
expertise on different sectors will have to cooperate.
• Innovative service scenarios will be needed that meet the customer‘s
expectations and business models that satisfy all partners involved.
Friday, 11 March 2016 42

43. M-Commerce Terminology
• Generations
• 1G: 1979-1992 wireless technology
• 2G: current wireless technology; mainly accommodates text
• 2.5G: interim technology accommodates graphics
• 3G: 3rd generation technology supports rich media (video clips)
• 4G: will provide faster multimedia display
Friday, 11 March 2016 43

44. Terminology and Standards
• GPS: Satellite-based Global Positioning System
• PDA: Personal Digital Assistant—handheld wireless computer
• SMS: Short Message Service
• EMS: Enhanced Messaging Service
• MMS: Multimedia Messaging Service
• WAP: Wireless Application Protocol
• Smartphones—Internet-enabled cell phones with attached applications
Friday, 11 March 2016 44

45. Attributes of M-Commerce and Its Economic Advantages
• Mobility—users carry cell phones or other mobile devices
• Broad reach—people can be reached at any time
• Ubiquity—easier information access in real-time
• Convenience—devices that store data and have Internet, intranet,
extranet connections
• Instant connectivity—easy and quick connection to Internet, intranets,
other mobile devices, databases
• Personalization—preparation of information for individual consumers
• Localization of products and services—knowing where the user is
located at any given time and match service to them
Friday, 11 March 2016 45

46. Mobile Computing Infrastructure
• Hardware
• Software
• Networks and access
Friday, 11 March 2016 46

47. M-Commerce Applications
Friday, 11 March 2016 47
M- commerce
Entertainment
• Music
• Games
• Graphics
• Video
Communications
• Short Messaging
• Multimedia Messaging
• Unified Messaging
• e-mail
• Chatrooms
• Video - conferencing
Transactions
• Banking
• Broking
• Shopping
• Auctions
• Booking & reservations
• Mobile wallet
• Mobile purse
Information
• News
• City guides
• Directory Services
• Maps
• Traffic and weather
• Corporate information
• Market data

48. Friday, 11 March 2016 48

49. Limiting technological factors
Friday, 11 March 2016 49
MobileDevices
•Battery
•Memory
•CPU
•Display Size
Networks
•Bandwidth
•Interoperability
•Cell Range
•Roaming
Localisation
•Upgradeof Network
•Upgrade of Mobile
Devices
•Precision
MobileMiddleware
•Standards
•Distribution
Security
•MobileDevice
•Network
•Gateway

50. Mobile Computing
Friday, 11 March 2016 50

51. What Is Mobile Computing?
• A simple definition could be:
Mobile Computing is using a computer (of one kind or another) while on
the move
• Another definition could be:
Mobile Computing is when a (work) process is moved from a normal
fixed position to a more dynamic position.
• A third definition could be:
Mobile Computing is when a work process is carried out somewhere
where it was not previously possible.
Friday, 11 March 2016 51

52. Comparison
• Wired Networks
– high bandwidth
– low bandwidth variability
– can listen on wire
– high power machines
– high resource machines
– need physical access(security)
– low delay
– connected operation
Friday, 11 March 2016 52
• Mobile Networks
– low bandwidth
– high bandwidth variability
– hidden terminal problem
– low power machines
– low resource machines
– need proximity
– higher delay
– disconnected operation

53. Challenges
• Disconnection
• Low bandwidth
• High bandwidth variability
• Low power and resources
• Security risks
• Wide variety terminals and devices with different capabilities
• Device attributes
• Fit more functionality into single, smaller device
Friday, 11 March 2016 53

54. Applications of Mobile Computing
• Vehicles
• Nomadic user
• Smart mobile phone
• Invisible computing
• Wearable computing
• Intelligent house or office
• Meeting room/conference
• Taxi/Police/Fire squad fleet
• Service worker
• Lonely wolf
• Disaster relief and Disaster alarm
• Games
• Military / Security
Friday, 11 March 2016 54

55. Wireless Web,
Concepts of WAP
Friday, 11 March 2016 55

56. Wireless Web
• The wireless Web refers to use of the World Wide Web through a
wireless device, such as a cellular telephone or personal digital
assistant (PDA).
• Wireless Web connection provides anytime/anywhere connection to e-
mail, mobile banking, instant messaging, weather and travel
information, and other services.
• In general, sites aiming to accommodate wireless users must provide
services in a format displayable on typically small wireless devices.
Friday, 11 March 2016 56

57. Different Wireless Networks
WiFi
WiMax
VOIP
GPS
RFID
Bluetooth
Infrared

58. WiFi
 Wireless Fidelity = wireless LAN
 Wireless Connection to access a Network
 Wireless LAN
 Standard for transmitting information in the form of radio waves over
distances up to about 100 - 300 feet

59. WiFi

60. WiMax
 Worldwide Interoperability Microwave Access = Metro based broadband wireless access
 Longer distance coverage (~50 km)
 Connecting geographically remote areas

61. WiFi and WiMax

62. WiFi and WiMax

63. VOIP
 Voice Over Internet Protocol
 VOIP Phones are connected to the internet using n/w cables or WiFi
 Preferred over normal cabled telephone
 Interactive user interface
 Easy connectivity

64. VOIP
 Cost Reduction
 Quality
 Parallel calls using same connection
 No limitation on location

65. GPS
 Global Positioning System
 Satellite based tracking
 Used for navigation
 Applications:
 Fleet Management
 Logistics
 Asset tracking

66. RFID
 Radio Frequency Identification
 Transmitting signal over Radio Wave from an object connected to RFID device to the reader
 Objective is to keep track
 Applications :
 Inventory Management
 Retail Store
 Logistics

67. RFID Applications

68. Bluetooth
 Bluetooth is a wireless technology standard for exchanging data over short distances (using
short-wavelength radio transmissions in the ISM band from 2400–2480 MHz) from fixed and
mobile devices, creating personal area networks (PANs) with high levels of security.

69. Infrared
 Infrared (IR) light is electromagnetic radiation with longer wavelengths than those of visible
light, extending from the nominal red edge of the visible spectrum at 700 nanometres (nm) to
1 mm.
 Data transmission is employed in short-range communication among computer peripherals
and personal digital assistants.
 Infrared is the most common way for remote controls to command appliances.
 IR does not penetrate walls and so does not interfere with other devices in adjoining rooms.

70. WAP Architecture
Friday, 11 March 2016 70

71. Comparison between Internet and WAP technologies
Friday, 11 March 2016 71

72. Types of Networks
• Some of the different networks based on size
– Personal area network, or PAN
– Local area network, or LAN
– Metropolitan area network, or MAN
– Wide area network, or WAN
• Some of the different networks based on their main purpose
– Storage area network, or SAN
– Enterprise private network, or EPN
– Virtual private network, or VPN
Friday, 11 March 2016 72

73. Topology
• Three fundamental shapes:
– Bus
– Ring
– Star
• May create hybrid topologies
Friday, 11 March 2016 73

74. Bus
Friday, 11 March 2016 74

75. Ring
Friday, 11 March 2016 75

76. Star
Friday, 11 March 2016 76

77. Hybrid Physical Topologies: Star-Wired Ring
Friday, 11 March 2016 77

78. Star-Wired Bus
Friday, 11 March 2016 78

79. Friday, 11 March 2016 79