E-Commerce (B2B and B2C)
Assignment - A
Question 1. Explain why B2B and B2C initiatives require different IT infrastructures.
Ans.B2B typically has fewer users with larger transaction volume per user.
B2C typically involves larger number of individual customers with intermittent transactions, or lower dollar values per transaction
Comprehensive infrastructure needed to exchange B2B transactions with partners, translate business documents between any of the many B2B e-commerce standards now in use, and provide reporting and visibility into B2B processes and networks. This infrastructure should include: a global B2B infrastructure that spans every major economic region in the world; on-demand B2B data translation and delivery; and B2B business process management and activity monitoring
The purpose of every e-business is to utilize technology in a way that enhances communication and the company´s profitability.
Business-to-business (B2B) use of technology would enhance efficiency within the company´s supply chain, while business-to-consumer (B2C), also known as e-commerce, technologies would facilitate a transaction between a company and its consumers.
Question 2. What are the three stages of the new technology adoption curve or S-curve? And what stage do many experts believe e-commerce is entering?
Ans. Part I:
The Three Stages of S curve are:
1) Readiness (initial readiness stage),
2) Intensification (intensify acceptance of the new technology), and
3) Impact (technology becomes mainstream)
The S-Curve emerged as a mathematical model and was afterwards applied to a variety of fields. It describes for example the development of the embryo, the diffusion of viruses, the utility gained by people as the number of consumption choices increases, and so on.
In the innovation management field the S-Curve illustrates the introduction, growth and maturation of innovations as well as the technological cycles that most industries experience. In the early stages large amounts of money, effort and other resources are expended on the new technology but small performance improvements are observed. Then, as the knowledge about the technology accumulates, progress becomes more rapid. As soon as major technical obstacles are overcome and the innovation reaches a certain adoption level an exponential growth will take place. During this phase relatively small increments of effort and resources will result in large performance gains. Finally, as the technology starts to approach its physical limit, further pushing the performance becomes increasingly difficult, as the figure below shows.
Consider the supercomputer industry, where the traditional architecture involved single microprocessors. In the early stages of this technology a huge amount of money was spent in research and development, and it required several years to produce the first commercial prototype. Once the technology reached a certain level of development the know-how and expertise behind supercomputers started to spread, boosting dramatically the speed at which those systems evolved. After some time, however, microprocessors started to yield lower and lower performance gains for a given time/effort span, suggesting that the technology was close to its physical limit (based on the ability to squeeze transistors in the silicon wafer). In order to solve the problem supercomputer producers adopted a new architecture composed of many microprocessors working in parallel. This innovation created a new S-curve, shifted to the right of the original one, with a higher performance limit (based instead on the capacity to co-ordinate the work of the single processors).
Usually the S-curve is represented as the variation of performance in function of the time/effort. Probably that is the most used metric because it is also the easiest to collect data for. This fact does not imply, however, that performance is more accurate than the other possible metrics, for instance the number of inventions, the level of the overall research, or the profitability associated with the innovation.
One must be careful with the fact that different performance parameters tend to be used over different phases of the innovation, as a result the outcomes may get mixed together, or one parameter will end up influencing the outcome of another. Civil aircraft provides a good example, on early stages of the industry fuel burn was a negligible parameter, and all the emphasis was on the speed aircrafts could achieve and if they would thus be able to get off the ground safely. Over the time, with the improvement of the aircrafts almost everyone was able to reach the minimum speed and to take off, which made fuel burn the main parameter for assessing performance of civil aircrafts.
Overall we can say that the S-Curve is a robust yet flexible framework to analyze the introduction, growth and maturation of innovations and to understand the technological cycles. The model also has plenty of empirical evidence, it was exhaustively studied within many industries including semiconductors, telecommunications, hard drives, photocopiers, jet engines and so on.
Currently, Ecommerce is entering Intensification Stage as believed by many experts
Question 3. What do you understand by a digital signature? Explain it´s application and verification diagrammatically.
Ans.A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures.
In some countries, including the United States, India, and members of the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused. Digital signatures employ a type of asymmetric cryptography. For messages sent through a non-secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything representable as a bit string: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol.
A digital signature
(Not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender´s identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
How It Works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.
- You copy-and-paste the contract (it´s a short one!) into an e-mail note.
- Using special software, you obtain a message hash (mathematical summary) of the contract.
- You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.
- The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)
At the other end, your lawyer receives the message.
- To make sure it´s intact and from you, your lawyer makes a hash of the received message.
- Your lawyer then uses your public key to decrypt the message hash or summary.
- If the hashes match, the received message is valid
Question 4. What are the various type’s viruses? What can a virus to do the computer?
Ans.A computer virus can get into your computer and it tries to intercept information that’s sent from your computer and received from your computer. It can also try and steal your personal information, such as passwords and PIN numbers. If you do suspect you have a virus try not to use your credit card on the internet. Download an anti-virus a.s.a.p.
It can do a multitude of things, all harmful. Many viruses, which disguise themselves as tracking cookies, are meant to allow access to personal information that you give out over the internet. If you are shopping and this happens, it can be used for identity theft. Viruses can also slow down your computer significantly, erase information, destroy vital data, even shut down your computer, but those are rather extreme ones and pretty rare. Some viruses encrypt themselves in a different every every time so it is impossible to find them using anti-virus as anti-virus uses a signature string to locate them computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system´s data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.
TYPES OF VIRUSES
Introduction: There are thousands of viruses, and new ones are discovered every day. It is difficult to come up with a generic explanation of how viruses work, since they all have variations in the way they infect or the way they spread. So instead, we´ll take some broad categories that are commonly used to describe various types of virus.
File Viruses (Parasitic Viruses): File viruses are pieces of code that attach themselves to executable files, driver files or compressed files, and are activated when the host program is run. After activation, the virus may spread itself by attaching itself to other programs in the system, and also carry out the malevolent activity it was programmed for. Most file viruses spread by loading themselves in system memory and looking for any other programs located on the drive. If it finds one, it modifies the program´s code so that it contains and activates the virus the next time it´s run. It keeps doing this over and over until it spreads across the system, and possibly to other systems that the infected program may be shared with.
Besides spreading themselves, these viruses also carry some type of destructive constituent that can be activated immediately or by a particular ´trigger´. The trigger could be a specific date, or the number of times the virus has been replicated, or anything equally trivial. Some examples of file viruses are Randex, Meve and MrKlunky.
Boot Sector Viruses: A boot sector virus affects the boot sector of a hard disk, which is a very crucial part. The boot sector is where all information about the drive is stored, along with a program that makes it possible for the operating system to boot up. By inserting its code into the boot sector, a virus guarantees that it loads into memory during every
Boot sequence. A boot virus does not affect files; instead, it affects the disks that contain them. Perhaps this is the reason for their downfall. During the days when programs were carried around on floppies, the boot sector viruses used to spread like wildfire. However, with the CD-ROM revolution, it became impossible to infect pre-written data on a CD, which eventually stopped such viruses from spreading. Though boot viruses still exist, they are rare compared to new age malicious software. Another reason why they´re not so prevalent is that operating systems today protect the boot sector, which makes it difficult for them to thrive. Examples of boot viruses are Polyboot.B and AntiEXE.
Multipartite Viruses: Multipartite viruses are a combination of boot sector viruses and file viruses. These viruses come in through infected media and reside in memory. They then move on to the boot sector of the hard drive. From there, the virus infects executable files on the hard drive and spreads across the system. There aren´t too many multipartite viruses in existence today, but in their heyday, they accounted for some major problems due to their capacity to combine different infection techniques. A significantly famous multipartite virus is Ywinz.
Macro Viruses: Macro viruses infect files that are created using certain applications or programs that contain macros. These include Microsoft Office documents such as Word documents, Excel spreadsheets, PowerPoint presentations, Access databases, and other similar application files such as Corel Draw, AmiPro, etc. Since macro viruses are written in the language of the application, and not in that of the operating system, they are known to be platform-independent they can spread between Windows, Mac, and any other system, so long as they´re running the required application. With theever-increasing capabilities of macro languages in applications, and the possibility of infections spreading over networks, these viruses are major threats. The first macro virus was written for Microsoft Word and was discovered back in August 1995. Today, there are thousands of macro viruses in existence-some examples are Relax, Melissa. A and Bablas.
Network Viruses: This kind of virus is proficient in quickly spreading across a Local Area Network (LAN) or even over the Internet. Usually, it propagates through shared resources, such as shared drives and folders. Once it infects a new system, it searches for potential targets by searching the network for other vulnerable systems. Once a new vulnerable system is found, the network virus infects the other system, and thus spreads over the network. Some of the most notorious network viruses are Nimda and SQLS lammer.
E-mail Viruses: An e-mail virus could be a form of a macro virus that spreads itself to all the contacts located in the host´s email address book. If any of the e-mail recipients open the attachment of the infected mail, it spreads to the new host´s address book contacts, and then proceeds to send itself to all those contacts as well. These days, e-mail viruses can infect hosts even if the infected e-mail is previewed in a mail client. One of the most common and destructive e-mail viruses is the ILOVEYOU virus..
Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system.
Question 5. What is the purpose of the domain name system (DNS)?
Ans.The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.
An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 188.8.131.52 (IPv4) and 2620:0:2d0:200::10 (IPv6).
The Domain Name System makes it possible to assign domain names to groups of Internet resources and users in a meaningful way, independent of each entity´s physical location. Because of this, World Wide Web (WWW) hyperlinks and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as
184.108.40.206 (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). Users take advantage of this when they recite meaningful Uniform Resource Locators (URLs) and e-mail addresses without having to know how the computer actually locates them. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains.
This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet.
A DNS sever is where the computer goes to translate a web address that you type in into a series of numbers and goes to that address. So basically you type www.geekstogo.com into Internet Explorer (or any other web browser, it works in exactly the same way). The browser goes to a DNS server either you´ve specified or it has been given. It converts geekstogo.com into a series of numbers, in this case 220.127.116.11 and goes there. When you specify DNS servers in the fashion you have, this is the order they´re referred to when looking up IP addresses. Basically you go to a web site, the computer asks (in your case) the server at 18.104.22.168 for the proper number. If this server doesn´t give a number (for example because its overloaded with requests or offline or generally not working) then the computer will ask the server at 22.214.171.124 for the site´s IP. Then it just claims there is no page to find. You can add as many DNS servers as you like, the computer will just work its way down the list trying to find a requested site´s proper address before timing out. A common scenario when connected to a provider is that the provider is so busy with its user-base the DNS servers get overloaded. So you can connect but you can´t go anywhere. Name System, or DNS, makes browsing the Web simpler and more intuitive. It allows the tens of millions of computers connected to the Internet to find one another and communicate efficiently. DNS also allows individual nations to identify and optimize their websites for local populations, according to the Internet Corporation for Assigned Names and Numbers.
Hierarchies: Domain names are grouped into a series of top-level domains or TLDs such as .com, .net, .org and .gov. In addition, every country has its own TLD: for example, the TLD for the United States is ".us"; ".fr" represents France, ".in" denotes India, and so on. The TLD appears at the end of the full domain name.
The second-level domain contains the name of the website. For example, in "ehow.com", the second-level domain name is "ehow".The third-level domain, which appears at the beginning of some domain names, was used in the early days of the World Wide Web to signify that the domain was either a website (represented by ".www") or a file transfer site (".ftp").
The third-level domain is now used to signify any sub-domain, which is often just a sub-section of a particular website.
Convenience: Without DNS, people wishing to access a particular online resource would have to know the IP address or would be required to look it up. The IP address is a cumbersome series of three-digit numbers separated by dots or decimal points. The DNS system automatically converts these long numbers into convenient domain names that humans can easily use and remember.
Optimized Service: The top-level domain often indicates the nation of origin through a two-character abbreviation. The ability to recognized websites by country allows national registry operators to apply the best mix of linguistic and cultural policies for those domains, thereby optimizing websites for convenient access by users in each nation
Assignment - B
Question 1. What is one of the benefits of layering to a complex system?
Ans.Layering is the construction of multiple applications on top of a common IT infrastructure. One of the benefits is that layers are functionally independent, which allows system developers to specialize in their application and make improvements without affecting the other applications or the underlying infrastructure
Interoperability - Layering promotes greater interoperability between devices from different manufacturers and even between different generations of the same type of device from the same manufacturer.
Greater Compatibility - One of the greatest of all of the benefits of using a hierarchal or layered approach to networking and communications protocols is the greater compatibility between devices, systems and networks that this delivers.
Better Flexibility - Layering and the greater compatibility that it delivers goes a long way to improving the flexibility; particularly in terms of options and choices, that network engineers and administrators alike crave so much.
Flexibility and Peace of Mind - Peace of mind in knowing that if worst comes to worst and a key core network device; suddenly and without prior warning decides to give up the ghost, you can rest assured that a replacement or temporary stand-by can be readily put to work with the highest degree of confidence that it will do the job.
Even though it may not be up to doing the job at the same speed it will still do it; at least, until a better, more permanent solution can be implemented. This is a state of affairs that is much more acceptable than for a lengthy cessation of network services or assets unavailability to occur. 80% is oh so much more pleasing than 0%.
Increased Life Expectancy - Increased product working life expectancies as backwards compatibility is made considerably easier. Devices from different technology generations can co-exist thus the older units do not get discarded immediately newer technologies are adopted.
Scalability - Experience has shown that a layered or hierarchal approach to networking protocol design and implementation scales better than the horizontal approach.
Mobility - Greater mobility is more readily delivered whenever we adopt the layered and segmented strategies into our architectural design
Value Added Features - It is far easier to incorporate and implement value added features into products or services when the entire system has been built on the use of a layered philosophy.
Cost Effective Quality - The layered approach has proven time and time again to be the most economical way of developing and implementing any system(s) be they small, simple, large or complex makes no difference.
This ease of development and implementation translates to greater efficiency and effectiveness which in turn translates into greater economic rationalization and cheaper products while not compromising quality.
Modularity - I am sure that you have come across plug-ins and add-ons. These are common and classical examples of the benefits to be derived from the use of a hierarchal (layered) approach to design.
Innate Plasticity - Layering allows for innate plasticity to be built into devices at all levels and stages from the get-go, to implementation, on through optimization and upgrade cycles throughout a component´s entire useful working lifecycle thereafter.
The Graduated, Blended Approach to Migration - Compatibility enables technologies to co-exist side-by-side which results in quicker uptake of newer technologies as the older asset investments can still continue to be productive. Thus migration to newer technologies and standards can be undertaken in stages or phases over a period of time. This is what is known as the graduated blended approach; which is the opposite of the sudden adoption approach.
Standardization and Certification - The layered approach to networking protocol specifications facilitates a more streamlined and simplified standardization and certification process; particularly from an "industry" point of view. This is due to the clearer and more distinct definition and demarcation of what functions occur at each layer when the layered approach is taken.
Task Segmentation - Breaking a large complex system into smaller more manageable subcomponents allows for easier development and implementation of new technologies; as well as facilitating human comprehension of what may be very diverse and complex systems.
Portability - Layered networking protocols are much easier to port from one system or architecture to another.
Compartmentalization of Functionality - The compartmentalization or layering of processes, procedures and communications functions gives developers the freedom to concentrate on a specific layer or specific functions within that layer´s realm of responsibility without the need for great concern or modification of any other layer.
Changes within one layer can be considered to be in self-contained isolation; functionally speaking, from the other layers. Modifications at one layer will not break or compound the other layers.
Side-Kicks - The development of "Helper" protocols or side-kicks is much easier when a layered approach to networking protocols is embraced. This is especially so when it comes to the development of "helper" protocols that are developed more or less as after-thoughts because the need arose.
Reduced Debugging Time - The time spent debugging can be greatly reduced as a direct result of taking the layered approach to developing network protocols because debugging is made easier and faster when using the layered approach as opposed to not using it.
Promotion of Multi-Vendor Development - Layering allows for a more precise identification and delineation of task, process and methodology. This permits a clearer definition of what needs to be done, where it needs to be done, when it needs to be done, how it needs to be done and what or who will do it. It is these factors that promote multi-vendor development through the standardization of networking components at both the hardware and software levels because of the clear and precise delineation of responsibilities that layering brings to the developers´ table.
Easier Binding Implementation - The principle of binding is far easier to implement in layered, tiered, and hierarchal systems. Humans also tend to understand this form easier than the flat model.
Enhanced Troubleshooting and Fault Identification - Troubleshooting and fault identification are made considerably easier thus resolution times are greatly reduced. Layering allows for examination in isolation of subcomponents as well as the whole.
Enhanced Communications Flow and Support - Adopting the layered approach allows for improved flow and support for communication between diverse systems, networks, hardware, software, and protocols.
Support for Disparate Hosts - Communications between disparate hosts is supported more or less seamlessly thus Unix, PC, MAC & Linux to name but a few can freely interchange data.
Reduction of the Domino Effect - Another very important advantage of a layered protocol system is that it helps to prevent changes in one layer from affecting other layers. This helps to expedite technology development.
Rapid Application Development (RAD) - Workloads can be evenly distributed which means that multiple activities can be conducted in parallel thereby reducing the time taken to develop, debug, optimize and package new technologies ready for production implementation.
Question 2. What is the difference between a web site and a portal?
Ans.Portal vs Site
A portal is generally a vehicle by which to gain access to a multitude of ´services´. A web site is a destination in itself.
As such the term website refers to a location on the Internet (see this) that is unique and can be accessed through a URL (see this). By that definition a web portal is in fact also a website.
However there is a distinction between the two terms based on the subject and content of the website.
A website is also a web portal if;
It transmits information from several independent sources that can be, but not necessarily are, connected in subject; thus offering a public service function for the visitor which is not restricted to presenting the view(s) of one author.
The Portal and website can be differentiated as:
Portal: It provides facility of Logging-In. Provides you with information based on who you are.
e.g. mail.yahoo.com, gmail.com, rediffmail.com Website: No log-in. e.g. www.yahoo.com
Portal: Limited, focused content. Eliminates the need to visit many different sites.
E.g. You type in your user name and password and see your yahoo mail only.
Website: Extensive, unfocused content written to accommodate anonymous user’s needs.
Portal: You will select and organize the materials you want to access. Organized with the materials you want to access.
Website: Searchable, but not customizable. All content is there for every visitor.
e.g. you can navigate to yahoo mail, yahoo shopping, geo cities, yahoo group. If you wish to use any of these services you will either have to authenticate yourself and see things personalized to you or you can simply visit sections that are for everyone like yahoo news were if you are not signed in then the default sign in is guest.
Question 3. What is the most valuable function of the proxy server?
Ans.A proxy server has a large variety of potential purposes, including:
- To keep machines behind it anonymous (mainly for security).
- To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.
- To apply access policy to network services or content, e.g. to block undesired sites.
- To log / audit usage, i.e. to provide company employee Internet usage reporting.
- To bypass security/ parental controls.
- To scan transmitted content for malware before delivery.
- To scan outbound content, e.g., for data leak protection.
- To circumvent regional restrictions.
Information Management in E Commerce ABC Ltd is a manufacturer of mobile handsets. It has its manufacturing plant in Bangalore and its offices and retail outlets in different cities in India and abroad. The organization wants to have information systems connecting all the above facilities and also providing access to its suppliers as well as customers.
- A. Discuss various issues in developing information systems and fulfilling information needs at different levels in the organization.
Ans:Information Systems (IS) is an academic/professional discipline bridging the business field and the well-defined computer science field that is evolving toward a new scientific area of study. An information systems discipline therefore is supported by the theoretical foundations of information and computations such that learned scholars have unique opportunities to explore the academics of various business models as well as related algorithmic processes within a computer science discipline. Typically, information systems or the more common legacy information systems include people, procedures, data, software, and hardware (by degree) that are used to gather and analyze digital information. Specifically computer-based information systems are complementary networks of hardware/software that people and organizations use to collect, filter, process, create, & distribute data (computing).Computer Information System(s) (CIS) is often a track within the computer science field studying computers and algorithmic processes, including their principles, their software & hardware designs, their applications, and their impact on society
Yes, there are many issues that would be faced while implementing and developing an information system. Some of the key points are:
- Integrating the system throughout the organization and yet serving specific needs
- Training managers and employees
- Managing the costs of information
- Managing user demands on the system
Among the most important are low productivity, a large number of failures, and an inadequate alignment of ISs with business needs. The first problem, low productivity, has been recognized in the term “software crisis”, as indicated by the development backlog and maintenance problems. Simply, demands for building new or improved ISs have increased faster than our ability to develop them. Some reasons are: the increasing cost of software development (especially when compared to the decreasing cost of hardware), the limited supply of personnel and funding, and only moderate productivity improvements.
Second, IS development (ISD) efforts have resulted in a large number of outright. These failures are sometimes due to economical mismatches, such as budget and schedule overruns, but surprisingly often due to poor product quality and insufficient user satisfaction. For example, one survey (Gladden 1982) estimates that 75% of IS developments undertaken are never completed, or the resulting system is never used. According to the Standish Group (1995) only 16% of all projects are delivered on time and within their budget. This study, conducted as a survey among 365 information technology managers, also reveals that 31% of ISD projects were canceled prior to completion and the majority, 53%, are completed but over budget and offer less functionality than originally specified. Unfortunately this area has not been studied in enough detail to find general reasons for failures. As a result, we must mostly rely on cases and reports on ISD failures.
Third, from the business point of view, there has been growing criticism of the poor alignment of ISs and business needs. While an increasing part of organizations’ resources are spent on recording, searching, refining and analyzing information, the link between ISs and organizational performance and strategies has been shown to be dubious. For example, most managers and users are still facing situations where they cannot get information they need to run their units. Hence, ISD is continually challenged by the dynamic nature of business together with the ways that business activities are organized and supported by ISs.
All the above problems are further aggravated by the increasing complexity and size of software products. Each generation has brought new application areas as well as extended functionality leading to larger systems, which are harder to design, construct and maintain. Moreover, because of a large number of new technical options and innovations available - like client/server architectures, object-oriented approaches, and electronic commerce - novel technical aspects are transforming the practice of ISD. All in all, it seems to be commonly recognized that ISD is not satisfying organizations’ needs, whether they are technical, economical, or behavioral. Consequently, companies world-wide are facing challenges in developing new strategies for ISD as well as in finding supporting tools and ways of working
(b) Explain different security threats in the context of e-commerce for the above company.
Ans.For ABC ltd, the vulnerability of a system exists at the entry and exit points within the system which can be classified as below:
- Shopper´ computer
- Network connection between shopper and Web site´s server
- Web site´s server
- Software vendor
Points the attacker can target
This section describes potential security attack methods that abc ltd could face from an attacker or hacker.
Some of the easiest and most profitable attacks are based on tricking the shopper, also known as social engineering techniques. These attacks involve surveillance of the shopper´s behavior, gathering information to use against the shopper. For example, a mother´s maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.
A common scenario is that the attacker calls the shopper, pretending to be a representative from a site visited, and extracts information. The attacker then calls a customer service representative at the site, posing as the shopper and providing personal information. The attacker then asks for the password to be reset to a specific value.
Another common form of social engineering attacks are phishing schemes. Typo pirates play on the names of famous sites to collect authentication and registration information. For example, http://www.ibm.com/shop is registered by the attacker as www.ibn.com/shop. A shopper mistypes and enters the illegitimate site and provides confidential information. Alternatively, the attacker sends emails spoofed to look like they came from legitimate sites. The link inside the email maps to a rogue site that collects the information.
Millions of computers are added to the Internet every month. Most users´ knowledge of security vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in their quest to ensure that their products are easy to install, will ship products with security features disabled. In most cases, enabling security features requires a non-technical user to read manuals written for the technologist. The confused user does not attempt to enable the security features. This creates a treasure trove for attackers.
A popular technique for gaining entry into the shopper´s system is to use a tool, such as SATAN, to perform port scans on a computer that detect entry points into the machine. Based on the opened ports found, the attacker can use various techniques to gain entry into the user´s system. Upon entry, they scan your file system for personal information, such as passwords.
While software and hardware security solutions available protect the public´s systems, they are not silver bullets. A user that purchases firewall software to protect his computer may find there are conflicts with other software on his system. To resolve the conflict, the user disables enough capabilities to render the firewall software useless.
Sniffing the network
In this scheme, the attacker monitors the data between the shopper´s computer and the server. He collects data about the shopper or steals personal information, such as credit card numbers.
There are points in the network where this attack is more practical than others. If the attacker sits in the middle of the network, then within the scope of the Internet, this attack becomes impractical. A request from the client to the server computer is broken up into small pieces known as packets as it leaves the client´s computer and is reconstructed at the server. The packets of a request is sent through different routes. The attacker cannot access all the packets of a request and cannot decipher what message was sent.
Take the example of a shopper in Toronto purchasing goods from a store in Los Angeles. Some packets for a request are routed through New York, where others are routed through Chicago. A more practical location for this attack is near the shopper´s computer or the server. Wireless hubs make attacks on the shopper´s computer network the better choice because most wireless hubs are shipped with security features disabled. This allows an attacker to easily scan unencrypted traffic from the user´s computer.
Attacker sniffing the network between client and server
Another common attack is to guess a user´s password. This style of attack is manual or automated. Manual attacks are laborious, and only successful if the attacker knows something about the shopper. For example, if the shopper uses their child´s name as the password. Automated attacks have a higher likelihood of success, because the probability of guessing a user ID/password becomes more significant as the number of tries increases. Tools exist that use all the words in the dictionary to test user ID/password combinations, or that attack popular user ID/password combinations. The attacker can automate to go against multiple sites at one time.
Using denial of service attacks
The denial of service attack is one of the best examples of impacting site availability. It involves getting the server to perform a large number of mundane tasks, exceeding the capacity of the server to cope with any other task. For example, if everyone in a large meeting asks you your name all at once, and every time you answer, they ask you again. You have experienced a personal denial of service attack. To ask a computer its name, you use ping. You can use ping to build an effective DoS attack. The smart hacker gets the server to use more computational resources in processing the request than the adversary does in generating the request.
Distributed DoS is a type of attack used on popular sites, such as Yahoo!®. In this type of attack, the hacker infects computers on the Internet via a virus or other means. The infected computer becomes slaves to the hacker. The hacker controls them at a predetermined time to bombard the target server with useless, but intensive resource consuming requests. This attack not only causes the target site to experience problems, but also the entire Internet as the number of packets is routed via many different paths to the target.
Denial of service attacks
Using known server bugs
The attacker analyzes the site to find what types of software are used on the site. He then proceeds to find what patches were issued for the software. Additionally, he searches on how to exploit a system without the patch. He proceeds to try each of the exploits. The sophisticated attacker finds a weakness in a similar type of software, and tries to use that to exploit the system. This is a simple, but effective attack. With millions of servers online, what is the probability that a system administrator forgot to apply a patch?
Using server root exploits
Root exploits refer to techniques that gain super user access to the server. This is the most coveted type of exploit because the possibilities are limitless. When you attack a shopper or his computer, you can only affect one individual. With a root exploit, you gain control of the merchants and all the shoppers´ information on the site. There are two main types of root exploits: buffer overflow attacks and executing scripts against a server.
In a buffer overflow attack, the hacker takes advantage of specific type of computer program bug that involves the allocation of storage during program execution. The technique involves tricking the server into execute code written by the attacker.
The other technique uses knowledge of scripts that are executed by the server. This is easily and freely found in the programming guides for the server. The attacker tries to construct scripts in the URL of his browser to retrieve information from his server. This technique is frequently used when the attacker is trying to retrieve data from the server´s database.
Assignment - C
- The primary focus of most B2C applications is generating ____.
(d). Web Site
- Which is most significant for web based advertisers?
(b). Page Views
(c). Click Thoughts
Ans.(c). Click Thoughts
- Digital products are particularly appealing for a company´s bottom line because of-
(a). The freedom from the law of diminishing returns
(b). The integration of the value chain.
(c). The increase in brand recognition.
(d). The changes they bring to the industry.
- The differences between B2B and B2C exchanges include
(a) Size of customer set
(b) Transaction volume
(c) Form of payment
(d) Level of customization on products/services
(A). a and b
(B). a, b, and c
(C). b and c
(D). All of the above
Ans. (D). All of the above
- What is the most significant part of e-commerce:
Ans. (a). B2B
- Security-and-risk services include--
(a). Firewalls & policies for remote access
(b). Encryption and use of passwords
(c). Disaster planning and recovery
(d). All of the above
(e). a & b only
Ans. (d). All of the above
- Business Plans are important when trying to find capital to start up your new business. Important elements of a business plan include:
(a). Sales And Marketing
(b). Human resources handbook
(c). Business description
(d). a and c
Ans. (d). a and c
- Based on the study, in the supply side initiatives, which of the following clusters was the only one found to be critical enterprise-wide?
(a). IT management
(c). Data management
Ans. (d). IT-architecture-and-standards
- E-commerce increases competition by: erasing geographical boundaries, empowering customers and suppliers, commoditizing new products, etc. How do companies usually solve this problem?
(a). By competing on price
(b). By selling only through traditional channels.
(c). By lowering costs
(d). By creating attractive websites
Ans. (c). By lowering costs
- On which form of e-commerce does Dell Computer Corporation rely in conducting its business?
(d). None of the above
(e). All of the above
Ans. (e). All of the above
- What is the ´last mile´ in the last mile problem? The link between your...
(a). Computer and telephone
(b). Home and telephone provider´s local office
(c). Office and server
(d). Home and internet service provider
Ans. (b). Home and telephone provider´s local office
- Which of the following is a function of a proxy server?
(a). Maintaining a log of transactions
(b). Caching pages to reduce page load times
(c). Performing virus checks
(d). Forwarding transactions from a user to the appropriate server
Ans. (a). Maintaining a log of transactions
- An example of the supply chain of commerce is:
(a). A company turns blocks of wood into pencils.
(b). A department supplies processed data to another department within a company.
(c). A consumer purchases canned vegetables at the store.
(d). None of the above
Ans. (c). A consumer purchases canned vegetables at the store.
- Just after your customers have accepted your revolutionary new e-commerce idea, which of the following is not expected to immediately happen?
(a). Competitor catch-up moves
(c). First-mover expansion
(d). None of the above
Ans. (b). Commoditization
- Which of the following statements about E-Commerce and E-Business is true?