O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
Defining Security Issues
Friday, 11 March 2016 1
General E-Business Security Issues
• Any E-Business needs to be concerned about network security.
• The Internet is a “public” network consisting of thousands of
interconnected private computer networks.
• Private computer network systems are exposed to threats from
anywhere on the public network.
• Businesses must protect against the unknown.
• New methods of attacking networks and Web sites, and new network
security holes, are being constantly discovered or invented.
• An E-Business cannot expect to achieve perfect security for its network
and Web site.
Friday, 11 March 2016 2
• Several aspects of E-Business computer systems security need to be
– How secure is the server software?
– How secure are communications?
– How is the data protected once it is delivered to the E-Business?
– How are credit card transactions authenticated and authorized?
Friday, 11 March 2016 3
Network and Web Site Security
• An entire glossary of words and phrases identifies network and Web
security risks, such as hacker, cracker, Trojan horse, and more.
• As part of planning a startup E-Business’s security, management
should become familiar with network and Web server security risk
Friday, 11 March 2016 4
Denial of Service Attacks (DoS)
• Designed to disable a Web site by flooding it with useless traffic or
• Distributed denial of service (DDoS) attack uses multiple computers to
attack in a coordinated fashion.
• Risk is primarily centered around downtime or lack of Web site
• Defenses exist for these attacks.
– Routers used to filter out certain types of network traffic
Friday, 11 March 2016 5
• A common threat that is not unique to networks.
• Networks facilitate the spread of viruses.
• Potential for harm is high including loss of data and downtime.
• Good software defenses are available.
• Defenses require diligence.
Friday, 11 March 2016 6
• Virus – small program that inserts itself into other program files that
then become “infected”
• Trojan Horse – type of virus that emulates a benign application, that
appears to do something useful, but is actually harmful (destroy files or
creates a “back door”
• Worm – type of virus that replaces a document or application with its
own code and then uses that code to replicate itself.
Friday, 11 March 2016 7
• Logic bomb – virus whose attach is triggered by some event such as a
date on a computer’s system clock
• Macro virus – malicious macro written in MS Office that run upon
opening that MS Office document
Friday, 11 March 2016 8
Web Site Defacement
• Occurs when a hacker penetrates the system and replaces text or
graphics with “other” material.
• Risk is primarily down time and repair costs.
• There have been many well publicized examples, including high profile
industry and government sites.
• Ordinary defenses against unauthorized logins are a first line defense.
• Total security may be difficult to achieve.
Friday, 11 March 2016 9
Electronic Industrial Espionage
• A very serious problem, especially considering that “professional”
hackers may be involved.
• Must implement and diligently maintain industry standard “best
• Additional recommendations:
– Don’t open questionable or suspicious e-mail attachments.
– Keep security software and virus checkers updated.
Friday, 11 March 2016 10
Credit Card Fraud & Data Theft
• E-Business is at risk from credit card fraud from stolen data.
• Secure your own data.
• Verify the identity of your customers and the validity of the incoming
credit card data.
• Identity theft by a someone masquerading as someone else is also a
Friday, 11 March 2016 11
• A security problem caused, ordinarily by a bug or other “system” failure,
occasionally hackers are behind this problem
• This is an unintended disclosure of customer or corporate data through
the Web or other Internet service
• May expose firm to legal liability
Friday, 11 March 2016 12
Network and Web Site Security
• Tools such as passwords, firewalls, intrusion detection systems (IDS),
and virus scanning software should be used to protect an E-Business’s
network and Web site.
• Firewall – hardware or software used to isolate a private network from
the public network
• IDS – ability to analyze real-time data to detect, log, and stop
unauthorized network access as it happens.
Friday, 11 March 2016 13
Transaction Security and Data Protection
• Tools to protect transaction/customer data:
– Use a predefined key to encrypt and decrypt the data during transmission.
– Use the secure sockets layer (SSL) protocol to protect data transmitted over the
– Move sensitive customer information such as credit card numbers offline or
encrypting the information if it is to be stored online.
Friday, 11 March 2016 15
Transaction Security and Data Protection
• Remove all files and data from storage devices including disk drives
and tapes before getting rid of the devices.
• Shred all hard-copy documents containing sensitive information before
– Shredder market up
• Security is only as strong as the weakest link.
Friday, 11 March 2016 16
Security Audits and Penetration Testing
• Can provide an overall assessment of the firm’s current exposure and
• This is an outsourced item.
• Consultant will provide a comprehensive recommendation to address
list of vulnerabilities.
Friday, 11 March 2016 17
Risk Management Problems
• The list of potential risks is long and includes:
• Business interruptions caused by Web site defacement or denial of
• Litigation and settlement costs over employees’ inappropriate use of e-
mail and the Internet
• Product or service claims against items advertised and sold via a Web
• Web related copyright, trademark, and patent infringement lawsuits
• Natural or weather-related disasters
Friday, 11 March 2016 18
Risk Management Problems
• Network and Web site security and intruder detection programs
• Antivirus protection
• Sound security policies and procedures
• Employee education
Friday, 11 March 2016 19
Friday, 11 March 2016 20
• Front- end systems are those processes with which a user interfaces,
and over which a customer can exert some control.
• For an E-Business, front-end systems are the Web site processes that
customers use to view information and purchase products and
Friday, 11 March 2016 21
• Back-end systems are those processes that are not directly accessed
• Back-end systems include the business’s ERP and CRM systems that
handle the accounting and budgeting, manufacturing, marketing,
inventory management, distribution, order-tracking, and customer
Friday, 11 March 2016 22
Front- & Back-End Systems
Friday, 11 March 2016 23
Legacy System Integration
• There are several issues involving the integration of Web site systems
with existing systems (legacy systems):
– Real-time requirements vs. batch mode
• Trust protections – method of securing system connection between supplier/shipping agent
and e-business servers
– Technology issues
• Integrating different systems sometimes requires middleware to allow for communication
Friday, 11 March 2016 24
Business Records Maintenance
• All businesses must keep records.
• Records of orders, payment and delivery, and customer data are
necessary. Various regulations or laws require transaction records,
such as sales tax records.
Friday, 11 March 2016 25
Backup and Disaster Recovery
• Most of the time things run well, but sometimes:
– Computers “crash;” hardware or software fails.
• What is the failure rate of a hard drive?
– “Mother Nature” happens: hurricanes, earthquakes, and tornados.
• The firm must have in place procedures to back-up and restore key
Friday, 11 March 2016 26
Backup and Disaster Recovery (cont’d)
• Some firms go to the extent of having backup data centers.
• If you outsource your Web and Internet services, be sure to review your
vendor’s policies and plans for disaster recovery.
• Disaster Recovery
– Power outage last fall
Friday, 11 March 2016 27
Disaster Recovery Plans
• Disaster Recovery Plans address several issues:
– Access to telephones and communication lines
– Scaled-down functional servers
– Networking software and hardware
– Relevant data and databases
– Network configuration information
Friday, 11 March 2016 28
Disaster Recovery Plans (cont’d)
• Emergency duty rosters
• Procedure for notifying employees where to report following a disaster
• Contact information and building blueprints and specifications provided
to police and fire departments
• Emergency service agreements with outside electrical, telephone, and
Internet service providers
Friday, 11 March 2016 29
Disaster Recovery Options
• Hot-swappable drives
• Redundant array of independent disks (RAID)
• Uninterruptible power supplies (UPS)
• Spare system (fail-over system)
• Mirrored servers
Friday, 11 March 2016 30
• Order fulfillment may be the most critical part of an E-Business's
• Failure to handle the order fulfillment process well can result in
unhappy customers and bad-will.
• Fulfillment issues include inventory management, order picking and
packaging, and shipping.
Friday, 11 March 2016 31
• Many issues:
– How is inventory stored?
– How is inventory arranged in order to find specific items when they are ordered?
– How is inventory movement (sales and replenishment) tracked?
Friday, 11 March 2016 32
• Firms that manage their own inventory have to manage any number of
issues in addition to tracking and storage.
• Picking the correct items is a key element.
• Mis-picks are expensive.
Friday, 11 March 2016 33
Shipping and Delivery
• There are many shipping options
– Post office
• Many approaches to pricing shipping costs:
– Build into cost of product
– Charge as a % of order
– Charge actual rate
– Charge flat fee
Friday, 11 March 2016 34
• Most firms have a significant return rate; 10% is typical.
– How to facilitate the customer return
– How to minimize returns in the first place
– How to resell or dispose of returned goods
• Must state a clear return policy
Friday, 11 March 2016 35
• International shipping adds a layer of problems.
• Different shipping companies may be used.
• Additional paperwork needed for Customs clearances.
• Customs duties or taxes may be incurred.
• Export controls may effect transactions depending on the product and
country of destination.
Friday, 11 March 2016 36
Outsourcing Fulfillments Management
• Fulfillment Houses (Third-party logistics – 3PL)
– Fingerhut Business Services
• Outsourcing order fulfillment may be cost effective.
• Many large firms outsource at least part of fulfillment process.
• May be combined with shipping services.
Friday, 11 March 2016 37
• An alternative to holding inventory either in-house or outsourcing
• The wholesaler keeps the inventory and ships on the order to the end
– Infinite scalability
– Loss of control
Friday, 11 March 2016 38
• Mobile commerce (m-commerce, m-business)—any e-commerce done
in a wireless environment, especially via the Internet
– Can be done via the Internet, private communication lines, smart cards, etc.
– Creates opportunity to deliver new services to existing customers and to attract
Friday, 11 March 2016 40
Mobile commerce from the Customer‘s point of view
• The customer wants to access information, goods and services any
time and in any place on his mobile device.
• He can use his mobile device to purchase tickets for events or public
transport, pay for parking, download content and even order books and
• He should be offered appropriate payment methods. They can range
from secure mobile micropayment to service subscriptions.
Friday, 11 March 2016 41
Mobile commerce from the Provider‘s point of view
• The future development of the mobile telecommunication sector is
heading more and more towards value-added services. Analysts
forecast that soon half of mobile operators‘ revenue will be earned
through mobile commerce.
• Consequently operators as well as third party providers will focus on
value-added-services. To enable mobile services, providers with
expertise on different sectors will have to cooperate.
• Innovative service scenarios will be needed that meet the customer‘s
expectations and business models that satisfy all partners involved.
Friday, 11 March 2016 42
• 1G: 1979-1992 wireless technology
• 2G: current wireless technology; mainly accommodates text
• 2.5G: interim technology accommodates graphics
• 3G: 3rd generation technology supports rich media (video clips)
• 4G: will provide faster multimedia display
Friday, 11 March 2016 43
Terminology and Standards
• GPS: Satellite-based Global Positioning System
• PDA: Personal Digital Assistant—handheld wireless computer
• SMS: Short Message Service
• EMS: Enhanced Messaging Service
• MMS: Multimedia Messaging Service
• WAP: Wireless Application Protocol
• Smartphones—Internet-enabled cell phones with attached applications
Friday, 11 March 2016 44
Attributes of M-Commerce and Its Economic Advantages
• Mobility—users carry cell phones or other mobile devices
• Broad reach—people can be reached at any time
• Ubiquity—easier information access in real-time
• Convenience—devices that store data and have Internet, intranet,
• Instant connectivity—easy and quick connection to Internet, intranets,
other mobile devices, databases
• Personalization—preparation of information for individual consumers
• Localization of products and services—knowing where the user is
located at any given time and match service to them
Friday, 11 March 2016 45
Mobile Computing Infrastructure
• Networks and access
Friday, 11 March 2016 46
Friday, 11 March 2016 47
• Short Messaging
• Multimedia Messaging
• Unified Messaging
• Video - conferencing
• Booking & reservations
• Mobile wallet
• Mobile purse
• City guides
• Directory Services
• Traffic and weather
• Corporate information
• Market data
What Is Mobile Computing?
• A simple definition could be:
Mobile Computing is using a computer (of one kind or another) while on
• Another definition could be:
Mobile Computing is when a (work) process is moved from a normal
fixed position to a more dynamic position.
• A third definition could be:
Mobile Computing is when a work process is carried out somewhere
where it was not previously possible.
Friday, 11 March 2016 51
• Wired Networks
– high bandwidth
– low bandwidth variability
– can listen on wire
– high power machines
– high resource machines
– need physical access(security)
– low delay
– connected operation
Friday, 11 March 2016 52
• Mobile Networks
– low bandwidth
– high bandwidth variability
– hidden terminal problem
– low power machines
– low resource machines
– need proximity
– higher delay
– disconnected operation
• Low bandwidth
• High bandwidth variability
• Low power and resources
• Security risks
• Wide variety terminals and devices with different capabilities
• Device attributes
• Fit more functionality into single, smaller device
Friday, 11 March 2016 53
Applications of Mobile Computing
• Nomadic user
• Smart mobile phone
• Invisible computing
• Wearable computing
• Intelligent house or office
• Meeting room/conference
• Taxi/Police/Fire squad fleet
• Service worker
• Lonely wolf
• Disaster relief and Disaster alarm
• Military / Security
Friday, 11 March 2016 54
Concepts of WAP
Friday, 11 March 2016 55
• The wireless Web refers to use of the World Wide Web through a
wireless device, such as a cellular telephone or personal digital
• Wireless Web connection provides anytime/anywhere connection to e-
mail, mobile banking, instant messaging, weather and travel
information, and other services.
• In general, sites aiming to accommodate wireless users must provide
services in a format displayable on typically small wireless devices.
Friday, 11 March 2016 56
Different Wireless Networks
Wireless Fidelity = wireless LAN
Wireless Connection to access a Network
Standard for transmitting information in the form of radio waves over
distances up to about 100 - 300 feet
Voice Over Internet Protocol
VOIP Phones are connected to the internet using n/w cables or WiFi
Preferred over normal cabled telephone
Interactive user interface
Parallel calls using same connection
No limitation on location
Global Positioning System
Satellite based tracking
Used for navigation
Radio Frequency Identification
Transmitting signal over Radio Wave from an object connected to RFID device to the reader
Objective is to keep track
Bluetooth is a wireless technology standard for exchanging data over short distances (using
short-wavelength radio transmissions in the ISM band from 2400–2480 MHz) from fixed and
mobile devices, creating personal area networks (PANs) with high levels of security.
Infrared (IR) light is electromagnetic radiation with longer wavelengths than those of visible
light, extending from the nominal red edge of the visible spectrum at 700 nanometres (nm) to
Data transmission is employed in short-range communication among computer peripherals
and personal digital assistants.
Infrared is the most common way for remote controls to command appliances.
IR does not penetrate walls and so does not interfere with other devices in adjoining rooms.
Comparison between Internet and WAP technologies
Friday, 11 March 2016 71
Types of Networks
• Some of the different networks based on size
– Personal area network, or PAN
– Local area network, or LAN
– Metropolitan area network, or MAN
– Wide area network, or WAN
• Some of the different networks based on their main purpose
– Storage area network, or SAN
– Enterprise private network, or EPN
– Virtual private network, or VPN
Friday, 11 March 2016 72
• Three fundamental shapes:
• May create hybrid topologies
Friday, 11 March 2016 73