E-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing

Similar documents
E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

ELECTRONIC COMMERCE OBJECTIVE QUESTIONS

Oct 15, Internet : the vast collection of interconnected networks that all use the TCP/IP protocols

Cornerstones of Security

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Evaluate the Usability of Security Audits in Electronic Commerce

E-commerce. Web Servers Hardware and Software

Securing your Online Data Transfer with SSL

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Outline Introduction to Internet, Intranet and Extranet. What is an Intranet? by Awad. Basic Intranet-enabling Technology [Awad, chapter 4]

E-commerce. Software. Two weeks ago. E-Commerce Web Sites- Purpose of e-commerce sites. E-Commerce Web Sites

Compter Networks Chapter 9: Network Security


Overview. SSL Cryptography Overview CHAPTER 1

How To Protect A Web Application From Attack From A Trusted Environment

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Content Teaching Academy at James Madison University

Network Security Topologies. Chapter 11

Security Digital Certificate Manager

Client Server Registration Protocol

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Security Digital Certificate Manager

Case Study for Layer 3 Authentication and Encryption

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Chapter 10. Network Security

Security Technology: Firewalls and VPNs

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Network Security. Raj Jain. The Ohio State University. Columbus, OH Raj Jain 31-1

Security threats and network. Software firewall. Hardware firewall. Firewalls

Chap. 1: Introduction

The Case For Secure

Fig : Packet Filtering

Proxy Server, Network Address Translator, Firewall. Proxy Server

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

SAMPLE EXAMINATION PAPER SAMPLE ANSWERS

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

12. Firewalls Content

SOFTWARE ENGINEERING 4C03. Computer Networks & Computer Security. Network Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Computer System Management: Hosting Servers, Miscellaneous

Fundamentals of the Internet 2009/ Explain meaning the following networking terminologies:

Security Goals Services

INTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Understanding Digital Certificates and Secure Sockets Layer (SSL)

The Internet, Intranets, and Extranets. What is the Internet. What is the Internet cont d.

PrivyLink Cryptographic Key Server *

Intranet, Extranet, Firewall

Chapter 37. Secure Networks

Internet Privacy Options

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

SonicWALL NAT Load Balancing

Module 6. e-business and e- Commerce

cipher: the algorithm or function used for encryption and decryption

Securing your Microsoft Internet Information Services (MS IIS) Web Server with a thawte Digital Certificate thawte thawte thawte thawte thawte 10.

Chapter 10. e-payments

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

The following multiple-choice post-course assessment will evaluate your knowledge of the skills and concepts taught in Internet Business Associate.

ISM/ISC Middleware Module

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

As enterprises conduct more and more

Why you need secure

8. Firewall Design & Implementation

Basics of Internet Security

EUROPASS DIPLOMA SUPPLEMENT

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Multimedia Networking and Network Security

How To Protect Your From Being Hacked On A Pc Or Mac Or Ipa From Being Stolen On A Network (For A Free Download) On A Computer Or Ipo (For Free) On Your Pc Or Ipom (For An Ipo

NETWORK SECURITY. Farooq Ashraf. Department of Computer Engineering King Fahd University of Petroleum and Minerals Dhahran 31261, Saudi Arabia

Security: Focus of Control. Authentication

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

CRYPTOGRAPHY IN NETWORK SECURITY

COSC 472 Network Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Framework of e-commerce

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

ELECTRONIC COMMERCE WORKED EXAMPLES

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

CITS1231 Web Technologies. Client, Server, the Internet, and the Web

Network Security. HIT Shimrit Tzur-David

PrivyLink Internet Application Security Environment *

Firewalls (IPTABLES)

Savitribai Phule Pune University

Network Security Protocols

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Chapter 10. Cloud Security Mechanisms

Transcription:

E-Commerce Web Sites E-commerce Revision Companies create Web sites for very different reasons: simple proof-of concept sites Intranets (internal information) information-only sites for customers business-to-business portals and extranets on-line stores (e-shops) content-delivery sites Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 1 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 2 Typical e-business Architecture Infrastructure Server architecture Software for web servers E-commerce web sites Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 3 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 4 Infrastructure- Packets, Routing and Addressing Infrastructure- Packets, Routing and Addressing Four key rules have contributed to the success of the Internet. Independent networks should not require any internal changes to be connected to the network. Packets that do not arrive at their destinations must be retransmitted from their source network. Router computers act as receive-and-forward devices; they do not retain information about the packets that they handle. No global control exists over the network. Router-based architecture of the Internet Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 5 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 6 1

From the Internet to the WWW-1 World Wide Web (WWW): system of Internet servers that support documents formatted in a markup language called HTML (HyperText Markup Language). This language supports linking a document to other documents, as well as linking to graphics, audio, and video files. The WWW is an information-sharing model that is built on top of the Internet. The WWW uses the HTTP protocol to transmit data. E-commerce services, which use HTTP to allow applications to communicate in order to exchange business logic, use the Web to share information. The WWW is just one of the ways that information can be disseminated over the Internet. The Internet, not the Web, is also used for e-mail, which relies on SMTP and FTP. Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 7 From the Internet to the WWW-2 Hypertext Transfer Protocol (HTTP) is the set of rules for delivering Web pages over the Internet HTTP uses the client/server model The client opens an HTTP session and sends a request to a server The server returns an HTTP response message which contains data. After this, they forget about each other this has very significant implications for Web (and e- commerce) application development. Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 8 E-Commerce Web Sites- An open system: the Web Infrastructure-Distributed Systems Client-server: there is a dedicated computer, called server, that provides one or more of the important services and the users access whichever service the require. -Dedicated servers for data storage (file servers) -Dedicated servers for printing (print servers) -Gateways to exterior WANs -Much less risk of failure -Facilitate maintenance and file backup Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 9 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 10 Server Architectures Server Architectures- Two-Tier Client/Server Architecture Server any computer used to provide files to other computers connected to it through a network Server software Server hardware Patterns of server architectures (tested solutions to common problems) Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 11 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 12 2

Server Architectures- Three-Tier and N-Tier Client/Server Architectures Distributed Server Architecture- Complex Load-Balancing Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 13 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 14 Software for Web servers- Popular server programs E-Commerce Web Sites- Basic Functions An e-commerce solution must at least provide: A product catalogue Shopping cart capabilities Transaction processing Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 15 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 16 E-Commerce Web Sites- Application Integration (ADVANCED FUNCTION) Interoperability Making a company s information systems work together Enterprise application integration Attempt to tie all of company s existing systems to each other and to company s Web site Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 17 Software for SMEs One alternative to ISP hosting services are ASP: provide a connection to the Internet just as ISPs do but they also provide application server software, database management software, and electronic commerce expertise Shopcreator is an example of an e- commerce ASP Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 18 3

Web usability Usability Trust Usability is a very broad concept in system design. It is concerned with: designing software applications which people find convenient and practicable for use how usable or userfriendly the product, service, or system is. Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 19 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 20 User requirements Gathering users requirements is often done at the beginning of a project. But users needs and expectations change and evolve (as do your competitors), so efforts to understand needs should be ongoing. There are many ways to gather requirements from users, including surveys, interviews, focus groups, informal chats and observation. User-Centred Requirements handbook: http://www.jiscinfonet.ac.uk/resources/externalresources/user-centred-requirements-handbook/view Usability techniques Heuristic evaluation: interface is scrutinised against a set of recognised usability principles, or heuristics User Testing: evaluation that involves users to assess usability issues. Log analysis: analysis of user interactions, searching and navigation in order to generate hypotheses about user s behaviour. Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 21 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 22 Trust Secrecy: Protecting against unauthorized data disclosure and ensuring the authenticity of data source Integrity: Refers to preventing unauthorized data modification Necessity: Refers to preventing data delays or denials (removal) Protecting Client Computers- Digital Certificates A program embedded in a Web page that Verifies that the sender or Web site is who or what it claims to be Signed code or messages Provide proof that the holder is the person identified by the certificate Certification authority (CA) Issues digital certificates Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 23 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 24 4

Protecting Communication Channel- Encryption Solutions Encryption: Using a mathematically based program and a secret key to produce a string of characters that is unintelligible Cryptography: Science that studies encryption. It has four basic parts Plain text: the original text in human-readable form Cipher text: the plain text after it has been encrypted Encryption algorithm: the mathematical formula that encrypts the palintext into cipher text and vice versa Key: the secret key used to encrypt and decrypt a message. Different keys produce different cipher text when used with the same algorithm. Protecting Communication Channel-1 Public key (asymmetric encryption): Freely distributed to the public at large. Private key (symmetric encryption): Belongs to the key owner, who keeps the key secret. Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 25 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 26 Protecting Communication Channel-2 Public key cryptography Theory: belongs to a class of NP-complete problems known as knapsack problem This is the problem of selecting numbers from a collection so that the sum of the selected numbers is a particular value. Solution: try all possible combinations systematically until a solution is found. Ensuring Transaction Integrity with Digital Signatures Anyone could intercept a purchase order: alter the shipping address and quantity ordered; re-create the message digests; send the message and new message digest on to the merchant Digital signature: An encrypted message digest Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 27 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 28 Protecting the web server- Firewalls1 Computer and software combination installed at the Internet entry point of a networked system Provides a defense between Network to be protected and the Internet, or other network that could pose a threat All corporate communication to and from Internet flows through firewalls Protecting the web server- Firewalls2 Characteristics All traffic from inside to outside and from outside to inside the network must pass through firewall Only authorized traffic is allowed to pass Firewall itself is immune to penetration Trusted Networks inside the firewall Untrusted Networks outside the firewall Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 29 Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 30 5

Protecting the web server- Firewalls3 Packet-filter firewalls: Examine data flowing back and forth between trusted network and the Internet Gateway servers: Firewalls that filter traffic based on the application requested Proxy server firewalls: Firewalls that communicate with the Internet on the private network s behalf Dec 17, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html 31 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information