E-Commerce Assignment

Group from CSE(A)

1. Pallab Kumar (11500111053)2. Rahul dey (1150011067)3. Purnendu Mondal (11500111066)

1) Symmetric Encryption involves secret key.2) Investment Management is a sub-system of Sales & Distribution3) In RSA algorithm Prime numbers are involved.4) Firewall may be implemented in a Routers which connect intranet to internet5) E Cash is stored in the customers computers in form of E money

6) How many types of Business Transaction models are there? Explain each one.

Ans:- There are mainly six types of business transactions. They are as followsRetail to Customer, in PersonAn in-person retail-to-customer transaction is one of the simplest forms of business transactions. It involves a customer going into a store, selecting items to purchase and buying the items using cash, check or a credit card. The retailer charges the customer a price based on the retail price of the items plus sales tax if applicable.Retail to Customer, Not in PersonRetailers can also sell products to customers without ever interacting in person. Customers can order products from a catalog by calling the business, placing an order over the phone and paying for the retail price, applicable sales tax and applicable shipping charges. The product is then shipped to the customer in the mail. Customers can also make purchases from retailers online through the retailer's website or from another retail website. Online transactions typically are paid for using a credit card or online merchant service like PayPal or Google Checkout. Again, sales tax and shipping charges often apply in addition to the retail purchase price.Wholesaler to RetailerAnother type of business transaction is when a retailer buys products from a manufacturer or wholesaler. Many retailers do not manufacture the products they sell. Instead, they buy products directly from manufacturers or wholesalers, then mark the prices up from what they paid to sell to customers to make a profit. Products are often ordered in bulk, and the transaction is typically paid for by an invoice sent from the wholesaler to the retailer after the order is filled. Retailers then have a certain amount of time, such as 30 days, to make payment to the wholesaler. In some cases, wholesalers require payment via credit card when the order is placed before they fill the order. Shipping charges might apply, though discounts for buying in bulk are one way retailers can save money on these transactions.Business to BusinessMany companies sell products or services to other businesses and exclude end consumers from the business model completely. For example, a company might sell cloud storage to other companies, which are virtual servers that power websites and other technology. The companies that purchase this cloud storage use it to store data from their website or other company data securely. The seller in this transaction (e.g., the cloud storage provider) markets its services to other businesses and often sells its services exclusively to the buyer for a set period of time. Transaction details are usually laid out in contracts or business agreements. Payment details vary from monthly invoices to other payment arrangements like quarterly or annual payments.Wholesale to ConsumerSome wholesalers also sell products directly to consumers. Most of these transactions are done online from various wholesaler websites, or over the phone, since wholesalers rarely have warehouses open to the public for browsing and making purchases. These transactions are attractive to consumers because consumers are able to get lower prices on products that have not been marked up by retailers.Consumer to ConsumerConsumers also are able to make transactions with one another. For example, if someone lists a car or other product or service in the classifieds section of a newspaper, another consumer can buy that car directly from the seller. These transactions typically do not involve wholesalers, retailers or other business. Online auction sites and classified sites have made this model even more popular since people have more resources to buy and sell things between other consumers. In-person transactions are often in cash, while online sites typically use online merchant services.

7. What is EDI & EDIFACT .discuss in brief?Ans: EDI and EDIFACT are discussed below :EDI Electronic data interchange (EDI) is an electronic communication method that provides standards for exchanging data via any electronic means. By adhering to the same standard, two different companies, even in two different countries, can electronically exchange documents (such as purchase orders, invoices, shipping notices, and many others). EDI has existed for more than 30 years, and there are many EDI standards (including X12, EDIFACT, ODETTE, etc.), some of which address the needs of specific industries or regions. It also refers specifically to a family of standards. In 1996, the National Institute of Standards and Technology defined electronic data interchange as "the computer-to-computer interchange of strictly formatted messages that represent documents other than monetary instruments. EDI implies a sequence of messages between two parties, either of whom may serve as originator or recipient. The formatted data representing the documents may be transmitted from originator to recipient via telecommunications or physically transported on electronic storage media." It distinguishes mere electronic communication or data exchange, specifying that "in EDI, the usual processing of received messages is by computer only. Human intervention in the processing of a received message is typically intended only for error conditions, for quality review, and for special situations. For example, the transmission of binary or textual data is not EDI as defined here unless the data are treated as one or more data elements of an EDI message and are not normally intended for human interpretation as part of online data processing.

EDIFACTUnited Nations/Electronic Data Interchange For Administration, Commerce and Transport (UN/EDIFACT) is the international EDI standard developed under the United Nations.In 1987, following the convergence of the UN and US/ANSI syntax proposals, the UN/EDIFACT Syntax Rules were approved as the ISO standard ISO 9735 by the International Organization for Standardization.The EDIFACT standard provides a set of syntax rules to structure data,an interactive exchange protocol (I-EDI).standard messages which allow multi-country and multi-industry exchange.The work of maintenance and further development of this standard is done through the United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) under the UN Economic Commission for Europe, in the Finance Domain working group UN CEFACT TBG5.1. What is BPR / Business Process Re-engineering? Explain in brief.

Ans:- Business process reengineering (BPR) is the analysis and redesign of workflow within and between enterprises.Business process reengineering (BPR) is the analysis and redesign of workflowswithin and between enterprises in order to optimize end-to-end processes and automate non-value-added tasks. The concept of BPR was first introduced in the late Michael Hammer's 1990Harvard Business Reviewarticle and received increased attention a few years later, when Hammer and James Champy published their best-selling book,Reengineering the Corporation. The authors promoted the idea that sometimes-radical redesign and reorganizationof anenterpriseis necessary to lower costs and increase quality of service and that information technology is the key enabler for that radical change.Hammer and Champy suggested seven reengineering principles to streamline the work process and thereby achieve significant levels of improvement in quality, time management, speed and profitability:1.Organize around outcomes, not tasks.2. Identify all the processes in an organization and prioritize them in order of redesign urgency.3. Integrate information processing work into the real work that produces the information.4. Treat geographically dispersed resources as though they were centralized.5. Link parallel activities in the workflow instead of just integrating their results.6. Put the decision point where the work is performed, and build control into the process.7. Capture information once and at the source.By the mid-1990s, BPR became popular as a justification fordownsizing. According to Hammer, lack of sustained management, commitment and leadership; unrealistic scope and expectations; and resistance to change prompted managers to abandon the concept of BPR and embrace the next new methodology,enterprise resource planning.

1. State the difference between CRM and SRM.

Ans:- CRMSRM

Customer Contact Information

Supplier information: contact ,contract

Status: Current deals or agreements on place

Status: deliveries ,shipments

Outstanding items: Emails contact ,contrast questions

Outstanding items: Billing questions ,disputes,invoices

Lead scores: As it relates to company and lead qualities

Supplier scorecard

Company news of press ,relevant industry information

Industry Information: third party data related to corporate relationship

Additional company information : Social link to company and contacts , blogs ,related web properties

Company info: social links , blogs ,websites

1. Describe VPN (Virtual Private N/w ) and Firewall and their usage in E-Commerce.

Ans:-

VPN :

A VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A VPN ensures privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol ( L2TP ). Data is encrypted at the sending end and decrypted at the receiving end.A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.A VPN works by using the shared public infrastructure while maintaining privacy through security procedures andtunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

FIREWALL : A firewall is a system designed to prevent unauthorizedaccessto or from a privatenetwork. Firewalls can be implemented in bothhardwareandsoftware, or a combination of both. Firewalls are frequently used to prevent unauthorizedInternetusers from accessing private networks connected to the Internet, especiallyintranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specifiedsecuritycriteria.

Firewalls can be either hardware or software but the ideal firewall configuration will consist of both. In addition to limiting access to your computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins.Hardware firewalls can be purchased as a stand-alone product but are also typically found in broadband routers, and should be considered an important part of your system and network set-up. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available.

Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer.

Firewalls are used to protect both home and corporate networks. A typical firewall program or hardware device filters all information coming through the Internet to your network or computer system. There are several types of firewall techniques that will prevent potentially harmful information from getting through:Packet FilterLooks at eachpacketentering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible toIP spoofing.Application GatewayApplies security mechanisms to specific applications, such asFTPandTelnetservers. This is very effective, but can impose a performance degradation.Circuit-level GatewayApplies security mechanisms when aTCPorUDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.Proxy ServerIntercepts all messages entering and leaving the network. Theproxy servereffectively hides the true network addresses.In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defense in protecting private information. For greater security,datacan beencrypted.

11. What is E cash? Explain the steps involved in the operation of E-Cash by an individual.Ans: The following steps are needed to be performed:1. The customer opens an account with the bank(the currency server),and maintains enough cash(real cash)there to proceed further.2. The customer has software known as e-cash software at his place which he uses to generate e-cash. Before that he needs to determine what are the denominations of the e-cash he needs. Then he uses hiss/w to generate a random number and a blinding factor. The blinding factor is very secret to the customer and only he knows it.3. The customer sends the random no and blinding factor to the bank which in turn signs the document digitally , and gives it back to the customer. This digitally signed document is now authenticated by the bank and can be termed as notes. The bank is unable to see the blinding factor; it only sees the random number generated.4. When the digitally signed document containing the random number+blinding factor comes the customer , he takes of the blinding factor and uses the rest as a note.It is authenticated by the bank so it is valid. Now the customer sends the document to the merchant.5. The merchant receives the random no. digitally signed by the bank which authenticates the validity of the customer. He then contacts the bank ,who has a database for storing the customers e-cash.It first inquires the random numbers in the e-cash , authenticates the digital signature (it was computed using the private key of the bank) and the merchant receives real cash against the document from the account of the customer in the bank.6. No one can cheat in this system. The customer cannot say he has not sent the random numbers because the blinding factor was included which was very specific to him(Non repudiation).the bank cannot cheat on the customers money because it is unaware of the blinding factor. The merchant cannot cheat because he cannot forget the banks digital signature.7. Theres a question of double spending here. The bank maintains a database of spent notes of the customer. When a customer is issued bank notes, it is issued to that persons unique license. When he gives it to someone else, it is transferred to the other persons license. Each time the currency changes hands , the owner adds a tiny bit of information to the bank note based on its serial number and his license. If someone tries to spend the money twice , the bank would be able to understand who the cheater is. Thus double checking is checked.

12. Short notes on a) CALL CENTRE b) Software Piracy c) SCE FrameworkAns:A)

Call centreAcall centreorcall centeris a centralised office used for receiving or transmitting a large volume of requests bytelephone. An inbound call centre is operated by a companyto administer incoming product support or information inquiries from consumers. Outbound call centers are operated fortelemarketing, solicitation of charitable or political donations, debt collection andmarket research. Acontact centreis a location for centralised handling of individual communications, includingletters,faxes,live support software,social media,instant message ande-mail.A call centre has an open workspace forcall centre agents with work stations that include a computer for each agent, atelephone set/headset connected to atelecom switch, and one or more supervisor stations. It can be independently operated or networked with additional centres, often linked to a corporatecomputer network, includingmainframes,microcomputersandLANs Increasingly, the voice and data pathways into the centre are linked through a set of new technologies calledcomputer telephony integration.The contact centre is a central point from which all customer contacts are managed. Through contact centres, valuable information about company are routed to appropriate people, contacts to be tracked and data to be gathered. It is generally a part of companyscustomer relationship management.A contact centre can be defined as a coordinated system of people, processes, technologies and strategies that provides access to information, resources, and expertise, through appropriate channels of communication, enabling interactions that create value for the customer and organization.Contact centres, along with call centres andcommunication centres all fall under a larger umbrella labelled as the contact centre management industry. This is becoming a rapidly growing recruitment sector in itself, as the capabilities of contact centres expand and thus require ever more complex systems and highly skilled operational and management staff.The majority of large companies use contact centres as a means of managing their customer interaction. These centres can be operated by either an in house department responsible or outsourcing customer interaction to a third party agency (known as Outsourcing Call Centres).B)Software PiracyThe unauthorized copying of software. Most retail programs are licensed for use at just one computer site or for use by only one user at any time. By buying the software, you become a licensed user rather than an owner (see EULA). You are allowed to make copies of the program for backuppurposes, but it is against the law to give copies to friends and colleagues.Software piracy is all but impossible to stop, although software companies are launching more and more lawsuits against major infractors. Originally, software companies tried to stop software piracy by copy-protectingtheir software. This strategy failed, however, because it was inconvenient for users and was not 100 percent foolproof. Most software now requires some sort of registration, which may discourage would-be pirates, but doesn't really stop software piracy.Some common types of software piracy include counterfeit software, OEM unbundling, softlifting, hard disk loading, corporate software piracy, and Internet software piracy.An entirely different approach to software piracy, called shareware, acknowledges the futility of trying to stop people from copying software and instead relies on people's honesty. Shareware publishers encourage users to give copies of programs to friends and colleagues but ask everyone who uses a program regularly to pay a registration fee to the program's author directly.C)SCE Framework: SCM covers all aspects of a business . From the stage of raw materials to the end user, each and every aspect of the cycle is covered by the management system-be it sourcing , product designing , production planning , order processing , inventory management , transportation and warehousing and customer service. However, the entire SCE concept is based on two models via which execution is done. They are :i)Push Modelii)Pull ModelPush Model : The push model is based on the fact that the product in flow initiates from the manufacturer and comes to the customer via the intermediaries like the distributor, and the retailer. The schematic diagram includes Manufacturer , Retail Distribution Center and Retailer.Pull Model: The pull model mainly generated from the customer and gradually reaches to the manufacturer via the distributor . Initially the company develops a sample of the product with the help of the research and development team and delivers it to the market . The customers test the product sample and they are asked to give specifications so that the product customization is possible. The product is thus pulled from the customers as per their choices. The schematic diagram of the model includes Retail Store ,Distribution Center and Manufacturer .

13. What do you mean by e Payments? What are the security requirements for safe E- payments?Ans: Goods and services b ought using the web have to be paid for and , given the transaction is online , cash will not do. To replicate retail trade exchanges online there needs to be way of transferring value electronically. The ways of e-payments are :1. E-cash2. Electronic Wallet.3. Smart Card4. Credit CardThe security requirements for safe e-payments are:1. Atomicity: Money is not lost or created during a transfer.2. Good atomicity: Money and goods are exchanged atomically.3. Non-repudiation:No party can deny its role in the transaction.4. Digital signatures.

14) Why Supply chain management is vital for E commerce - Explain in brief. Also explain the role of an e-supply chain planning tools in managing supply chain of an e business. Ans:- Supply chain management (SCM) is the oversight of materials, information, and finances as they move in a process from supplier to manufacturer to wholesaler to retailer to consumer. Supply chain management involves coordinating and integrating these flows both within and among companies. It is said that the ultimate goal of any effective supply chain management system is to reduce inventory (with the assumption that products are available when needed)Supply chain management flows can be divided into three main flows: The product flow The information flow The finances flowThe product flow includes the movement of goods from a supplier to a customer, as well as any customer returns or service needs. The information flow involves transmitting orders and updating the status of delivery. The financial flow consists of credit terms, payment schedules, and consignment and title ownership arrangements.There are two main types of SCM software: planning applications and execution applications. Planning applications use advanced algorithms to determine the best way to fill an order. Execution applications track the physical status of goods, the management of materials, and financial information involving all parties.Some SCM applications are based on open data models that support the sharing of data both inside and outside the enterprise (this is called the extended enterprise, and includes key suppliers, manufacturers, and end customers of a specific company). This shared data may reside in diverse database systems, ordata warehouses, at several different sites and companies.By sharing this data "upstream" (with a company's suppliers) and "downstream" (with a company's clients), SCM applications have the potential to improve the time-to-market of products, reduce costs, and allow all parties in the supply chain to better manage current resources and plan for future needs.Increasing numbers of companies are turning to Web sites and Web-based applications as part of the SCM solution. A number of major Web sites offere-procurementmarketplaces where manufacturers can trade and even make auction bids with suppliers.A Supply Chain Management (SCM) system is an application system for planning, optimizing and controlling of volumes, due dates and capacities along the wholeSupply Chain. The term Supply Chain Management can also be used as a synonym for Operations Management. SCM systems illustrate the processes within a company as well as processes between different

companies along the supply chain. Thereby processes of the company and processes of suppliers,

distributors, logistic service providers and customers could be monitored. Moreover, with planning scenarios bottlenecks within the supply chain could be identified early. An important pre-condition for a successful application of SCM tools are interfaces to the existingEnterprise Resource Planning (ERP)andProduction Planning and Control (PPC)systems. SCM tools source master and transaction data from external ERP systems, process them and return the results to the external systems.

eCommerceis the electronic trade with goods and services.eCommerce means an electronic integration of processes across companies using information- and communication technologies in order to eliminate media disruptions.In eCommerce business processes and information transfers are conducted electronically in order to improve the efficiency of processes and to accelerate them.For instance, Chain Execution-Suites/-Software is an efficient support for eCommerce solutions.

15. Define WAP and GPRS. Explain their importance in e commerce.

Ans. General packet radio service (GPRS) is a packet oriented mobile data service on the 2G and 3G cellular communication system's global system for mobile communications (GSM). GPRS was originally standardized by European Telecommunications Standards Institute (ETSI) in response to the earlier CDPD and i-mode packet-switched cellular technologies. It is now maintained by the 3rd Generation Partnership Project (3GPP).GPRS usage is typically charged based on volume of data transferred, contrasting with circuit switched data, which is usually billed per minute of connection time. Usage above the bundle cap is either charged per megabyte or disallowed.GPRS is a best-effort service, implying variable throughput and latency that depend on the number of other users sharing the service concurrently, as opposed to circuit switching, where a certain quality of service (QoS) is guaranteed during the connection. In 2G systems, GPRS provides data rates of 56114 kbit/second.2G cellular technology combined with GPRS is sometimes described as 2.5G, that is, a technology between the second (2G) and third (3G) generations of mobile telephony.It provides moderate-speed data transfer, by using unused time division multiple access (TDMA) channels in, for example, the GSM system. GPRS is integrated into GSM Release 97 and newer releases.

Benifits of GPRS :General Packet Radio Service allows service providers who use GSM to offer expanded services. Some of these services are "always on" Internet service, Multimedia Messaging Service (also known as MMS) and Internet applications (such as web browsers) via WAP.Data transfer rates using GPRS are greater than GSM transfer rates. While GSM allows for a maximum download rate of 14.4 Kilobits per second (or, Kbps), GPRS offers a maximum download rate of 56 Kbps.What Is WAP?Wireless Access Protocol, or WAP, is a group of specifications that allows users of cell phones and personal digital assistant devices to access the Internet. Wireless Access Protocol supports such standard Internet protocols as hypertext transfer protocol (HTTP), Internet Protocol (IP) and Transmission Control Protocol (TCP).Benifits of WAP :1)Benefits to Developers :WAP allows developers to create applications with more features and increases the value of application for the end user. WAP allows developers to develop applications that can be work across different types of devices, browsers, gateways and networks. The wireless Transport Layer Security specification of WAP allows developers to easily incorporate security features into their applications.2) Benefits To Device Manufactures :-WAP also provides supports to WAP device manufactures. WAP device manufactures have variety of WAP supporting micro browsers such as blazer and embider and WAP operating systems such as symbian and palmOS. By using WAP supporting micro browsers and operating system in to WAP device, manufactures can significantly enhance the value of devices and users of WAP devices can access various applications and services developed by a large community of web developers on WAP devices. At the same time, the manufactures are assured that the micro browser and WAP operating system will work across a wide range of WAP gateways and networks without making any physical and logical change in hard ware of WAP device.3) Benefits Of Service Providers :-WAP service provides also benefit by encouraging their customer base to use WAP devices and providing support of WAP gateways themselves. They allow their customers to a large number applications and content available on the internet. Since service providers control the WAP gateway, they can also control the home page of their own WAP site. Large wireless content providers are known to spend a huge amount to get a space on the home pages of the service providers. So that the WAP users can also access other wireless sites along with service providers site.4) Benefits to End-Users :-End users probably benefit the most among the different classes of WAP users. They can access any web content through HTML-to-WML formatting services. A large numbers of application developers are developing content and services specifically for end user using WML. End users with WAP supporting devices can access the application or services offered by their network operator.This is a significant value proposition for the end user since they don't have to earn to interact with interfaces. There are some minor differences in different micro browsers.End users are able to access the content and services regardless of the service provider or the network. Additionally, the security features of WAP allow end users to do comfortable transaction of sensitive information like credit card numbers and passwords over wireless network.

16. What are the different threats associated with E-commerce? What do you mean by denial of service attack?Ans: The different threats associated with E-commerce are discussed below:-

Malicious Code AttacksMalicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.Viruses and WormsThe most common threat under this category are the worms and viruses. In the media today, we keep hearing about these words on almost a daily basis, and there is confusion that the two are related, and synonymous. However, the two are very different. A virus needs a host of some sort in order to cause damage to the system. The exact definition is . . . a virus attaches itself to executable code and is executed when the software program begins to run or an infected file is opened. (Source: 8). So for example, a virus needs a file in which to attach itself to. Once that file is opened, the virus can then cause the damage. This damage can range from the deletion of some files to the total reformatting of the hard drive. The key to thing to remember about viruses is that they cannot by themselves spread-they require a host file.However, worms are very much different. A worm does not need a host to replicate. Rather, the worm replicates itself through the Internet, and can literally infect millions of computers on a global basis in just a matter of hours. A perfect example of this is once again the MS Blaster worm. Worms by themselves do not cause damage to a system like a virus does. However, worms can shut down parts of the Internet or E-Commerce servers, because they can use up valuable resources of the Internet, as well as the memory and processing power of servers and other computers. A question that is often asked about worms and viruses is which of the two are worse. This is a difficult question to answer, as the criteria for which is worse depends upon the business environment. However, one thing is certain: in terms of the rate of propagation and multiplicity, worms are much worse than viruses.Trojan HorsesA Trojan Horse is a piece of programming code that is layered behind another program, and can perform covert, malicious functions. For example, your E-Commerce server can display a cool-looking screen saver, but behind that could be a piece of hidden code, causing damage to your system. One way to get a Trojan Horse attack is by downloading software from the Internet. This is where you need to be very careful. There will be times (and it could be often) that patches and other software code fixes (such as Service packs) will need to be downloaded and applied onto your E-Commerce server. Make sure that whatever software is downloaded comes from an authentic and verified source, and that all defense mechanisms are activated on your server.Logic BombsA Logic Bomb is a version of a Trojan Horse, however, it is event or time specific. For example, a logic bomb will release malicious or rogue code in an E-Commerce server after some specific time has elapsed or a particular event in application or processing has occurred.Transmission ThreatsDenial of Service AttacksWith a Denial of Service Attack, the main intention is to deny your customers the services provided on your E-Commerce server. There is no actual intent to cause damage to files or to the system, but the goal is to literally shut the server down. This happens when a massive amount of invalid data is sent to the server. Because the server can handle and process so much information at any given time, it is unable to keep with the information and data overflow. As a result, the server becomes confused, and subsequently shuts down. Another type of Denial of Service Attack is called the Distributed Denial of Service Attack. In this scenario, many computers are used to launch an attack on a particular E-Commerce server. The computers that are used to launch the attack are called zombies. These zombies are controlled by a master host computer. It is the master host computer which instructs the zombie computers to launch the attack on the E-Commerce Server. As a result, the server shuts down because of the massive bombardment of bad information and data being sent from the zombie computers. A Distributed Denial of Service Attack is diagrammed as follows: Ping of DeathWhen we surf the Web, or send E-Mail, the communications between our computer and the server takes place via the data packet. It is the data packet that contains the information and the request for information that is sent from our computer to other computers over the Internet. The communication protocol which is used to govern the flow of data packets is called Transmission Control Protocol/Internet Protocol, or TCP/IP for short. The TCP/IP protocol allows for data packets to be as large as 65,535 bytes. However, the data packet size that is transmitted across the Internet is about 1,500 bytes. With a Ping of Death Attack, a massive data packet is sent-65,536 bytes. As a result, the memory buffers of the E-Commerce Server are totally overloaded, thus causing it to crash.SYN FloodingWhen we open up a Web Browser and type in a Web address, or click Send to transmit that E-Mail from our own computer (referred to as in this section as the client computer), a set of messages is exchanged between the server and the client computer. These set of exchanges is what establishes the Internet connection from the client computer to the server, and vice versa. This is also known as a handshake. To initiate this Internet connection, a SYN (or synchronization) message is sent from the client computer to the server, and the server replies back to the client computer with a SYN ACK (or synchronization acknowledgement) message. To complete the Internet connection, the client computer sends back an ACK (or acknowledgement) message to the server. At this point, since the E-Commerce server is awaiting to receive the ACK message from the client computer, this is considered to be a half-open connection. It is at this point in which the E-Commerce server becomes vulnerable to attacks. Phony messages (which appear to be legitimate) could be sent to the E-Commerce server, thus overloading its memory and processing power, and causing it to crash.Threats to Your E-Commerce CustomersPhishing AttacksOne of the biggest threats to your E-Commerce customers is that of Phishing. Specifically, Phishing can be defined as the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. (Source: 9). So, for example, fraudulent e-mail could be sent to your customers claiming that their online account is about to expire, or their username and password has been compromised in some fashion, or that there is a security upgrade that will take place affecting their online account. After they are tricked into believing the content of the Phishinig e-mail, the customer then clicks on the link, and submits all of their confidential information. All Phishing e-mail contains a link, or a web address, in which the customer clicks on thinking that they are going to secure and legitimate site (people who launch Phishing schemes [also known as Phishers] can copy the HTML code from your E-Commerce site, making it look authentic in the eyes of the customer). The truth is, all of the confidential information submitted is collected by the Phisher, who is bent upon creating havoc and damage to your E-Commerce business. Other Threats To E-Commerce ServersThere are other threats posed to E-Commerce servers, a few are listed here. These threats will be further discussed in subsequent articles. Data Packet SniffingThis refers to the use of Data Packet Sniffers, also known simply as sniffers. While it is an invaluable tool to the Network Administrator for troubleshooting and diagnosis, an attacker can also use a sniffer to intercept the data packet flow and analyze the individual data packets. Usernames, passwords, and other confidential customer data can then be hijacked from the E-Commerce server. This is a very serious problem, especially in wireless networks, as the data packets literally leave the confines of the network cabling and travel in the air. Ultimately, Data Packet Sniffing can lead to hijacking sessions. This is when the attacker eventually takes control over the network connection, kicks off legitimate users (such as your customers) from the E-Commerce server, and ultimately gains control of it. IP SpoofingThe intent here is to change the source address of a data packet to give it the appearance that it originated from another computer. With IP Spoofing, it is difficult to identify the real attacker, since all E-Commerce server logs will show connections from a legitimate source. IP Spoofing is typically used to start the launch of a Denial of Service Attack. Port ScanningThis is listening to the network ports of the E-Commerce server. When conducting such a scan, an attacker can figure out what kind of services are running on the E-Commerce server, and from that point figure out the vulnerabilities of the system in order to cause the greatest damage possible.Trapdoors/BackdoorsIn developing the code for an E-Commerce site, developers often leave trapdoors or backdoors to monitor the code as it is developed. Instead of a implementing a secure protocol in which to access the code, backdoors provide a quick way into the code. While it is convenient, trapdoors can lead to major security threats if they are not completely removed prior to the launch of the E-Commerce site. Remember, an attacker is always looking first for vulnerabilities in the E-Commerce server. Trapdoors provide a very easy vulnerability for the attacker to get into, and cause system wide damage to the E-Commerce server.

B) Denial of Service AttacksWith a Denial of Service Attack, the main intention is to deny your customers the services provided on your E-Commerce server. There is no actual intent to cause damage to files or to the system, but the goal is to literally shut the server down. This happens when a massive amount of invalid data is sent to the server. Because the server can handle and process so much information at any given time, it is unable to keep with the information and data overflow. As a result, the server becomes confused, and subsequently shuts down. Another type of Denial of Service Attack is called the Distributed Denial of Service Attack. In this scenario, many computers are used to launch an attack on a particular E-Commerce server. The computers that are used to launch the attack are called zombies. These zombies are controlled by a master host computer. It is the master host computer which instructs the zombie computers to launch the attack on the E-Commerce Server. As a result, the server shuts down because of the massive bombardment of bad information and data being sent from the zombie computers.