E-Commerce Assignment

Group from
CSE(A)
1.
2.
3.

Pallab Kumar (11500111053)

Rahul dey (1150011067)
Purnendu Mondal (11500111066)

1)
2)
3)
4)

Symmetric Encryption involves secret key.

Investment Management is a sub-system of Sales & Distribution
In RSA algorithm Prime numbers are involved.
Firewall may be implemented in a Routers which connect intranet to

internet
5) E Cash is stored in the customers computers in form of E money
6) How many types of Business Transaction models are there?
Explain each one.
Ans:- There are mainly six types of business transactions. They are as
follows
Retail to Customer, in Person
An in-person retail-to-customer transaction is one of the simplest forms of
business transactions. It involves a customer going into a store, selecting items
to purchase and buying the items using cash, check or a credit card. The retailer
charges the customer a price based on the retail price of the items plus sales tax
if applicable.
Retail to Customer, Not in Person
Retailers can also sell products to customers without ever interacting in person.
Customers can order products from a catalog by calling the business, placing an
order over the phone and paying for the retail price, applicable sales tax and
applicable shipping charges. The product is then shipped to the customer in the
mail. Customers can also make purchases from retailers online through the
retailer's website or from another retail website. Online transactions typically are
paid for using a credit card or online merchant service like PayPal or Google
Checkout. Again, sales tax and shipping charges often apply in addition to the
retail purchase price.
Wholesaler to Retailer
Another type of business transaction is when a retailer buys products from a
manufacturer or wholesaler. Many retailers do not manufacture the products they
sell. Instead, they buy products directly from manufacturers or wholesalers, then
mark the prices up from what they paid to sell to customers to make a profit.
Products are often ordered in bulk, and the transaction is typically paid for by an
invoice sent from the wholesaler to the retailer after the order is filled. Retailers
then have a certain amount of time, such as 30 days, to make payment to the
wholesaler. In some cases, wholesalers require payment via credit card when the
order is placed before they fill the order. Shipping charges might apply, though
discounts for buying in bulk are one way retailers can save money on these
transactions.
Business to Business

Many companies sell products or services to other businesses and exclude end
consumers from the business model completely. For example, a company might
sell cloud storage to other companies, which are virtual servers that power
websites and other technology. The companies that purchase this cloud storage
use it to store data from their website or other company data securely. The seller
in this transaction (e.g., the cloud storage provider) markets its services to other
businesses and often sells its services exclusively to the buyer for a set period of
time. Transaction details are usually laid out in contracts or business
agreements. Payment details vary from monthly invoices to other payment
arrangements like quarterly or annual payments.
Wholesale to Consumer
Some wholesalers also sell products directly to consumers. Most of these
transactions are done online from various wholesaler websites, or over the
phone, since wholesalers rarely have warehouses open to the public for browsing
and making purchases. These transactions are attractive to consumers because
consumers are able to get lower prices on products that have not been marked
up by retailers.
Consumer to Consumer
Consumers also are able to make transactions with one another. For example, if
someone lists a car or other product or service in the classifieds section of a
newspaper, another consumer can buy that car directly from the seller. These
transactions typically do not involve wholesalers, retailers or other business.
Online auction sites and classified sites have made this model even more
popular since people have more resources to buy and sell things between other
consumers. In-person transactions are often in cash, while online sites typically
use online merchant services.

7. What is EDI & EDIFACT .discuss in brief?

Ans: EDI and EDIFACT are discussed below :
EDI
Electronic data interchange (EDI) is an electronic communication method that
provides standards for exchanging data via any electronic means. By adhering to
the same standard, two different companies, even in two different countries, can
electronically exchange documents (such as purchase orders, invoices, shipping
notices, and many others). EDI has existed for more than 30 years, and there are
many EDI standards (including X12, EDIFACT, ODETTE, etc.), some of which
address the needs of specific industries or regions. It also refers specifically to a
family of standards. In 1996, the National Institute of Standards and Technology
defined electronic data interchange as "the computer-to-computer interchange of
strictly formatted messages that represent documents other than monetary
instruments. EDI implies a sequence of messages between two parties, either of

whom may serve as originator or recipient. The formatted data representing the
documents
may
be
transmitted
from
originator
to
recipient
via
telecommunications or physically transported on electronic storage media." It
distinguishes mere electronic communication or data exchange, specifying that
"in EDI, the usual processing of received messages is by computer only. Human
intervention in the processing of a received message is typically intended only
for error conditions, for quality review, and for special situations. For example,
the transmission of binary or textual data is not EDI as defined here unless the
data are treated as one or more data elements of an EDI message and are not
normally intended for human interpretation as part of online data processing.

EDIFACT
United Nations/Electronic Data Interchange For Administration, Commerce and
Transport (UN/EDIFACT) is the international EDI standard developed under the
United Nations.In 1987, following the convergence of the UN and US/ANSI syntax
proposals, the UN/EDIFACT Syntax Rules were approved as the ISO standard ISO
9735 by the International Organization for Standardization.The EDIFACT standard
provides a set of syntax rules to structure data,an interactive exchange protocol
(I-EDI).standard messages which allow multi-country and multi-industry
exchange.The work of maintenance and further development of this standard is
done through the United Nations Centre for Trade Facilitation and Electronic
Business (UN/CEFACT) under the UN Economic Commission for Europe, in the
Finance Domain working group UN CEFACT TBG5.
8 What is BPR / Business Process Re-engineering? Explain in brief.

Ans:- Business process reengineering (BPR) is the analysis and

redesign of workflow within and between enterprises.
Business process reengineering (BPR) is the analysis and redesign of workflows within and
between enterprises in order to optimize end-to-end processes and automate non-value-added
tasks. The concept of BPR was first introduced in the late Michael Hammer's 1990 Harvard
Business Review article and received increased attention a few years later, when Hammer and
James Champy published their best-selling book, Reengineering the Corporation. The authors
promoted the idea that sometimes-radical redesign and reorganization of an enterprise is
necessary to lower costs and increase quality of service and that information technology is the
key enabler for that radical change.

Hammer and Champy suggested seven reengineering principles to streamline the work
process and thereby achieve significant levels of improvement in quality, time management,
speed and profitability:
1.Organize

around

outcomes,

not

tasks.

2. Identify all the processes in an organization and prioritize them in order of redesign
urgency.
3. Integrate information processing work into the real work that produces the information.
4.

Treat

geographically

dispersed

resources

as

though

they

were

centralized.

5. Link parallel activities in the workflow instead of just integrating their results.
6. Put the decision point where the work is performed, and build control into the process.
7. Capture information once and at the source.
By the mid-1990s, BPR became popular as a justification for downsizing.
According to Hammer, lack of sustained management, commitment and
leadership; unrealistic scope and expectations; and resistance to change
prompted managers to abandon the concept of BPR and embrace the next
new methodology, enterprise resource planning.

9 State the difference between CRM and SRM.

Ans:CRM

SRM

Customer Contact Information

Supplier information: contact ,contract

Status: Current deals or agreements on

place

Status: deliveries ,shipments

Outstanding items:
,contrast questions

Outstanding
,disputes
,invoices

Emails

contact

items:

Billing

questions

Lead scores: As it relates to company

and lead qualities

Supplier scorecard

Company news of
industry information

Industry Information: third party data

related to corporate relationship

press

,relevant

Additional company information : Social

link to company and contacts , blogs
,related web properties

Company
,websites

info:

social

links

blogs

10 Describe VPN (Virtual Private N/w ) and Firewall and their usage
in E-Commerce.
Ans:-

VPN :

A VPN is a network that uses a public telecommunication

infrastructure, such as the Internet, to provide remote offices or
individual users with secure access to their organization's
network. A VPN ensures privacy through security procedures
and tunneling protocols such as the Layer Two Tunneling
Protocol ( L2TP ). Data is encrypted at the sending end and
decrypted at the receiving end.
A virtual private network (VPN) is a network that uses a public telecommunication
infrastructure, such as the Internet, to provide remote offices or individual users with secure

access to their organization's network. A virtual private network can be contrasted with an
expensive system of owned or leased lines that can only be used by one organization. The
goal of a VPN is to provide the organization with the same capabilities, but at a much lower
cost.
A VPN works by using the shared public infrastructure while maintaining
privacy through security procedures and tunneling protocols such as the Layer
Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the
sending end and decrypting it at the receiving end, send the data through a
"tunnel" that cannot be "entered" by data that is not properly encrypted. An
additional level of security involves encrypting not only the data, but also the
originating and receiving network addresses.

FIREWALL :
A firewall is a system designed to prevent unauthorized access to or
from a
private network.
Firewalls
bothhardware and software, or a
combination of both.
unauthorized Internet users
from accessing
especiallyintranets. All

Firewalls

private

can
are

networks

be
frequently
connected

implemented
used
to

to

the

in

prevent
Internet,

messages entering or leaving the intranet pass through the firewall, which
examines each
message and blocks those that do not meet the specified security criteria.

Firewalls can be either hardware or software but the ideal firewall configuration will consist
of both. In addition to limiting access to your computer and network, a firewall is also useful
for allowing remote access to a private network through secure authentication certificates and
logins.

Hardware firewalls can be purchased as a stand-alone product but are also typically found in
broadband routers, and should be considered an important part of your system and network
set-up. Most hardware firewalls will have a minimum of four network ports to connect other
computers, but for larger networks, business networking firewall solutions are available.
Software firewalls are installed on your computer (like any software) and you can customize
it; allowing you some control over its function and protection features. A software firewall
will protect your computer from outside attempts to control or gain access your computer.

Firewalls are used to protect both home and corporate networks. A typical firewall
program or hardware device filters all information coming through the Internet to your
network or computer system. There are several types of firewall techniques that will prevent
potentially harmful information from getting through:
Packet Filter
Looks at each packet entering or leaving the network and accepts or rejects it based on userdefined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to
configure. In addition, it is susceptible to IP spoofing.
Application Gateway
Applies security mechanisms to specific applications, such as FTP and Telnetservers. This is
very effective, but can impose a performance degradation.
Circuit-level Gateway
Applies security mechanisms when a TCP or UDP connection is established. Once the
connection has been made, packets can flow between the hosts without further checking.
Proxy Server
Intercepts all messages entering and leaving the network. The proxy servereffectively hides
the true network addresses.
In practice, many firewalls use two or more of these techniques in concert. A firewall is
considered a first line of defense in protecting private information. For greater
security, data can be encrypted.

11. What is E cash? Explain the steps involved in the operation of ECash by an individual.
Ans: The following steps are needed to be performed:
1. The customer opens an account with the bank(the currency server),and
maintains enough cash(real cash)there to proceed further.
2. The customer has software known as e-cash software at his place which he
uses to generate e-cash. Before that he needs to determine what are the
denominations of the e-cash he needs. Then he uses hiss/w to generate a
random number and a blinding factor. The blinding factor is very secret to
the customer and only he knows it.
3. The customer sends the random no and blinding factor to the bank which
in turn signs the document digitally , and gives it back to the customer.
This digitally signed document is now authenticated by the bank and can
be termed as notes. The bank is unable to see the blinding factor; it only
sees the random number generated.
4. When the digitally signed document containing the random
number+blinding factor comes the customer , he takes of the blinding
factor and uses the rest as a note.It is authenticated by the bank so it is
valid. Now the customer sends the document to the merchant.
5. The merchant receives the random no. digitally signed by the bank which
authenticates the validity of the customer. He then contacts the bank ,who
has a database for storing the customers e-cash.It first inquires the
random numbers in the e-cash , authenticates the digital signature (it was
computed using the private key of the bank) and the merchant receives
real cash against the document from the account of the customer in the
bank.
6. No one can cheat in this system. The customer cannot say he has not sent
the random numbers because the blinding factor was included which was
very specific to him(Non repudiation).the bank cannot cheat on the
customers money because it is unaware of the blinding factor. The
merchant cannot cheat because he cannot forget the banks digital
signature.
7. Theres a question of double spending here. The bank maintains a
database of spent notes of the customer. When a customer is issued bank
notes, it is issued to that persons unique license. When he gives it to
someone else, it is transferred to the other persons license. Each time the
currency changes hands , the owner adds a tiny bit of information to the
bank note based on its serial number and his license. If someone tries to
spend the money twice , the bank would be able to understand who the
cheater is. Thus double checking is checked.

12. Short notes on a) CALL CENTRE

Framework
Ans:
A)

Call centre

b) Software Piracy c) SCE

A call centre or call center is a centralised office used for receiving or

transmitting a large volume of requests by telephone. An inbound call
centre is operated by a company to administer incoming product
support or information inquiries from consumers. Outbound call centers
are operated for telemarketing, solicitation of charitable or political
donations, debt collection and market research. A contact centre is a
location for centralised handling of individual communications,
including letters, faxes,live support software, social media, instant
message and e-mail.A call centre has an open workspace for call centre
agents with work stations that include a computer for each agent,
a telephone set/headset connected to a telecom switch, and one or
more supervisor stations. It can be independently operated or networked
with additional centres, often linked to a corporate computer network,
including mainframes, microcomputers and LANs Increasingly, the voice
and data pathways into the centre are linked through a set of new
technologies called computer telephony integration.The contact centre
is a central point from which all customer contacts are managed.
Through contact centres, valuable information about company are
routed to appropriate people, contacts to be tracked and data to be
gathered. It is generally a part of companys customer relationship
management.A contact centre can be defined as a coordinated system
of people, processes, technologies and strategies that provides access
to information, resources, and expertise, through appropriate channels
of communication, enabling interactions that create value for the
customer and organization.Contact centres, along with call centres
andcommunication centres all fall under a larger umbrella labelled as
the contact centre management industry. This is becoming a rapidly
growing recruitment sector in itself, as the capabilities of contact centres
expand and thus require ever more complex systems and highly skilled
operational and management staff.The majority of large companies use
contact centres as a means of managing their customer interaction.
These centres can be operated by either an in house department
responsible or outsourcing customer interaction to a third party agency
(known as Outsourcing Call Centres).
B)

Software Piracy
The unauthorized copying of software. Most retail programs are licensed
for use at just one computer site or for use by only one user at any time.
By buying the software, you become a licensed user rather than an owner

(see EULA). You are allowed to make copies of the program for
backuppurposes, but it is against the law to give copies to friends and
colleagues.
Software piracy is all but impossible to stop, although software companies
are launching more and more lawsuits against major infractors. Originally,
software companies tried to stop software piracy by copy-protectingtheir
software. This strategy failed, however, because it was inconvenient for
users and was not 100 percent foolproof. Most software now requires
some sort of registration, which may discourage would-be pirates, but
doesn't really stop software piracy.
Some common types of software piracy include counterfeit software, OEM
unbundling, softlifting, hard disk loading, corporate software piracy, and
Internet software piracy.An entirely different approach to software piracy,
called shareware, acknowledges the futility of trying to stop people from
copying software and instead relies on people's honesty. Shareware
publishers encourage users to give copies of programs to friends and
colleagues but ask everyone who uses a program regularly to pay a
registration fee to the program's author directly.
C)
SCE Framework:
SCM covers all aspects of a business . From the stage of raw materials to the end
user, each and every aspect of the cycle is covered by the management systembe it sourcing , product designing , production planning , order processing ,
inventory management , transportation and warehousing and customer service.
However, the entire SCE concept is based on two models via which execution is
done. They are :
i)Push Model
ii)Pull Model
Push Model : The push model is based on the fact
initiates from the manufacturer and comes to
intermediaries like the distributor, and the retailer.
includes Manufacturer , Retail Distribution Center and

that the product in flow

the customer via the
The schematic diagram
Retailer.

Pull Model: The pull model mainly generated from the customer and gradually
reaches to the manufacturer via the distributor . Initially the company develops a
sample of the product with the help of the research and development team and
delivers it to the market . The customers test the product sample and they are
asked to give specifications so that the product customization is possible. The
product is thus pulled from the customers as per their choices. The schematic
diagram of the model includes Retail Store ,Distribution Center and Manufacturer
.

13. What do you mean by e Payments? What are the security

requirements for safe E- payments?
Ans: Goods and services b ought using the web have to be paid for and , given
the transaction is online , cash will not do. To replicate retail trade exchanges
online there needs to be way of transferring value electronically. The ways of epayments are :
1.
2.
3.
4.

E-cash
Electronic Wallet.
Smart Card
Credit Card
The security requirements for safe e-payments are:
1.
2.
3.
4.

Atomicity: Money is not lost or created during a transfer.

Good atomicity: Money and goods are exchanged atomically.
Non-repudiation:No party can deny its role in the transaction.
Digital signatures.

14) Why Supply chain management is vital for E commerce - Explain in

brief. Also explain the role of an e-supply chain planning tools in
managing supply chain of an e business.

Ans:- Supply chain management (SCM) is the oversight of materials,

information, and finances as they move in a process from supplier to
manufacturer to wholesaler to retailer to consumer. Supply chain
management involves coordinating and integrating these flows both
within and among companies. It is said that the ultimate goal of any
effective supply chain management system is to reduce inventory
(with the assumption that products are available when needed)
Supply chain management flows can be divided into three main flows:

The product flow

The information flow

The finances flow

The product flow includes the movement of goods from a supplier to a customer, as well as
any customer returns or service needs. The information flow involves transmitting orders and
updating the status of delivery. The financial flow consists of credit terms, payment
schedules, and consignment and title ownership arrangements.
There are two main types of SCM software: planning applications and execution applications.
Planning applications use advanced algorithms to determine the best way to fill an order.
Execution applications track the physical status of goods, the management of materials, and
financial information involving all parties.
Some SCM applications are based on open data models that support the sharing of data both
inside and outside the enterprise (this is called the extended enterprise, and includes key
suppliers, manufacturers, and end customers of a specific company). This shared data may
reside in diverse database systems, or data warehouses, at several different sites and
companies.
By sharing this data "upstream" (with a company's suppliers) and "downstream" (with a
company's clients), SCM applications have the potential to improve the time-to-market of
products, reduce costs, and allow all parties in the supply chain to better manage current
resources and plan for future needs.
Increasing numbers of companies are turning to Web sites and Web-based applications as part
of the SCM solution. A number of major Web sites offer e-procurementmarketplaces where
manufacturers can trade and even make auction bids with suppliers.
A Supply Chain Management (SCM) system is an application system for planning,
optimizing and controlling of volumes, due dates and capacities along the whole Supply
Chain.
The term Supply Chain Management can also be used as a synonym for Operations
Management.
SCM systems illustrate the processes within a company as well as processes between
different

companies along the supply chain. Thereby processes of the company and processes of
suppliers,

distributors, logistic service providers and customers could be monitored. Moreover, with
planning scenarios bottlenecks within the supply chain could be identified early.
An important pre-condition for a successful application of SCM tools are interfaces to the
existing Enterprise Resource Planning (ERP) and Production Planning and Control
(PPC) systems. SCM tools source master and transaction data from external ERP systems,
process them and return the results to the external systems.

eCommerce is the electronic trade with goods and services.eCommerce means an

electronic integration of processes across companies using information- and communication
technologies in order to eliminate media disruptions. In eCommerce business processes and
information transfers are conducted electronically in order to improve the efficiency of
processes and to accelerate them. For instance, Chain Execution-Suites/-Software is an
efficient support for eCommerce solutions.

15.
Define WAP and GPRS. Explain their importance in e
commerce.
Ans. General packet radio service (GPRS) is a packet oriented mobile data
service on the 2G and 3G cellular communication system's global system for
mobile communications (GSM). GPRS was originally standardized by European
Telecommunications Standards Institute (ETSI) in response to the earlier
CDPD and i-mode packet-switched cellular technologies. It is now maintained
by the 3rd Generation Partnership Project (3GPP).GPRS usage is typically
charged based on volume of data transferred, contrasting with circuit
switched data, which is usually billed per minute of connection time. Usage
above the bundle cap is either charged per megabyte or disallowed.GPRS is a
best-effort service, implying variable throughput and latency that depend on
the number of other users sharing the service concurrently, as opposed to
circuit switching, where a certain quality of service (QoS) is guaranteed
during the connection. In 2G systems, GPRS provides data rates of 56114
kbit/second.2G cellular technology combined with GPRS is sometimes
described as 2.5G, that is, a technology between the second (2G) and third
(3G) generations of mobile telephony.It provides moderate-speed data
transfer, by using unused time division multiple access (TDMA) channels in,
for example, the GSM system. GPRS is integrated into GSM Release 97 and
newer releases.

Benifits of GPRS :
General Packet Radio Service allows service providers who use GSM to offer
expanded services. Some of these services are "always on" Internet service,
Multimedia Messaging Service (also known as MMS) and Internet applications
(such as web browsers) via WAP.Data transfer rates using GPRS are greater than
GSM transfer rates. While GSM allows for a maximum download rate of 14.4
Kilobits per second (or, Kbps), GPRS offers a maximum download rate of 56 Kbps.
What Is WAP?
Wireless Access Protocol, or WAP, is a group of specifications that allows users of
cell phones and personal digital assistant devices to access the Internet. Wireless
Access Protocol supports such standard Internet protocols as hypertext transfer
protocol (HTTP), Internet Protocol (IP) and Transmission Control Protocol (TCP).
Benifits of WAP :
1)Benefits to Developers :
WAP allows developers to create applications with more features and increases
the value of application for the end user. WAP allows developers to develop
applications that can be work across different types of devices, browsers,
gateways and networks. The wireless Transport Layer Security specification of
WAP allows developers to easily incorporate security features into their
applications.
2) Benefits To Device Manufactures :WAP also provides supports to WAP device manufactures. WAP device
manufactures have variety of WAP supporting micro browsers such as blazer and
embider and WAP operating systems such as symbian and palmOS. By using
WAP supporting micro browsers and operating system in to WAP device,
manufactures can significantly enhance the value of devices and users of WAP
devices can access various applications and services developed by a large
community of web developers on WAP devices. At the same time, the
manufactures are assured that the micro browser and WAP operating system will
work across a wide range of WAP gateways and networks without making any
physical and logical change in hard ware of WAP device.
3) Benefits Of Service Providers :WAP service provides also benefit by encouraging their customer base to use
WAP devices and providing support of WAP gateways themselves. They allow
their customers to a large number applications and content available on the
internet. Since service providers control the WAP gateway, they can also control
the home page of their own WAP site. Large wireless content providers are
known to spend a huge amount to get a space on the home pages of the service

providers. So that the WAP users can also access other wireless sites along with
service providers site.
4) Benefits to End-Users :End users probably benefit the most among the different classes of WAP users.
They can access any web content through HTML-to-WML formatting services. A
large numbers of application developers are developing content and services
specifically for end user using WML. End users with WAP supporting devices can
access the application or services offered by their network operator.
This is a significant value proposition for the end user since they don't have to
earn to interact with interfaces. There are some minor differences in different
micro browsers.
End users are able to access the content and services regardless of the service
provider or the network. Additionally, the security features of WAP allow end
users to do comfortable transaction of sensitive information like credit card
numbers and passwords over wireless network.

16.
What are the different threats associated with E-commerce?
What do you mean by denial of service attack?
Ans: The different threats associated with E-commerce are discussed below:Malicious Code Attacks
Malicious code is the term used to describe any code in any part of a software
system or script that is intended to cause undesired effects, security breaches or
damage to a system. Malicious code describes a broad category of system
security terms that includes attack scripts, viruses, worms, Trojan horses,
backdoors, and malicious active content.
Viruses and Worms
The most common threat under this category are the worms and viruses. In the
media today, we keep hearing about these words on almost a daily basis, and
there is confusion that the two are related, and synonymous. However, the two
are very different. A virus needs a host of some sort in order to cause damage to
the system. The exact definition is . . . a virus attaches itself to executable
code and is executed when the software program begins to run or an infected file
is opened. (Source: 8). So for example, a virus needs a file in which to attach
itself to. Once that file is opened, the virus can then cause the damage. This
damage can range from the deletion of some files to the total reformatting of the
hard drive. The key to thing to remember about viruses is that they cannot by
themselves spread-they require a host file.

However, worms are very much different. A worm does not need a host to
replicate. Rather, the worm replicates itself through the Internet, and can
literally infect millions of computers on a global basis in just a matter of hours. A
perfect example of this is once again the MS Blaster worm.
Worms by
themselves do not cause damage to a system like a virus does. However, worms
can shut down parts of the Internet or E-Commerce servers, because they can
use up valuable resources of the Internet, as well as the memory and processing
power of servers and other computers. A question that is often asked about
worms and viruses is which of the two are worse. This is a difficult question to
answer, as the criteria for which is worse depends upon the business
environment. However, one thing is certain: in terms of the rate of propagation
and multiplicity, worms are much worse than viruses.
Trojan Horses
A Trojan Horse is a piece of programming code that is layered behind another
program, and can perform covert, malicious functions. For example, your ECommerce server can display a cool-looking screen saver, but behind that
could be a piece of hidden code, causing damage to your system. One way to
get a Trojan Horse attack is by downloading software from the Internet. This is
where you need to be very careful. There will be times (and it could be often)
that patches and other software code fixes (such as Service packs) will need to
be downloaded and applied onto your E-Commerce server. Make sure that
whatever software is downloaded comes from an authentic and verified source,
and that all defense mechanisms are activated on your server.
Logic Bombs
A Logic Bomb is a version of a Trojan Horse, however, it is event or time specific.
For example, a logic bomb will release malicious or rogue code in an ECommerce server after some specific time has elapsed or a particular event in
application or processing has occurred.
Transmission Threats
Denial of Service Attacks
With a Denial of Service Attack, the main intention is to deny your customers the
services provided on your E-Commerce server. There is no actual intent to cause
damage to files or to the system, but the goal is to literally shut the server down.
This happens when a massive amount of invalid data is sent to the server.
Because the server can handle and process so much information at any given
time, it is unable to keep with the information and data overflow. As a result, the
server becomes confused, and subsequently shuts down. Another type of
Denial of Service Attack is called the Distributed Denial of Service Attack. In this
scenario, many computers are used to launch an attack on a particular ECommerce server. The computers that are used to launch the attack are called
zombies. These zombies are controlled by a master host computer. It is the
master host computer which instructs the zombie computers to launch the

attack on the E-Commerce Server. As a result, the server shuts down because of
the massive bombardment of bad information and data being sent from the
zombie computers. A Distributed Denial of Service Attack is diagrammed as
follows:
Ping of Death
When we surf the Web, or send E-Mail, the communications between our
computer and the server takes place via the data packet. It is the data packet
that contains the information and the request for information that is sent from
our computer to other computers over the Internet. The communication protocol
which is used to govern the flow of data packets is called Transmission Control
Protocol/Internet Protocol, or TCP/IP for short. The TCP/IP protocol allows for data
packets to be as large as 65,535 bytes. However, the data packet size that is
transmitted across the Internet is about 1,500 bytes. With a Ping of Death
Attack, a massive data packet is sent-65,536 bytes. As a result, the memory
buffers of the E-Commerce Server are totally overloaded, thus causing it to
crash.
SYN Flooding
When we open up a Web Browser and type in a Web address, or click Send to
transmit that E-Mail from our own computer (referred to as in this section as the
client computer), a set of messages is exchanged between the server and the
client computer. These set of exchanges is what establishes the Internet
connection from the client computer to the server, and vice versa. This is also
known as a handshake. To initiate this Internet connection, a SYN (or
synchronization) message is sent from the client computer to the server, and the
server replies back to the client computer with a SYN ACK (or synchronization
acknowledgement) message. To complete the Internet connection, the client
computer sends back an ACK (or acknowledgement) message to the server. At
this point, since the E-Commerce server is awaiting to receive the ACK message
from the client computer, this is considered to be a half-open connection. It is at
this point in which the E-Commerce server becomes vulnerable to attacks.
Phony messages (which appear to be legitimate) could be sent to the ECommerce server, thus overloading its memory and processing power, and
causing it to crash.
Threats to Your E-Commerce Customers
Phishing Attacks
One of the biggest threats to your E-Commerce customers is that of Phishing.
Specifically, Phishing can be defined as the act of sending an e-mail to a user
falsely claiming to be an established legitimate enterprise in an attempt to scam
the user into surrendering private information that will be used for identity theft.
(Source: 9). So, for example, fraudulent e-mail could be sent to your customers
claiming that their online account is about to expire, or their username and
password has been compromised in some fashion, or that there is a security

upgrade that will take place affecting their online account. After they are tricked
into believing the content of the Phishinig e-mail, the customer then clicks on the
link, and submits all of their confidential information. All Phishing e-mail contains
a link, or a web address, in which the customer clicks on thinking that they are
going to secure and legitimate site (people who launch Phishing schemes [also
known as Phishers] can copy the HTML code from your E-Commerce site,
making it look authentic in the eyes of the customer). The truth is, all of the
confidential information submitted is collected by the Phisher, who is bent
upon creating havoc and damage to your E-Commerce business.
Other Threats To E-Commerce Servers
There are other threats posed to E-Commerce servers, a few are listed here.
These threats will be further discussed in subsequent articles.
Data Packet Sniffing
This refers to the use of Data Packet Sniffers, also known simply as sniffers.
While it is an invaluable tool to the Network Administrator for troubleshooting
and diagnosis, an attacker can also use a sniffer to intercept the data packet
flow and analyze the individual data packets. Usernames, passwords, and other
confidential customer data can then be hijacked from the E-Commerce server.
This is a very serious problem, especially in wireless networks, as the data
packets literally leave the confines of the network cabling and travel in the air.
Ultimately, Data Packet Sniffing can lead to hijacking sessions. This is when the
attacker eventually takes control over the network connection, kicks off
legitimate users (such as your customers) from the E-Commerce server, and
ultimately gains control of it.
IP Spoofing
The intent here is to change the source address of a data packet to give it the
appearance that it originated from another computer. With IP Spoofing, it is
difficult to identify the real attacker, since all E-Commerce server logs will show
connections from a legitimate source. IP Spoofing is typically used to start the
launch of a Denial of Service Attack.
Port Scanning
This is listening to the network ports of the E-Commerce server.
When
conducting such a scan, an attacker can figure out what kind of services are
running on the E-Commerce server, and from that point figure out the
vulnerabilities of the system in order to cause the greatest damage possible.
Trapdoors/Backdoors
In developing the code for an E-Commerce site, developers often leave
trapdoors or backdoors to monitor the code as it is developed. Instead of a
implementing a secure protocol in which to access the code, backdoors provide a
quick way into the code. While it is convenient, trapdoors can lead to major

security threats if they are not completely removed prior to the launch of the ECommerce site. Remember, an attacker is always looking first for vulnerabilities
in the E-Commerce server. Trapdoors provide a very easy vulnerability for the
attacker to get into, and cause system wide damage to the E-Commerce server.

B)
Denial of Service Attacks
With a Denial of Service Attack, the main intention is to deny your customers the
services provided on your E-Commerce server. There is no actual intent to cause
damage to files or to the system, but the goal is to literally shut the server down.
This happens when a massive amount of invalid data is sent to the server.
Because the server can handle and process so much information at any given
time, it is unable to keep with the information and data overflow. As a result, the
server becomes confused, and subsequently shuts down. Another type of
Denial of Service Attack is called the Distributed Denial of Service Attack. In this
scenario, many computers are used to launch an attack on a particular ECommerce server. The computers that are used to launch the attack are called
zombies. These zombies are controlled by a master host computer. It is the
master host computer which instructs the zombie computers to launch the
attack on the E-Commerce Server. As a result, the server shuts down because of
the massive bombardment of bad information and data being sent from the
zombie computers.