Few IT Terms platform (operating system, programming language Network - the communication media, devices and execution environment, database service, web server) software that connect 2 or more computer systems or and hardware to host the application devices. Network is classified according to the physical distance between nodes on the network and the communication service it provides: o Personal Area Network (PAN) - wireless network that connects IT devices close to you o Local Area Network (LAN) - w/in a small area o Metropolitan Area Network (MAN) - geographical area that spans a campus or city o Wide Area Network (WAN) - large geographical regions
Internet - global system of interconnected computer
networks that use the internet protocol suite to link Cloud computing may be public or private (a single-tenant devices worldwide. cloud). Issues in implementing Cloud: Extranet - password-controlled network for private users 1. Existing investments Intranet - internal corporate Network 2. Legacy systems 3. Commodity asset Summary Visualization - multiple virtual computers in one physical Type User User ID and Password needed? computer. Internet anyone No E-Commerce Risks Intranet employees Yes Threat - any action that could damage an asset Extranet Business partners Yes Vulnerability - any weakness that makes it possible for a threat to cause harm to a computer or network Packet - a small amount of data sent over the network. INTRANET Each packet carries the information that will help it get to Intercepting Communication its destination -- the sender's IP address, the intended o Sniffing - using a Packet Sniffer, a software program receiver's IP address that enables a computer to monitor and capture carry the data in the protocols that the Internet uses: network traffic Transmission Control Protocol/Internet Protocol (TCP/IP) Privileged employees with access to the Corporate E-Commerce Database conducting business activities electronically over Reluctance to prosecute computer networks electronic dissemination of information INTERNET 1. Business to Business (B2B) Consumers: 2. Business to Employees (B2E) o Theft of confidential data 3. Business to Consumer (B2C) Data breach 4. Consumer to Consumer (C2C) Identity Theft 5. Business to Government (B2G) Cookies - a small piece of data sent from a website and stored on the user's computer by Benefits Costs the user's web browser while the user is browsing Marketing Financial Costs Business: Reduced Operating Costs Need for Internal Control systems Streamlined Operations Potential for Customer Distrust o IP Spoofing - a form as masquerading a person, Enhanced Product/Service Severe Consequence for technology program or computer to gain access to some Delivery breakdowns resource by manipulating IP packets o Denial of Service (DOS) Attack - assault on a Web Levels of business activity in the Internet: server by overwhelming a server or network to the Information Level - display information in the internet point that it is unusable (Network congestion) so Transaction Level - engaging with trade partners over the authorized users cannot access internet (ex. the accepting and/or placing orders) Distributed DOS (DDOS) Attack - use intermediary Distribution level - selling & delivering DIGITAL products (Ex. hosts to conduct a DOS attack subscription, software products/upgrades, music & videos) Zombie - infected intermediary host Cloud computing and Visualization Botnet - collection of compromised Cloud computing - computing environment in which software computers and storage are provided as an internet service & accessed SYN Flood Attack - exploits part of the with a web browser normal TCP three-way handshake to consume 3 Types: resources on the targeted server and render it 1. Infrastructure as a Service (IaaS) - outsource unresponsive equipment, but also provides housing, running and Smurf Attack - a system is flooded with maintenance spoofed ping messages. This creates high 2. Software as a Service (SaaS) - provides users access to computer network traffic on the victim’s software remotely via Web network, which often renders it unresponsive. Ping is a network diagnostic tool used primarily to test the connectivity between two nodes or devices. Security Measures: Encryption - convert data into a secret code for storage in database and transmission over network Encryption ciphers fall into two general categories: symmetric (private) key and asymmetric (public) key symmetric (private) key - uses same key to encrypt and decryp Digital Authentication o Digital Signature - based on public key cryptography, also known as asymmetric cryptography o Digital Certificate - an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity Firewall - program or dedicated hardware device that inspects network traffic passing through it and denies/permits traffic based on a set of rules to be determined at configuration Seals of Assurance - offered by trusted 3rd party organizations which are displayed on website homepages