E Business

Functional Components Of WWW

Hyper Text Markup Language (HTML) Hyper Text Transfer Protocol (HTTP) Uniform Resource Identifiers (URIs) Webserver H/W & S/W Webclient HW and Browser SW

Web Hardware and Software

Architecture of a Web browser

Browser
HTML Controller Java Script Java HTTP FTP TELNET SMTP Interpreters

Uniform Resource Locators

Protocol :// Host : Port / Path
http://www.yahoo.com/index.html

Web Documents
Static Documents Dynamic Documents - Common Gateway Interface (CGI) - Scripting Technologies Embedded in HTML Page (Eg:- PHP, JSP, ASP) Active Documents - Java Applets - Client side scripting

CGI
9 8 CGI S/W 3 4 Web Server File System 7

11
Browser 1 Web Server

10 2

Database Server 5

Database

Client Server Network Security

Physical Security Software Security Inconsistent Security

Emerging Client-Server Security Threats

Threats to Clients - Virus - Worm - Trojan Horse Threats to Servers - Eavesdropping - Denial of Services - Service Overloading - Message Overloading - Packet Modification IP Spoofing

Protection Methods
Trust Based Security Security through Obscurity (STO)
Security through obscurity refers to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that if the faults are not known, then attackers will be unlikely to find them.

Protection Methods
Password Schemes Biometric System

Security
Data Security Message or Transaction Security - Message Confidentiality - Message Integrity - Error Detection codes - Check sum method - Message Sender Authentication - Digital Certificate

Digital Certificate
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

Privacy and Site blocking

Firewall - A data barrier between two networks, usually a trusted internal network and an external network which is untrusted. System Admin defines the policies with regards to blocking of incoming and outgoing packets

Importance of Firewall
Monitor incoming/out going security alerts Some firewalls can delete viruses,worm, Trojan horses or data collectors Blocking of selected sites on www

Firewall Architecture

Packet Filtering
Combination of Destination IP Address Protocol Source IP Address Source protocol port number Destination Protocol Port number

Address Translation Mechanism

Network Address Translation (NAT) - Device that hides the internal address and network topology of its protected domain from outside. - Placed at borders of network domain - Translates Local ip address into corresponding globally unique address - Address Association - Static IP - Dynamic IP

State Watching Mechanism

Rule Based Technique Keeps tracks of History Increased Performance Security and flexibility to packet filtering

Firewall Policy
Permissive Approach Restrictive Approach - only those identified as permitted to pass

Components of Firewall
Hardware Software - Packet Filters - Proxy Servers - SOCKS Servers - SOCKet Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server. - Network address Transalation (NAT) - Logging and monitoring Software - Virtual Private Network (VPN) Services

Types of Firewalls
Static Firewall - Default Allow Policy - Default Denial Policy Dynamic Firewall - IP Packet Filtering Firewall - Application Level Firewall

Disadvantages of packet filtering Firewall

Cannot support user authentication and blocking based on contents at application level Packet filtering rules become tedious when used for filtering all permutation and combinations

Suspectable for IP spoofing, hackers can change IP address in packet headers

Application level Firewall

Limitations of Firewall
A firewall is unable to offer protection from those threats do not pass through it Threats from Internal users Monitors, only authenticated & legitimated traffic flow not confidentiality Virus attack, Data driven attack

Selecting a Firewall
Ease of Use Level and Quality of protection Whether it is free Level of Intelligence Technique/Strategy to cope with Internet connection sharing

Security Standards for Emails

Privacy Enhanced Mail Standard (PEM) Pretty Good Privacy (PGP) S/MIME (Secure Multipurpose Mail Extension) MSP (Message Security Protocol)

Privacy Enhanced Mail Standard

Includes Encryption, Authentication and key management Allows both public and private key Cryptography Uses Data Encryption Standard (DES) algorithm and RSA algorithm for sender authentication and key management Verifies identity of the message originator and verifies if any orginal text has been tampered

Pretty Good Privacy

It is a security key cryptography For each message system generates a random 128 bit session key Only that particular message is encrypted using IDEA with RSA and the receivers public key RSA is used by the receiver with a private key to decrypt and recover the session key Session key then decrypts the message

Secure multipurpose Internet mail extension

Developed in 1996 Developed with RSA algorithm Built on public key encryption standards Security to different types and attachments It has following key attributes - Digital Signature - Encrypted using Public key cryptography - Digital Envelope - Ensures message remain private - Algorithm such as DES, 3DES or RC4

Message Security Protocol

MSP is a protocol that secures email attachments across multiple platforms It operates at the application level of the internet

Audio & Video on web

Audio - waves (Oscillation) - measured in amplitude,frequency,bass Video - Huge space of storage - MPEG Streaming

Creating and maintaining the web

Website should be easily accessible, customer oriented Frequent updation of products and policies Content to be attractive text,pictures,pics animation Fast loading Detailed info about product and services How it differs from competitors Easy navigation for customers Subsections Linking structure Navigation Tools - Users Prerequisite informations - Tracking cookies - Free Email accounts - Preferential screen layouts/content sources

Basics of a Commercial website

Context (Sites layout and design Commerce (Sites Sites capability to enable commercial transactions
Website

Connection (Degree to which one site is linked

Content (Text, picture, sound and video Community (How the site enables user-user communication

Need for an intelligent website

Long process, investment in technology Leverages four type of information - Demographics - Who they are? - Income? - Marital Status - Expressed preferances - Past transactions - Observed behaviours

Need for an intelligent website

Observed behaviours - Basic Webtraffic analysis - Customer Interaction Analysis - Real time personalization - Greetings - Customization - Narrowcasting - Recommendation - Getting to fine-grained segmentation - Going through the streams of clicks - Enrich content with external data - Reaching optimal intelligence

Web: Goals,objectives and manpower

Website will collect info about current and potential customers? Allow customers to order online for products and services? Links to related webpages? Industry realted info? Website recruitment employees? Virtual sales person? Webpages design planning Helps in gathering data for marketing Requirement of special development tools to help users visit their website Webdesigning and development (Front end and back end)

Advantages of a Website
Increased Awareness of Products and Services Freedom - sharing of information in the internet Cost Advantage

Concepts of Website Creation

HTML Editor Text Editor File Transfer Protocol Graphics Editor Zip/Unzip software Email

Basic Web languages for web designing

HTML Javascript - developed by netscape, sunmicrosystems - Client side scripting language VB script - Client based language Perl script - text processing language - Extensively used in CGI Scripting .net technology

Basic Web languages for web designing

.net frame work - Common language runtime (CLR) - runtime engine - Common Type System (CTS) - data types and operations - .net frame work libraries - Reusable types of object oriented C# PHP - scripting language embedded in HTML , runs on webserver AJAX (Asynchronous javascript and XML)

Need for Corporate Strategic Infrastructure

Internal Development Vs Outsourcing Internal Team Early Outsourcing Late Outsourcing Partial Outsourcing

Web design tips

Keep it simple Navigation Font Size Load Time Screen resolutions - 800 X 600 - 1024 X 768 Frames Animation Links Banner Exchange Top of Page Table Tricks Website Image

Webpage Editors & Optimizing graphics

Text Editors Object Editors WYSIWYG editors WYSIWYM editors

Forms of web audio files

Wav Mp3 Ogg Gsm Dct Flac Au Aiff Vox raw

Database driven websites

Database management systems

File transfer and downloading

File transfer protocol Peer-peer downloading and installing sw - Traditional P2P networks - Residential P2P networks

How to install a program

CD/DVD Internet