ASSIGNMENT OF INT 882

Course Title: E-COMMERCE

SUBMITTED TO: Mrs. NAVJYOT KAUR

SUBMITTED BY: WASIM REZA ROLL NO. : - A48 SECTION:- KOE121 REG NO. : - 10807641

1. A website offering e-commerce services are vulnerable to attacks. How can you avoid the possible attacks on a commercial e-commerce website?

ANS:-Vulnerabilities appear is because of the inherent complexity in most online systems. Nowadays, users are placing very demanding requirements on their e-commerce providers, and this requires complex designs and programming logic. In understanding these various threats, it is possible to determine which vulnerabilities may be exploited and which assets are targeted during an attack. Some methods of attack include:

Social engineering Viruses, worms, and Trojan horses Denial of service attack tools Packet replaying Packet modification IP spoofing Password cracking

Types of Security Policies Policies can be defined for any area of security. It is up to the security administrator and IT manager to classify what policies need to be defined and who should plan the policies. There could be policies for the whole company or policies for various sections within the company. The various types of policies that could be included are:

Password policies o Administrative Responsibilities o User Responsibilities E-mail policies Internet policies Backup and restore policies

Password Policies The security provided by a password system depends on the passwords being kept secret at all times. Thus, a password is vulnerable to compromise five essential aspects of the password system:

A password must be initially assigned to a user when enrolled on the system. A user's password must be changed periodically. The system must maintain a "password database." Users must remember their passwords. Users must enter their passwords into the system at authentication time. Employees may not disclose their passwords to anyone. This includes administrators and IT managers.

Administrative Responsibilities Many systems come from the vendor with a few standard user logins already enrolled in the system. Change the passwords for all standard user logins before allowing the general user population to access the system. For example, change administrator password when installing the system. The administrator is responsible for generating and assigning the initial password for each user login. The user must then be informed of this password. In some areas, it may be necessary to prevent exposure of the password to the administrator. In other cases, the user can easily nullify this exposure. To prevent the exposure of a password, it is possible to use smart card encryption in conjunction with the user's username and password. Even if the administrator knows the password, he or she will be unable to use it without the smart card. When a user's initial password must be exposed to the administrator, this exposure may be nullified by having the user immediately change the password by the normal procedure. Occasionally, a user will forget the password or the administrator may determine that a user's password may have been compromised. To be able to correct these problems, it is recommended that the administrator be permitted to change the password of any user by generating a new one. User Responsibilities Users should understand their responsibility to keep passwords private and to report changes in their user status, suspected security violations, and so forth. To assure security awareness among the user population, we recommend that each user be required to sign a statement to acknowledge understanding these responsibilities.. E-mail Policies E-mail is increasingly critical to the normal conduct of business. Organizations need policies for email to help employees use e-mail properly, to reduce the risk of intentional or inadvertent misuse, and to assure that official records transferred via e-mail are properly handled. Similar to policies for appropriate use of the telephone, organizations need to define appropriate use of e-mail. Organizational polices are needed to establish general guidance in such areas as:

The use of e-mail to conduct official business The use of e-mail for personal business Access control and confidential protection of messages

Using encryption algorithms to digitally sign the e-mail message can prevent impersonation. Encrypting the contents of the message or the channel that it's transmitted over can prevent eavesdropping. E-mail encryption is discussed later in this paper under "Public Key Infrastructures." Using public locations like Internet cafes and chat rooms to access e-mail can lead to the user leaving valuable information cached or downloaded on to internet computers. Users need to clean up the computer after they use it, so no important documents are left behind. This is often a problem in places like airport lounges.

Internet Policies The World Wide Web has a body of software and a set of protocols and conventions used to traverse and find information over the Internet. Through the use hypertext and multimedia techniques, the Web is easy for anyone to roam, browse, and contribute to. Web clients, also known as Web browsers, provide a user interface to navigate through information by pointing and clicking. Browsers also introduce vulnerabilities to an organization, although generally less severe than the threat posed by servers. Web servers can be attacked directly, or used as jumping off points to attack an organization's internal networks. There are many areas of Web servers to secure: the underlying operating system, the Web server software, server scripts and other software, and so forth. Firewalls and proper configuration of routers and the IP protocol can help to fend off denial of service attacks.

EDI is quite different from just sending the electronic mail or documents over the network. How has EDI revolutionized the e-commerce business? Discuss the various pros and cons related with this.
2.

ANS:- EDI is simply a structured way of creating electronic forms that can be transmitted between trading partners to execute business transactions without the need to generate any paper. EDI has been around for many years and refers to a set of standards for electronic transaction processing between organizations. An example for an EDI transaction is the automatic transmittal of an order to a supplier. Since the growth of e-business, EDI has become increasingly important, as many e-businesses automate their transactions with suppliers and customers.

During EDI, information is sent from one participant's computer system and translated to a standard format with special translation software. It is then transmitted to another participant, translated back from the standard format into a format used by the receiver and entered into the receiver's computer system.

Companies use EDI to exchange information for a variety of different reasons, mainly increased efficiency and cost savings. For example, EDI allows business transactions to occur in less time and with fewer errors than do traditional, paper-based means. It reduces the amount of inventory companies must invest in by closely tying manufacturing to actual demand, allowing for just-intime delivery

EDI Pros The good thing about EDI is that by agreeing on an EDI document, both parties understand exactly how the file format looks like, yet they still have the option do some custom work and send some information in the file to their trading partners upon agreement with the other side. EDI files as open enough to hold mandatory fields and optional fields, so a company can set the optional fields to what ever they want to, with preference to something that reminds the field description. This flexibility to send information between computer systems is vital because most businesses who have relationships with other businesses use different ERP systems so when they finally wants to start using EDI they can do that without a problem even though, both ERP systems use different database structure and file format for their import and export routines. EDI Cons The EDI file format is complex, have many elements, segments and documents, so when a business wants to achieve a simple talk of sending and receiving an order and he already has a computer system inside but that computer system doesn't "talk" EDI, then it usually needs to contact some other software vendor who specialize in EDI to do the integration with EDI, that cost more money on the software package, implementation and integration of the EDI software and then having to pay a monthly fee for the EDI Administrator to check out that all EDI transactions went fine and that there are no errors. If there are errors the EDI administrator has to send some type of report to the company, let them know that something went wrong. All those extra cost and having two software packages, make things expensive and difficult to manage and synchronize.

Why do we need to tracking- tools in e-commerce? List few tracking tools available which help you in e-commerce.
3.

ANS:- Robustness: Reliability: Commercial world demand - time of delivery Some of the proposed initiatives for reliable transmission o Special authentication/non-repudiation programs would fetch delivery & receipt reports. o Tools exist for diagnosing problems across the interconnected system. o Redundant mail servers at separate locations are recommended. Delivery of transaction should be guaranteed. Document missing unacceptable. Dynamic routing ensures packets reach destination.

Bandwidth: Internet connection b growing day by day. More people getting hooked to net. Result exponentially increasing traffic. Internet getting chocked. Nations are moving in the directions of setting up national information infrastructure(NII), high bandwidth information highways to link with (Gii)

Security: Integrity ensures data remains as is from the sender to the receiver. If someone added an extra bill to the envelope, which contained your credit card bill, he has violated the integrity of the mail. Availability ensures you have access and are authorized to resources. If the post office destroys your mail or the postman takes one year to deliver your mail, he has impacted the availability of your mail. There are quite a few misconceptions and considerable misinformation about the effect of this change. In a nutshell, if you are a manufacturer of a product that has an existing 8 or 12-digit UPC barcode, don't worry. You do not have to change anything. However, if you are a retailer or wholesaler with scanners, you potentially are affected. You will need to ensure that scanners are able to decode 8, 12, 13 and 14-digit barcodes (most scanners sold for the last 5 years can do this) and that database systems can handle the extra digits. UPS Tracking:If you want to improve customer service and increase traffic on your e-commerce site, you need UPS Tracking. UPS Tracking lets your customers track their shipments right from your ecommerce site using your own reference or order number. This functionality encourages your customers to return to your site to track their shipments or to check the status of their order. UPS Rates & Service Selection:If you want flexibility and control when shipping your online orders, your e-commerce site needs UPS Rates & Service Selection. This powerful UPS Online Tool lets online shoppers compare, price, and select UPS shipping services that best fit their needs and budgets. It can be used to dynamically generate a list of UPS shipping services tailored for your customer.

4. There are different types of transactions in e-commerce. Enlist all type of transactions available in e-commerce along with real life examples for each.

ANS:- Accordingly, Ecommerce can be broken into four main categories: B2B, B2C, C2B, and C2C which are in essence various segments along the ecommerce value chain spectrum.

B2B: Business to Business In this segment, companies conduct business with each other such as manufacturers selling to distributors and wholesalers selling to retailers. Pricing is based on quantity of order and is often negotiable.

B2C Business to Consumer Here, businesses selling to the general public typically through catalogs utilizing shopping cart software. In value terms B2B is more than B2C which is very specific in terms of individual transaction size and specification in lesser time intervals. A variation of this is a situation wherein, companies using internal networks to offer their employees products and services online not necessarily online on the Web but through an Intranet. This is B2E (Business-to-Employee) ecommerce.

C2B Consumer to Business In this case, a consumer posts his project with a set budget online and within hours companies review the consumer's requirements and bid on the project.The consumer reviews the bids and selects the company that will complete the project. E-commerce empowers consumers around the world by providing the meeting ground and platform for such transactions.

C2C Consumer to Consumer Here, websites offer free classifieds, auctions, and forums where individuals can buy and sell thanks to online payment systems like PayPal where people can send and receive money online with ease. eBay's auction service is an example of where person-to-person transactions take place everyday since 1995.