ECommerce Infrastructure

1
E-CommerceInfrastructure Security

• Lecture 2
• Security Overview
• Protocols and Markup Languages
• Multi-Tiered Client-Server Architectures

2
Agenda

• Security Overview
• Internet History
• Protocols
• Markup Languages
• Multi-Tiered Architectures

3
Commerce

• The First VISA Card
• Elements of Traditional Commerce
• The Buyer
• The Seller
• Transaction Cost
• Value Chains

4
The First VISA Card

• The notion of store credit is hundreds of
  years old
• Sticks with markings were used
• Merchant kept one
• Buyer kept another
• This keeps everyone honest!

5
Your First Assignment

• Objective
• Help students understand the basic elements of
  commerce.
• Task
• Identify a purchase that you made this week
  (some examples include lunch, a new computer, and
  textbooks). Describe how each of the elements of
  a traditional commercial transaction appears in
  your purchase. Be sure to describe these elements
  from your (the buyers) perspective and the
  sellers perspective. What associated companies
  (i.e. service partners) facilitated the buyer and
  the seller in this commercial transaction?
• Deliverable
• Descriptive, short essay defining stages, roles
  and actions of the buyer and seller, and
  supporting partners in a typical commercial
  transaction.

6
Security Overview

• WSPC Chapter 1
• Three points
• Secure Web server data
• Secure information in transit
• Secure users computer

7
On-Line Banking Considerations?

• Identification of user (authentication)
• Scan for vulnerabilities of site
• Secure, off-site backup of data
• Secure logging for nonrepudiation
• Load balancing usage monitoring
• Disaster recovery (second site)
• Redundancy of ISPs, etc.
• Protect billing privacy info
• 24-hour ops center for quick recovery
• Secure physical plant

8
A Web-based Purchase
On-Line Store
DB
Warehouse
9
Overview of Security

• Web Server
• No unauthorized access to data
• Information in Transit
• Protect against eavesdropping
• Client Machine
• No unauthorized access corruption

10
The Web Server
On-Line Store
DB
Warehouse
11
Securing the Web Server

• Minimize the risk by minimizing the services
• Host non-Web files on a separate machine
• Limit access and permissions

12
Information/Transmission Security
On-Line Store
DB
Warehouse
13
Securing in Transit

• Encryption (PGP, SSL, etc.)
• Noise/Garbage
• Physical Security (special cases)

14
The Client
On-Line Store
DB
Warehouse
15
Securing the Client Machine

• Viruses
• Browser Bugs/Holes
• ActiveX, Plug-Ins, Macros, etc.
• Physical access to the machine
• Social Engineering

16
Secure Server

• Well-written scripts
• Minimizing services (FTP, Port 80, etc)
• Program, OS, DB

17
Secure Transit

• No eavesdropping
• Encryption
• Noise

18
Securing the Users Machine

• Education
• Black-box security
• Loss of productivity
• Viruses, worms, etc.

19
Security Overview Review

• Education Technology
• Server, Transit, User
• Many issues to consider in security
• No silver bullet
• Well focus on each of these topics as the
  semester progresses

20
The Shatterer of Worlds

• Imagine a time without computers, the Internet,
  or E-Commerce
• How did we get here, and whats changed?

21
The Internet Effect

• Communication
• Media
• How we work
• How we play
• A distributed world view

22
Something Wicked This Way Comes

• Mainframe computing
• Desktop computing environment
• Ubiquitous/mobile computing

23
The Circle of Life
Centralized computing
Desktop computing
Networked/distributed computing
ASPs(vive la dumb-terminal!)
24
Internet History

• Mid 60s
• State of the art was 110bps(2 words per second)
  networks
• 56kbps (550 times faster!)network of 12
  universities/organizations
• Sharing processors was the motivation

25
Packet Switching

• Underlying technology of ARPAnet
• Cheaper than circuit switching networks
• Within the packets
• Address information
• Error control information
• Sequencing information
• No longer centrally controlled
• Designed for faults/attacks

26
Reality Hits ARPAnet

• E-mail the first Net killer ap
• Communication is king!
• Others want in

27
Letting Everyone In the Game

• TCP Transmission Control Protocol
• Used to route data correctly
• Others were developing networks as well
• How do you bring them all together?
• IP Internetworking protocol
• Creates a network of networks
• Thus, TCP/IP

28
Then What?

• Businesses seize the golden goose
• There becomes an insatiable desire for
• Increased processor speed
• Increased bandwidth
• Network service providers
• Software

29
Enter the PC

• Pioneered by Apple in 1977
• IBM (jumped in later in 1981)
• Creates the desktop mode
• Opens the door for the consumer

30
What Was Necessary?

• What elements had to exist before the Web could
  explode as it has done in the last decade?

31
What Was Necessary?

• Cheap computing
• Reliable, cheap network technology
• Service Providers
• Delphi, CompuServe, Prodigy, AOL, etc.
• Content
• Easy-to-use software!

32
Why Now?

• Computing power is cheap
• People are increasingly mobile
• Browsers have come a long way
• Service providers make it easier
• Huge amounts of content
• Consumer bandwidth is increasing

33
Protocols

• You should have had exposure to these in previous
  classes
• You need to know the following terminology so you
  can effectively build E-commerce web sites

34
Protocol Terminology

• HTTP - Hypertext Transfer Protocol used for Web
  transmissions
• Client sends request
• Server responds with page/file
• Client closes session
• One request/response/close cycle for each file
  requested

35
Protocol Terminology

• SMTP/POP/IMAP
• Used for E-mail transmissions
• FTP
• Used to control the transfer of files from one
  computer to another

36
Protocol Application

• Why are protocols needed?
• Why standardize?
• Why have multiple protocols?

37
Clearing a Display

• You need to write a network-based, terminal
  program that will run on any platform
• MAC, Unix, Windows, SunOS, etc.
• How can you clear the terminal?

38
Clearing the Screen

• CLS in Basic/Dos
• PrintLn() x 25 (or 50) times in Pascal
• clear in UNIX
• Etc.

39
Everything In Its Place

• Why should the author/programmer worry about
  implementation?
• Why not let each client machine worry about how
  to accomplish the desired task?
• Improves portability, reuse, etc.

40
Enter Markup Languages

• Purpose is to mark documents with tags
• Tags are
• Device-independent
• Language-independent
• Represent properties/attributes of objects within
  a document

41
HTML

• This should be review for you if youve taken the
  pre-reqs for these courses(and remember what you
  learned!)

42
Hypertext Markup Language

• Subset of SGML (Standard General Markup
  Language)
• Utility of SGML
• Without some of the little-needed features

43
Benefits of the HTML Approach

• Separates the content from the implementation
• For example, ltEMgt for emphasis (replacing the
  deprecated ltigt tag)

44
Benefits of HTML (cont.)

• Language-independent
• Machine-independent
• Client-side processing

45
HTML In ITSK3413/3423

• You should be able to quickly understand HTML
  when viewed native
• Use any authoring tool youd like
• Our goal is results, not specifics

46
HTML You Should Know

• Alignment
• Text Formatting
• Graphics ( image maps)
• Links (internal external)
• Tables
• Forms
• Frames

47
Our HTML Standard

• Well standardize on HTML 4.01 (the latest)
• All assignments must work in IE 5 or later
• Worry about browser conflicts and
  incompatibilities on the job, not here!

48
Enough on HTML Just Do It!
49
Intermission
50
Multi-Tiered Architecture

• Two approaches well concern ourselves with in
  this course
• Two-Tiered
• Three-Tiered

51
How does Web Communication Work?

• DNS Lookup first (distributed lookup)
• Handshake
• SYN from client
• SYN/ACK from server
• ACK from client
• Packets of info until request fulfilled

52
The Two-Tiered Approach
TCP/IP
53
HTTP Example Client Side

• Client requests page
• Client formats an HTTP request
• The request consists of
• Request line
• Request header
• Optional entity body

54
Request Details

• Command (typically GET)
• Filename (requested)
• Protocol being used (client informs)
• Request header additional info as needed
• Entity body used to upload content

55
HTTP Example Server Side

• Server responds
• Finds requested file
• Formulates response and sends to client
• Header
• Fields (informs client)
• Body (content)

56
The Three-Tiered Approach
TCP/IP
57
Additions in Three-Tiered Approach

• Client/Server interactions remain the same
• Additional backend needed
• Fulfill complex client requests
• Business logic
• Data storage
• ERP Enterprise Resource Planning
• Introduces a new interaction

58
Server-Backend Communication

• Server analyzes client request
• Realizes it needs the backend
• Server requests a DB transaction with backend
• Backend formulates response and sends to server
• Server formats information into HTML
• Server sends information to client

59
Thin Clients

• One approach is to rely upon the client as little
  as possible
• Assume only minimal processor/memory
• Assume minimal browser capability
• What might justify this decision?
• Why might you go a different route?

60
Next Week

• Look at various Web servers
• Examine .NET architecture
• Security issues on client server
• Business models hosting options
• Cryptography

61
Have a Great Weekend!
FIN