E-Commerce

Definition - E-commerce (electronic commerce or EC) is the buying and selling of goods and services on the Internet, especially the World Wide Web. In practice, this term and a newer term, e-business, are often used interchangably. For online retail selling, the term e-tailing is sometimes used.

E-commerce can be divided into:

• E-tailing or "virtual storefronts" on Web sites with online catalogs, sometimes gathered into a "virtual mall"
• The gathering and use of demographic data through Web contacts
• Electronic Data Interchange (EDI), the business-to-business exchange of data
• e-mail and fax and their use as media for reaching prospects and established customers (for example, with newsletters)
• Business-to-business buying and selling
• The security of business transactions

E-tailing or The Virtual Storefront and the Virtual Mall

As a place for direct retail shopping, with its 24-hour availability, a global reach, the ability to interact and provide custom information and ordering, and multimedia prospects, the Web is rapidly becoming a multibillion dollar source of revenue for the world's businesses. A number of businesses already report considerable success. As early as the middle of 1997, Dell Computers reported orders of a million dollars a day. By early 1999, projected e-commerce revenues for business were in the billions of dollars and the stocks of companies deemed most adept at e-commerce were skyrocketing. Although many so-called dotcom retailers disappeared in the economic shakeout of 2000, Web retailing at sites such as Amazon.com, CDNow.com, and CompudataOnline.com continues to grow.

Market Research

In early 1999, it was widely recognized that because of the interactive nature of the Internet, companies could gather data about prospects and customers in unprecedented amounts -through site registration, questionnaires, and as part of taking orders. The issue of whether data was being collected with the knowledge and permission of market subjects had been raised. (Microsoft referred to its policy of data collection as "profiling" and a proposed standard has been developed that allows Internet users to decide who can have what personal information.)

Electronic Data Interchange (EDI)

EDI is the exchange of business data using an understood data format. It predates today's Internet. EDI involves data exchange among parties that know each other well and make arrangements for one-to-one (or point-to-point) connection, usually dial-up. EDI is expected to be replaced by one or more standard XML formats, such as ebXML.

E-Mail, Fax, and Internet Telephony

E-commerce is also conducted through the more limited electronic forms of communication called e-mail, facsimile or fax, and the emerging use of telephone calls over the Internet. Most of this is business-to-business, with some companies attempting to use e-mail and fax for unsolicited ads (usually viewed as online junk mail or spam) to consumers and other business prospects. An increasing number of business Web sites offer e-mail newsletters for subscribers. A new trend is opt-in e-mail in which Web users voluntarily sign up to receive e-mail, usually sponsored or containing ads, about product categories or other subjects they are interested in.

Business-to-Business Buying and Selling

Thousands of companies that sell products to other companies have discovered that the Web provides not only a 24-hour-a-day showcase for their products but a quick way to reach the right people in a company for more information.

The Security of Business Transactions

Security includes authenticating business transactors, controlling access to resources such as Web pages for registered or selected users, encrypting communications, and, in general, ensuring the privacy and effectiveness of transactions. Among the most widely-used security technologies is the Secure Sockets Layer (SSL), which is built into both of the leading Web browsers.

How to Start an e-Business

This is it--your chance to strike it very rich because suddenly, the internet has changed all the rules. For a half-century, the big players in business, from IBM to Exxon, dominated the game, leaving little room for newcomers to move to the top of the heap. Then in 1994 a little startup named Netscape introduced a web browser, and the race for cash was on. Amazon, eBay, Yahoo!, 1-800-Flowers, drugstore.com, Priceline.com, WebMd.com--today, they are million-, and in some cases billion-dollar businesses, but where were they ten years ago? Out of nowhere these companies and hundreds more, have emerged to challenge the gods of commerce. They're succeeding because the new rules favor small companies that are flexible, smart, tough and ultra-quick to react to changing market conditions.

Chew on these numbers: E-business research firm IDC expects the total worldwide value of goods and services purchased by businesses through e-commerce solutions will increase to $4.3 trillion by 2005 from $282 billion in 2000. By 2007, total online retail spending will reach $105.2 billion, up from the $51.7 billion consumers were expected to spend by the end of 2003. And in the 2002 Christmas shopping season, consumers spent $7.92 billion online, a 23 percent increase over the 2001 holiday season, according to e-commerce research firm BizRate.com.

E-Business

Definition - E-business (electronic business), derived from such terms as "e-mail" and "e-commerce," is the conduct of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. One of the first to use the term was IBM, when, in October, 1997, it launched a thematic campaign built around the term. Today, major corporations are rethinking their businesses in terms of the Internet and its new culture and capabilities. Companies are using the Web to buy parts and supplies from other companies, to collaborate on sales promotions, and to do joint research. Exploiting the convenience, availability, and world-wide reach of the Internet, many companies, such as Amazon.com, the book sellers, have already discovered how to use the Internet successfully.

Increasingly, much direct selling (or e-tailing) is taking place on the Internet of computer-related equipment and software. One of the first to report sales in the millions of dollars directly from the Web was Dell Computer. Travel bookings directly or indirectly as a result of Web research are becoming significant. Custom-orderable golf clubs and similar specialties are considered good prospects for the immediate future.

With the security built into today's browsers and with digital certificates now available for individuals and companies from Verisign, a certificate issuer, much of the early concern about the security of business transaction on the Web has abated and e-business by whatever name is accelerating.

IBM considers the development of intranets and extranets to be part of e-business. e-business can be said to include e-service, the provision of services and tasks over the Internet by application service providers (ASP).

Security Management

Security Management for networks is different for all kinds of situations. A small home or an office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.

Small Homes

• A basic firewall.
• For Windows users, basic Antivirus software like McAfee, Norton AntiVirus, AVG Antivirus or Windows Defender, others may suffice if they contain a virus scanner to scan for malicious software.
• When using a wireless connection, use a robust password.

Medium Businesses

• A fairly strong firewall
• A strong Antivirus software and Internet Security Software.
• For authentication, use strong passwords and change it on a bi-weekly/monthly basis.
• When using a wireless connection, use a robust password.
• Raise awareness about physical security to employees.
• Use an optional network analyzer or network monitor.

Large Businesses

• A strong firewall and proxy to keep unwanted people out.
• A strong Antivirus software and Internet Security Software.
• For authentication, use strong passwords and change it on a weekly/bi-weekly basis.
• When using a wireless connection, use a robust password.
• Exercise physical security precautions to employees.
• Prepare a network analyzer or network monitor and use it when needed.
• Implement physical security management like closed circuit television for entry areas and restricted zones.
• Security fencing to mark the company's perimeter.
• Fire extinguishers for fire-sensitive areas like server rooms and security rooms.
• Security guards can help to maximize security.

School

• An adjustable firewall and proxy to allow authorized users access from the outside and inside.
• A strong Antivirus software and Internet Security Software.
• Wireless connections that lead to firewalls.
• CIPA compliance.
• Supervision of network to guarantee updates and changes based on popular site usage.
• Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources.

Large Government

• A strong strong firewall and proxy to keep unwanted people out.
• A strong Antivirus software and Internet Security Software.
• Strong encryption, usually with a 256 bit key.
• Whitelist authorized wireless connection, block all else.
• All network hardware is in secure zones.
• All host should be on a private network that is invisible from the outside.
• Put all servers in a DMZ, or a firewall from the outside and from the inside.
• Security fencing to mark perimeter and set wireless range to this.

Network security

Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and the effectiveness (or lack) of these measures combined together.

Comparison with computer security

Securing network infrastructure is like securing possible entry points of attacks on a country by deploying appropriate defense. Computer security is more like providing means to protect a single PC against outside intrusion. The former is better and practical to protect the civilians from getting exposed to the attacks. The preventive measures attempt to secure the access to individual computers--the network itself--thereby protecting the computers and other shared resources such as printers, network-attached storage connected by the network. Attacks could be stopped at their entry points before they spread. As opposed to this, in computer security the measures taken are focused on securing individual computer hosts. A computer host whose security is compromised is likely to infect other hosts connected to a potentially unsecured network. A computer host's security is vulnerable to users with higher access privileges to those hosts.

Attributes of a secure network

Network security starts from authenticating any user, most likely an username and a password. Once authenticated, a stateful firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component fails to check potentially harmful contents such as computer worms being transmitted over the network. An intrusion prevention system (IPS) helps detect and prevent such malware. IPS also monitors for suspicious network traffic for contents, volume and anomalies to protect the network from attacks such as denial of service. Communication between two hosts using the network could be encrypted to maintain privacy. Individual events occurring on the network could be tracked for audit purposes and for a later high level analysis.

Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.