Web Design and E-commerce Security: A Comprehensive Guide by Dr. Peter R. Gillett, Study notes of Accounting

Download Web Design and E-commerce Security: A Comprehensive Guide by Dr. Peter R. Gillett and more Study notes Accounting in PDF only on Docsity! February 26, 2003Dr. Peter R Gillett 1 22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor Department of Accounting & Information Systems Rutgers Business School – Newark & New Brunswick February 26, 2003Dr. Peter R Gillett 2 Outline Designing Web Pages Implementing Security for EC Introduction to Cryptography B2B EC Frameworks Active Server Pages February 26, 2003Dr. Peter R Gillett 5 Designing Web Sites Web Usability What metrics will you use to measure the success of your Web Site? Unique hits? Total hits? Return visits? February 26, 2003Dr. Peter R Gillett 6 Designing Web Sites Page Design Avoid fixed width text for material that may need to be printed Narrow columns are wasteful and annoy users Wide columns that do not fit the page are even more frustrating 600 pixels is 8.3 inches at 72 pixels per inch Allowing for printer margins, this exceeds standard letter paper Do not force users to scroll horizontally! February 26, 2003Dr. Peter R Gillett 7 Designing Web Sites “Creating Killer Web Sites”: David Siegel: Hayden Books (2nd Edition 1997) 3rd generation design Use (but don’t overuse) metaphor GIF, JPEG, GIF89a, etc. Transparency Compress images to reduce download times February 26, 2003Dr. Peter R Gillett 10 Designing Web Sites David Siegel: Use tables with invisible cells to control page layout Turn off borders Insert a single space at the end of text in each column (but a soft carriage return at the end of text in the final column) to help break up text for users with old (non-table) browsers The single-pixel gif trick Scaling controls vertical or horizontal spacing Should become less important as designers gain more control over browser behavior February 26, 2003Dr. Peter R Gillett 11 Designing Web Sites David Siegel: If you use frames, remember to add a No-Frames page Useful for index or other links you want to keep visible during scrolling Frame navigation is more complex and requires care Don’t load new pages within old frames February 26, 2003Dr. Peter R Gillett 12 Designing Web Sites David Siegel’s Deadly Sins: Blank line typography Horizontal rules Background images that interfere The Slow Load Illegal use of the third dimension Aliasing, dithering and halos February 26, 2003Dr. Peter R Gillett 15 Designing Web Sites Browser-Safe Colors 216 common from palettes of 256 for Mac, Windows, Windows 95 Formed from hex 00, 33, 66, 99, CC and FF Multiples of 51 for decimal-thinkers! sRGB Microsoft/HP proposal Background colors and background images (tiles) Use transparency February 26, 2003Dr. Peter R Gillett 16 Designing Web Sites Some graphics software: Adobe Photoshop Paint Shop Pro The Gimp DeBabelizer February 26, 2003Dr. Peter R Gillett 17 Designing Web Sites Many, many other things we have not discussed . . . Image maps Cascading style sheets (CSS) DHTML Shockwave Video, audio, etc. February 26, 2003Dr. Peter R Gillett 20 Designing Web Sites Intranet Design General principles apply, but Users are employees rather than customers There are typically many more pages More advanced browsers features may be safely used if reasonable presumptions can be made about the facilities that users will have available February 26, 2003Dr. Peter R Gillett 21 Implementing Security for EC Protecting Electronic Commerce Assets Secrecy & Privacy Integrity Availability Key management Nonrepudiation Authentication February 26, 2003Dr. Peter R Gillett 22 Implementing Security for EC Intellectual Property and Privacy Department of Justice: Computer Crime and Intellectual Property Section Many other active bodies Watermarks, ect. WebSide Story Cookie demonstration February 26, 2003Dr. Peter R Gillett 25 Implementing Security for EC Protecting the Commerce Server Access Control and Authentication Operating System Controls Firewalls February 26, 2003Dr. Peter R Gillett 26 Introduction to Cryptography No longer only the domain of the military Important business Issue Financial transactions Limiting distribution Keeping important documents or transmissions confidential Issues of Government restrictions and economic well-being of US firms February 26, 2003Dr. Peter R Gillett 27 Motivation for Cryptography General Reasons Open data gives the Internet power Authenticity in a very simulated environment! Sharing information is important February 26, 2003Dr. Peter R Gillett 30 Caesar Cipher: rotation of alphabets Alan Turing and his team: cracked the German Enigma in the early 1940s Used the ACE computer C. Shannon at Bell Labs, 1940s Showed the One-Time-Pad is the only “unbreakable code” Diffie-Hellman and the asymmetric or public key codes Basic History February 26, 2003Dr. Peter R Gillett 31 History Rivest, Shamir and Aldeman: RSA public key cryptography Found a good use for apparently very hard mathematical problems! Unless there is a great mathematical breakthrough, the RSA and its relatives are VERY costly to break The US Government forbids export of this technology for now February 26, 2003Dr. Peter R Gillett 32 Caesar Cipher ABCDEFGHIJKLMNOPQRSTUVWXYZ Mapped to DEFGHIJKLMNOPQRSTUVWXYZABC Example: “GIVE ME TEN” Becomes: “JLYH PH WHP” Attacks: probability of letters occurring in English Encrypt-Decrypt Internet Enerypi Decrypt [Do aaeel) (18 m=) 000 A a4) 35 February 26, 2003Dr. Peter R Gillett 36 Intercepting Messages or Packets? Ethernet Hubs Routers CPU Trace Cycles Screen Invasive: break in and copy/steal disks! February 26, 2003Dr. Peter R Gillett 37 Public Key and RSA Why so popular? Anyone can send messages and without trusting anyone else with your private key! The mathematical problems that are at work are very well known to be very hard! Extremely well trusted! Easily integrated into present software systems February 26, 2003Dr. Peter R Gillett 40 Public Key (RSA) February 26, 2003Dr. Peter R Gillett 41 A few uses Transactions Secrets Verifications Digital signatures Trusted companies or sites Digital cash! February 26, 2003Dr. Peter R Gillett 42 DES, the NSA and all that Data Encryption Standard Symmetric First from IBM for a NBS Call for Proposals 40 bits, 56 bits and now 128 bits Why more bits over time? It apparently costs $200,000 to crack 56 bits in 4.5 days: 1998 Electronic Frontier Foundation February 26, 2003Dr. Peter R Gillett 45 Security on the Internet Morris’s worm: exploited the send-mail server, 3-Nov.-1988 Affected 10% of the internet (NSF Net) Cost: $24 million in denial, $40 million to bring back Total cost between $64 and $100 million The Internet is central to business now Business impacts would dwarf the NFS Net costs February 26, 2003Dr. Peter R Gillett 46 More Security on the Internet Check out CMU’s http://www.cert.org/ Classical business parallels Phone transactions Mail transactions Logical and physical security Countermeasures Dealing with security threats February 26, 2003Dr. Peter R Gillett 47 Risk Analysis High Probability Contain and Control Prevent Ignore Insurance orBackup Low Impact High Impact Low Probability February 26, 2003Dr. Peter R Gillett 50 Evaluation of your Security Testing, testing, testing! Start with the “commerce chain” Active Content JavaScript, ActiveX, CGI, VBScript, Java Email attachments: viruses and Trojan Horses Cookies What if you get too many security alerts? February 26, 2003Dr. Peter R Gillett 51 Security in Pieces Sniffer programs Site hopping Click-trails Anonymizers anonymizer.com enonymous.com Cyber vandalism February 26, 2003Dr. Peter R Gillett 52 Security in Pieces Masquerading or spoofing Necessity, delay or denial Direct Indirect Always provide the least privileges to do a job Super users on Unix, Administrator in NT and Windows February 26, 2003Dr. Peter R Gillett 55 Additional References S. S. Y. Shim V. S. Pendyala, and J.Z Gao: “Business-to-Business E-Commerce Frameworks”, Computer, 40-47, Oct. 2000. U. Varshney, R. J. Vetter and R. Kalakota: “Mobile Commerce: A New Frontier,” Computer, 32-29, Oct. 2000. February 26, 2003Dr. Peter R Gillett 56 B2B EC Frameworks B2B is becoming much larger than B2C Fewer customer interactions to sell large B2B unit More standards necessary Tech standards not compatible: EDI in different countries Consider business as a set of processes Process engineering streamlines and automates processes to improve efficiency February 26, 2003Dr. Peter R Gillett 57 B2B EC Frameworks Defining Frameworks Make all protocols between business partners have the same protocol Standards: data format security ontology content management February 26, 2003Dr. Peter R Gillett 60 B2B EC Frameworks: OBI Main Benefits Simplicity Security, reliability and robustness Customizable catalogues based on digital certificates February 26, 2003Dr. Peter R Gillett 61 B2B EC Frameworks: eCo From CommerceNet: consortium of reps from more than 35 firms Interoperability as a set of levels, eCo uses XML documents to describe APIs Businesses can define, publish and exchange metadata descriptions Layered approach to defining and maintaining interactions February 26, 2003Dr. Peter R Gillett 62 B2B EC Frameworks: eCo Extensibility: unforeseen requirements Gateway web page for search engine needs A simple set of compliance rules Allow the discovery of EC systems and markets February 26, 2003Dr. Peter R Gillett 65 B2B EC Frameworks: RosettaNet Benefits In depth support for business process Addresses security issues Supports agent protocols February 26, 2003Dr. Peter R Gillett 66 B2B EC Frameworks: cXML From Commerce XML Joint effort of more than 40 firms cXML is open Internet based standard for Easy exchange of catalogue content Easy exchange of transaction information Made of ‘light weight’ DTDs Request/response model and asynchronous model February 26, 2003Dr. Peter R Gillett 67 B2B EC Frameworks: cXML Uses HTTP and/or URL formed encodings based communication Web browser acts as an intermediary cXML focus on maintenance, repair and operating services (MRO). Allows us to define parts of business processes Simple to use and easy to implement February 26, 2003Dr. Peter R Gillett 70 B2B EC Frameworks: Comparison Industry targeting Architecture XML? With EDI? Replace EDI? Security Protocols: most HTTP, one CGI February 26, 2003Dr. Peter R Gillett 71 Active Server Pages Microsoft innovation Server-generated pages that can invoke other programs (e.g., to access a database) Use server-side scripting with support for VBScript or Jscript Many other software tools now supported Runs more efficiently than CGI scripts February 26, 2003Dr. Peter R Gillett 72 Active Server Pages Has been used extensively E.g., Amazon.com Now available on non-Microsoft servers Although HTML is the default output, could also be XML Note the use of <& . . . &> pairs for server- side scripts N.B. Now there is JSP too!