Submitted to:

Dr Shashank Singh

Submitted by:
Shalloo Bajpai
1600103199
1601012189
CSE-2

Assignment 2: E-Commerce

Ans. 1: Short notes.

A. TCP/IP: Transmission Control Protocol/Internet Protocol, developed in 1978 , is a set of rules

(protocol) governing communication among all the computers on the Internet. It specifically
dictates how information should be packaged (into packets, i.e., bundles of information), sent
and received, and how to get it to its destination.
The protocols apply to four layers which are divided on the basis of their function:
a.) Application layer
b.) Transport layer
c.)Internet layer
d.) Link layer
The features that stood out during the research, which led to making the TCP/IP
reference model were:
Support for a flexible architecture. Adding more machines to a network was easy.
The network was robust, and connections remained intact until the source and
destination machines were functioning.
The overall idea was to allow one application on one computer to talk to (send data
packets) another application running on a different computer.

B. FTP: File Transfer Protocol FTP is a standard internet protocol provided by TCP/IP
used for transmitting the files from one host to another. It is mainly used for transferring the
web page files from their creator to the computer that acts as a server for other computers on
the internet. It is also used for downloading the files to the computer from other servers. It
 provides the sharing of files. It is used to encourage the use of remote computers. It transfers
the data more reliably and efficiently.
FTP is built on client-server architecture and utilizes separate control and data connections
between the client and server applications. FTP is used with user-based password
authentication or with anonymous user access.

C. HTTP: HTTP stands for Hypertext Transfer Protocol. It is used to access data on the WWW
(World
Wide Web). It is a protocol which governs the communication between the client and server.
There are three important features of HTTP:
a.) HTTP is Connectionless
After a request is made, the client disconnects from the server and waits for a response. The
server must reestablish the connection after it processes the request.
b.) HTTP is Media Independent
Any type of data can be sent by HTTP as long as both the client and server know how to handle
the data content.
c.) HTTP is Stateless
This is a direct result of HTTP being connectionless. The server and client are aware of each
other only during a request. Afterwards, each forgets the other. For this reason neither the
client now the browser can retain information between different requests across the web pages.
A browser contacts a server to establish a TCP connection with it. The HTTP software on the
client sends a request to the server. The HTTP software on the server interprets this request and
sends the response to the client.

D. SMTP: Simple Mail Transfer Protocol is a set of communication guidelines that allow software
to transmit an electronic mail over the internet. It is a program used for sending messages to
other computer users based on e-mail addresses.
It provides a mail exchange between users on the same or different computers, and it also
supports:
a. It can send a single message to one or more recipients.
b. Messages being sent can include text, voice, video or graphics.
c. It can also send the messages on networks outside the internet.
The main purpose of SMTP is used to set up communication rules between servers. The servers
have a way of identifying themselves and announcing what kind of communication they are
trying to perform. They also have a way of handling the errors such as incorrect email address.
 For example, if the recipient address is wrong, then the receiving server replies with an error
message of some kind.

E. S-HTTP: S-HTTP stands for Secure Hypertext Transfer Protocol, is an Internet protocol for
encryption of Hypertext Transfer Protocol (HTTP) traffic.It is an extension to the Hypertext
Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
Each S-HTTP file is either encrypted, contains a digital certificate, or both. For a given document,
S-HTTP is an alternative to another well-known security protocol, Secure Sockets Layer (SSL).
A major difference is that S-HTTP allows the client to send a certificate to authenticate the user
whereas, using SSL, only the server can be authenticated. S-HTTP is more likely to be used in
situations where the server represents a bank and requires authentication from the user that is
more secure than a userid and password.
S-HTTP works at the even higher level of the HTTP application. Both security protocols can be
used by a browser user, but only one can be used with a given document. Terisa Systems
includes both SSL and S-HTTP in their Internet security tool kits.

F. SSL: SSL, or Secure Sockets Layer, is an encryption-based Internet security protocol. It was first
developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data
integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used
today.
SSL/TLS works by binding the identities of entities such as websites and companies to
cryptographic key pairs via digital documents known as X.509 certificates. Each key pair consists
of a private key and a public key. The private key is kept secure, and the public key can be widely
distributed via a certificate.
SSL follows an asymmetric cryptographic mechanism, in which a Web browser creates a public
key and a private (secret) key. The public key is placed in a data file known as a certificate
signing request (CSR). The private key is issued to the recipient only.

G. Messaging Protocol: Internet Control Message Protocol (ICMP) is a TCP/IP network layer
protocol that provides troubleshooting, control and error message services. ICMP is most
frequently used in operating systems for networked computers, where it transmits error
messages.
ICMP (Internet Control Message Protocol) is a protocol that network devices (e.g. routers) use to
generate error messages when network issues are preventing IP packets from getting through.
The Internet Control Message Protocol is one of the fundamental systems that make the
internet work.
As this protocol resides at the Internet Layer, its messages are carried by IP packets and so exist
 at a higher level than the operating structures of switches. Although the ICMP is carried within
the IP packet, it does not exist inside data-carrying packets. An ICMP packet is only generated in
response to an incoming data packet when the transmission of that inbound message fails. The
error conditions that provoke an ICMP packet are often the result of data contained in the IP
header of the failed packet.
An ICMP packet has an eight-byte header, followed by a variable-sized data section. The
first four bytes of the header are fixed:ICMP type, ICMP code, checksum of the entire ICMP
message, checksum of the entire ICMP message. The remaining four bytes of the header vary
based on the ICMP type and code.

Ans. 2: E-Advertising Techniques:

E-Advertising, also called as Internet advertising or Online advertising.It is a form of promotion that uses
the internet and World Wide Web to deliver marketing messages to attract customers.Example: Banner
ads, Social network advertising, online classified advertising etc. The growth of these particular media
attracts the attention of advertisers as a more productive source to bring in consumers.
There are 8 types of e-advertising techniques :-
1.) Display Advertising : Display advertising is a type of online paid advertising, typically using images
and text. The most popular forms of display ads are banners, landing pages (LP’s) and popups. Display
ads differ from other ads because they do not show up in search results.
2.) Search Engine Marketing & Optimization (SEM) & (SEO): SEM and SEO are two types of online
advertising that promote content and increase visibility through searches.
SEM: Instead of paying for the actual ad, advertising pay each time users click on the ad to their website.
Businesses benefit by gaining specific information about their market.
SEO: To gain a higher rank in search engine results, advertisers use various SEO tactics, such as linking,
targeting keywords and meta descriptions and creating high level content that other sites will link to.
While SEM is a paid strategy, SEO is organic, making it a sought out type of online advertising.
3.) Social Media: There are 1.65 billion active mobile social accounts globally with 1 million new active
mobile social users added every day. According to the Hoot suite social media advertising statistics,
social media advertising budgets have doubled, worldwide, from $16 billion to $31 billion in the past 2
years alone.
4.) Native Advertising: Native advertising is the use of paid ads that match the look, feel and function of
the media format in which they appear. Native ads are often found in social media feeds, or as
recommended content on a web page.
Unlike display ads or banner ads, native ads don't really look like ads. They look like part of the editorial
flow of the page. The key to native advertising is that it is non-disruptive - it exposes the reader to
advertising content without sticking out like a sore thumb.
5.) Pay Per Click (PPC): Pay per click (PPC) ads explain their concept right in the name. These are ads that
advertisers only pay for when a user clicks on them, which contributes to the strength of PPC as a tool. If
the ad was seen by 100 people and only 1 person clicked the ad, the cost of the ad revolves solely
around the 1 who clicked.
6.) Remarketing: Remarketing (or retargeting) is a type of online advertising that does exactly what it
says it does. This cookie-based technology literally follows the user around the internet, in order to
remarket him/her again. Statistics show that only 2% of web traffic converts on the first visit, which
means 98% of users leave without converting right away.
7.) Affiliate Marketing: Affiliate marketing is promoting a company’s product while earning a
commission for each sale that was made. It’s essentially a 3-party advertising agreement between the
advertiser, publisher and consumer. It’s widely adopted with bloggers who have large numbers of
followers and are looking to gain passive income.
8.) Video Ads: Video ads are growing in popularity, especially with the younger generation of
consumers. BI Intelligence reported that digital video will reach nearly $5 billion in ad revenue and with
the highest average click-through rate, 1.84%, of any digital format (2016). And the stats don’t lie. 55%
of consumers view videos in their entirety while 43% want to see more video content from markets.

BANNERS :
In the online world, a banner is a rectangular or square advertisement placed on a website, which
includes graphic images and text, and links to the advertiser’s website or to another page in the same
website.
Banners are often used as hero images for category pages in e-commerce websites, as well as for
presentation websites, if their main purpose is to draw attention to a specific product or service.
Banners can be placed anywhere on a website, but are typically located above or below the main
content blocks, or in the website’s sidebars.
The purpose of banner advertising is to promote a brand and/or to get visitors from the host website to
go to the advertiser's website.
Banner advertising, also called display advertising, consists of static or animated images or media and
are usually placed in high-visibility areas on high-traffic websites. Banner advertising is attractive
because it can help create brand awareness, generate leads and re-target an audience.

SPONSORSHIP PORTALS :
Sponsorship advertising is a type of advertising where a company pays to be associated with a specific
event. In fact, sponsorship advertising is very prevalent with charitable events. Besides charitable
events, companies may sponsor local sporting teams, sports tournaments, fairs, and other community
events. The idea is to get your name out and be viewed positively as a participating member of your
community.
Criteria for Sponsorship : Author Jim Karrh suggests four criteria for a business to use in determining
whether to
sponsor something:
● Relevance - The event, organization, or cause you are considering sponsoring must have some
degree of relevance to the services or products you provide. For example, a running shoe
company may consider sponsoring a local marathon, but it really doesn't make much sense for a
local brewery to do so. You want to match your sponsorship of events or organizations to those
that involve your target market.
● Brand fit - Your brand fit must fit the event. A computer company sponsoring a gaming event
using a game that is not compatible with its computer makes no sense and may be counter-
productive.
● Mission alignment - The interests of the event or organization should not conflict with the
interests of the company. A tobacco company sponsoring a cancer awareness walk may not
work out that well for the tobacco company.
● Business result - The company must have a reasonable basis to believe that the sponsorship will
create a tangible business result. It doesn't necessarily have to produce a profit, but it should at
least increase company awareness, brand awareness, or help foster a positive view of the
company.

ONLINE COUPONS :
An Online Coupon or Digital coupons are discounts, offers and promotions offered by an online store to
current or prospective customers. Similar to their tangible counterparts, coupons are aimed at enticing a
consumer to make a purchase at an online marketplace.
Traditional coupons can, however, be found online – usually at a retailer's website – and printed off for
in-store redemption.
Online coupons may be sent by email or social media to loyal customers, or they may be posted as ad
campaigns or to online coupon aggregation sites.

DIGITAL ASSETS :
A digital asset is content that’s stored digitally. That could mean images, photos, videos, files containing
text, spreadsheets, or slide decks. New digital formats are constantly emerging – MP3s were unheard of
before the 1990s, for instance – so the definition of a digital asset is always expanding. Rather than a
definitive list of file formats that qualify as a digital asset, a digital asset can be any content, in any
format, that is stored digitally and provides value to the company (or to the user or consumer).
A digital asset is any valuable piece of content in a digital format. This includes assets that were created
digitally, as well as those created offline and later stored on a server. And if that sounds like a broad
definition, that’s because it encompasses pretty much everything from emails and account information
to videos and photos.

Ans. 3: FIREWALL AND ITS COMPONENTS

Firewalls sit between a router and application servers to provide access control.
Firewalls were originally used to protect a trusted network (yours) from the untrusted network (the
Internet). These days, it is becoming more common to protect application servers on their own (trusted,
isolated) network from the untrusted networks (your network and the Internet).
Router configurations add to the collective firewall capability by screening the data presented to the
firewall. Router configurations can potentially block undesired services (such as NFS, NIS, and so forth)
and use packet-level filtering to block traffic from untrusted hosts or networks.
The primary goal of a firewall is to block malicious traffic requests and data packets while allowing
legitimate traffic through.
Components of a Firewall:
A. Packet Filtering : Packet filtering is a firewall technique used to control network access by
monitoring outgoing and incoming packets and allowing them to pass or halt based on the
source and destination Internet Protocol (IP) addresses, protocols and ports.
Network layer firewalls define packet filtering rule sets, which provide highly efficient security
mechanisms.
B. Application Gateways : After packet filtering and logging, application gateways function to
provide a higher level of security for applications such as telnet, ftp, or SMTP that are not
blocked at the firewall. An application gateway is typically located such that all application traffic
destined for hosts within the protected subnet must first be sent to the application gateway.
C. Authentication mechanisms: Many Internet services (such as Telnet and FTP) require a remote
user to enter a password in order to gain access to a system. This password is transmitted in
plain-text format, and can be read by any system which is involved in the relaying of the packets
to their destination. In particular, "sniffer" programs can be installed on routers and scan the
packets passing through the router to look for those containing password information. A Telnet
packet containing a password would conform to a certain pattern, and could therefore easily be
identified and analysed by a "sniffer".
SECURITY THREATS
E-commerce security is protection of various e-commerce assets from unauthorized access, its use, or
modification. In simple words, you can say that using the internet for unfair means with an intention of
stealing, fraud and security breach .There are various types of e-commerce threats. Some are accidental,
some are purposeful, and some of them are due to human error.
The most common security threats are phishing attacks, money thefts, data misuse, hacking, credit card
frauds, and unprotected services.
One of the main reasons for e-commerce threats is poor management. When security is not up to the
mark, it poses a very dangerous threat to the networks and systems. Also, security threats occur when
there are no proper budgets allocated for the purchase of antivirus software licenses.

TRANSACTION SECURITY FOR E-COMMERCE:

Client-side security is concerned with the techniques and practices that protect a user's privacy and the
integrity of the user's computing system. Server-side security is concerned with the techniques and
practices that protect the Web server software and its associated hardware from break-ins, Website
vandalism and denial of service attacks.
Secure transmission is concerned with the techniques and practices that will guarantee protection from
eavesdropping and intentional message modification.
Security issues in e-commerce application :
There are following types of security issues in any e-commerce application which needs to
be addressed.
1) Malicious Code
• Viruses: They have ability to replicate and spread to other files; most also deliver a “payload” of some
sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses.
• Worms: They are designed to spread from computer to computer.
• Trojan horse: They appear to be benign, but then do something other than expected .
• Bots: It can be covertly installed on computer; responds to external commands sent by the attacker.
2) Unwanted Programs
These are installed without the user’s informed consent. Following are its types.
A. Browser parasites: It can monitor and change settings of a user’s browser Adware: It calls for
unwanted pop-up ads
B. Spyware: It can be used to obtain information, such as a user’s keystrokes, e-mail, IMs, etc.
3) Phishing and Identity
Theft Any deceptive, online attempt by a third party to obtain confidential information for financial gain
Most popular type: e-mail scam letter – It is one of fastest growing forms of e-commerce crime.
4) Hacking and Cyber vandalism Hacker
Individual who intends to gain unauthorized access to computer systems.
• Cracker: Hacker with criminal intent (two terms often used interchangeably)
• Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site.
5) Credit Card Fraud
Fear that credit card information will be stolen deters online purchases. Hackers target credit card files
and other customer information files on merchant servers; use stolen data to establish credit under false
identity. One solution: New identity verification mechanisms.

6) Spoofing (Pharming) and Spam (Junk) Web Sites Spoofing (Pharming)

Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.
Threatens integrity of site, authenticity etc.
Spam (Junk) Web sites: Use domain names similar to legitimate one, redirect traffic
to spammer redirection domains .
7) DoS and DDoS Attacks Denial of service (DoS) attack
Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of
service (DDoS) attack.Hackers use numerous computers to attack the target network from numerous
launch points.
8) Other Security Threats : Sniffing
Type of eavesdropping program that monitors information travelling over a network; enables hackers to
steal proprietary information from anywhere on a network
1. Insider jobs: Single largest financial threat
2. Poorly designed server and client software: Increase in complexity of software programs has
contributed to increase in vulnerabilities that hackers can exploit.