Overview

What technologies are required to support a

sophisticated eBusiness website?
E-business technologies „ Applications development
„ Back-
Back-office applications
„ Client/server technologies
Grant Castner What security technologies can you implement
to protect your online investment?
www.uoregon.edu/~gcastner
Please stop me if you want anything explained!

1 2

Discussion Discussion summary

What technologies (e.g. software, Web content Scripting languages
programming languages) have you „ Fireworks
already used to develop your web pages? „ Photoshop
„ Flash
„ What were the advantages of the
technologies?
„ What were the limitations? Integrated development Programming languages
environments (IDE)
„ Dreamweaver

3 4

Electronic Business Applications

Exercise
Development
Split up into groups of four
http://java.sun.com/
Assign each group member a technology
from the previous slide.
www.asp.net Individually, find out the purpose and
features of your technology.
Report back to your group on what you
find.
www.php.net www.xml.org

5 6
 ASP.NET Java
Flexible language options
Flexible formats and outputs

7 8

PHP XML
Server-
Server-side scripting Across platforms
Information about data
„ Standardization
Avoid duplication

9 10

ASP.NET ASP.NET
Developed by Develop ASP .Net files on text editor or .Net
Microsoft development tool
Dreamweaver
A framework that „

„ Visual Studio .Net

allows you to build
applications over the Uses .aspx extension
web. Create applications using your preferred
programming language:
It is not a „ Visual Basic.NET
programming „ C# (similar to the C++ programming language)
language. „ J# (equivalent to the Java programming language)

11 12
 How ASP.NET Pages Work Web Environment with ASP.NET
CLIENT (Web browser) Server (Web server)
Your ASP.NET page is compiled into a language called
the Microsoft Intermediate Language (MSIL) Request
First request?
The Common Language Runtime environment compiles Client
the MSIL into the computer’s native machine language (Web Browser) Yes

„ MSIL can therefore run on any type of computer. Compile

No
Handle events

Execute code
Source file in text Compiled file
Compiler
format in MSIL Client Web page
(HTML only)
Translate (into HTML)
13 14

Back-office integration Exercise

Each group select a company from the previous
page.
Within each group, assign each person one of
the following questions:
Customer relationship „ What is the main application the company sells (e.g.
Database management management systems database management software, customer
systems (DBMS) (CRM)
relationship management software)?
„ What are some of the features of the application?
„ What companies have used the software and what
were the benefits (e.g. search for case studies)?
„ How could the application be used to improve your
Database management own eBusiness website?
Enterprise resource planning
systems (DBMS)
systems (ERP)

15 16

Database Management System

MySQL
Price Comparison
An open-
open-source database management Oracle
system. STANDARD EDITION $15,000

Example installations: ENTERPRISE EDITION $40,000

„ Associated Press IBM DB2

„ NASA WORKGROUP
„ U.S. Census Bureau ENTERPRISE EDITION
„ Yahoo Finance
Microsoft SQL Server
Simple example: STANDARD EDITION
„ Pacific Garden Chinese Restaurant ENTERPRISE EDITION
Source: Meta Group Inc.,
Stamford, Conn.
17
$7,500 MySQL AB’s software
$25,000 costs $440 per server.
The MySQL source
code can be
downloaded for free.
$4,999 Here’s a look at the
costs of competing
$19,999 products, which are
priced per processor.
18
 CRM CRM Functions
Sales force automation
Marketing automation
Lead processing
Order tracking
Call center automation
Configuration management
Customer self-
self-service
Field service management
Interactive voice response
Data mining
Customer profiling
Campaign management

19 20

Siebel: A CRM vendor Siebel: A CRM vendor

21 22

Web servers and network operating

Security discussion
systems
What are the different ways that computer
networks can be attacked?
Apache Web Server Internet Information Services (IIS)

Remember: security is a management

issue as much as it is a technology
issue.
„ Do you agree?
Sun ONE Application Server Linux operating system

23 24
 Discussion Summary Discussion Summary
Physical access attacks Penetration attacks
„ Scanning (probing)
„ Wiretapping
„ Break-
Break-in
„ Server hacking „ Denial of service
„ Vandalism „ Malware
Viruses
Dialog attacks Worms
„ Eavesdropping Social Engineering
„ Impersonation „ Opening attachments
„ Password theft
„ Message alteration
„ Information theft

25 26

General security objectives Security technologies

Confidentiality What security technologies do you know about
„ Freedom from the fear that messages are being read that attempt to prevent the attacks we just
by eavesdroppers who should not be able to do so. discussed?
Integrity „ Secure sockets layer
„ Information has not been added to, altered, or deleted „ Firewalls
– except with authorization. „ Intrusion detection systems
Availability „ Anti-
Anti-virus software
„ Authorized users can get access to IT resources. „ Managing users, groups, and access permissions
„ Encryption (of files, e-
e-mails)

27 28

Secure Sockets Layer (SSL) Firewalls

SSL (Secure Sockets Layer) is a commonly-
commonly- A computer or router that controls access in and
used protocol for managing the security of a out of the internal computer network of an
message transmission on the Internet. organization.
It automates most of the encryption process. Work by reading control portion of messages
and deciding whether to allow the messages in
SSL uses a program layer located between the or out of the network.
(HTTP))
Internet's Hypertext Transfer Protocol (HTTP Examples:
(TCP)) layers.
and Transport Control Protocol (TCP „ ZoneAlarm from Zonelabs (personal firewall)
All websites starting with https:// are using SSL „ CheckPoint Firewall-
Firewall-1
„ Netscreen firewalls

29 30
Example firewall configuration Intrusion detection systems (IDS)
A device that warns administrators if it detects a possible
attack underway.
Also collects data on suspicious packets for subsequent
analysis.
Sometimes takes action on its own to stop an attack
Software and sometimes hardware that captures
network and host activity data in event logs and provides
automatic tools to generate alarms, and query and
reporting tools to help administrators analyze the data
interactively during and after an incident.
Example:
„ Tripwire

31 32