You are on page 1of 9

Question 1: Explain the three pillars of electronic commerce.

Electronic commerce, commonly known as e-commerce, ecommerce or e-comm, consists of the buying and selling of products or services over electronic systems such as the Internet and other networks. It is more than just buying and selling products online. It also includes the entire online process of Developing, marketing, selling, delivering, servicing and paying for products and services. The amount of trade conducted electronically has grown extraordinarily with widespread Internet usage. The use of commerce is conducted in this way, spurring and drawing on innovations in electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as e-mail, mobile devices and telephones as well. By Peter Fingar, there are three Pillars of Electronic Commerce model: Three electronic pillars support open market processes: electronic information, electronic relationships, and electronic transactions. Thus, this model builds on the existing market space and utilizes electronic mechanisms as an enabler of supporting open market processes. The first pillar, electronic information, is similar to Angehrns virtual information space. The WWW is viewed as a global repository of documents and multimedia data. Constructing an electronic information pillar is easy: most word processing software packages will easily convert documents into a web-readable format. The challenge is to construct a good, solid pillar that will not crumble, or in WWW terms, the web page does not freeze-up or links do not lead the visitor to a dead-end or having them wandering through a maze of links without easily finding the necessary information. Thus, the construction of the electronic information pillar should not be conducted in a shoddy fashion, or it will not adequately support the objective of an open market. The retrieval of the desired electronic information is the cause of frustration to many web surfers. Search engines and other intelligent agents are increasing in popularity to assist users to more efficiently and effectively navigate the WWW.

The second pillar, electronic relationships, is the central pillar, and is similar to Angehrns virtual communication space. The saying If you build it, they will come does not apply to website based electronic commerce. Placing information on products and service offerings on a web site does not mean that potential customers or guests will visit that web site a first time, and it especially does not mean that a user will return to the site. The electronic relationships pillar is about building a site that has the feeling of being a port of entry into a community. Having entrants pass through this port of entry on a somewhat regular basis is the key to successfully engaging in electronic commerce. In order to attract users over and over again to a site (which also means away from other sites), the site needs to have certain features; it must: Be innovative; Add value; Provide information and interaction not otherwise available; and Create forums for opinion-building activities. The third pillar is the Electronic transactions pillar. This pillar is similar to Angehrns virtual transaction space, and also encompasses Angehrns virtual distribution space. Many businesses have build an electronic information pillar and some have build or are building an electronic community pillar, but substantially fewer have constructed the electronic transaction pillar. Two impediments to constructing the pillar exist: the ability to engage in meaningful and sufficient negotiation processes and security of transaction data.

Question 2: List out the benefits of EDI systems.

Electronic data interchange (EDI) is the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents or business transactions, such as orders, confirmations and invoices, between organizations; or it can be business of data from one computer system to another computer system, i.e. from one trading partner to another trading partner without human intervention. It is more than mere e-mail; for instance, organizations might replace bills of lading and even cheques with appropriate EDI messages. It also refers specifically to a family of standards. "EDI saves money and time because transactions can be transmitted from one information system to another through a telecommunications network, eliminating the printing and handling of paper at one end and the inputting of data at the other," Kenneth C. Laudon and Jane Price Laudon wrote in their book Management Information Systems: A Contemporary Perspective. "EDI may also provide strategic benefits by helping firm lock in customers, making it easier for customers or distributors to order from them rather than from competitors." EDI was developed to solve the problems inherent in paper-based transaction processing and in other forms of electronic communication. In solving these problems, EDI is a tool that enables

organizations to reengineer information flows and business processes. It directly addresses several problems long associated with paper-based transaction systems:

Time delaysPaper documents may take days to transport from one location to another, while manual processing methodologies necessitate steps like keying and filing that are rendered unnecessary through EDI. Labor costsIn non-EDI systems, manual processing is required for data keying, document storage and retrieval, sorting, matching, reconciling, envelope stuffing, stamping, signing, etc. While automated equipment can help with some of these processes, most managers will agree that labor costs for document processing represent a significant proportion of their overhead. In general, labor-based processes are much more expensive in the long term EDI alternatives. AccuracyEDI systems are more accurate than their manual processing counterparts because there are fewer points at which errors can be introduced into the system. Information AccessEDI systems permit myriad users access to a vast amount of detailed transaction data in a timely fashion. In a non-EDI environment, in which information is held in offices and file cabinets, such dissemination of information is possible only with great effort, and it cannot hope to match an EDI system's timeliness. Because EDI data is already in computer-retrievable form, it is subject to automated processing and analysis. It also requires far less storage space.

Moreover,in order for business to invest resources to engage in electronic commerce, the benefits must exceed the costs. So the following are the benefits can businesses potentially gain from engaging in electronic commerce: Internet and web-based electronic commerce is more affordable than traditional EDI; Internet and web-based electronic commerce allows more business partners to be reached than with traditional EDI; Internet and web-based electronic commerce can reach a more geographically dispersed customer base; Procurement processing costs can be lowered; Cost of purchases can be lowered; Reductions in inventories; Lower cycle times; Better customer service; and Lower sales and marketing costs.

References: Emmelhainz, Margaret A. EDI: A Total Management Guide. Van Nostrand Reinhold, 1993. Hill, Ned C., and Daniel M. Ferguson. "Electronic Data Interchange: A Definition and Perspective." EDI FORUM: The Journal of Electronic Data Interchange. March 1989. Laudon, Kenneth C., and Jane Price Laudon. Management Information Systems: A Contemporary Perspective. Macmillan, 1991.

Phillipus, Michael D. "Applying Electronic Data Interchange." Risk Management. April 1998. Rhodes, Wayne L., Jr. "Will the Internet Breath Life Into or Kill EDI." AS/400 Systems Management. October 1998. Kantor, Michael; James H. Burrows (1996-04-29). "Electronic Data Interchange (EDI)". National Institute of Standards and Technology.

Question 3: Discuss the seven layers in OSI Model.

Open Systems Interconnection (OSI) model is a reference model developed by ISO (International Organization for Standardization) in 1984, as a conceptual framework of standards for communication in the network across different equipment and applications by different vendors. The OSI 7 layers model has clear characteristics. Layers 7 through 4 deal with end to end communications between data source and destinations. Layers 3 to 1 deal with communications between network devices. On the other hand, the seven layers of the OSI model can be divided into two groups: upper layers (layers 7, 6 & 5) and lower layers (layers 4, 3, 2, 1). The upper layers of the OSI model deal with application issues and generally are implemented only in software. The highest layer, the application layer, is closest to the end user. The lower layers of the OSI model handle data transport issues. The physical layer and the data link layer are implemented in hardware and software. The lowest layer, the physical layer, is closest to the physical network medium (the wires, for example) and is responsible for placing data on the medium. Application (Layer 7) This layer supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. Everything at this layer is application-specific. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and FTP are applications that exist entirely in the application level. Tiered application architectures are part of this layer. Presentation (Layer 6) This layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. The presentation layer works to transform data into the form that the application layer can accept. This layer formats and encrypts data to be sent across a network, providing freedom from compatibility problems. It is sometimes called the syntax layer.

Session (Layer 5) This layer establishes, manages and terminates connections between applications. The session layer sets up, coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. It deals with session and connection coordination. Transport (Layer 4) This layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. Network (Layer 3) This layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. Data Link (Layer 2) At this layer, data packets are encoded and decoded into bits. It furnishes transmission protocol knowledge and management and handles errors in the physical layer, flow control and frame synchronization. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking. Physical (Layer 1) This layer conveys the bit stream - electrical impulse, light or radio signal -- through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier, including defining cables, cards and physical aspects. Fast Ethernet, RS232, and ATM are protocols with physical layer components. Reference: : X.200 : Information technology - Open Systems Interconnection - Basic Reference Model: The basic model. X.207 : Information technology - Open Systems Interconnection - Application layer structure X.210 : Information technology - Open systems interconnection - Basic Reference Model: Conventions for the definition of OSI services X.211 : Information technology - Open systems interconnection - Physical service definition.

Question 4: Briefly discuss about packet filtering.

Definition: A routing device, without packet filtering, looks at a packet's destination address and decides whether or not this packet has to be routed through the router or should remain on that interface. This is a basic principle that routing works under. When you add packet filtering, you add another level of analysis for each packet. The first step is still examination of the destination address. Then, if the router has determined it has to process the packet, it applies its filter "rules". Filter rules are your security policies implemented as approved and disapproved services. For instance, you can restrict packets destined for particular machines, specific types of packets or even packets leaving your LAN destined for the outside world. Packet filtering can be very sweeping or specific down to individual machines and ports. For instance, let's say you are running a web server on machine X. You want users on the Internet to have access to your web pages, but you don't want them trying to telnet into machines on your LAN. You can use packet filtering for this type of selective access. Why Use Packet Filtering? Packet filtering is most commonly used as a first line of defense against attacks from machines outside your LAN. Since most routing devices have built-in filtering capabilities, packet filtering has become a common and inexpensive method of security. Although packet filtering is very flexible and powerful, by no means does it guarantee the security of your LAN and internal data. How powerful is Packet Filtering? Packet filtering allows you to explicitly restrict or allow packets by machine, port, or machine and port. For instance, you can restrict all packets destined for port 80 (WWW) on all machines on your LAN except machine X and Y. The downfall of packet filtering is the lack of flexibility. Standard packet filtering allows or restricts packets to a location or from a location. There is no "sometimes" or "only from this person". If you disallow telnets from the outside world into a particular machine, you've done just that. No machine on the other side of the router can telnet into the machine specified in your filter. This sort of filtering is known as Static Filtering. Dynamic Filtering is more flexible by allowing you to restrict packets only from certain users. For instance, you could stop all incoming telnet packets except those from user X,Y and Z. This is accomplished via an advanced security system which challenges the incoming user to provide a passkey before the router will pass packets into your LAN. This type of packet filtering is not covered in this document.

How to Configure Packet Filters There are three basic steps to packet filtering: 1. Knowing what to permit and what to restrict. 2. Formally defining packets that should be permitted and restricted. 3. Translating formal definitions to router syntax. Step 1. Decide what to permit and what to restrict. As a first step, you must decide, on a conceptual level, what services are approved and which are restricted. For example, do all the machines on your LAN accept mail from the Internet, or is it done by one central machine (i.e., an SMTP Gateway)? The best security policy is to restrict all packets except those expressly permitted. To simplify the procedure, we have three examples of filtering policies with the configuration for your router. Please refer to the primary page for these. Step 2. Formally define rules. Now that you have a conceptual security policy, you need to formally define it in such a way which allows easy translation into vendor syntax. A good template to work under is the following: Action Source deny allow Port Destination Port Type #### #### (type) #### #### (type)

There are a few technical notes to remember:

When designing rules, order of the rules count. When a packet meets a rule, the rest of the rules are ignored. TCP packet streams flow in two directions. Even though data is flowing in one direction, acknowledgment packets and control packets must flow the other way. All our customers have free and unlimited customer support. We will be more than happy to assist with any and all aspects of packet filtering, from the concepts to the technical implementations. Furthermore, since this router is Certified and Supported, we have experience with the nuances of the vendor specific syntax for implementing your packet filter policies!

Step 3. Translate into vendor specific syntax. Take a look at our Automated Filter Builder to convert your security profile to the syntax for your router. Reference:

Question 5: What are the objectives of disaster recovery plan?

A disaster recovery plan (DRP) - sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. Disaster recovery is becoming an increasingly important aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are simply more things that can go wrong. As a consequence, recovery plans have also become more complex. According to Jon William Toigo (the author of Disaster Recovery Planning). For example, fifteen or twenty years ago if there was a threat to systems from a fire, a disaster recovery plan might consist of powering down the mainframe and other computers before the sprinkler system came on, disassembling components, and subsequently drying circuit boards in the parking lot with a hair dryer. Current enterprise systems tend to be too large and complicated for such simple and hands-on approaches, however, and interruption of service or loss of data can have serious financial impact, whether directly or through loss of customer confidence. Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery. The probability of a disaster occurring in an enterprise is highly uncertain. A disaster plan, however, is similar to liability insurance: it provides a certain level of comfort in knowing that if a major catastrophe occurs, it will not result in financial disaster. Insurance alone is not adequate because it may not compensate for the incalculable loss of business during the interruption or the business that never returns.

Normally, a good planning involves considering the following objectives: Assessment of vulnerabilities Prevention and reduction of risk Creation of cost-effective solutions Minimization of business interruption and assurance of business continuity Securing alternative Internet access modes Recovery of lost data Providing disaster recovery procedures Training employees for disaster recovery scenarios

In designing a plan, the primary goal is to reduce the interruption of business and to ensure business continuity. For firms that have electronic commerce as mission-critical applications, alternative ISPs, web servers, and necessary databases and web-based programs must be readily and rapidly available. Disaster recovery plans, in order to be conducted properly, need support from top management because these plans can use substantial firm resources, both financial and human. Further, disaster recovery plans should be updated continuously as the operations change that they are intended to replace or supplement. An outdated plan may have been brilliant when it was created, but if it no longer reflects reality, it will be useless or less than sufficient when a disaster strikes.