E-COMMERCE(2 MARK QUESTIONS)

1.What is E-Commerce?

• E-commerce (electronic commerce or EC) is the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the internet.
• These business transactions occur either as business-to-business, business-to-consumer, consumer-to-consumer or consumer-to-business.

2.Define EDI

• Electronic Data Interchange (EDI) is the computer-to-computer exchange of business documents in a standard electronic format between business partners.

3.Write the Goals of Security
1.Privacy
2.Integrity
3.Authentication
4.Availability


4.What are the steps included in SET?
 1.Card holder requests purchase
2.merchant contacts payment gateway for authentication
3.payment is authorized
4.card holder is notified for authorization
5.merchant requests payment capture from gateway
6.token is issued to merchant
7.merchant redeems token for transfer into its bank account

5.What is Telnet?

• A program that allows one system to log in to a remote host on a TCP/IP network.
• Users must have valid user names and passwords before accessing the remote system.
• Telnet sends all messages in clear text and has no specific security mechanisms.

6.What is Firewall?

• A firewall is software used to maintain the security of a private network.
• Firewalls block unauthorized access to or from private networks and are often employed to prevent unauthorized Web users or illicit software from gaining access to private networks connected to the Internet.
• A firewall may be implemented using hardware, software, or a combination of both.

7.List out the tools required for SATAN?

• HTTP server that acts as as a dedicated SATAN web server
• Magic cookie generator that generates 323 bit magic cookie that includes a session key.
• Policy Engine that defines  which hosts are allowed to be probed

8.Define Encryption.

• Encryption is the process of using an algorithm to transform information to make it unreadable for unauthorized users.
• This cryptographic method protects sensitive data such as credit card numbers by encoding and transforming information into unreadable cipher text.
• Also called ciphering.

9.How can we authorize the payment through online?
We can authorize the payment through online by using
1.public key cryptography
2.digital signatures

10.distinguish between Internet and Intranet.
Internet
1. Internet is wide network of computers and is open for all.
2. Internet itself contains a large number of intranets.
3. The number of users who use internet is Unlimited.
4. The Visitors traffic is unlimited.
5. Internet contains different source of information and is available for all.

Intranet
1. Intranet is also a network of computers designed for a specific group of users.
2. Intranet can be accessed from Internet but with restrictions.
3. The number of users is limited.
4. The traffic allowed is also limited.
5. Intranet contains only specific group information.

11.List out the cards available in E-commerce.
1.credit cards
2.debit cards
3.smart cards
4.E-wallet

12.What is the main purpose of E-mail.

• This store and forward mail service allows users to communicate throughout the network,requiring only a target address and a point of access.

13. What do you mean by Electronic Marketers?

• Electronic marketers are defined as companies that market their products and services to other businesses or consumers through private online networks,commercial on-line services such as Prodigy and america online(AOL),CD_ROMs,Telecommunications enhanced CD-ROMs,interactive television and web tv and floppy disk media.

14.Expand ISP , NSP, ADSL ,IMP and PSTN
ISP-Internet Service providers
NSP-Network service Providers
PSTN-Public Switched Telephone network
ADSL-Asymetric Digital Subsciber line.
IMP-Internet Mercantile protocol.

15.Write down the applications of E-commerce?
1.Electronic fund transfer.
2.Enterprise integration.
3.computer supported collaborative work.
4.Government regulatory data interchanges

16.Write down the benefits of Electronic web commerce
1.Reduced costs to buyers from increased competition.
2.reduced costs to suppliers by electrically accessing on-lne databases of bid opportunites.
3.Reduced errors,time and overhead costs in information processing by eliminating requirements for reentering data.
4.creation of new markets through the ability to easily and cheaply reach potential customers,

17.What do you mean by intelligent agents?

•  A technology that may increase marketers opportunities for success is intelligent agents.Agents are software modules that retrieve relevant information based on their user's preferences and past buying habits.

18.Expand FTP,WAIS,CGI,HTTP
FTP-File Transfer Protocol.
WAIS-Wide Area Information server.
CGI-common Gateway Interface
HTML-HyperTextMarkup Language.

19.What is CGI?

• CGI is the protocol for processing user-suppled informaton through server scripts and applications ,including SQL queries.

20.What do you mean by screen phones?

• Screen phones are similar to regulartelephone but have advanced features such as credit card readers,small screens and keypads that can be used for a variety of interactive ,transactional and information services.

21.What do you mean by kiosks.

• Kiosks are displays used to provide merchandise information in a remote location such as retail store or a shopping mall.
• Kiosks employ a variety of technologies to deliver multimedia marketing information.

22.What are the open issues related to E-commerce?
1.Taxation
2.Customs
3.Regulation
4.Fraud
5.security.

23.Mention the types of software packages that make up an EDI terminal on a PC?
1.Application software.
2.Message Translator.
3.Routing manager.
4.Communication handler.

24.Give the modes of Electronic commerce
1.Business to business
2.Business to consumer.
3.consumer to consumer.

25.Mention the revenue opportunities for web commerce?
1.Technical and consulting services.
2.Merchandising products information.
3.Transport services.
4.directory services.
5.Content creation.
6.Subscriptions
7.Access services.
8.Advertising services.
9.Hosting of web sites.

26. List down the types of active threats?
1.message -stream modification.
2.denial of message service.
3.masquerade.

27. What are security strategies?List Down.

• Security strategies are that can be utilized to combat the threats.
• Basic Security strategies are

1.access control
2.integrity.
3.confidentiality
4.authentication.

28. What are the additional applications of E-commerce.
1.Retail & wholesale.
2.Marketing.
3.Finance.
4.Manufacturing.
5.Auctions.

29. Name some companies that support secure transaction.
1.Biznet Technologies.
2.CommerceNet
3.Cybercash
4.Digicash.
5.First virtual holdings.
6.Net cash
7.Terisa systems.
8.open market
9. Net cheque.
10. RSA data security.

30.Write the difference between network security and computer security.
computer security:

• measures needed to protect data against unauthorized disclosure,modification,utilization,restriction,incapacitation or destruction.

Network security:

• measures needed to protect data during transmission ie while transporting data between the user and computer and between computers.

31.List the common elements of B2B exchange?
1.based around a specific industry sectors-Petroleum industry is an example. Those help buyers source goods and services that are largely specific to industries.
2.based around products and services-Examples include the marketplaces for maintenance, repair and operating (MRO) goods such as safety and office supplies.
3.focused on the functions-HR departments manage employee benefits; help companies dispose of excess inventory and so on.

32.Give any TWO examples of B2C model.
1.Facebook
2.Amazon
3.Twitter
4.Uber

33.What is meant by secure transaction.

• Transactions done over the internet between internet vendors with high security of payments is called secure transactions.
• Secure transaction can be done with the help of security payment protocols such as SEPP,STT and SET.

34.Define Intranet.

• An intranet is a secure and private enterprise network that shares data of application resources via Internet Protocol (IP). 
• An Intranet differs from the internet, which is a public network.
• Intranet, which refers to an enterprise’s internal website or partial IT infrastructure, may host more than one private website and is a critical component for internal communication and collaboration.

35.What is SET?

• SET is a combination of an application level protocol and recommended procedures for handling credit card transactions over the internet.
• SET covers certification of all parties involved in a purchase as well as encryption and authentication procedures.

36. Define computer virus.

• A virus is a program that can infect other programs  by modifying them to include a copy of itself.
• It is possible that any program that comes in contact with virus will become infected with the virus.
• It can alter data in files,change disk assignments,create bad sectors,destroy FAT...etc....

37.What is need for computer security

• Collection of tools designed to protect data is computer security.

38.List the advantages of E-Mail.

1.most widely used to communicate over the  network.

2.its free-Once you’re online, there is no further expense.

3.easy to reference-Sent and received messages and attachments can be stored safely, logically and reliably.

4.easy to  prioritize-Incoming messages have subject lines that mean you can delete without opening.

5.easy to use-sending and receiving messages is simple. 

6.spped-is as fast a form of written communication as any.

7.global-Web based email means you can access your messages anywhere online.

8.Good for the planet-email offsets some of the damage by reducing the environmental cost of contact.

9.Info at your fingertips-Storing data online means less large, space taking file cabinets, folders and shelves.

10.Send reminders to yourself-Email yourself messages from work to home or vice versa. 

11.Leverage-Send the same message to any number of people.

39.What is MOSS?

• MIME object security services,is a protocol used to apply digital signature and encryption services to MIME objects.
• These services are offered through the use of end-to-end cryptography between an originator and a recepient at the application layer.
• MOSS is designed to overcome the limitations of PEM.

40.Define Omninet.

• omninet is a Full service cyber security network.
• Omninet develops the modular business process platform Omnitracker which  provides components and applications that serve the far-reaching automation of IT-based workflows to B2B customers across all industries such as Industrial companies, service organizations, IT service providers and authorities
• The OmniNet Cloud is a multi-layered, sophisticated security stack that inspects all traffic at wire speed using up to a half dozen industry leading security engines. 

41.what is S-HTTP?

• S-HTTP (Secure HTTP) is an extension to the Hypertext Transfer Protocol (HTTP) that allows the secure exchange of files on the World Wide Web.
• S-HTTP is an alternative to another well-known security protocol, Secure Sockets Layer (SSL).
• S-HTTP is used in situations where the server represents a bank and requires authentication from the user that is more secure than a userid and password.

42.List down any two major business requirements addressed by SEPP?

1. To enable confidentiality of payment information.

2.To enable integrity of all payment data transmitted.

3.To provide authentication that a card holder is the legitimate owner of a card account.

4. to provide authentication thar a merchant can accept Master card branded card payments with an acquring member financial institution.

43.What is cyber cash?

• Cyber cash is a digital cash software system which is used like a money order,guranteeing payment to the merchant before the goods are shipped.
• Cyber cash provides a secure solution for sending credit card information across the Internet by using encryption techniques to encode credit card information.
• CyberCash is a digital cash software system which is used like money order,guaranteeing payment to the merchant before the goods are shipped.
• Cyber Cash provides a secure solution for sending credit cards information across the Internet by using encryption techniques to encode credit card information.

44.Define Passive Threats.

•  Passive Threats involve monitoring the transmission data of an organization.
•  The goal of the attacker is to obtain information that is being transmitted.
•  Passive threats are difficult to detect because they do not involve alteration of the data.

45.What is meant by Cryptography.

• Cryptography involves creating written or generated codes that allow information to be kept secret.
• Cryptography converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format, thus compromising the data.
• Cryptography also allows senders and receivers to authenticate each other through the use of key pairs.
• Cryptography is also known as cryptology.

46.List the transactions in payment processing. 

1.Cardholder registration.

2.Merchant registration.

3.Purchase request.

4. Payment authorization.

5.Payment capture.

47.Define Gopher.

• Gopher is an Internet service that allows the user to browse Internet resources using lists and menus.
• Gopher groups information resources by category.
• This is a tree branch approach to information searching 

48. DEFINE VERONICA.

• Veronica -Very Easy Rodent-Oriented Netwide Index to Computerized Archives
• Veronica is an Internet menu based facility that helps the user find the Gopher servers that may contain the information needed.
• It is an aid to finding the titles of files or documnets.
• It is often available from Gopher sites.
• The user browses Veronica in the same way as Gopher

49.Define WAIS.

• WAIS-Wide Area Information Server
• Wais is a distributed information service available to search Internet database indexes using simple natural language input.
• It allows the user to perform keyword searches of the full text using electronic forms.

50.DEFINE  USENET NEWSGROUPS.

• These public bulletin boards or discussion groups contain a large collection of opinions ,comments,questions and answers from Internet users every where.
• The messages are posted via E-mail.
• While most conferences are completely open to the public,an increasing number are moderated that is the messages cannot be directly posted to the conference ,but are instead posted to a human moderator who chooseswhich message to display

51.Define IRC.

• IRC-INTERNET RELAY CHAT
• IRC is like CB radio,except that instead of talking,users use a computer screen and a keyboard .
• From the client point of view, it is similar to PHONE which was a standard utility on DEC VAX stations and on UNIX systems.

52.Define Routing Arbiters(RA)

• The RA is the organization that provides routing information at each NAP.
• The RA provides customized routing information at each NAP which reflects all bilateral agreements between the NAP's clients.
• The RA is provided under award from the NSF,Merit Network.
• The efforts of the RA are: Route Servers,Network management system

53.What is SEPP and SET?

SEPP:

• an open ,vendor-neutral,nonproprietary,license-free specification for securing on-line transactions.
• SEPP is the electronic equivalent of the paper charge slip,signature and submission process.
• SEPP takes input from the negotiation process and causes the payment to happen via a three way communication among the card-holder,merchant and acquirer.

SET:

• SET is a combination of an application-level protocol and recommende procedures for handling credit card transactions over the Internet.
• SET covers certification of all parties involved in a purchase as well as encryption and authentication procedures.

    54.Define Hashing?

• Hashing is generating a value or values from a string of text using a mathematical function.
• Hashing is one way to enable security during the process of message transmission when the message is intended for a particular recipient only.
• Hashing is also a method of sorting key values in a database table in an efficient manner.           

55.Define Bastion Hosts.

• A system that has been hardened to resist attack and which is installed on a network in such a way that it is expected to potentially come under attack.
• Bastion hosts are often components of firewalls or may be outside web servers of public access systems.
• Generally a bastion host is running some form of general purpose operation system rather than a ROM-based or firmware operating system.

56.Define Verisign.

• Verisign is offering its digital signature technology for authenticating users as a component separate from encryption,which allows for export of stronger authentication.

57.Define Digi cash.

• Digi cash is a software company whose products allow users to purchase goods over the Internet without using a credit card.
• Digicash is a software-only electronic cash system that provides complete privacy.
• The benefit of the Digi cash model is its ability to hold larger amounts of money than a credit card amount.

58.Define Net Cash

• Netcash is the Internet's answer to traveler's checks.
• To use NetCash users must enter their checking account or credit card numbers into an on-screen form and e-mail it to the NetCash system.
• This entitles the users to purchase  electronic coupons from Net Cash for their face value plus a 2 percent commission.

59.Write down the commercial electronic payment schemes
1.Netscape.
2.Microsoft
3.Checkfree.
4.CyberCash.
5.Verisign
6.Digicash
7.First virtual Holdings.
8.Bank America/Lawrence Livermore Labs
9.Commerce Net
10.Netcash

60.Define Mondex.

• Mondex is based on smart-card technology intially backed by the United Kingdom's National Westminster and Midland bank.
• The electronic purse is a handheld smart card;it remebers previous transactions and uses RSA cryptography.

61.What are the other approaches for electronic payment schemes

1. Mondex

2.NetMarket.

3.open market

4.Global On-line

5.NetBill

6.Clickshare Corporation

7.Wallets

62.Expand JEPI,PEP,UPP

• JEPI-Joint electronic Payment Initiative.
• PEP-Protocol Extension Protocol
• UPP-Universal Payment Preamble.

63.How threats are divided into?

1.Passive Threats.

2.Active Threats

64.Mention some hacking techniques.

1.Stolen access.

2.Stolen resources.

3.Internet virus.

4.E-mail impostures.

5.e-mail snooping.

6.sniffing.

7.spoofing

8.Async attacks

9. Trojan horses.

10.Back doors.

65.Define SATAN

• SATAN-Security Administrator Tool for Analyzing Networks.
• It is a vulnerability detection application designed to hack into Internet connected hosts.
• It is a Unix program that checks both local and remote hosts for vulnerabilities.
• It is a powerful tool that can thoroughly scan systems and entire networks of systems for a number of common critical security holes.
• SATAN can be used by administrators to check their own networks.
• SATAN ,is a program freely available via Internet.

66.Write down the intruder approaches.

1.Bulletin Boards.

2.Electronic Mail.

3.File Transfer

3.IP Spoofing

4.Password guessing.

5.Password Sniffing.

6.Telnet

7.Viruses.

8.Satan

67.What do you mean by KERBEROS.

• KERBEROS provides authentication means in open network.
• This is accomplished without relying on authentication by the host operating system,without basing trust on host addresses,without requiring physical security of all the hosts on the network and under the assumption that protocol data units traveling along the network can be read,modified and inserted at will.
• KERBEROS  performs authentication under these conditions as a trusted third part authentication under these conditions as s trusted third party authentication service by using conventional cryptography.

68.Write down the limitations of KERBEROS.

1.Vulnerability of passwords and encryption keys when presented to or maintained by the workstation.

2.The need for synchronized clocks.

3.No support for authenticated messages to multuiple recipients.

4.Weak assurances against repudiation.

69.What do you mean by PEM.

• PEM-Privacy Enhanced Mail.
• PEM describes formats and techniques for encrypting message contents and authenticating message senders.
• PEM allows users to send e-mail and have it automatically encrypted.

70.Write down the types of PEM messages.

• There are three types of PEM messages.

1.MIC-(Message Integrity Code )-CLEAR,message integrity checked in cleartext has a digital signature affixed to its unencrypted contents

2.MIC-ONLY,message integrity checked is encoded to protect the message's content

3.ENCRYPTED messages are also integrity checked and contain cipher text,that is ,they are encrypted.

71.What do you mean by PGP.

• PGP-Pretty Good Privacy.
• PGP is an actual program that has become the de facto standard on the Internet for electronic mail.
• PGP utilizes the International Data Encryption Algorithm(IDEA);RSDA and MD5 algorithms to provide message encryption.
• PGP incorporates features such as digital signatures and allow the user to determine the level of security necessary by allowing the user to choose the size of the encryption key.
• PGP also provides compression of data prior to applying the encryption algorithm.

72.What do you mean by Smart Cards.

• A smart card is a portable device that contains some non-volatile memory and a microprocessor.
• This card contains some kind of an encrypted key that is compared to a secret key contained on the user's processor.

73.Define MIME.

• MIME-Multipurpose Internet Mail Extensions
• is a standard that defines the format of textual messages exchanged on the Internet.
• Its purpose is to standardize the format of message bodies in away that enables them to carry many types of recognizable non-ASCII data.

74.Write down the types of MIME message 

1.Application

2.Audio

3.Image

4.Message

5.Multipart

6.Text

7.Video.

75. What is decryption?

• The translation of encrypted text or data(called cipher text) into original text or data (call clear text).
• Also called deciphering.

76. What is private Key?

• One of the two keys used in a symmetric encryption system.
• For secure communications,the private key should be known only by its creator.

77.What is public Key?

• One of the two keys used in a symmetric encryption system.
• The public key is made public,to be used in conjunction with a corresponding private key.

78.Define proxy?

• A software agent that acts on behalf of a user.
• Typical proxies accept a connection from a user,make a decision as to whether or not the user or client IP address is permitted to use the proxy,perhaps do additional authentication,and then complete a connection behalf of the user to a remote destination.

79.What is RLogin?

• A tool that allows one system to log in to a remote UNIX host.
• Users do not have to have valid user names or passwords to access the system,as is required when using Telnet.

80.What do you mean by DNS spoofing?

• Assuming the DNS name of another system by either corrupting the name service cache of a victim system or by compromising a domain name server for a valid domain.

81.What do you mean by IP spoofing?

• An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

82.What do you mean by IP splicing/hijacking?

• An attack whereby an active ,established session is intercepted and coopted by the attacker.
• IP splicing attacks may occur after an authentication has been made,permitting the attacker to assume the role of an already authorized user.
• Primary protection against IP splicing relies on encryption at the session or network layer.

83.What do you mean by authentication?

• The process of determining the identity of a user that is attempting to access a system.

84.What do you mean by authorization?

• The process of determining what types of activities are permitted.
• Usually authorization is in the context of authentication;once you have  authenticated a user,that user may be authorized for different types of access or activity.

85.Define Worm

• Program that can replicate itself and send copies from computer to computer across network connections.
• Upon arrival,the worm may be activated to replicate and propagate again.
• In addition to propagation,the worm usually performs some unwanted function.

86.Define Trojan horse.

• A software entity that appears to do something normal but which,in fact,contains a trapdoor or attack program

87. Define WWW

• The World Wide Web (WWW) is a network of online content that is formatted in HTML and accessed via HTTP.
• The term refers to all the interlinked HTML pages that can be accessed over the Internet.