Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download CHAPTER 7
Document related concepts
Transcript
CHAPTER 7 Telecommunications, the Internet, and Wireless Technology Telecommunications and Networking in Today's Business World There are two fundamentally different types of telecommunications networks: telephone networks and computer networks, which are slowly merging into a single digital network using shared Internet technology and equipment. Both voice and data communication networks have also become more powerful (faster), more portable (smaller and mobile), and less expensive. Today more than 60 percent of U.S. Internet users have high-speed broadband connections provided by telephone and cable TV companies running at one million bits per second. The cost for this service has fallen exponentially. Increasingly, voice and data communication as well as Internet access are taking place over broadband wireless platforms. In addition to client computers, the major components used in a simple network include: FIGURE Network interface cards (NICs): Typically built into client computers Connection medium: Cables or wireless signals for transmitting data Network operating system (NOS): Software that manages communications on the network and coordinates network resources, and can reside on every computer or on a dedicated server computer Hub or switch: Hubs are devices that connect network components, sending packets of data to all connected devices. Switches are like hubs but can forward data to specific destinations. Routers are network devices to connect two or more networks 7-1 COMPONENTS OF A SIMPLE COMPUTER NETWORK Illustrated here is a very simple computer network, consisting of computers, a network operating system residing on a dedicated server computer, cable (wiring) connecting the devices, network interface cards (NIC), switches, and a router. Large corporate network infrastructure typically consists of small local-area networks (LANs) linked to firm-wide corporate networks for data and voice communication, and various powerful servers, for supporting corporate Web sites, an intranet, extranets, or connecting to backend systems such as sales, ordering, and financial transactions. Corporations face the problem of integrating these networks, a task becoming easier as communications become digital. FIGURE 7-2 CORPORATE NETWORK INFRASTRUCTURE Today’s corporate network infrastructure is a collection of many different networks from the public switched telephone network; to the Internet; to corporate local-area networks linking workgroups, departments, or office floors. Contemporary digital networks are based on three key technologies: 1. Client/server computing: In client/server computing, client computers are linked to each other through a network controlled by a server computer, which sets the rules of communication for the network and provides addresses for each client and device on the network. 2. Packet switching: A method of breaking messages into small packets that are sent independently along different paths in a network using a router and then reassembled at their destination. FIGURE 7-3 PACKED-SWITCHED NETWORKS AND PACKET COMMUNICATIONS Data are grouped into small packets, which are transmitted independently over various communications channels and reassembled at their final destination. 3. Common protocols and TCP/IP: Widely used communications protocols provide a set of rules to enable communication among diverse components in a telecommunications network. TCP/IP is a suite of protocols which has become the dominant model of achieving connectivity among different networks and computers and on the Internet, providing a method for breaking up messages into packets, routing them to the proper address, and reassembling them. The TCP/IP reference model has four layers. Two computers using TCP/IP can communicate even if they are based on different hardware and software platforms. FIGURE 7-4 THE TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL (TCP/IP) REFERENCE MODEL This figure illustrates the four layers of the TCP/IP reference model for communications. Communications Networks Electronic signals in a telecommunications network can be analog or digital. A modem (abbreviated from MOdulation/DEModulation) is a translating device that can convert signals from digital to analog and back. FIGURE 7-5 FUNCTIONS OF THE MODEM A modem is a device that translates digital signals from a computer into analog form so that they can be transmitted over analog telephone lines. The modem also translates analog signals back into digital form for the receiving computer. Types of networks include: Local area network (LAN): Up to 500 meters (half a mile); an office or floor of a building Campus-area network (CAN): Up to 1,000 meters (a mile); a college campus or corporate facility Metropolitan-area network (MAN): A city or metropolitan area Wide-area network (WAN): A transcontinental or global area Ethernet is the dominant LAN standard at the physical network level, specifying the physical medium to carry signals between computers; access control rules; and a standardized frame, or set of bits used to carry data over the system. LANS may use a client/server (in Windows, a domain network model) architecture or a peer-to-peer architecture (in Windows, a workgroup network model), in which computers exchange data without going through a separate server. Larger LANS may have multiple servers for different, specific purposes, such as print, Web, mail, or application servers. LANs have different topologies, ways of connecting their components. There are three major network topologies: A star network consists of a central hub connected directly to a number of other computers or terminals. All communications must travel through the host. A bus network links a number of computers by a single circuit; all signals are broadcast in both directions to the whole network, and software identifies which component is to receive a message. Bus networks fail less often and are the most common Ethernet LAN topology. A ring network links all computers by a closed loop and passes data in one direction from one machine to another. FIGURE 7-6 NETWORK The three basic network topologies are the bus, star, and ring. TOPOLOGIES Networks use different types of physical transmission media, including: Twisted wire: Pairs of copper wires used mostly for analog voice signals but also sometimes for data. Twisted wire is the oldest medium. Coaxial cable is thickly insulated wire that is faster and more interference-free than twisted wire. Fiber-optic cable consists of thousands of tiny clear glass fibers along which data is sent as pulses of light. Although primarily used as high-speed network backbone (the part of a network that handles major traffic), fiber optic is also being installed in homes and businesses. Telecommunications carriers use fiber optic to build purely optical networks to provide high-capacity transmission for multimedia, and other data-intensive information services. Optical networks boost capacity by using dense wavelength division multiplexing (DWDM), which enables the simultaneous transfer of multiple transmissions along a single channel. Wireless transmission uses radio frequencies or infrared signals to transmit data wirelessly. Microwave systems (terrestrial and satellite) transmit high-frequency radio signals and are used for high-volume, long-distance, point-to-point communications. Microwaves follow a straight line, and transmission stations or satellites are used as relay stations for long distance signals. FIGURE 7-7 BP AMOCO’S SATELLITE TRANSMISSION SYSTEM Satellites help BP Amoco transfer seismic data between oil exploration ships and research centers in the United States. Cellular telephones use the 800-2000 MHz radio spectrum to communicate with radio antennas (towers) placed within adjacent areas, or cells. Older cellular systems are analog, while contemporary systems are digital, supporting data transmission as well as voice transmission. Telecommunications transmission speed is represented in bits per second (bps). The number of cycles per second a medium can send is called hertz; the capacity of the channel, measured as the difference between the highest and lowest frequencies it can transmit, is called bandwidth. A number of services are available to organizations requiring broadband, or high-speed transmission, capabilities or access to the Internet, including: Frame relay is a shared network service that is cheaper and faster than packet switching because it does not use error correction routines. Asynchronous transfer mode (ATM) technology parcels information into 53-byte "cells" that can transmit data, video, and audio over the same network and that can pass data between computers from different vendors. ISDN (Integrated Services Digital Network) is an older telephone standard for voice, video, image, and data transmission over twisted-pair telephone lines. Digital subscriber line (DSL) technologies also use existing copper telephone lines to carry voice, data, and video, but they have higher transmission capacities than ISDN. Cable internet connections operate over cable TV lines to provide high-speed access to the Internet or corporate intranets. T lines are expensive, high-speed data lines leased by large corporations from communication providers, typically long-distance telephone companies. A T1 line has 24 64-Kbps channels that can support a total data transmission of 1.544 Mbps, and a T3 line can support up to 45 Mbps. The Internet The Internet is the largest implementation of client/server computing and internetworking, linking hundreds of thousands of individual networks and 1 billion people worldwide. Individuals connect to the Internet in two ways: through local Internet service providers (ISPs) and through their business firms. The Internet is based on the TCP/IP networking protocol suite. Every computer is assigned a unique Internet Protocol (IP) address, which is currently four strings of numbers ranging from 0 to 255, as in the address 207.46.250.119. The Domain Name System (DNS) is a system for converting IP addresses into names, such as google.com. DNS has a hierarchical structure which specifies a root domain, top-level domains, second-level domains, and host computers at the third level. FIGURE 7-8 THE DOMAIN NAME SYSTEM The Domain Name System is a hierarchical system with a root domain, top-level domains, second-level domains, and host computers at the third level. Internet traffic moves over trunk lines, transcontinental high-speed backbone networks, typically owned by long-distance telephone companies (network service providers) or national governments. Local connection lines are owned by regional telephone and cable television companies in the US that lease access to ISPs, private companies, government institutions, and retail users. FIGURE 7-9 INTERNET NETWORK ARCHITECTURE The Internet backbone connects to regional networks, which in turn provide access to Internet service providers, large firms, and government institutions. Network access points (NAPs) and metropolitan area exchanges (MAEs) are hubs where the backbone intersects regional and local networks and where backbone owners connect with one another. MAEs are also referred to as Internet Exchange Points. Internet policies are established by several organizations and governmental bodies, including the Internet Architecture Board (IAB), the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Network Information Center (InterNIC), the Internet Engineering Task Force (IETF), the Internet Society (ISOC), and the World Wide Web Consortium (W3C). These agencies influence government agencies, major network owners and ISP. Everyone who uses the Internet pays some fee—hidden or otherwise—to maintain the network. For example, each organization and business firm pays for its own networks and its own local Internet connection services, a part of which is paid to the longdistance trunk line owners Because the number of addresses using the existing IP addressing (IPv4) is limited to 4.5 billion addresses, the Internet Engineering Task Force adopted a new Internet Protocol Version 6 (IPv6), which uses a 128-bit addressing scheme which produces 3.4 x 1038 addresses. The existing Internet has many shortcomings chief among which are poor security, no service level guarantees, no differential service, no differential pricing, and bandwidth limitations that would prevent the emergence of wide-scale Internet television or Internet video distribution. Internet2 and Next-Generation Internet (NGI) are consortia representing 200 universities, private businesses, and government agencies in the United States that are working on a new, robust, high-bandwidth version of the Internet. The Internet is based on client/server technology. Client platforms include PCs, cell phones, PDAs, handheld devices, and information appliances. Users of the Internet control what services they access through client applications on their computers such as Web browsers. Internet services include e-mail, electronic discussion groups (Usenet groups and LISTSERV), chatting, and instant messaging, Telnet, File Transfer Protocol (FTP), and the World Wide Web. Each Internet service is implemented by one or more software programs. FIGURE 7-10 CLIENT/SERVER COMPUTING ON THE INTERNET Client computers running Web browser and other software can access an array of services on servers over the Internet. These services may all run on a single server or on multiple specialized servers. Web pages are formatted with graphics, text, and dynamic links using Hypertext Markup Language (HTML). Web pages are requested by clients and delivered by Web servers using the Hypertext Transfer Protocol (HTTP). HTTP is the first set of letters at the start of every Web address, followed by the domain name, the directory path to the requested document, and the document name. The address typed in to a browser to locate a file, including the directory path and the document name together, is called a Uniform Resource Locator (URL). A Web server is software for locating and managing stored Web pages. The most common Web server today is Apache HTTP Server. Users can find information on the Internet using search engines. The first search engines were simple keyword indexes of all the pages they visited. Contemporary search engines use more complex models for finding relevant information. Google ranks search results based on the relevance, or popularity, of each page. Web sites for locating information such as Yahoo!, Google, and MSN have become so popular and easy to use that they also serve as major portals for the Internet, as well as major shopping tools. In search engine marketing, search results display both listings to a query as well as advertisements related to the search query. The paid, sponsored advertisements are the fastest-growing form of Internet advertising. Figure 7-11, Figure 7-12 FIGURE 7-11 MAJOR WEB SEARCH ENGINES Google is the most popular search engine on the Web, handling nearly 50 percent of all Web searches. Sources: http://searchenginewatch.com, accessed August 19, 2006 and Kevin J. Delaney, “Search Engines Find a Role for Humans,” The Wall Street Journal, May 11, 2006. FIGURE 7-12 HOW GOOGLE WORKS The Google search engine is continuously crawling the Web, indexing the content of each page, calculating its popularity, and storing the pages so that it can respond quickly to user requests to see a page. The entire process takes about one-half second. Intelligent agent shopping bots search the Web for pricing and availability of products specified by the user and return a list of sites that sell the item, along with pricing information and purchase links. Web 2.0 refers to second-generation, interactive Internet-based services, such as: Mashups: Software services that enable users and system developers to mix and match content or software components to create something entirely new Blogs: Informal yet structured Web site where subscribing individuals can publish stories, opinions, and links to other Web sites of interest RSS: RSS (Rich Site Summary, or Really Simple Syndication) technology pulls specified content from Web sites and feeds it automatically to users' computers, where it can be stored for later viewing Wikis: Collaborative Web sites where visitors can add, delete, or modify content on the site, including the work of previous authors Internet networking technology is used by organizations to create private networks called intranets and extranets, intranets extended to authorized vendors and customers to facilitate communication and business transactions. Intranets and extranets are protected from unauthorized visits by firewalls—security systems with specialized software to prevent outsiders from entering private networks. In addition to e-mail, Internet-based tools that today's businesses use for communication and coordination include: Chat: Chatting enables two or more people on the Internet to hold live, interactive conversations. Instant messaging: A type of chat service that enables participants to create their own private chat channels. Usenet newsgroups: Worldwide discussion groups posted on Internet electronic bulletin boards Groupware: Software products used by individuals and teams working at different locations for writing and commenting on group projects, sharing ideas and documents, conducting electronic meetings, tracking the status of tasks and projects, scheduling, and sending e-mail. Electronic conferencing: Web conferencing and collaboration software allow participants to view and modify documents and slides, write or drawn on an electronic whiteboard, or share their thoughts and comments using chat or voice conferencing. Internet telephony: Voice over IP (VoIP) technology uses the IP to deliver voice information in digital form using packet switching, avoiding the tolls charged by local and long-distance telephone networks FIGURE 7-13 HOW IP TELEPHONY WORKS An IP phone call digitizes and breaks up a voice message into data packets that may travel along different routes before being reassembled at the final destination. A processor nearest the call’s destination, called a gateway, arranges the packets in the proper order and directs them to the telephone number of the receiver or the IP address of the receiving computer. Virtual private network (VPN): A secure, encrypted, private network that has been configured within a public network to take advantage of the economies of scale and management facilities of large networks, such as the Internet. FIGURE 7-14 A VIRTUAL PRIVATE NETWORK USING THE INTERNET This VPN is a private network of computers linked using a secure “tunnel” connection over the Internet. It protects data transmitted over the public Internet by encoding the data and “wrapping” them within the Internet Protocol (IP). By adding a wrapper around a network message to hide its content, organizations can create a private connection that travels through the public Internet. The Wireless Revolution Devices that support wireless or mobile communication and computing include: Cell phones Personal digital assistants (PDAs): Small, handheld computers applications such as electronic schedulers and address books E-mail handhelds: A special type of handheld that is optimized for wireless text messaging Smart phones: Hybrid devices combining the functionality of a PDA with that of a digital cell phone featuring Digital cellular service uses several competing standards that are incompatible. Global System for Mobile Communication (GSM) is the standard used in Europe and much of the rest of the world outside the United States. GSM's strength is in international roaming capabilities. Code Division Multiple Access (CDMA) is the most widely used standard in the United States. CDMA is less expensive and supports higher quality transmissions. Most digital cellular systems today can transmit data at rates ranging from 9.6 to 2 Mbs. 384 Kbps is acceptable for email but not for downloading large files or Web pages. Short message service (SMS) is a text message service used by a number of digital cell phone systems to send and receive short alphanumeric messages. 2.5G networks use upgrades to the existing cellular infrastructure and feature data transmission rates ranging from 30 to 144 Kbps. More powerful cellular networks called third-generation (3G) networks have transmission speeds ranging from 384 Kbps for mobile users in, say, a car, to more than 2 Mbps for stationary users, sufficient for rich media downloads. There are also multiple standards and technologies governing how cellular phones access the Internet and the World Wide Web. Wireless Application Protocol (WAP) is a system of protocols and technologies that enables cell phones and other wireless devices with tiny display screens, lowbandwidth connections, and minimal memory to access Web services. A microbrowser is an Internet browser that works with the low-memory constraints and low bandwidth requirements of handheld wireless devices and uses WML (Wireless Markup Language). Requests are made to a WAP gateway which translates HTML content into WML for the WAP client to receive it. I-mode is a wireless service offered by Japan's NTT DoCoMo mobile phone network that uses compact HTML instead of WML for delivering content. Figure 7-15 FIGURE 7-15 WIRELESS APPLICATION PROTOCOL (WAP) VERSUS I-MODE WAP and I-mode use alternative standards for accessing information from the wireless Web. There is a hierarchy of complementary standards for wireless computer networks designed for connecting to personal area networks (PANs), LANs, MANs, and WANs. Bluetooth, or IEEE 802.15, uses the 2.4-GHz band for creating small PANs, linking up to eight devices within a 10 meter area. devices can communicate to each other without direct user intervention. Its low power requirements make Bluetooth appropriate for battery-powered handhelds, cell phones, or PDAs. FIGURE 7-16 A BLUETOOTH NETWORK (PAN) Bluetooth enables a variety of devices, including cell phones, PDAs, wireless keyboards and mice, PCs, and printers, to interact wirelessly with each other within a small 30-foot (10-meter) area. In addition to the links shown, Bluetooth can be used to network similar devices to send data from one PC to another, for example. Wi-Fi (wireless fidelity), or IEEE 802.11 includes three standards: 802.11a: This standard can transmit up to 54 Mbps in the 5-GHz band, in ranges of 10-30 meters. 802.11b: This standard, currently the most popular, transmits up to 11 Mbps using the 2.4 GHz band with a range of 30-50 meters. 802.11g: This standard also uses the 2.4 GHz band and can transmit up to 54 Mbps. Wi-Fi system can operate in two modes: Infrastructure mode, in which wireless devices communicate with a wired LAN through access points Ad-hoc mode, or peer-to-peer mode, in which the devices communicate directly to each other. FIGURE 7-17 AN 802.11 WIRELESS LAN Mobile laptop computers equipped with network interface cards link to the wired LAN by communicating with the access point. The access point uses radio waves to transmit network signals from the wired network to the client adapters, which convert them into data that the mobile device can understand. The client adapter then transmits the data from the mobile device back to the access point, which forwards the data to the wired network. Mobile wireless stations often need a wireless network interface card (NIC) that has a built-in radio antenna. The 802.11 standard can be used to provide wireless Internet access, in which an access point plugs into a wired Internet connection. Businesses are using Wi-Fi to create low costs WLANs and provide Internet access. Hotspots are one or more access points positioned strategically in public spaces and provide wireless coverage for a specific area. Many free public hotspots are available in the US and other countries. However, users cannot roam from hotspot to hotspot if these use different Wi-Fi network services. Wi-Fi also has weak security features, and is susceptible to interference from nearby systems operating in the same spectrum, such as microwave ovens or wireless phones. WiMax (Worldwide Interoperability for Microwave Access), or IEEE 802.16, is a new set of standards that has an access range of up to 31 miles and data transfer rates up to 75 Mbps, using WiMax antennas to beam high-speed Internet connections to rooftop antennas of homes and businesses. Broadband Internet access can also be configured through cellular telephon e networks. Major cellular telephone carriers have configured their 3G networks to provide broadband access for PCs and other handheld devices. EV-DO (Evolution Data Optimized), used by Verizon, provides wireless Internet access over a cellular network at speeds form 300 to 500 Kbps. Radio frequency identification (RFID) systems provide a powerful technology for tracking the movement of goods throughout the supply chain. RFID systems use tiny tags with embedded microchips containing data about an item and its location to transmit radio signals over a short distance to special RFID readers. The RFID readers then pass the data over a network to a computer for processing. Unlike bar codes, RFID tags do not need line-of-sight contact to be read. The transponder, or RFID tag, uses a microchip to store information unique to the item, such as an electronic identification code, where and when it was made, or its status during production. The rest of the tag is an antenna that transmits data to the reader. The reader unit consists of an antenna and radio transmitter with a decoding capability attached to a stationary or handheld device. The reader emits radio waves in ranges anywhere from 1 inch to 100 feet, depending on its power output, the radio frequency employed, and surrounding environmental conditions. When a RFID tag comes within the range of the reader, the tag is activated and starts sending data. The reader captures these data, decodes them, and sends them back over a wired or wireless network to a host computer for further processing. Figure 7-18 FIGURE 7-18 HOW RFID WORKS RFID uses low-powered radio transmitters to read data stored in a tag at distances ranging from 1 inch to 100 feet. The reader captures the data from the tag and sends them over a network to a host computer for processing. RFID systems operate in a number of unlicensed frequency bands worldwide. Low frequency systems (30 kilohertz to 500 kilohertz) have short reading ranges (inches to a few feet) and lower system costs. Low-frequency systems are often used in security, asset tracking, or animal identification applications. High-frequency RFID systems (850 MHz to 950 MHz and 2.4 GHz to 2.5 GHz) offer reading ranges that can extend beyond 90 feet and have high reading speeds. High-frequency RFID applications include railroad car tracking or automated toll collection for highways or bridges. In inventory control and supply chain management, RFID systems capture and manage more detailed information about items in warehouses or in production than bar coding systems. Wireless sensor networks (WSNs) are networks of hundreds or thousands of interconnected wireless devices, or nodes, that are embedded into the physical environment to provide measurements of many points over large spaces. They are based on devices with built-in processing, storage, and radio frequency sensors and antennas. The devices are linked into an interconnected network where data are routed seamlessly among all the nodes and forwarded to a computer for analysis. Wireless sensor networks are valuable in areas such as monitoring environmental changes, monitoring traffic or military activity, protecting property, efficiently operating and managing machinery and vehicles, establishing security perimeters, monitoring supply chain management, or detecting chemical, biological, or radiological material. FIGURE 7-19 A WIRELESS SENSOR NETWORK FOR A SECURITY SYSTEM Each level of this wireless sensor network handles different types of sensing. Lower-level sensors for monitoring events, such as doors opening and closing, motion, and breakage of windows and doors, are complemented by a small group of more advanced sensors placed in key locations, such as cameras and acoustic and chemical detectors. Source: From Jason Hill, Mike Horton, Ralph Kling, and Lakshman Krishamurthy, “The Platforms Enabling Wireless Sensor Networks,” Communications of the ACM 47, no. 6 (June 2004). CHAPTER 8 Securing Information Systems System Vulnerability and Abuse When data are stored in digital form, they are more vulnerable than when they exist in manual form. Security refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls consist of all the methods, policies, and organizational procedures that ensure the safety of the organization's assets; the accuracy and reliability of its accounting records; and operational adherence to management standards. Threats to computerized information systems include hardware and software failure; user errors; physical disasters such as fire or power failure; theft of data, services, and equipment; unauthorized use of data; and telecommunications disruptions. On-line systems and telecommunications are especially vulnerable because data and files can be immediately and directly accessed through computer terminals or at points in the telecommunications network. FIGURE 8-1 CONTEMPORARY SECURITY CHALLENGES AND VULNERABILITIES The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network. The Internet poses additional problems because it was explicitly designed to be easily accessed by people on different computer systems. Information traveling over unsecured media can be intercepted and misused. Fixed IP addresses serve as fixed targets for hackers, and Internet software has become a means for introducing viruses and malicious software to otherwise secure networks. Wireless networks are even more vulnerable because radio frequency bands are easy to scan. LANs that use the Wi-Fi (802.11b) standard can be easily penetrated by outsiders with laptops, wireless cards, external antennae, and freeware hacking software. Service set identifiers (SSID) identifying access points in a Wi-Fi network are broadcast multiple times and can be picked up fairly easily by sniffer programs. In war driving, eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic. The initial security standard developed for Wi-Fi, called Wired Equivalent Privacy (WEP), is not very effective. WEP is built into all standard 802.11 products, but users must turn it on, and many neglect to do so, leaving many access points unprotected. FIGURE 8-2 WI-FI SECURITY CHALLENGES Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization. Malicious software, or malware, includes threats such as computer viruses and worms, and Trojan horses. A computer virus is rogue software that attaches itself to other programs or data files in order to be executed, and may be highly destructive to files, computer memory, and hard drives. Viruses are typically designed to spread from computer to computer through e-mail attachments or copied files. Worms are independent computer programs that copy themselves to computers over a network independently from other computer programs or files, and therefore spread more rapidly. A Trojan horse is an apparently benign program that actually performs some hidden action such as installing malicious code or compromising the security of a computer. Spyware can also act as malicious software by obtaining information about users' buying habits and infringing on privacy. Keyloggers record keystrokes made on a computer to discover steal serial numbers for software and passwords. A hacker is an individual who intends to gain unauthorized access to a computer system. The term cracker is typically used for hackers with criminal intent. Hackers spoof, or misrepresent themselves, by using fake e-mail addresses or masquerading as someone else. Hacker activities include: Theft of goods and services System damage Cybervandalism: The intentional disruption, defacement, or even destruction of a Web site or corporate information system. Spoofing: Hiding of the hackers true identities or email addresses, or redirecting a Web link to a different web site that benefits the hacker. Theft of proprietary information: A sniffer is an eavesdropping program that monitors network information and can enable hackers to steal proprietary information transmitting over the network. Denial of service (DoS) attacks: Flooding a network or server with thousands of false communications to crash or disrupt the network. A distributed denial-ofservice (DDoS) attack uses hundreds or even thousands of computers to inundate and overwhelm the network from numerous launch points. Hackers can infect thousands of unsuspecting users' computers with malicious software to form a botnet of resources for launching a DDoS. FIGURE 8-3 WORLDWIDE DAMAGE FROM DIGITAL ATTACKS This chart shows estimates of the average annual worldwide damage from hacking, malware, and spam since 1999. These data are based on figures from mi2G and the authors. In computer crime, the computer can be either the target of or the instrument of a crime. The most economically damaging kinds of computer crime are DoS attacks, introducing viruses, theft of services, and disruption of computer systems. Other examples of computer crime include: Identity theft: In identity theft, an impostor obtains key pieces of personal information to impersonate someone else and obtain credit, merchandise, or false credentials. Phishing: Setting up fake Web sites or sending e-mail messages that appear legitimate in order to coerce users for confidential data. Other phishing techniques include evil twins (wireless networks masquerading as legitimate Internet hotspots, used to capture personal information) and pharming, redirecting users bogus Web sites posing as legitimate Web sites. Click fraud occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the advertiser or making a purchase. Click fraud can also be perpetrated with software programs doing the clicking, and bot networks are often used for this purpose. The U.S. Congress responded to the threat of computer crime in 1986 with the Computer Fraud and Abuse Act. This act makes it illegal to access a computer system without authorization. Most U.S. states and European nations have similar legislation. Congress also passed the National Information Infrastructure Protection Act in 1996 to make virus distribution and hacker attacks to disable Web sites federal crimes. One concern is that terrorists or foreign intelligence services could exploit network or Internet vulnerabilities to commit cyberterrorism or cyberwarfare and cripple networks controlling essential services such as electrical grids and air traffic control systems. The largest financial threats to businesses actually come from insiders, either through theft and hacking or through lack of knowledge. Malicious intruders may sometimes trick employees into revealing passwords and network access data through social engineering. Employees can also introduce faulty data or improperly process data. Software errors are also a threat to information systems and cause untold losses in productivity. Hidden bugs or program code defects, unintentionally overlooked by programmers working with thousands of line of programming code, can cause performance issues and security vulnerabilities. Software vendors create lines of code called patches to repair flaws without disrupting the software's operation. Business value of Security and Control Security and control have become a critical, although perhaps unappreciated, area of information systems investment. The longer computer systems are down, the more serious the consequences for the firm. With increasing reliance on the Internet and networked systems, firms are more vulnerable than ever to disruption and harm. Company systems often house confidential information about individuals' taxes, financial assets, medical records, and job performance reviews. They may contain information on corporate operations, trade secrets, new product development plans, and marketing strategies. Inadequate security and control may also create serious legal liability. Businesses must protect not only their own information assets but also those of customers, employees, and business partners. Recent U.S. government regulations mandate the protection of data from abuse, exposure, and unauthorized access, and include: The Health Insurance Portability and Accountability Act (HIPAA) of 1996, which requires members of the healthcare industry to retain patient information for six years and ensure the confidentiality of those records The Gramm-Leach-Bliley Act, which requires financial institutions to ensure the security and confidentiality of customer data The Sarbanes-Oxley Act, which imposes responsibility on companies and their management to use internal controls to safeguard the accuracy and integrity of financial information Firms face new legal obligations for electronic records management and document retention as well as for privacy protection. Electronic records management (ERM) consists of policies, procedures, and tools for managing the retention, destruction, and storage of electronic records. Security, control, and electronic records management have become essential for responding to legal actions. Much of the evidence today for stock fraud, embezzlement, theft of company trade secrets, computer crime, and many civil cases is in digital form. Legal cases today increasingly rely on evidence represented as computer data stored on portable floppy disks, CDs, and computer hard disk drives, as well as in e-mail, instant messages, and e-commerce transactions over the Internet. E-mail is currently the most common type of electronic evidence. An effective electronic document retention policy ensures that electronic documents, email, and other records are well organized, accessible, and neither retained too long nor discarded too soon. Computer forensics is the scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. Electronic evidence can reside on computer storage media in the form of computer files and as ambient data, which are not visible to the average user. Establishing a Management Framework for Security and Control Protection of information resources requires a sound security system and set of controls. ISO 17799, an international set of standards for security and control, specifies best practices in information systems security and control. A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled. Business managers working with information systems specialists determine the value of information assets, points of vulnerability, the likely frequency of a problem, and the potential for damage. Once the risks have been assessed, system builders can concentrate on the control points with the greatest vulnerability and potential for loss in order to minimize overall cost and maximize defenses. Larger firms typically have a formal corporate security function headed by a chief security officer (CSO). The security group educates and trains users, keeps management aware of security threats and breakdowns, and maintains the tools chosen to implement security. The chief security officer is responsible for enforcing the firm's security policy. A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals. The security organization typically administers acceptable use policies and authorization policies. An acceptable use policy (AUP) defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet. Authorization policies determine differing levels of access to information assets for different levels of users. Authorization management systems establish where and when a user is permitted to access certain parts of a Web site or a corporate database. FIGURE 8-4 SECURITY PROFILES FOR A PERSONNEL SYSTEM These two examples represent two security profiles or data security patterns that might be found in a personnel system. Depending on the security profile, a user would have certain restrictions on access to various systems, locations, or data in an organization. As companies increasingly rely on digital networks for their revenue and operations, they need to take additional steps to ensure that their systems and applications are always available. Downtime refers to periods of time in which a system is not operational. Several techniques can be used by companies to make reduce downtime. Fault-tolerant computer systems use hardware or software to detect hardware failures and automatically switch to backup systems. High-availability computing environments use backup servers, distributing processing among multiple servers, high-capacity storage, and disaster recovery planning and business continuity planning to recover quickly from a system crash. In recovery-oriented computing, systems are designed to recover quickly, and implementing capabilities and tools to help operators pinpoint the sources of faults in multicomponent systems and easily correct their mistakes. Disaster recovery planning devises plans for the restoration of computing and communications services after they have been disrupted by an event such as an earthquake, flood, or terrorist attack. Business continuity planning focuses on how the company can restore business operations after a disaster strikes. Some companies outsource security functions to managed security service providers (MSSPs) that monitor network activity and perform vulnerability testing and intrusion detection. An MIS audit examines the firm's overall security environment as well as controls governing individual information systems. Security audits review technologies, procedures, documentation, training, and personnel. The audit lists and ranks all control weaknesses and estimates the probability of their occurrence. It then assesses the financial and organizational impact of each threat. FIGURE 8-5 SAMPLE AUDITOR’S LIST OF CONTROL WEAKNESSES This chart is a sample page from a list of control weaknesses that an auditor might find in a loan system in a local commercial bank. This form helps auditors record and evaluate control weaknesses and shows the results of discussing those weaknesses with management, as well as any corrective actions taken by management. Technologies and Tools for Security and Control Various tools and technologies used to help protect against or monitor intrusion include authentication tools, firewalls, intrusion detection systems, and antivirus and encryption software. Access control consists of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders. Authentication refers to the ability to know that a person is who he or she claims to be. Access control software is designed to allow only authorized persons to use systems or to access data using some method for authentication. New authentication technologies include: Token: A physical device similar to an identification card that is designed to prove the identity of a single user. Smart card: A device about the size of a credit card that contains a chip formatted with access permission and other data. Biometric authentication: Compares a person's unique characteristics, such as fingerprints, face, or retinal image, against a stored set profile. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic and prevents unauthorized communication into and out of the network. The firewall identifies names, Internet Protocol (IP) addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules programmed into the system by the network administrator. There are a number of firewall screening technologies: FIGURE Packet filtering examines fields in the headers of data packets flowing between the network and the Internet, examining individual packets in isolation. Stateful inspection determines whether packets are part of an ongoing dialogue between a sender and a receiver. Network Address Translation (NAT) conceals the IP addresses of the organization's internal host computer(s) to protect against sniffer programs outside the firewall. Application proxy filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. If a user outside the company wants to communicate with a user inside the organization, the outside user first "talks" to the proxy application and the proxy application communicates with the firm's internal computer. 8-6 A CORPORATE FIREWALL The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors. Antivirus software is designed to check computer systems and drives for the presence of computer viruses. However, to remain effective, the antivirus software must be continually updated. Vendors of Wi-Fi equipment have developed stronger security standards. The Wi-Fi Alliance industry trade group's 802.11i specification tightens security for wireless LAN products. Many organizations use encryption to protect sensitive information transmitted over networks. Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals. Two methods for encrypting network traffic on the Web are: Secure Sockets Layer (SSL): SSL and its successor Transport Layer Security (TLS) enable client and server computers to establish a secure connection session and manage encryption and decryption activities. Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages. Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key. There are two alternative methods of encryption: FIGURE Symmetric key encryption: The sender and receiver create a single encryption key that is shared. Public key encryption: A more secure encryption method that uses two different keys, one private and one public. 8-7 PUBLIC KEY ENCRYPTION A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message. Digital signatures and digital certificates help with authentication. A digital signature is a digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message. Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions. A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity. The digital certificate system would enable, for example, a credit card user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. Public key infrastructure (PKI), the use of public key cryptography working with a certificate authority, is a principal technology for providing secure authentication of identity online. FIGURE 8-8 DIGITAL CERTIFICATES Digital certificates help establish the identity of people or electronic assets. They protect online transactions by providing secure, encrypted, online communication. CHAPTER 9 Achieving Operational Excellence and customer Intimacy: Enterprise applications Enterprise Systems Enterprise systems, or enterprise resource planning (ERP) systems, integrate the key internal business processes of a firm into a single software system so that information flows seamlessly throughout the organization, improving coordination, efficiency, and decision making. Enterprise software is based on a suite of integrated software modules and a common central database. The database collects data from and feeds the data into numerous applications that supports nearly all of an organization's internal business activities. When new information is entered by one process, the information is made available immediately to other business processes. FIGURE 9-1 HOW ENTERPRISE SYSTEMS WORK Enterprise systems feature a set of integrated software modules and a central database that enables data to be shared by many different business processes and functional areas throughout the enterprise. Enterprise software is built around thousands of predefined business processes that reflect best practices. Best practices are the most successful solutions or problemsolving methods in an industry for consistently and effectively achieving a business objective. Organizations implementing commercial enterprise software first select the business processes they wish to use from the software and map their own processes to these, using the software's configuration tables. Although businesses may choose to rewrite portions of the software to match their existing processes, this can degrade system performance and fail to reap the benefits of this software. Enterprise systems produce value by increasing organizational efficiency and by providing firmwide information to help managers make better decisions. Enterprise systems create a foundation for a more customer-driven organization by integrating firm data to enable quicker responses to customer requests and information. Enterprise systems: Use analytical tools to evaluate a firm's overall performance Use standard organization definitions, formats, and performance figures across the Customer Relationship Management Systems Customers can be seen as an enterprise's most valuable asset, and customer relationship management systems enable large firms to understand and work with their customers. CRM systems capture and integrate customer data from all over the organization, consolidating the data, analyzing the data, and then distributing the results to various systems and customer touch points across the enterprise. A touch point (also known as a contact point) is a method of interaction with the customer, such as telephone, e-mail, customer service desk, conventional mail, Web site, or retail store. Well-designed CRM systems provide a single enterprise view of the customer and provide customers with a single view of the company regardless of the touch point the customer uses. FIGURE 9-7 CUSTOMER RELATIONSHIP MANAGEMENT (CRM) CRM systems examine customers from a multifaceted perspective. These systems use a set of integrated applications to address all aspects of the customer relationship, including customer service, sales, and marketing. Good CRM systems provide data and analytical tools for determining the financial lifetime value of a customer and customer loyalty and for identifying profitable customers and their needs. Commercial customer relationship management (CRM) software packages range from niche tools that perform limited functions, such as personalizing Web sites for specific customers, to large-scale enterprise applications. The more comprehensive CRM packages contain modules for: Partner relationship management (PRM): PRM software uses many of the same data, tools, and systems as customer relationship management to enhance collaboration between a company and its selling partners. It provides a company and its selling partners with the ability to trade information and distribute leads and data about customers, integrating lead generation, pricing, promotions, order configurations, and availability. Employee relationship management (ERM). ERM software deals with employee issues that are closely related to CRM, such as setting objectives, employee performance management, performance-based compensation, and employee training. CRM systems typically provide software or tools for: Sales force automation (SFA): SFA modules help sales staff increase their productivity by focusing sales efforts on the most profitable customers. They provide sales prospect and contact information, product information, product configuration capabilities, and sales quote generation capabilities. Customer service: Customer service modules provide information and tools to make call centers, help desks, and customer support staff more efficient. They have capabilities for assigning and managing customer service requests and may include Web-based self-service capabilities. Marketing: Marketing modules support direct-marketing campaigns with capabilities for capturing prospect and customer data, qualifying leads, and scheduling and tracking campaign mailings. They include tools for analyzing marketing and customer data-identifying profitable and unprofitable customers, designing products and services to satisfy specific customer needs and interests, and identifying opportunities for cross-selling, up-selling, and bundling. Crossselling is the marketing of complementary products to customers. Up-selling is the marketing of higher-value products or services to new or existing customers. Bundling is cross-selling in which a combination of products is sold as a bundle at a price lower than the total cost of the individual products. FIGURE 9-8 HOW CRM SYSTEMS SUPPORT MARKETING Customer relationship management software provides a single point for users to manage and evaluate marketing campaigns across multiple channels, including e-mail, direct mail, telephone, the Web, and wireless messages. FIGURE 9-9 CRM SOFTWARE CAPABILITIES The major CRM software products support business processes in sales, service, and marketing, integrating customer information from many different sources. Included are support for both the operational and analytical aspects of CRM. CRM software can also be used to increase customer loyalty through customer service by identifying valued customers and providing them with special services or offers. FIGURE 9-10 CUSTOMER LOYALTY MANAGEMENT PROCESS MAP This process map shows how a best practice for promoting customer loyalty through customer service would be modeled by customer relationship management software. The CRM software helps firms identify high-value customers for preferential treatment. CRM applications may support either: Operational CRM: Customer facing applications such as tools for sales force automation, call center and customer service support, and marketing automation. Analytical CRM: Applications that analyze customer data generated by operational CRM applications to provide information for improving business performance management. Analytical CRM applications are based on data warehouses that consolidate the data from operational CRM systems and customer touch points for use with online analytical processing (OLAP), data mining, and other data analysis techniques. An important output of analytical CRM is the customer lifetime value (CLTV). CLTV is based on the relationship between the revenue produced by a specific customer, the expenses incurred in acquiring and servicing that customer, and the expected life of the relationship between the customer and the company. FIGURE 9-11 ANALYTICAL CRM DATA WAREHOUSE Analytical CRM uses a customer data warehouse and tools to analyze customer data collected from the firm’s customer touch points and from other sources. The business value of CRM systems includes Increased customer satisfaction Reduced direct-marketing costs More effective marketing Lower costs for customer acquisition and retention Increased sales revenues through identifying profitable customers Reduced churn rate: The churn rate measures the number of customers who stop using or purchasing products or services from a company and is an important indicator of the growth or decline of a firm's customer base. Management Opportunities, Challenges, and Solutions Many firms obtain extraordinary business value from enterprise applications because of their power to improve process coordination and management decision making. However, enterprise systems, supply chain management, and customer relationship management systems are very expensive to purchase and implement. Costs run even higher for organizations with global operations, which must manage organizational and technology changes in many different languages, time zones, currencies, and regulatory environments. Enterprise applications require not only deep-seated technological changes but also fundamental changes in the way the business operates, including changes to business processes, employee responsibilities, and functions. Enterprise applications also introduce "switching costs." Once an enterprise application is purchased and implemented, it becomes very costly to switch vendors. Enterprise applications require defining and implementing standardized definitions of data throughout the organization. Solutions for gaining more value from enterprise applications include: Enterprise solutions (enterprise suites or e-business suites): Flexible enterprise software that enables close linking between CRM, SCM, and enterprise systems, as well as to customer and supplier systems. Service platforms: A service platform integrates multiple applications from multiple business functions, business units, or business partners to deliver a seamless experience for the customer, employee, manager, or business partner. Enterprise-wide service platforms provide a greater degree of cross-functional integration than the traditional enterprise applications. To accomplish this, software tools (such as Web services and XML) use existing applications as building blocks for new cross-enterprise processes. Portal software can integrate information from enterprise applications and disparate in-house legacy systems, presenting it to users through a Web interface so that the information appears to be coming from a single source. FIGURE 9-12 ORDER-TO-CASH SERVICE Order-to-cash is a composite process that integrates data from individual enterprise applications and legacy financial applications. The process must be modeled and translated into a software system using application integration tools CHAPTER 10 E-Commerce: Digital Markets, Digital goods Electronic Business, Electronic Commerce, and the Emerging Digital Firm E-commerce refers to: The use of the Internet and the Web to transact business Digitally enabled commercial transactions between and among organizations and individuals. FIGURE 10-1 THE GROWTH OF E-COMMERCE Retail e-commerce revenues have grown exponentially since 1995 and have only recently “slowed” to a very rapid 25 percent annual increase, which is projected to remain the same until 2008. The rapid growth of e-commerce since 1995 is due to the unique features of the Internet and the Web as a commercial medium: Ubiquity: Internet/Web technology is everywhere, at work, home, and elsewhere, and anytime, providing a ubiquitous marketspace, a marketplace removed from a temporal and geographical location. Global reach: The technology reaches across national boundaries. Universal standards: There is one set of Internet technology standards, which greatly lower market entry costs (the costs to bring goods to market) and reduce search costs (the effort to find products) for the consumer. Richness: Information richness refers to the complexity and content of a message. Internet technology allows for rich video, audio, and text messages to be delivered to large numbers of people. Interactivity: The technology works through interaction with the user. Information density: Information density is the total amount and quality of information available to all market participants. Internet technology reduces information costs and raises quality of information, enabling price transparency (the ease for consumers of finding a variety of prices) and cost transparency (the ability of consumers to determine the actual costs of products). Information density allows merchants to engage in price discrimination (selling goods to targeted groups at different prices). Personalization/customization: E-commerce technologies permit personalization (targeting personal messages to consumers) and customization (changing a product or service based on consumer preference or history. The Internet also shrinks information asymmetry, which occurs when one party in a transaction has more information with respect to the transactions than the other party. For instance, the Web has reduced the information asymmetries surrounding auto purchases. Digital markets are very flexible and efficient because they allow: Reduced search and transaction costs Lower menu costs (merchant's costs of changing prices) Price discrimination Dynamic pricing (prices changing based on the demand characteristics of the customer or the seller's supply situation) Disintermediation: Elimination of intermediaries such as distributors or retailers FIGURE 10-2 THE BENEFITS OF DISINTERMEDIATION TO THE CONSUMER The typical distribution channel has several intermediary layers, each of which adds to the final cost of a product, such as a sweater. Removing layers lowers the final cost to the consumer. The Internet digital marketplace has also greatly expanded sales of digital goods, goods that can be delivered over a digital network. In comparison to traditional goods, the marginal cost of producing another unit of a digital good is about zero, delivery costs over the Internet are low, while marketing costs are about the same and pricing can be variable. E-commerce technologies have revolutionized commerce and enabled a variety of new business models. Some are pure-play models, based purely on the Internet. Others may be hybrid clicks-and-mortar models, using Web sites as an extension of a traditional business, such as LLBean.com. New business models include: Virtual storefronts: Such as Amazon.com Information broker: Such as Realtor.com Transaction broker: Such as E*Trade.com Online marketplace: Such as Ebay.com Content provider: Such as iTunes.com. The ability to deliver digital goods and digital content over the Web has created new alternatives to traditional print and broadcast media. Popular digital content includes online games, digital versions of print newspapers, Internet radio, downloadable movies, online television broadcasts, Podcasting (Internet audio broadcasts). Online service provider: Such as Salesforce.com. Virtual community: Such as YouTube.com; Online communities include social networking sites, online communities used by individuals for expanding business or social contacts, and social shopping sites, in which users swap shopping ideas. Portal: Such as Yahoo.com. Some portals combine content from various sources, using syndication as well providing additional value. Online syndicators aggregate content or applications from multiple sources, package them for distribution, and resell them to third-party Web sites These new business models may have revenue generated from: Sales of traditional or digital goods Selling advertising space for banner ads and pop-up ads Transaction fees Sales of marketing information collected by users Directing buyers to sellers Electronic Commerce The three major types of electronic commerce are: Business-to-consumer (B2C): Retailing products and services to individual shoppers Business-to-business (B2B): Sales of goods and services among businesses Consumer-to-consumer (C2C): Consumers selling directly to other consumers. Another way of classifying electronic commerce transactions is in terms of the participants' physical connection to the Web. Conventional e-commerce transactions, which take place over wired networks, can be distinguished from mobile commerce or mcommerce, the purchase of goods and services using handheld wireless devices. Marketers can use the interactive features of Web pages to hold consumers' attention or to capture information about their tastes and interests. This information may be obtained by asking visitors to "register" online and provide information about themselves or by using special software such as clickstream tracking to track the activities of Web site visitors. Companies can then analyze this information to develop more precise profiles of their customers. FIGURE 10-3 WEB SITE VISITOR TRACKING E-commerce Web sites have tools to track a shopper’s every step through an online store. Close examination of customer behavior at a Web site selling women’s clothing shows what the store might learn at each step and what actions it could take to increase sales. Communications and product offerings can also be tailored precisely to individual customers. By using Web personalization technology to modify Web pages presented to each customer, marketers can achieve the benefits of using individual salespeople at dramatically lower costs. Personalization can help firms form lasting relationships with customers by providing individualized content, information and services. FIGURE 10-4 WEB SITE PERSONALIZATION Firms can create unique personalized Web pages that display content or ads for products or services of special interest to individual users, improving the customer experience and creating additional value. Collaborative filtering compares a customer's behavior with data about similar customers to predict what the customer would like to see next and makes recommendations to users. Blogs, or Weblogs, informal web sites where individuals, or corporate representatives and groups, can publish views and options, have emerged as a promising Web marketing tool. New third-party services monitor customer discussions in online communities or research online behavior of large numbers of customers at many different web sites. Learning what customers feel about one's products or services through electronic visits to Web sites is much less costly than using focus groups. The Web shifts more marketing and selling activities to the customer, as customers fill out their own on-line order forms. Mobile commerce will provide businesses with additional channels for reaching customers and new opportunities for personalization. The Web and other network technologies are inspiring new approaches to customer service and support. Companies can reduce costs and improve customer service by using Web sites to provide helpful information as well as customer support via e-mail. Companies are realizing substantial cost savings from Web-based customer self-service applications. New products are even integrating the Web with customer call centers. Much of B2B e-commerce is still based on proprietary systems for electronic data interchange (EDI). Electronic data interchange (EDI) enables automated computer-tocomputer exchange between two organizations of standard transactions such as invoices, bills of lading, shipment schedules, or purchase orders. FIGURE 10-5 ELECTRONIC DATA INTERCHANGE (EDI) Companies use EDI to automate transactions for B2B e-commerce and continuous inventory replenishment. Suppliers can automatically send data about shipments to purchasing firms. The purchasing firms can use EDI to provide production and inventory requirements and payment data to suppliers. Today companies are increasingly turning to the Internet for this purpose because it provides a much more flexible and low-cost platform for linking to other firms. For procurement (purchasing source goods and negotiation with suppliers), businesses can use the Internet to locate low-cost goods, place orders, make payments, etc. Businesses can create Web storefronts to sell goods, and Internet technology to create extranets or link to other businesses for transactions. B2B e-commerce environments include: Private industrial networks or private exchanges: Typically consisting of a large firm using an extranet to link to its suppliers and other key business partners. Net marketplaces or e-hubs: Internet-based marketplaces for many different buyers and sellers. Net marketplaces are industry owned or operate as independent intermediaries between buyers and sellers, generating revenue from transaction fees or services to clients. Net marketplaces may sell direct goods (used in a production process) and some sell indirect goods. They may support contractual purchasing based on long-term relationships with designated suppliers, and others support short-term spot purchasing, where goods are purchased based on immediate needs, often from many different suppliers. Some net marketplaces may serve vertical markets for specific industries or horizontal markets, with goods and services for many industries. Exchanges: Independently owned third-party Net marketplaces that can connect thousands of suppliers and buyers for spot purchasing. Many exchanges provide vertical markets for a single industry. However, many exchanges have failed because they encourage competitive bidding that drove prices down without offering long-term relationships. FIGURE 10-6 A PRIVATE INDUSTRIAL NETWORK A private industrial network, also known as a private exchange, links a firm to its suppliers, distributors, and other key business partners for efficient supply-chain management and other collaborative commerce activities. FIGURE 10-7 A NET MARKETPLACE Net marketplaces are online marketplaces where multiple buyers can purchase from multiple sellers. M-Commerce Although m-commerce represents a small fraction of total e-commerce transactions, revenue has been steadily growing. M-commerce applications have taken off for services that are time-critical, that appeal to people on the move, or that accomplish a task more efficiently than other methods. Popular m-commerce applications include: Content and location-based services: For checking schedules, news, movie times, weather forecasts, etc travel information, Banking and financial services: For checking account balances, transferring funds, paying bills Wireless advertising: Selling of advertising space in m-commerce applications, such as sponsored search results from the go2Directory search site Games and entertainment: Downloadable digital games, movies, music, and ringtones Because handheld mobile devices can only display small amounts of information at a time, m-commerce enabled Web sites are being designed as special wireless portals (mobile portals) with content optimized for smaller screens. Although Wi-Fi hotspots are increasing, m-commerce faces challenges such as: Awkwardness and small screens of handheld devices Security risks Slow transfer speeds with second generation cell networks Lack of standardized payment systems Electronic Commerce Payment Systems A variety of special electronic payment systems have been developed to pay for goods electronically on the Internet, including: Digital credit card payment systems: These systems extend the functionality of credit cards so they can be used for online shopping payments, providing mechanisms authentication and money transfers. Digital wallets: Digital wallets store credit card, electronic cash, and owner identification information and provide that information at an e-commerce site's checkout page, making paying for purchases over the Web more efficient by eliminating the need for shoppers to repeatedly enter their information into order forms. Micropayment systems: These systems use accumulated balance or stored value payment systems for purchases of less than $10. Many m-commerce transactions are small, frequent purchases for items such as soft drinks, sports scores, newspapers, or mobile games that require special micropayment systems. allow users to make payments on the Web, accumulating a debit balance on their credit card or telephone bills. Accumulated balance digital payment systems Stored value payment systems, including smart cards, enable users to make instant payments based on the value stored in a digital account. (plastic cards that store digital information, such as health records, identification, or financial data) can be used for micropayments in a stored value system. A smart card requires use of a special card reading and writing device to recharge the card with cash or to transfer cash either to an online or offline merchant. Smart cards is currency represented in electronic form that is moving outside the normal network of money. Users are supplied with client software and can exchange money with another e-cash user. Digital cash serve people who want to send money to vendors or individuals who are not set up to accept credit card payments. Peer-to-peer payment systems extend existing checking accounts by using a digital signature that can be verified and can be used for payments in electronic commerce. Digital checking systems Electronic bill presentment and payment services monthly bills electronically. are used for paying and managing routine
