|
|
|
|
|
|
Lesson#20
|
INTEGRATION WITH ERP SYSTEMS
|
|
|
|
INTEGRATION WITH ERP SYSTEMS
Enterprise Resource Planning
Enterprise Resource Planning (ERP) is a concept that integrates
all aspects of a business e.g, accounting,
logistics, manufacturing, marketing, planning, project
management etc. at a single place. An ERP system
such as SAP is expensive. E-commerce sites/software has to fully
integrate with ERP software, wherever it
is used.
Customer Relationship Management Software
Primary goal of customer relationship management is to
understand each customer’s needs and customize
the product/service to meet those needs. CRM software gathers
data from customer’s activities on the web
site of e-business. The software uses this data to help managers
to conduct analytical study about their
business/marketing.
Supply Chain Management (SCM) Software
Supply chain involves all activities associated with flow and
transformation of goods from raw material
stage to the finished stage and their supply to the end users.
Supply chain management software helps
companies to coordinate planning and operations with their
partners in industry. SCM planning software
helps companies develop demand forecasts using information from
each player in supply chain. SCM
execution software helps with tasks such as the management of
warehouses and transportation facilities.
Content Management Software
Companies have found it important to use the web to share
corporate information among their employees,
customers, suppliers etc. Content Management Software helps
companies control the large amounts of data,
pictures/graphics and other files that play a crucial role in
conducting business. It also offers different ways
of accessing the corporate information which managers of a
business might need for decision making.
Knowledge Management Software
Companies have started to find ways that help them manage the
knowledge itself regardless of documentary
representation of that knowledge. Software that has been
developed to meet this goal is called Knowledge
Management Software. It has features that allow it to read
documents in electronic format, scanned paper
documents, e-mail messages etc. so as to extract knowledge.
E-commerce Software
Following are the names of some well-known e-commerce software:
Intershop Enfinity
IBM’s WebSphere Commerce Professional Edition
Microsoft Commerce Server 2002
Agents
An agent is a software program that is capable of autonomous
action in its environment in order to meet its
objectives. Agents can be used for comparisons, filtering, web
crawling, auctions etc. For example, there
may be buyer agents and seller agents each with their goals and
constraints. They can negotiate deals on
behalf of the users. Agents can monitor health indicators and
alert the individuals under given conditions.
Security issues over the internet
Security is the biggest factor slowing down the growth of
e-commerce worldwide. For instance, when you
enter your credit card no. in a text box, it is potentially
exposed to millions of people on the internet and
94
can be misused. It is important to know following terms in
connection with the security threats over the
internet.
Back doors and Trojan horses
Back Doors are those hostile programs which, when run on a
machine, install hidden services in order to
give attackers remote access capabilities to a compromised
machine. Trojan horses are those programs that
appear harmless but actually have some malicious purpose. For
example, HAPPY99.EXE is a Trojan horse
that displays a firework and then sends copies of it to the
e-mail addresses found on the system. The term
Trojan Horse has been borrowed from history. In history it has
been used to refer to a huge wooden horse
where the whole Greek army was hidden during a war and the enemy
was deceived because it could not
figure out that.
Viruses and worms
Viruses and Worms are malicious programs that can travel between
computers as attachments on email or
independently over a network. These terms are sometimes used
interchangeably; however, essentially they
are different. Worms spread from computer to computer, but
unlike viruses have the capability to travel
without any help or human action. A worm can replicate itself
which means that it can send copies of itself
to everyone listed in the email address box on a system.
Viruses, on the other hand, need to be activated
through a human action. Another difference is that viruses
modify existing programs on a computer unlike
worms which can install back doors or drop viruses on the system
they visit. A few years ago a worm called
‘Love Bug’ was triggered by a 23 years old student in
Philippine. Its code was written in VBScript, and it
traveled on the internet as an email attachment. It could send
copies of itself upto 300 addresses found in
the email address box. It could destroy files on the system as
well as search for any passwords and forward a
list of the same to the attacker. Within days it spread to 40
million computers in more than 20 countries
causing a financial loss of about $ 9 billion.
Virus protection
Install anti-virus software such as McAfee, Norton, Dr. Solomon,
Symantec etc.
Downloading of plug-ins from the internet be avoided (plug-ins
are those programs that work with the
browser to enhance its capabilities)
Downloading of plug-ins should be done from the vendor’s
official website
Newly obtained disks, programs or files should be scanned for
viruses before use
Installation of a firewall may also reduce the risk of virus
attack
Hackers
Hackers or crackers are those individuals who write programs or
manipulate technologies to gain
unauthorized access to computers and networks.
Active contents, active X control
Active content is a term generally used to refer to programs
that are embedded in web pages to cause
certain action. Malicious Active Content delivered through web
pages can reveal credit card nos., user
names, passwords etc. and any other information stored in the
cookie files on a system. Applets, JavaScript
and Active X Controls can be used to install hidden services to
the hacker. You know that Applet is a
compiled Java program that runs on the client’s machine when a
particular web page request is made. Some
malicious content can be sent by the hacker embedded in the
Applet. Through JavaScript attacks a hacker
can destroy the hard disk, disclose emails in the mailbox or get
any sensitive information. JavaScript
programs can read list of URLs visited and seize information in
the web forms. For example, if a user enters
a credit card no. in the form, JavaScript code can send a copy
of it to the hacker. Moreover, malicious
content can be delivered through cookies using JavaScript that
can reveal contents of files or destroy files.
Active X Controls are those objects which contain programs
placed on web pages to perform particular
95
tasks. They can originate form many languages, C, Visual Basic
etc. When downloaded they can run on
client machine like any other program. A hostile Active X
Control can reformat a user’s hard disk, send emails
to all people listed in the mailbox or even shut down computers.
Out side attacks on a network
Eavesdropping/ sniffing/snooping
In this type of attack the hacker has the ability to monitor
network traffic using some kind of networkmonitoring
software. For example, a hacker may install some backdoor or
Trojan horse that can monitor
the key strokes of a user while typing and send the typed
information to the hacker.
Password attacks
Such attacks are basically a result of eavesdropping through
which the hacker is able to know the account
ID or password of a particular user. Then using it the hacker
gains access to the network and gather
information such as user names, passwords, computer names,
resources etc. That can lead to modification,
deletion or rerouting of network data.
IP address spoofing
You know that there are two IP addresses available on a data
packet – IP addresses of the sender and the
destination. The address of the destination only matters for
routing. It is possible that a hacker (having
special capabilities) seizes the control of a router, changes
the IP address of the source/sender on data
packets and thus forces the destination machine to send the
information/web page to a different machine,
that is, the machine of the hacker. This is called IP address
spoofing.
Man in the middle attacks
In it the attacker is able to monitor, capture and control data
between sending and receiving machines. He
may apply IP address spoofing technique to divert the packets to
its machine, then modify the packets and
resend the misleading information to the actual client. Another
form of man-in-the-middle attack is where
the hacker is able to substitute the IP address of a genuine web
site with the IP address of his own web site
due to some security hole in the software that runs on a domain
name server. A client would think that he is
communicating or receiving the information form a genuine web
site, though it would not be the case
actually.
Denial of services (DOS) attacks
In this type of attack, the attacker gains access to the network
and then send invalid data to network
services or applications. These services or applications
consequently become unable to perform their
normal tasks or functions. Hence, sending a flood of data to a
particular service or computer can cause it to
overload or shutdown. This attack is specially used to take down
websites on the internet, when repeated
requests for web pages are deliberately initiated so as to choke
down a web server. In early 2000 this attack
was launched against some famous ecommerce web sites. Hackers
arranged computers with special
software initiating thousands of http requests per second for
specific web sites causing the web servers to
overload. Thus, these servers were made unable to fulfill the
web page requests of the genuine users/clients.
In distributed denial of service attack, the compromised system
itself is used as a source for further attacks.
The use of firewalls and a proper Intrusion Detection System
(IDS) can minimize the risk of a DOS attack.
It is also important to establish a security policy for an
e-business organization outlining as to which assets
have to be protected and how to be protected.
|
|
|
|
|