ZeePedia

INTEGRATION WITH ERP SYSTEMS

<< MAINTAINING STATE IN A STATELESS SYSTEM
FIREWALLS >>
img
E-COMMERCE ­ IT430
VU
Lesson 20
INTEGRATION WITH ERP SYSTEMS
Enterprise Resource Planning
Enterprise Resource Planning (ERP) is a concept that integrates all aspects of a business e.g, accounting,
logistics, manufacturing, marketing, planning, project management etc. at a single place. An ERP system
such as SAP is expensive. E-commerce sites/software has to fully integrate with ERP software, wherever it
is used.
Customer Relationship Management Software
Primary goal of customer relationship management is to understand each customer's needs and customize
the product/service to meet those needs. CRM software gathers data from customer's activities on the web
site of e-business. The software uses this data to help managers to conduct analytical study about their
business/marketing.
Supply Chain Management (SCM) Software
Supply chain involves all activities associated with flow and transformation of goods from raw material
stage to the finished stage and their supply to the end users. Supply chain management software helps
companies to coordinate planning and operations with their partners in industry. SCM planning software
helps companies develop demand forecasts using information from each player in supply chain. SCM
execution software helps with tasks such as the management of warehouses and transportation facilities.
Content Management Software
Companies have found it important to use the web to share corporate information among their employees,
customers, suppliers etc. Content Management Software helps companies control the large amounts of data,
pictures/graphics and other files that play a crucial role in conducting business. It also offers different ways
of accessing the corporate information which managers of a business might need for decision making.
Knowledge Management Software
Companies have started to find ways that help them manage the knowledge itself regardless of documentary
representation of that knowledge. Software that has been developed to meet this goal is called Knowledge
Management Software. It has features that allow it to read documents in electronic format, scanned paper
documents, e-mail messages etc. so as to extract knowledge.
E-commerce Software
Following are the names of some well-known e-commerce software:
Intershop Enfinity
IBM's WebSphere Commerce Professional Edition
Microsoft Commerce Server 2002
Agents
An agent is a software program that is capable of autonomous action in its environment in order to meet its
objectives. Agents can be used for comparisons, filtering, web crawling, auctions etc. For example, there
may be buyer agents and seller agents each with their goals and constraints. They can negotiate deals on
behalf of the users. Agents can monitor health indicators and alert the individuals under given conditions.
Security issues over the internet
Security is the biggest factor slowing down the growth of e-commerce worldwide. For instance, when you
enter your credit card no. in a text box, it is potentially exposed to millions of people on the internet and
93
img
E-COMMERCE ­ IT430
VU
can be misused. It is important to know following terms in connection with the security threats over the
internet.
Back doors and Trojan horses
Back Doors are those hostile programs which, when run on a machine, install hidden services in order to
give attackers remote access capabilities to a compromised machine. Trojan horses are those programs that
appear harmless but actually have some malicious purpose. For example, HAPPY99.EXE is a Trojan horse
that displays a firework and then sends copies of it to the e-mail addresses found on the system. The term
Trojan Horse has been borrowed from history. In history it has been used to refer to a huge wooden horse
where the whole Greek army was hidden during a war and the enemy was deceived because it could not
figure out that.
Viruses and worms
Viruses and Worms are malicious programs that can travel between computers as attachments on email or
independently over a network. These terms are sometimes used interchangeably; however, essentially they
are different. Worms spread from computer to computer, but unlike viruses have the capability to travel
without any help or human action. A worm can replicate itself which means that it can send copies of itself
to everyone listed in the email address box on a system. Viruses, on the other hand, need to be activated
through a human action. Another difference is that viruses modify existing programs on a computer unlike
worms which can install back doors or drop viruses on the system they visit. A few years ago a worm called
`Love Bug' was triggered by a 23 years old student in Philippine. Its code was written in VBScript, and it
traveled on the internet as an email attachment. It could send copies of itself upto 300 addresses found in
the email address box. It could destroy files on the system as well as search for any passwords and forward a
list of the same to the attacker. Within days it spread to 40 million computers in more than 20 countries
causing a financial loss of about $ 9 billion.
Virus protection
Install anti-virus software such as McAfee, Norton, Dr. Solomon, Symantec etc.
Downloading of plug-ins from the internet be avoided (plug-ins are those programs that work with the
browser to enhance its capabilities)
Downloading of plug-ins should be done from the vendor's official website
Newly obtained disks, programs or files should be scanned for viruses before use
Installation of a firewall may also reduce the risk of virus attack
Hackers
Hackers or crackers are those individuals who write programs or manipulate technologies to gain
unauthorized access to computers and networks.
Active contents, active X control
Active content is a term generally used to refer to programs that are embedded in web pages to cause
certain action. Malicious Active Content delivered through web pages can reveal credit card nos., user
names, passwords etc. and any other information stored in the cookie files on a system. Applets, JavaScript
and Active X Controls can be used to install hidden services to the hacker. You know that Applet is a
compiled Java program that runs on the client's machine when a particular web page request is made. Some
malicious content can be sent by the hacker embedded in the Applet. Through JavaScript attacks a hacker
can destroy the hard disk, disclose emails in the mailbox or get any sensitive information. JavaScript
programs can read list of URLs visited and seize information in the web forms. For example, if a user enters
a credit card no. in the form, JavaScript code can send a copy of it to the hacker. Moreover, malicious
content can be delivered through cookies using JavaScript that can reveal contents of files or destroy files.
Active X Controls are those objects which contain programs placed on web pages to perform particular
94
img
E-COMMERCE ­ IT430
VU
tasks. They can originate form many languages, C, Visual Basic etc. When downloaded they can run on
client machine like any other program. A hostile Active X Control can reformat a user's hard disk, send e-
mails to all people listed in the mailbox or even shut down computers.
Out side attacks on a network
Eavesdropping/ sniffing/snooping
In this type of attack the hacker has the ability to monitor network traffic using some kind of network-
monitoring software. For example, a hacker may install some backdoor or Trojan horse that can monitor
the key strokes of a user while typing and send the typed information to the hacker.
Password attacks
Such attacks are basically a result of eavesdropping through which the hacker is able to know the account
ID or password of a particular user. Then using it the hacker gains access to the network and gather
information such as user names, passwords, computer names, resources etc. That can lead to modification,
deletion or rerouting of network data.
IP address spoofing
You know that there are two IP addresses available on a data packet ­ IP addresses of the sender and the
destination. The address of the destination only matters for routing. It is possible that a hacker (having
special capabilities) seizes the control of a router, changes the IP address of the source/sender on data
packets and thus forces the destination machine to send the information/web page to a different machine,
that is, the machine of the hacker. This is called IP address spoofing.
Man in the middle attacks
In it the attacker is able to monitor, capture and control data between sending and receiving machines. He
may apply IP address spoofing technique to divert the packets to its machine, then modify the packets and
resend the misleading information to the actual client. Another form of man-in-the-middle attack is where
the hacker is able to substitute the IP address of a genuine web site with the IP address of his own web site
due to some security hole in the software that runs on a domain name server. A client would think that he is
communicating or receiving the information form a genuine web site, though it would not be the case
actually.
Denial of services (DOS) attacks
In this type of attack, the attacker gains access to the network and then send invalid data to network
services or applications. These services or applications consequently become unable to perform their
normal tasks or functions. Hence, sending a flood of data to a particular service or computer can cause it to
overload or shutdown. This attack is specially used to take down websites on the internet, when repeated
requests for web pages are deliberately initiated so as to choke down a web server. In early 2000 this attack
was launched against some famous ecommerce web sites. Hackers arranged computers with special
software initiating thousands of http requests per second for specific web sites causing the web servers to
overload. Thus, these servers were made unable to fulfill the web page requests of the genuine users/clients.
In distributed denial of service attack, the compromised system itself is used as a source for further attacks.
The use of firewalls and a proper Intrusion Detection System (IDS) can minimize the risk of a DOS attack.
It is also important to establish a security policy for an e-business organization outlining as to which assets
have to be protected and how to be protected.
95