Upload
adhysty
View
221
Download
0
Embed Size (px)
Citation preview
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 2/51
Objectives
for
Chapter
12y Topologies that are employed to achieve connectivity across
the Internet
y Protocols and understand the specific purposes served by
several Internet protocols
y Business benefits associated with Internet commerce and be
aware of several Internet business models
y Risks associated with intranet and Internet electronic
commerce
y Issues of security, assurance, and trust pertaining to
electronic commerce
y Electronic commerce implications for the accounting
profession
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 3/51
What is
E‐Commerce?
y electronic buying and selling of goods and services
y on-line delivery of digital products
y electronic funds transfer (EFT)
y electronic trading of stocks
ydirect consumer marketing
y electronic data interchange (EDI)
y the Internet revolution
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 4/51
Internet Technologies
y Packet switchingy
messages are divided into small packetsy each packet of the message takes a different routes
y Virtual private network (VPN)y a private network within a public network
y Extranetsy a password controlled network for private users
y World Wide Weby an Internet facility that links users locally and globally
y Internet addressesy e-mail address
y URL addressy IP address
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 5/51
Protocol
Functions…y facilitate the physical connection between the
network devicesy synchronize the transfer of data between
physical devices
y provide a basis for error checking and measuring
network performance
y promote compatibility among network devicesy promote network designs that are flexible,
expandable, and cost-effective
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 6/51
Internet Protocols
y -controls how individual packets of data are formatted,transmitted, and received
y - controls webbrowsers
y - used to transfer filesacross the internet
y - e-mail
y and
- encryption schemes
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 7/51
Open System
Interface
(OSI)
yThe International Standards
Organization developed a layered setof protocols called OSI.
yThe purpose of OSI is to providestandards by which the products of
different manufacturers can interface
with one another in a seamless
interconnection at the user level.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 9/51
Benefits of
Internet
‐Commerce
y Access to a worldwide customer and/or supplier
base
y Reductions in inventory investment and carryingcosts
y Rapid creation of business partnerships to fillemerging market niches
y
Reductions in retail prices through lower marketing costs
y Reductions in procurement costs
y Better customer service
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 10/51
The Internet
Business
Model
y
Information level y using the Internet to display and make accessible
information about the company, its products, services,
and business policies
y Transaction level
y using the Internet to accept orders from customers
and/or to place them with their suppliersy Distribution level
y using the Internet to sell and deliver digital products to
customers
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 11/51
Dynamic Virtual Organization
Consumers usiness
Customers
arketing Organization
Book
Publisher
oy
Manufacturer
Music
Distributor
P r o d u c t
I n f o r m a t i o n
C u s t o m e r
O r d e r s
C u s t o m e r
O r d e r s
P r o d u c t
I n f o r m a t i o
P r o d u c t
I n f o r m a t i o
I n v e n t o r y
O r d e r s
P r o d u c t
I n f o r m a t i o
I n v e n t o r y
O r d e r s
P r o d u c t
I n f o r m a t i o
I n v e n t o r y
O r d e r s
hysical
nventor
Physical
Inventory
Physical
Inventory
Perhaps the greatestpotential benefit to
be derived frome-commerce is thefirm’s ability to forge
dynamic businessalliances with otherorganizations to fillunique marketniches as theopportunities arise.
ConsumersBusiness
Customers
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 12/51
Areas of
General
Concern
y Data Security: are stored and transmitted data
adequately protected?y Business Policies: are policies publicly stated
and consistently followed?
y Privacy : how confidential are customer andtrading partner data?
y Business Process Integrity : how accurately,
completely, and consistently does the companyprocesses its transactions?
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 13/51
Intranet Risks
y Intercepting network messages
y sniffing: interception of user IDs, passwords, confidential
e-mails, and financial data files
y Accessing corporate databases
y connections to central databases increase the risk that
data will be accessible by employees
y Privileged employees
y
override privileges may allow unauthorized access tomission-critical data
y Reluctance to prosecute
y
fear of negative publicity leads to such reluctance butencourages criminal behavior
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 14/51
Internet
Risks
to
Consumersy
y
National Consumer League: Internet fraud rose by600% between 1997 and 1998
y SEC: e-mail complaints alleging fraud rose from 12
per day in 1997 to 200-300 per day in 1999y
y Theft of credit card numbers
y Theft of passwordsy Consumer privacy--cookies
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 15/51
Internet Risks
to
Businesses
y IP spoofing : masquerading to gain access to aWeb server and/or to perpetrate an unlawful actwithout revealing one’s identity
y
Denial of service (DOS) attacks : assaulting a Webserver to prevent it from servicing usersy particularly devastating to business entities that
cannot receive and process business transactions
y Other malicious programs : viruses, worms, logicbombs, and Trojan horses pose a threat to bothInternet and Intranet users
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 16/51
SYN Flood DOS Attack
Sender Receiver
Step 1: SYN messages
Step 2: SYN/ACK
Step 3: ACK packet code
In a DOS Attack, the sender sends hundreds of messages, receives theSYN/ACK packet, but does not response with an ACK packet. This leaves the
receiver with clogged transmission ports, and legitimate messages cannot bereceived.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 17/51
Three
Common
Types
of
DOS
Attacksy SYN Flood – when the three-way handshake needed
to establish an Internet connection occurs, the finalacknowledgement is not sent by the DOS attacker,
thereby tying-up the receiving server while it waits
y Smurf – the DOS attacker uses numerousintermediary computer to flood the target computer
with test messages, “pings”
y Distributed DOS (DDOS) – can take the form of Smurf or SYN attacks, but distinguished by the vast
number of “zombie” computers hi-jacked to launch
the attacks
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 20/51
E‐Commerce Security:
Data Encryption
y - A computer program transforms a clear
message into a coded (ciphertext) form using an
algorithm.
EncryptionProgram
EncryptionProgram
Ciphertext
Ciphertext
CommunicationSystem
CommunicationSystem
Key
Key
CleartextMessage
CleartextMessage
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 21/51
Public Key is used forencoding messages.
Message A Message B Message C Message D
Ciphertext Ciphertext Ciphertext Ciphertext
Multiple people may have the public key
(e.g., subordinates).
Private Key is used fordecoding messages.
Typically one person or
a small number of people have the private key (e.g.,
a supervisor).
Message A Message DMessage CMessage B
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 22/51
E‐Commerce Security:
Digital Authentication
y
electronic authenticationtechnique that ensures that the transmitted
message originated with the authorized sender
and that it was not tampered with after thesignature was applied
y like an electronic identification
card that is used in conjunction with a public keyencryption system to verify the authenticity of the
message sender
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 23/51
E‐Commerce
Security:
Firewalls
y software and hardware that provide
security by channeling all network connectionsthrough a control gatewayy
y low cost/low security access control
y uses a screening router to its destination
y does not explicitly authenticate outside users
y penetrate the system using an IP technique
y
y high level/high cost customizable network security
y allows routine services and e-mail to pass through
y performs sophisticated functions such as logging or user authentication for specific tasks
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 24/51
Seals of
Assurance
y “Trusted” third-party organizations offer seals of
assurance that businesses can display on their Website home pages:
y BBB
y TRUSTe
y Veri-Sign, Inc
y
ICSAy AICPA/CICA WebTrust
y AICPA/CICA SysTrust
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 25/51
Implications for Accounting Profession
yPrivacy violation
y major issues:y a stated privacy policy
y consistent application of stated privacy policies
y what information is the company capturing
y sharing or selling of information
y ability of individuals and businesses to verify and
update information on them
y 1995 Safe Harbor Agreement
y
establishes standards for information transmittalbetween US and European companies
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 26/51
y Audit implication for XBRL
y incorrect taxonomy results ininvalid mapping that may cause material
misrepresentation of financial data
y ensure thatappropriate taxonomy and tags have been
applied
y impact on auditor responsibility as a consequence of real-time
distribution of financial statements
Implications for Accounting Profession
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 27/51
yContinuous auditing
y auditors review transactions at frequent intervals
or as they occur
y heuristics that search
electronic transactions for anomalies
yElectronic audit trails
y electronic transactions generated without humanintervention
y no paper audit trail
Implications for
Accounting
Profession
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 28/51
yConfidentiality of data
y open system designs allow mission-criticalinformation to be at the risk to intruders
y Authentication
y in e-commerce systems, determining the identity
of the customer is not a simple task
yNonrepudiationy repudiation can lead to uncollected revenues or
legal action
y use digital signatures and digital certificates
Implications
for
Accounting
Profession
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 31/51
Local Area
Networks
(LAN)
y A
(on the same floor or in the same building)
y
The physical connection of workstations to the LANis achieved through a (NIC)
which fits into a PC’s expansion slot and contains
the circuitry necessary for inter-nodecommunications.
y A is used to store the network operating
system, application programs, and data to beshared.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 32/51
File Server
LAN
LAN
Node
Node
Node
Node
Printer Server
Files
Printer
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 33/51
Wide Are
Network
(WAN)
y A WAN is a network that is dispersedover a wider geographic area than aLAN. It typically requires the use of:
y
to connect different types of LANsy to connect same-type LANs
yWANs may use common carrier
facilities, such as telephone lines, or they may use a
.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 34/51
LANLAN
Bridge
Gateway
Gateway
LAN
WAN
WAN
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 35/51
Star Topology
y A network of IPUs with a large central
computer (the host)yThe host computer has direct connections
to smaller computers, typically desktop or
laptop PCs.
yThis topology is popular for mainframe
computing.y All communications must go through the
host computer, except for local computing.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 36/51
Local Data Local Data
Local Data
Local Data
Central Data
POS
POS
POS
POSPOS
Topeka St. Louis
KansasCity
DallasTulsa
Star Network
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 37/51
Hierarchical Topology
y A host computer is connected to several
levels of subordinate smaller computers in a
relationship.ProductionPlanning System
ProductionSchedulingSystem
RegionalSales System
WarehouseSystem
WarehouseSystem
ProductionSystem
ProductionSystem
SalesProcessingSystem
SalesProcessingSystem
SalesProcessingSystem
CorporateLevel
RegionalLevel
LocalLevel
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 39/51
Server
RingTopology
LocalFiles
Local
Files
LocalFiles
Local
Files
LocalFiles
CentralFiles
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 40/51
Bus Topology
yThe nodes are all connected to a
common cable - the bus.
yCommunications and file transfers
between workstations are controlled bya server.
y It is generally less costly to install than aring topology.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 42/51
Client‐Server
Topology
yThis configuration distributes the
processing between the user’s (client’s)computer and the central file server.
yBoth types of computers are part of thenetwork, but each is assigned functions
that it best performs.
yThis approach reduces data
communications traffic, thus reducing
queues and increasing response time.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 43/51
Server
Client-Server Topology
Client
Client
Client
Client
RecordSearchingCapabilities
Data ManipulationCapabilities
ClientData ManipulationCapabilities
Data ManipulationCapabilities
Data ManipulationCapabilities
Data ManipulationCapabilities
CommonFiles
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 44/51
Network Control
Objectives
y
between the sender and the receiver
y across the
network
y in data caused by line failure
or signal degenerationy between
competing nodes
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 45/51
POLLING METHOD OF CONTROLLING DATA COLLISIONS
MASTERLocked Locked
Locked
Polling Signal
Data Transmission
One Site, the “master,” polls the other “slave” sites to determine if they have data to transmit.If a slave responds in the affirmative, the master site locks the network while the data aretransmitted.
Allows priorities to be set for data communications across the network
SLAVE
SLAVE
SLAVE
SLAVE
WAN
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 46/51
Server
Token
Ring
Node
Node
Node
Central Files
Local Files
Local Files
Local Files
Contains data
Empty token
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 47/51
Carrier Sensing
y
y This technique is widely used--found on Ethernets.
y The node wishing to transmit listens to the line to
determine if in use. If it is, it waits a pre-specified time totransmit.
y Collisions occur when nodes listen, hear no transmissions,
and then simultaneously transmit. Data collides and thenodes are instructed to hang up and try again.
y Disadvantage: The line may not be used optimally when
multiple nodes are trying to transmit simultaneously.
7/31/2019 Ch12edited Ok
http://slidepdf.com/reader/full/ch12edited-ok 50/51
EDI System
PurchasesSystem
EDITranslationSoftware
EDITranslationSoftware
CommunicationsSoftware
CommunicationsSoftware
OtherMailbox
OtherMailbox
CompanyA’s mailbox
CompanyB’s mailbox
Sales OrderSystem
ApplicationSoftware
ApplicationSoftware
Direct Connection
VAN
Company A Company B