Ch12edited Ok

7/31/2019 Ch12edited Ok

http://slidepdf.com/reader/full/ch12edited-ok 1/51



Objectives

for

Chapter

12y Topologies that are employed to achieve connectivity across

the Internet

y Protocols and understand the specific purposes served by

several Internet protocols

y Business benefits associated with Internet commerce and be

aware of several Internet business models

y Risks associated with intranet and Internet electronic

commerce

y Issues of security, assurance, and trust pertaining to

electronic commerce

y Electronic commerce implications for the accounting

profession



What is

E‐Commerce?

y electronic buying and selling of goods and services

y on-line delivery of digital products

y electronic funds transfer (EFT)

y electronic trading of stocks

ydirect consumer marketing

y electronic data interchange (EDI)

y the Internet revolution



Internet Technologies

y Packet switchingy

messages are divided into small packetsy each packet of the message takes a different routes

y Virtual private network (VPN)y a private network within a public network

y Extranetsy a password controlled network for private users

y World Wide Weby an Internet facility that links users locally and globally

y Internet addressesy e-mail address

y URL addressy IP address



Protocol

Functions…y facilitate the physical connection between the

network devicesy synchronize the transfer of data between

physical devices

y provide a basis for error checking and measuring

network performance

y promote compatibility among network devicesy promote network designs that are flexible,

expandable, and cost-effective



Internet Protocols

y -controls how individual packets of data are formatted,transmitted, and received

y - controls webbrowsers

y - used to transfer filesacross the internet

y - e-mail

y and

- encryption schemes



Open System

Interface

(OSI)

yThe International Standards

Organization developed a layered setof protocols called OSI.

yThe purpose of OSI is to providestandards by which the products of

different manufacturers can interface

with one another in a seamless

interconnection at the user level.





Benefits of

Internet

‐Commerce

y Access to a worldwide customer and/or supplier

base

y Reductions in inventory investment and carryingcosts

y Rapid creation of business partnerships to fillemerging market niches

y

Reductions in retail prices through lower marketing costs

y Reductions in procurement costs

y Better customer service



The Internet

Business

Model

y

Information level y using the Internet to display and make accessible

information about the company, its products, services,

and business policies

y Transaction level

y using the Internet to accept orders from customers

and/or to place them with their suppliersy Distribution level

y using the Internet to sell and deliver digital products to

customers



Dynamic Virtual Organization

Consumers usiness

Customers

arketing Organization

Book

Publisher

oy

Manufacturer

Music

Distributor

P r o d u c t

I n f o r m a t i o n

C u s t o m e r

O r d e r s

C u s t o m e r

O r d e r s

P r o d u c t

I n f o r m a t i o

P r o d u c t

I n f o r m a t i o

I n v e n t o r y

O r d e r s

P r o d u c t

I n f o r m a t i o

I n v e n t o r y

O r d e r s

P r o d u c t

I n f o r m a t i o

I n v e n t o r y

O r d e r s

hysical

nventor

Physical

Inventory

Physical

Inventory

Perhaps the greatestpotential benefit to

be derived frome-commerce is thefirm’s ability to forge

dynamic businessalliances with otherorganizations to fillunique marketniches as theopportunities arise.

ConsumersBusiness

Customers



Areas of

General

Concern

y Data Security: are stored and transmitted data

adequately protected?y Business Policies: are policies publicly stated

and consistently followed?

y Privacy : how confidential are customer andtrading partner data?

y Business Process Integrity : how accurately,

completely, and consistently does the companyprocesses its transactions?



Intranet Risks

y Intercepting network messages

y sniffing: interception of user IDs, passwords, confidential

e-mails, and financial data files

y Accessing corporate databases

y connections to central databases increase the risk that

data will be accessible by employees

y Privileged employees

y

override privileges may allow unauthorized access tomission-critical data

y Reluctance to prosecute

y

fear of negative publicity leads to such reluctance butencourages criminal behavior



Internet

Risks

to

Consumersy

y

National Consumer League: Internet fraud rose by600% between 1997 and 1998

y SEC: e-mail complaints alleging fraud rose from 12

per day in 1997 to 200-300 per day in 1999y

y Theft of credit card numbers

y Theft of passwordsy Consumer privacy--cookies



Internet Risks

to

Businesses

y IP spoofing : masquerading to gain access to aWeb server and/or to perpetrate an unlawful actwithout revealing one’s identity

y

Denial of service (DOS) attacks : assaulting a Webserver to prevent it from servicing usersy particularly devastating to business entities that

cannot receive and process business transactions

y Other malicious programs : viruses, worms, logicbombs, and Trojan horses pose a threat to bothInternet and Intranet users



SYN Flood DOS Attack

Sender Receiver

Step 1: SYN messages

Step 2: SYN/ACK

Step 3: ACK packet code

In a DOS Attack, the sender sends hundreds of messages, receives theSYN/ACK packet, but does not response with an ACK packet. This leaves the

receiver with clogged transmission ports, and legitimate messages cannot bereceived.



Three

Common

Types

of

DOS

Attacksy SYN Flood – when the three-way handshake needed

to establish an Internet connection occurs, the finalacknowledgement is not sent by the DOS attacker,

thereby tying-up the receiving server while it waits

y Smurf – the DOS attacker uses numerousintermediary computer to flood the target computer

with test messages, “pings”

y Distributed DOS (DDOS) – can take the form of Smurf or SYN attacks, but distinguished by the vast

number of “zombie” computers hi-jacked to launch

the attacks







E‐Commerce Security:

Data Encryption

y - A computer program transforms a clear

message into a coded (ciphertext) form using an

algorithm.

EncryptionProgram

EncryptionProgram

Ciphertext

Ciphertext

CommunicationSystem

CommunicationSystem

Key

Key

CleartextMessage

CleartextMessage



Public Key is used forencoding messages.

Message A Message B Message C Message D

Ciphertext Ciphertext Ciphertext Ciphertext

Multiple people may have the public key

(e.g., subordinates).

Private Key is used fordecoding messages.

Typically one person or

a small number of people have the private key (e.g.,

a supervisor).

Message A Message DMessage CMessage B



E‐Commerce Security:

Digital Authentication

y

electronic authenticationtechnique that ensures that the transmitted

message originated with the authorized sender

and that it was not tampered with after thesignature was applied

y like an electronic identification

card that is used in conjunction with a public keyencryption system to verify the authenticity of the

message sender



E‐Commerce

Security:

Firewalls

y software and hardware that provide

security by channeling all network connectionsthrough a control gatewayy

y low cost/low security access control

y uses a screening router to its destination

y does not explicitly authenticate outside users

y penetrate the system using an IP technique

y

y high level/high cost customizable network security

y allows routine services and e-mail to pass through

y performs sophisticated functions such as logging or user authentication for specific tasks



Seals of

Assurance

y “Trusted” third-party organizations offer seals of

assurance that businesses can display on their Website home pages:

y BBB

y TRUSTe

y Veri-Sign, Inc

y

ICSAy AICPA/CICA WebTrust

y AICPA/CICA SysTrust



Implications for Accounting Profession

yPrivacy violation

y major issues:y a stated privacy policy

y consistent application of stated privacy policies

y what information is the company capturing

y sharing or selling of information

y ability of individuals and businesses to verify and

update information on them

y 1995 Safe Harbor Agreement

y

establishes standards for information transmittalbetween US and European companies



y Audit implication for XBRL

y incorrect taxonomy results ininvalid mapping that may cause material

misrepresentation of financial data

y ensure thatappropriate taxonomy and tags have been

applied

y impact on auditor responsibility as a consequence of real-time

distribution of financial statements

Implications for Accounting Profession



yContinuous auditing

y auditors review transactions at frequent intervals

or as they occur

y heuristics that search

electronic transactions for anomalies

yElectronic audit trails

y electronic transactions generated without humanintervention

y no paper audit trail

Implications for

Accounting

Profession



yConfidentiality of data

y open system designs allow mission-criticalinformation to be at the risk to intruders

y Authentication

y in e-commerce systems, determining the identity

of the customer is not a simple task

yNonrepudiationy repudiation can lead to uncollected revenues or

legal action

y use digital signatures and digital certificates

Implications

for

Accounting

Profession







Local Area

Networks

(LAN)

y A

(on the same floor or in the same building)

y

The physical connection of workstations to the LANis achieved through a (NIC)

which fits into a PC’s expansion slot and contains

the circuitry necessary for inter-nodecommunications.

y A is used to store the network operating

system, application programs, and data to beshared.



File Server

LAN

LAN

Node

Node

Node

Node

Printer Server

Files

Printer



Wide Are

Network

(WAN)

y A WAN is a network that is dispersedover a wider geographic area than aLAN. It typically requires the use of:

y

to connect different types of LANsy to connect same-type LANs

yWANs may use common carrier

facilities, such as telephone lines, or they may use a

.



LANLAN

Bridge

Gateway

Gateway

LAN

WAN

WAN



Star Topology

y A network of IPUs with a large central

computer (the host)yThe host computer has direct connections

to smaller computers, typically desktop or

laptop PCs.

yThis topology is popular for mainframe

computing.y All communications must go through the

host computer, except for local computing.



Local Data Local Data

Local Data

Local Data

Central Data

POS

POS

POS

POSPOS

Topeka St. Louis

KansasCity

DallasTulsa

Star Network



Hierarchical Topology

y A host computer is connected to several

levels of subordinate smaller computers in a

relationship.ProductionPlanning System

ProductionSchedulingSystem

RegionalSales System

WarehouseSystem

WarehouseSystem

ProductionSystem

ProductionSystem

SalesProcessingSystem



CorporateLevel

RegionalLevel

LocalLevel





Server

RingTopology

LocalFiles

Local

Files

LocalFiles

Local

Files

LocalFiles

CentralFiles



Bus Topology

yThe nodes are all connected to a

common cable - the bus.

yCommunications and file transfers

between workstations are controlled bya server.

y It is generally less costly to install than aring topology.





Client‐Server

Topology

yThis configuration distributes the

processing between the user’s (client’s)computer and the central file server.

yBoth types of computers are part of thenetwork, but each is assigned functions

that it best performs.

yThis approach reduces data

communications traffic, thus reducing

queues and increasing response time.



Server

Client-Server Topology

Client

Client

Client

Client

RecordSearchingCapabilities

Data ManipulationCapabilities

ClientData ManipulationCapabilities




CommonFiles



Network Control

Objectives

y

between the sender and the receiver

y across the

network

y in data caused by line failure

or signal degenerationy between

competing nodes



POLLING METHOD OF CONTROLLING DATA COLLISIONS

MASTERLocked Locked

Locked

Polling Signal

Data Transmission

One Site, the “master,” polls the other “slave” sites to determine if they have data to transmit.If a slave responds in the affirmative, the master site locks the network while the data aretransmitted.

Allows priorities to be set for data communications across the network

SLAVE

SLAVE

SLAVE

SLAVE

WAN



Server

Token

Ring

Node

Node

Node

Central Files

Local Files

Local Files

Local Files

Contains data

Empty token



Carrier Sensing

y

y This technique is widely used--found on Ethernets.

y The node wishing to transmit listens to the line to

determine if in use. If it is, it waits a pre-specified time totransmit.

y Collisions occur when nodes listen, hear no transmissions,

and then simultaneously transmit. Data collides and thenodes are instructed to hang up and try again.

y Disadvantage: The line may not be used optimally when

multiple nodes are trying to transmit simultaneously.





EDI System



EDI System

PurchasesSystem

EDITranslationSoftware

EDITranslationSoftware

CommunicationsSoftware

CommunicationsSoftware

OtherMailbox

OtherMailbox

CompanyA’s mailbox

CompanyB’s mailbox

Sales OrderSystem

ApplicationSoftware

ApplicationSoftware

Direct Connection

VAN

Company A Company B



Documents

Ch12edited Ok