Infrastructure and Security

Infrastructure and Security
	Date: Jan 16, 2010 Version: 1.1.0     NOTICE OF PROPRIETARY MATERIAL TSE & TSE BUSINESS & TECHNOLOGY CONSULTING INC. .

Table of Contents

1               Revision History. 2
2               INSTRUCTIONS: 3
3               SECTION 1: READINGS ON INFRASTRUCTURE. 4
Section 2: Readings on Security. 9

1         Revision History

Version	Date	Author	Changes
1.0	Mar 16, 2010	Eric Tse	Product

2         INSTRUCTIONS:

Please answer the following questions using your text, lecture notes and outside research. The assignment relates to your text and online readings on infrastructure and on security and the final question in each section will require you to do a bit of additional research. The first questions in each section are short answer. The last question in each section will require you to explore the issues beyond the readings and, as such, your answer will be longer.

It is expected that the length of the assignment will be about one and a half pages for the first part of each question (3 pages for both sections) and one page for the last question of each section (2 pages in total). That would make you total assignment about five pages. I expect that you will be precise, get to the point and demonstrate that you understand the issues addressed in each question. You may use outline or bullet responses when appropriate.

3         SECTION 1:READINGSON INFRASTRUCTURE

1. 1.    What are the three basic building blocks of the Internet?

The Internet’s three key technology components are:

Packet Switching slices digital messages into packets, routes the packets along different communication paths as they become available, and then reassembles the packets once they arrive at their destinations.

TCP/IP is the core communications protocol for the Internet. TCP establishes the connections among sending and receiving Web computers and makes sure that packets sent by one computer and received in the sequence by the other, without any packets missing. IP provides the addressing scheme and is responsible for the actual delivery of the packets.

Client/Server technology makes it possible for large amounts of information to be stored on Web Services and shared with individual users on their client computers.

1. 2.    What is latency, and how does it interfere with Internet functioning?

Data packets don’t all arrive in the correct order, at the same moment, causing latency; latency creates jerkiness in video files and voice messages.

Today’s information packets take a circuitous route to get their final destinations, This creates the phenomenon of latency – delays in messages caused by the uneven flow of information packets through the network. In the case of email, latency is not noticeable. However with streaming video and synchronous communication, such as telephone call, latency is noticeable to the user and perceived as “jerkiness” in movies or delays in voice communication.

1. 3.    Explain how packet switching works.

Packet switching is a method of slicing digital messages into discrete units called packets, sending the packets along different communication paths as they become available, and then reassembling the packets once they arrive at their destination.

In packet-switched networks, messages are first broken down into packages. Appended to each packet are digital codes that indicate a source address)(the original point_ and a destination address, as well as sequencing information and error-control information for the packet. Rather than being sent directly to the destination address, in a packet network, the packets travel from computer to computer until they reach their destination. These computers are called routers. A router is a special-purpose computer that interconnects the different computer networks that make up the Internet and routes packets along to their ultimate destination as they travel. To ensure that packets take the best available path toward their destination, routers use a computer program called a routing algorithm.

1. 4.    How is the TCP/IP protocol related to information transfer on the Internet?

TCP/IP is divided into four separate layers, with each layer handling a different aspect of the communication problem. The network Interface layer is responsible for placing packets on and receiving from the network medium, which could be a LAM (Ethernet) or Token Ring network, or other network technology. TCP/IP is independent from any local network technology and can adapt to changes at the local level. The Internet Layer is responsible for addressing packaging, and routing messages on the Internet. The Transport Layer is responsible for providing communication with the application by acknowledging and sequencing the packets to and from the application. The Application Layer provides a wide variety of applications with the ability to access the services of the lower layer. Some of the best known applications are HTTP, FTP and SMTP.

1. 5.    Compare and contrast the capabilities of Wi-Fi and 3G wireless networks.

Wireless Internet

Wireless Internet, known as WiFi, is part of theInstituteofElectricaland Electronics Engineers (IEEE) 802.11 standard. This number is assigned to communications taking place over certain frequencies: 2.4, 3.6 and 5 gigahertz

The standard itself has evolved through four generations. Released in 2003, 802.11g moves information at a net speed of 54 megabytes per second (Mbps). An N standard will be released in 2009, with a net speed of 600 Mbps.  . (J Paventi, 2008)

3G Internet

The 3G protocol is classified as the International Mobile Telecommunications (IMT) 2000 standard. The third generation of wireless has been commercially available in Europe andAsiasince the early 2000s. It was introduced in theUnited Statesin 2007. The IMT-2000 spectrum has different outbound and inbound speeds for users. Downloads typically run at 1 Mbps while uploads and outgoing information runs at 150 to 200 kilobytes per second (Kbps). . (J Paventi, 2008)

At the moment, it looks like Wi-Fi is one-tenth of the price of 3G, and four times as fast. (Vaughan-Nichols, 2003)

3G is also much more troublesome for telecom carriers to install. To deploy it you must overhaul your wireless infrastructure and replace it. Of course, you must do the same thing with 802.11 hotspots, but while hotspots have far less range, a business class hotspot with advanced antennas also can be deployed for about $1500, while all but the smallest (pico range) 3G base stations start around six figures and move up from there. Anyone can set up a hotspot; only a telephone carrier or corporation can afford 3G base station. (Vaughan-Nichols, 2003).

"The essential rationale for deployment of 3G networks -- gaining spectrum efficiencies, easing network capacity constraints, lowering operating costs, and expanding revenue opportunities through provisioning of data services

[1] Steven J. Vaughan-Nichols. (2003). 802.11 vs. 3G

[2] Bakhshi. (2003). IDC's Wireless and Mobile Network Infrastructure program

[3] Paventi. (2007). 3G vs. WiFi Speed.

4 Section 2:Readingson Security

1. 1.    Give an example of security breaches as they relate to each of the six dimensions of e-commerce security. For instance, what would be a privacy incident?

dimension	Breach examples
Integrity	If an unauthorized person intercepts and changes the contents of an online communication, such as by redirecting a bank wire transfer into a different account, the integrity of the message has been compromised because the communication no longer represents what the original sender intended.
Nonrepudiation	The availability of free email accounts with alias names makes it easy for a person to post comments or send a message and perhaps later deny doing so. Even when a customer uses a real name and email address, it is easy for that customer to order merchandise online and then later doing so.
Authenticity	Someone who claims to someone he is not is spoofing or misrepresenting himself
Confidentiality	Someone reading messages and data that he is not authorized to view them.
Privacy	Some companies leak their customer data to outside and cyber criminals and e-marketer got customer’s private information and use the information for illegal purposes
Availability	A denial of service attack flush the site down.

1. 2.    How does spoofing threaten a Web site’s operations?

If hackers redirect customers to a fake Web Site that looks almost exactly like the true site, they can then collect and process orders, effectively stealing business from the true sites. Or if they intent is to disrupt rather than steal, hackers can alter orders – inflating them or changing products – ordered – and them send them on to true site fro processing and delivery. Customers become dissatisfied with the improper order shipment and the company may have huge inventory fluctuations that impact its operations.

1. 3.    Briefly explain how public key cryptography works.

Public key cryptography solves the problem of exchanging keys. In this method, two mathematically related digital keys are used: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that same key cannot be used to unencrypt the message.

1. 4.    What are the different forms of Malicious Codes? How do they differ? How do they work?

Malicious code includes a variety of threats such as viruses, worms, Trojan horses, and bots. A virus is a computer program that has the ability to replicate or make copies of itself, and spread to other files. Also most computer viruses deliver a payload. The payload may be relatively benign, such as the display of a message or image, or it may be highly destructive – destroying files, reformatting the computer’s hard drive, or causing programs to run improperly.

A Trojan horse appears to be benign, but then does something other than expected. The Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code such as bots or rootkits to be introduced into a computer system. In the real world, a Trojan horse actually hides a program to steal your passwords and email them to another person.

1. 5.    Research the challenges associated with payments across international borders and prepare a brief presentation of your findings. Do most e-commerce companies conduct business internationally? How do they protect themselves from repudiation? How do exchange rates impact online purchases? What about shipping charges? Summarize by describing the difficulties between a U.S. customer and an international customer who each make a purchase from a U.S. e-commerce merchant.

Webmasters at many of the world’s largest companies say that up to half of all traffic to their .com domains originate from outside of theUS. As a result, it is vital that companies develop a “global gateway” strategy for seamlessly guiding users to their local content.

Payment. Always make sure your site can accept the preferred payment method of your target locale. For example, credit cards are not commonly used inGermany, where many customers prefer to pay by money order or debit card. For small businesses, PayPal promises to solve this problem with cross-national support for currencies such as the Euro, Canadian dollar, and Yen. [1]

Protect Payment from Repudiation, you can use well known third part payment system such as Paypal, credit card payment. So they have pay first before you offer them products or service. However one thing customer may worry about paying and get nothing.

Exchange rate, there is online conversion system that will handle the problems, usually you are supposed to pay in US dollars, then the payment system will deduct money from your account based on US rates first, and your payment system will convert it to local currency and charge it to your account.

When you type your credit card, password, is it secure to transfer them from browser to server. At least the data or the channel have to be encrypted so that no one can sniffing the sensitive data.

Also when using paypal, since they are transferring money using email address, I can just open a fake account and pay money and then repudiate. Or I can hack in other people’s account and do payment. One thing you may want to prepay before you can use the paypal system. Another way you may want to make the authentication more secure on the payment systems so it is less likely for other people to hack in.

[1] John Yunker. (2007). E commerce Across Borders. Ccaps news Letter

Eric Tse, Richmond Hill, Toronto
Tse and Tse Consulting -Security, Identity Access Management, Solution Architect, Consulting
http://tsetseconsulting.webs.com/index.html
http://tsetseconsulting.wordpress.com/
http://erictse2.blogspot.com/