INTEGRATION WITH ERP SYSTEMS

<< MAINTAINING STATE IN A STATELESS SYSTEM

FIREWALLS >>

E-COMMERCE IT430

Lesson 20

INTEGRATION WITH ERP SYSTEMS

Enterprise Resource Planning

Enterprise Resource Planning (ERP) is a concept that integrates all aspects of a business e.g, accounting,

logistics, manufacturing, marketing, planning, project management etc. at a single place. An ERP system

such as SAP is expensive. E-commerce sites/software has to fully integrate with ERP software, wherever it

is used.

Customer Relationship Management Software

Primary goal of customer relationship management is to understand each customer's needs and customize

the product/service to meet those needs. CRM software gathers data from customer's activities on the web

site of e-business. The software uses this data to help managers to conduct analytical study about their

business/marketing.

Supply Chain Management (SCM) Software

Supply chain involves all activities associated with flow and transformation of goods from raw material

stage to the finished stage and their supply to the end users. Supply chain management software helps

companies to coordinate planning and operations with their partners in industry. SCM planning software

helps companies develop demand forecasts using information from each player in supply chain. SCM

execution software helps with tasks such as the management of warehouses and transportation facilities.

Content Management Software

Companies have found it important to use the web to share corporate information among their employees,

customers, suppliers etc. Content Management Software helps companies control the large amounts of data,

pictures/graphics and other files that play a crucial role in conducting business. It also offers different ways

of accessing the corporate information which managers of a business might need for decision making.

Knowledge Management Software

Companies have started to find ways that help them manage the knowledge itself regardless of documentary

representation of that knowledge. Software that has been developed to meet this goal is called Knowledge

Management Software. It has features that allow it to read documents in electronic format, scanned paper

documents, e-mail messages etc. so as to extract knowledge.

E-commerce Software

Following are the names of some well-known e-commerce software:

Intershop Enfinity

IBM's WebSphere Commerce Professional Edition

Microsoft Commerce Server 2002

Agents

An agent is a software program that is capable of autonomous action in its environment in order to meet its

objectives. Agents can be used for comparisons, filtering, web crawling, auctions etc. For example, there

may be buyer agents and seller agents each with their goals and constraints. They can negotiate deals on

behalf of the users. Agents can monitor health indicators and alert the individuals under given conditions.

Security issues over the internet

Security is the biggest factor slowing down the growth of e-commerce worldwide. For instance, when you

enter your credit card no. in a text box, it is potentially exposed to millions of people on the internet and

E-COMMERCE IT430

can be misused. It is important to know following terms in connection with the security threats over the

internet.

Back doors and Trojan horses

Back Doors are those hostile programs which, when run on a machine, install hidden services in order to

give attackers remote access capabilities to a compromised machine. Trojan horses are those programs that

appear harmless but actually have some malicious purpose. For example, HAPPY99.EXE is a Trojan horse

that displays a firework and then sends copies of it to the e-mail addresses found on the system. The term

Trojan Horse has been borrowed from history. In history it has been used to refer to a huge wooden horse

where the whole Greek army was hidden during a war and the enemy was deceived because it could not

figure out that.

Viruses and worms

Viruses and Worms are malicious programs that can travel between computers as attachments on email or

independently over a network. These terms are sometimes used interchangeably; however, essentially they

are different. Worms spread from computer to computer, but unlike viruses have the capability to travel

without any help or human action. A worm can replicate itself which means that it can send copies of itself

to everyone listed in the email address box on a system. Viruses, on the other hand, need to be activated

through a human action. Another difference is that viruses modify existing programs on a computer unlike

worms which can install back doors or drop viruses on the system they visit. A few years ago a worm called

`Love Bug' was triggered by a 23 years old student in Philippine. Its code was written in VBScript, and it

traveled on the internet as an email attachment. It could send copies of itself upto 300 addresses found in

the email address box. It could destroy files on the system as well as search for any passwords and forward a

list of the same to the attacker. Within days it spread to 40 million computers in more than 20 countries

causing a financial loss of about $ 9 billion.

Virus protection

Install anti-virus software such as McAfee, Norton, Dr. Solomon, Symantec etc.

Downloading of plug-ins from the internet be avoided (plug-ins are those programs that work with the

browser to enhance its capabilities)

Downloading of plug-ins should be done from the vendor's official website

Newly obtained disks, programs or files should be scanned for viruses before use

Installation of a firewall may also reduce the risk of virus attack

Hackers

Hackers or crackers are those individuals who write programs or manipulate technologies to gain

unauthorized access to computers and networks.

Active contents, active X control

Active content is a term generally used to refer to programs that are embedded in web pages to cause

certain action. Malicious Active Content delivered through web pages can reveal credit card nos., user

names, passwords etc. and any other information stored in the cookie files on a system. Applets, JavaScript

and Active X Controls can be used to install hidden services to the hacker. You know that Applet is a

compiled Java program that runs on the client's machine when a particular web page request is made. Some

malicious content can be sent by the hacker embedded in the Applet. Through JavaScript attacks a hacker

can destroy the hard disk, disclose emails in the mailbox or get any sensitive information. JavaScript

programs can read list of URLs visited and seize information in the web forms. For example, if a user enters

a credit card no. in the form, JavaScript code can send a copy of it to the hacker. Moreover, malicious

content can be delivered through cookies using JavaScript that can reveal contents of files or destroy files.

Active X Controls are those objects which contain programs placed on web pages to perform particular

E-COMMERCE IT430

tasks. They can originate form many languages, C, Visual Basic etc. When downloaded they can run on

client machine like any other program. A hostile Active X Control can reformat a user's hard disk, send e-

mails to all people listed in the mailbox or even shut down computers.

Out side attacks on a network

Eavesdropping/ sniffing/snooping

In this type of attack the hacker has the ability to monitor network traffic using some kind of network-

monitoring software. For example, a hacker may install some backdoor or Trojan horse that can monitor

the key strokes of a user while typing and send the typed information to the hacker.

Password attacks

Such attacks are basically a result of eavesdropping through which the hacker is able to know the account

ID or password of a particular user. Then using it the hacker gains access to the network and gather

information such as user names, passwords, computer names, resources etc. That can lead to modification,

deletion or rerouting of network data.

IP address spoofing

You know that there are two IP addresses available on a data packet IP addresses of the sender and the

destination. The address of the destination only matters for routing. It is possible that a hacker (having

special capabilities) seizes the control of a router, changes the IP address of the source/sender on data

packets and thus forces the destination machine to send the information/web page to a different machine,

that is, the machine of the hacker. This is called IP address spoofing.

Man in the middle attacks

In it the attacker is able to monitor, capture and control data between sending and receiving machines. He

may apply IP address spoofing technique to divert the packets to its machine, then modify the packets and

resend the misleading information to the actual client. Another form of man-in-the-middle attack is where

the hacker is able to substitute the IP address of a genuine web site with the IP address of his own web site

due to some security hole in the software that runs on a domain name server. A client would think that he is

communicating or receiving the information form a genuine web site, though it would not be the case

actually.

Denial of services (DOS) attacks

In this type of attack, the attacker gains access to the network and then send invalid data to network

services or applications. These services or applications consequently become unable to perform their

normal tasks or functions. Hence, sending a flood of data to a particular service or computer can cause it to

overload or shutdown. This attack is specially used to take down websites on the internet, when repeated

requests for web pages are deliberately initiated so as to choke down a web server. In early 2000 this attack

was launched against some famous ecommerce web sites. Hackers arranged computers with special

software initiating thousands of http requests per second for specific web sites causing the web servers to

overload. Thus, these servers were made unable to fulfill the web page requests of the genuine users/clients.

In distributed denial of service attack, the compromised system itself is used as a source for further attacks.

The use of firewalls and a proper Intrusion Detection System (IDS) can minimize the risk of a DOS attack.

It is also important to establish a security policy for an e-business organization outlining as to which assets

have to be protected and how to be protected.

Table of Contents: