E-Commerce Strategies and Practices © 2005 Prosoft Learning Corporation All rights reserved
E-Commerce Strategies and Practices © 2005 Prosoft Learning Corporation All rights reserved Lesson 1: Electronic Commerce Foundations Objectives • Identify specific B2B and B2C issues in developing an e-commerce site • Compare the advantages and disadvantages of e-commerce and traditional sales methods • Identify business growth drivers and barriers • Distinguish between in-house and online instant storefront options for creating an ecommerce site Objectives (cont’d) • Evaluate the advantages and disadvantages of using third-party instant storefronts • Evaluate the advantages and disadvantages of using e-commerce storefront software • Choose an appropriate payment method Introduction to Web Commerce • Example e-commerce sites – Travelocity.com (www.travelocity.com) – Dell Inc. (www.dell.com) – Barnes & Noble (www.barnesandnoble.com) – Habitat for Humanity Gift Shop (www.habitatgiftshop.com) Impetus for Web Commerce • The Internet has more than: – 812 million Internet users – 66.3 million registered domain names – 300 million hosts • Many Web users are: – Increasingly global – Young – Well-educated – Upscale Electronic Commerce Defined • Capabilities that contribute to e-commerce: – Communication transport – Data management – Security Types of Electronic Commerce • Business-to-business (B2B) • Business-to-consumer (B2C) Microcommerce and Macrocommerce • Microcommerce – Purchases between $0.01 and $5 – Generally soft goods • Macrocommerce – Purchases over $5 – Generally hard goods Benefits of Electronic Commerce • Instant worldwide availability • Streamlined buyerto-seller relationship • Reduced paperwork • Reduced errors • Reduced time • Easier entry into new markets • New business opportunities • Improved market analysis • Wider access to assistance and advice • Improved product analysis • Ability to streamline and automate purchasing Drawbacks of Electronic Commerce • • • • • • • • • Intellectual property issues Confidentiality issues Taxation issues Customs and interstate boundaries Regulations Credit card fraud Security issues Trust issues Round-the-clock availability issues E-Commerce Solutions • In-house solution • Instant storefront – Online instant storefront – Offline/hybrid storefront Web Storefront Hardware and Software • Hardware – Internet connection – Web servers – Web clients for development and content management • Software – Web server software – Operating system – SSL certificates – Payment infrastructure – Database (DBMS) – Web page development software Ingredients of a Web Storefront • Seven essential ingredients for success: – Generating demand – Accepting orders – Fulfilling orders – Processing payments – Providing service and support – Ensuring security – Ensuring community Generating Orders • When developing the ordering infrastructure, remember the following guidelines: – Be consistent – Eliminate redundant information – Make ordering easy – Accept many substitutes – Include a bailout mechanism Processing Payments • Three models for electronic payment: – Cash model – Check model – Credit model Offering Service and Support • • • • Automatic callback Click-to-dial Chat Co-browsing The Virtual Enterprise • Temporary partnership – Independent companies – Individuals • Parties generally share: – Costs – Skills – Knowledge • Often built around a specific venture or goal • Technologies that support a virtual enterprise include: – VPNs – Teleconferencing – Web servers – Application servers – Database servers – Telephony Site Implementation • Phased approach 1. Information-only Web site 2. Limited transactions 3. Full transactions 4. Legacy system integration E-Commerce Guidelines • Know your customer and use the information you have • Know whether you want to outsource or use in-house experts • Evolve • Be flexible • Create a business framework • Anticipate hurdles Summary • Identify specific B2B and B2C issues in developing an e-commerce site • Compare the advantages and disadvantages of ecommerce and traditional sales methods • Identify business growth drivers and barriers • Distinguish between in-house and online instant storefront options for creating an e-commerce site • Evaluate the advantages and disadvantages of using third-party instant storefronts • Evaluate the advantages and disadvantages of using ecommerce storefront software • Choose an appropriate payment method Lesson 2: Law and the Internet Objectives • Establish and protect a brand • Identify legal and governmental aspects of ecommerce • Identify and protect intellectual property • Identify e-commerce taxation issues • Avoid questionable practices • Identify international trade laws Introduction to Internet Legal Issues • Intellectual property rights – Brand ownership – Trademarks – Copyrights – Patents • Crossing international boundaries – Jurisdiction • Business ethics Electronic Publishing • • • • Sending copyrighted material to others Newsgroups and message boards Artistic representations Defamatory information Intellectual Property Issues • Industrial property – Industrial designs – Inventions – Trademarks and service marks – International protection • Copyrighted material – Literary works – Musical works – Artistic works – Photographic works – Audiovisual works – Software Areas of Liability • Copyright, trademark and patent issues – Copyright term is described as follows: • Private authors – 70 years after author’s death • Corporate authors – 95 years after first publication or 120 years after creation (whichever is shorter) • Privacy and confidentiality issues • Jurisdictional issues Copyright, Trademark and Patent Issues • United States copyright – Authors have exclusive rights to their own work for a limited time – Authors may transfer rights to their work • Trademarks – “Any word, name, symbol or device, or any combination thereof, adopted and used by a manufacturer or merchant to identify his goods and distinguish them from those manufactured or sold by others" • Patents – Protect inventions Privacy and Confidentiality • Easy access to public information • Marketing and databases • Misuse of sensitive information Jurisdiction and Electronic Publishing • Laws are territorial • Cases have established jurisdictional precedent: – State of Minnesota vs. Granite Gate Resorts • Methods for protecting a site against suits from other states: – Do not advertise that products are available nationwide if some jurisdictions could be expected to consider them illegal – Keep "interactivity" to a minimum Internet Taxation • Internet Tax Freedom Act (ITFA) – Moratorium extended until 2006 • Bit tax • International tax • Customs • Tariffs Protecting a Brand • Threats to a brand include: – Counterfeiting – Unauthorized use of logos – Domain name parodies – Misinformation – Rumors – Impostors Ethical Business Practices • Questionable practices include: – Selling customer information without permission – Spamming – Spyware Summary • Establish and protect a brand • Identify legal and governmental aspects of ecommerce • Identify and protect intellectual property • Identify e-commerce taxation issues • Avoid questionable practices • Identify international trade laws Lesson 3: Web Marketing Goals Objectives • Identify specific B2B and B2C issues in developing an e-commerce site • Compare features of competitor e-commerce sites • Compare the advantages and disadvantages of e-commerce and traditional sales methods • Identify business growth drivers and barriers • Identify e-commerce marketing goals • Determine global versus target (niche) product appeal Objectives (cont'd) • Identify user interests specific to a target (niche) market • Evaluate Internet demographics and their relevance • Use surveys to determine customer preferences • Evaluate product-pricing ranges and price changes • Evaluate product distribution factors and methods • Promote and advertise an e-commerce site Web Marketing Benefits • • • • • • • Personal selection Online communities Directed or opt-in e-mail One-to-one service Immediate purchasing Global reach Targeted reach Successful Web Marketing • Dell – B2C – B2B • Cisco – B2B • Amazon – B2C Marketing Goals • What is the business trying to accomplish? – Improve customer service and satisfaction – Gain access to different markets – Sell new products – Automate our business process to reduce costs Web Marketing Strategies • Web marketing strategies can include: – Web site design – Online promotion campaigns – Targeted marketing programs – Search engine placement methods – Traditional promotion campaigns Goals Strategies Tactics Growth Drivers and Barriers • Drivers – Access – Around-the-clock service – Standardized data interchange formats – Increasing bandwidth – Enabling technology – Cost – Ease of access – Critical mass – Physical location – Diversification of offerings – Centralization • Barriers – Fragmented data and data formats – Fear of change – Large segmentation – Rapid change – Increased competition – Physical location – Saturation – Cost – Restrictions – Distribution Selecting and Positioning Your Product • • • • Hard goods versus soft goods Product pricing Global versus niche market Product distribution and availability Identifying Your Target Market Demographics Psychographics Focus groups Surveys Summary • Identify specific B2B and B2C issues in developing an e-commerce site • Compare features of competitor e-commerce sites • Compare the advantages and disadvantages of e-commerce and traditional sales methods • Identify business growth drivers and barriers • Identify e-commerce marketing goals • Determine global versus target (niche) product appeal Summary (cont'd) • Identify user interests specific to a target (niche) market • Evaluate Internet demographics and their relevance • Use surveys to determine customer preferences • Evaluate product-pricing ranges and price changes • Evaluate product distribution factors and methods • Promote and advertise an e-commerce site Lesson 4: Online Product Promotion Objectives • Identify specific B2B and B2C issues in developing an e-commerce site • Establish and protect a brand • Identify the relevance of blogging to e-commerce • Avoid questionable practices • Obtain browser and operating-system use patterns • Implement banner exchange networks and referrer programs • Promote and advertise an e-commerce site • Implement on-line marketing strategies Online Promotion Overview • Types of online promotion – Banner ads – Banner exchange – Referrer sites – Blogs and blogads – Pop-up and related ads – Search engine placement – Spam e-mail – Targeted e-mail – Opt-in e-mail E-Commerce Site Categories • Publisher site – Primary goal is selling advertising – Rates can be based on: • Frequency with which ad is displayed • Clickthrough • Marketer site – Advertises on a publisher site – Clickthrough destination – Sells products and/or services Banner Ads • • • • • Banner ad vocabulary Effective banner ads Banner ad sizes Choosing banner ad space Finding ad space Banner Sizes Full banner Full banner with vertical navigation Half banner Vertical banner Square button Button 1 Button 2 micro Banner Ad Positioning Why might this be the most effective position? Banner Exchange Networks • Sites display banners for complementary sites • Can be win-win situation • Banner exchange programs Referrer Programs • Referrer sites or programs direct traffic in one direction • One site pays another site for the traffic it sends Blogs and Blogads • Web journals or Web logs • High traffic segment • Mainstream advertisers beginning to embrace Pop-Up and Related Ads • Pop-up ad types – Pop-up: appears over current browser windows – Pop-under: appears under active browser window and is not seen until covering window is closed – Interstitial: appears as full window between current and target pages – Superstitial: preloads into browser cache; does not appear until fully cached Search Engine Placement • Search engines – Uses a spider to find Web sites • Directories – Requires manual submission of Web site <Meta> Tags and Search Engines • Keywords – <META NAME="KEYWORDS" CONTENT="keyword1, keyword2, keyword3"> • Description – <META NAME="DESCRIPTION" CONTENT="This site provides recipes."> • Robots – <META NAME="ROBOTS" CONTENT="NOINDEX"> Relevance • Search results are ranked according to relevance to the given search criteria – HTML <title> tag – Query word(s) near top of document – Frequency of query word(s) E-Mail and Marketing • Types of e-mail marketing – Spam e-mail – Targeted e-mail – Opt-in e-mail • E-mail filter concerns – Source (From:) address – Size of To: address list – Keywords in message topic – Keyword in message body Ad Performance Evaluation • Tracking and payment – Pay-per-click: advertiser pays a set amount for each clickthrough – Pay-per-lead: advertiser pays for each sales lead generated – Pay-per-sale: advertiser pays for each sale resulting from a clickthrough – Pay-per-view: advertiser pays for users viewing the banner Offline Product Promotion • Types of offline promotion include: – Radio – TV – Print – Promotional giveaways • Offline promotion is often cost-prohibitive Ad Campaign Implementation • Marketing considerations must include: – Advertising budget – Type of campaign(s) – Online, offline or both – Tracking campaign effectiveness • Online business hub • Incentives Summary • Identify specific B2B and B2C issues in developing an e-commerce site • Establish and protect a brand • Identify the relevance of blogging to e-commerce • Establish and protect a brand • Avoid questionable practices • Obtain browser and operating-system use patterns • Implement banner exchange networks and referrer programs • Promote and advertise an e-commerce site • Implement on-line marketing strategies Lesson 5: Site Usability Objectives • Create an e-commerce site plan • Analyze audience usability principles and apply them to a Web site • Analyze the results of usability tests and implement changes • Apply screen-flow principles to Web pages • Evaluate click patterns and implement changes • Obtain browser and operating-system use patterns Overview of Usability Issues 1. 2. 3. 4. Visit the site Locate a product or service Learn product information Purchase the product or service Usability Testing • Knowing your customers • Understanding the context • Usability testing methods – Paper-based walkthroughs – Personas and role playing – Live usability testing – Field testing – Click patterns Designing the Site Hierarchy Landing Page Home Page Product Catalog Category Category Category Page Page Page Product Product Page Page Shopping Log on/ Cart Register Shipping/ Payment Confirm Order Thank You Log on Customer Content Service Pages Landing Point Home Page Logon Page Product Selection Loop • Primary categories • Secondary categories • Special categories • Product list • Product details Shopping Cart and Checkout Process • Implementing the checkout process: – Provide information about shipping options and costs – Registration should be optional – Provide payment options with instructions for how to complete the transaction using each option – Provide contact information – Provide a bailout mechanism – Save the cart between sessions Content Area Page Layout Design Guidelines • Include major navigation buttons on each screen • Put the most important information in the upper-left of the screen • Remember that users might not scroll • Use white space effectively; avoid “busy” text • Make sure each page conveys your marketing message • Make sure each page includes the company branding Summary • Create an e-commerce site plan • Analyze audience usability principles and apply them to a Web site • Analyze the results of usability tests and implement changes • Apply screen-flow principles to Web pages • Evaluate click patterns and implement changes • Obtain browser and operating-system use patterns Lesson 6: Customer Relationship Management (CRM) and E-Services Objectives • Define the function of a knowledge base • Use appropriate procedures to reduce costs of e-commerce sites • Use surveys to determine customer preferences • Create a customer service plan • Use FAQ and e-mail to improve customer service • Apply synchronous and asynchronous customer service methods Managing the Customer • CRM and customer service work together to establish and build a loyal customer base – CRM deals with the customer base as an entity and as a business resource – Customer service deals with each customer as an individual • Online customers demand good customer service Customer Relationship Management • Improving value to existing customers – Downloadable product documentation – Alerts and product reports – Upgrade and revision announcements – "How to" information Generating Repeat Business • Customer satisfaction can be negatively influenced by the following factors: – Difficulty in finding the desired item – Out-of-stock or otherwise temporarily unavailable item – Long delivery time for item – Item damaged in transit – Wrong item shipped – Billing errors – Difficult return procedure for item Data Mining • Identifying opportunities to cross-sell related items • Identifying opportunities to up-sell higher valued items • Identifying relationships between customer demographics and item sales Establishing New Customers • Locate and identify potential customers • Identify ways to address potential customers • Understand customer needs CRM Initiatives Analyze customer data to develop a marketing strategy Customer Service Concepts • Poor customer service can be the downfall of any e-commerce business • E-service can save the customer and the business money • E-service can help to feed and to drive CRM activities Customer Service Tools and Methodology • Synchronous customer service methods – Chat – Telephone (callback) – Voice chat (computer telephony) – Co-browsing/remote control • Asynchronous customer service methods – E-mail – Web forms – User forums Self-Service Customer Service Methods • • • • • Client accounts and profiles FAQ Knowledge base Help Online communities E-Service Action Plan • Service plan development – Know your customer – Know your product – Know your vendors – Know your options – Know your requirements • Ongoing customer service management – Customer service feedback – Surveys Sample Survey Customer Service By Doing Your Job • Respond immediately • Send “thank you” e-mail as immediate feedback after a sale • Send an immediate response to synchronous or asynchronous support contacts • Provide user with tools and information • Protect user's personal information • Post privacy policy Integrating CRM and Customer Service • Quality customer service helps to drive CRM through: – Increased repeat sales to existing customers – Referrals to new customers – Better matching of customers to products and services – Improved data collection activities – Improved and enhanced data analysis Summary • Define the function of a knowledge base • Use appropriate procedures to reduce costs of e-commerce sites • Use surveys to determine customer preferences • Create a customer service plan • Use FAQ and e-mail to improve customer service • Apply synchronous and asynchronous customer service methods Lesson 7: Business-to-Business Frameworks Objectives • Identify specific B2B and B2C issues in developing an e-commerce site • Identify the role of EDI in business • Define OBI • Define the OTP • Define the concept of a supply chain • Identify procurement models (includes vertical and horizontal marketing systems) Objectives (cont'd) • Identify security issues for e-commerce sites • Compare the advantages and disadvantages of e-commerce and traditional sales methods • Identify e-commerce marketing goals • Use appropriate procedures to reduce costs of e-commerce sites • Implement monetary conversion E-Commerce Fundamentals • B2C model – General consumer sites • B2B model – Sites that are structured to meet the requirements of businesses B2C Models • Portals – Internet access portals such as Yahoo! or AOL • E-retailers – Companies selling goods or services • Service provider – Specialized subset of e-retailers focusing on services only • Content providers – Companies that provide information – Supported through either subscriptions or ad space sales Business-to-Business (B2B) • B2B technologies have grown up around business needs, such as: – Automated transactions – Reliable ordering and tracking methods – Reliable delivery dates and times – Secure transfers and transaction activities B2B Market Models • E-distributors – Provide products or services directly to individual businesses • E-procurement – Help organize the procurement process – Provide access to digital market segments • Exchanges – Also known as industry exchanges, B2B hubs or B2B portals – Bring together multiple sellers • Industry consortia – Industry-owned and industry-operated vertical markets Market Definitions • Vertical and horizontal markets – Vertical market: unites multiple manufacturers in the same industry – Horizontal market: a product or service is sold to companies in different industries • Direct and indirect goods • Private and public markets Business Concepts • • • • Supply chain Procurement Inventory and order control Shipping Supply Chain Management Supply Chain Industry Consortium Procurement • Automated procurements requires fewer manual steps • Organizations that support automated procurement: – SAP – Ariba – DAVACO Sourcing – Verian Technologies Inventory and Order Control • Order control encompasses: – Placing orders – Tracking orders – Receiving orders • Inventory management issues: – Keep sufficient, not excessive, inventory on hand – Generate accurate, timely orders – Track order status and delivery information – JIT delivery (items delivered as needed) – Update inventory to reflect shipped and received items Shipping • Shipping time, expense and method (land, sea or air) is determined by: – Source and destination location – Number of items shipped – Type of items shipped – Package weight and size – Special requirements such as hazardous materials Internet Marketplaces Exchanges E-distributors E-procurement E-consortia Tools and Technologies • • • • Electronic Data Interchange (EDI) Open Buying on the Internet (OBI) Open Trading Protocol (OTP) Web services Electronic Data Interchange (EDI) • Goals – Enable easy and inexpensive communication of structured information throughout the lifetime of an electronic transaction – Reduce the amount of data capture and number of transcriptions – Improve processes by reducing errors, delays, and expenses related to incorrectly formatted or unformatted data – Ensure faster handling of transactions to increase cash flow Strong EDI Candidates • Handle many repetitive standard transactions • Operate on a tight margin • Face strong competition, requiring significant productivity improvements • Operate in a time-sensitive environment • Have received requests from partner companies to convert to EDI. EDI Concepts EDI and XML • EDI message ISA~00~ ~00~ ~ZZ~YOUR COMM-ID ~14~SLKP COMM-ID ~000227~1053~U~00401~000000012~0~P~> GS~IN~YOUR COMM-ID~SLKP COMMID~20000227~1053~3~X~004010 ST~810~0001 BIG~19991118~001001~19990926~11441~~~DR N1~RE~REMIT COMPANY, INC~92~002377703 N3~P.O. BOX 111 N4~ANYTOWN~NC~27106 N1~ST~SARA LEE FOOTWEAR N3~SHIPPING STREET N4~OUR TOWN~PA~17855 N1~BT~SARA LEE FOOTWEAR~92~10 N3~470 W. HANES MILL RD N4~WINSTON SALEM~NC~27105 ITD~05~3~~~~~60 DTM~011~19991118 IT1~0001~1470~YD~2~~BP~BUYERPART PID~F~~~~Square Rubber Hose TDS~294000 ISS~1470~YD CTT~1~1470 SE~19~0001 GE~1~3 IEA~1~000000012 • XML message <PURCHASEORDER> <poID>000271053</poID> <VENDORINFO> <VENDORADDRESS>P.O. Box 111</VENDORADDRESS> <VENDORID>BIG Company 20000227</VENDORID> </VENDORINFO> <PAYMENTTERMS>Net 60</PAYMENTTERMS> <PRODUCTS> <PRODUCTINFO> <PRODUCTNAME>Sara Lee Footware</PRODUCTNAME> <PRODUCTDESC>Walking shoes</PRODUCTDESC> <PRODUCTID>92</PRODUCTID> <PRODUCTSIZE>10</PRODUCTSIZE> </PRODUCTINFO> <PRODUCTS> </PURCHASEORDER> EDI and Security • Secure/Multipurpose Internet Mail Extensions (S/MIME) • Virtual Private Network (VPN) EDI Applications • When investigating an EDI application, consider: – What are the hardware and software platform requirements? – Does it provide support for the EDI standards you need? – Can it be expanded to support additional standards? – How fast can it process transactions? Open Buying on the Internet (OBI) • OBI transaction involves: – Requisitioner – Buying organization – Selling organization – Payment authority Purpose Technology Content display HTTP and W3C HTML Order request X12 850 EDI Standards Order transmission HTTP 1.0 Transmission security SSL Cryptography SSL Public-key certificates X.509 version 3 Open Trading Protocol (OTP) Key features: – Provides trading protocol options to control how the trade occurs – Provides a record of a trade – Supports real and virtual delivery of goods and services – Supports encrypted communication using IPsec or TLS Web Services • A Web-based server application • Developers calling a Web service need to know: – The data the Web service is expecting – The expected format – The data returned by the Web service • Data sent to and received from a Web service is formatted as XML • Located using Universal Description, Discovery and Integration (UDDI) Summary • Identify specific B2B and B2C issues in developing an e-commerce site • Identify the role of EDI in business • Define OBI • Define the OTP • Define the concept of a supply chain. • Identify procurement models (includes vertical and horizontal marketing systems) Summary (cont'd) • Identify security issues for e-commerce sites • Compare the advantages and disadvantages of e-commerce and traditional sales methods • Identify e-commerce marketing goals • Use appropriate procedures to reduce costs of e-commerce sites • Implement monetary conversion Lesson 8: E-Commerce Site Creation Packages — Outsourcing Objectives • Distinguish between in-house and online instant storefront options for creating an ecommerce site • Evaluate the advantages and disadvantages of using third-party instant storefronts • Evaluate the advantages and disadvantages of using e-commerce storefront software • Identify outsourcing options for creating ecommerce sites • Choose e-commerce site development software based on cost, ease of use, and standards compliance Objectives (cont'd) • Manage the site deployment process (includes hardware, software, bandwidth, in-house hosting, outsourcing) • Create a storefront and identify the reasons for its success • Create and manage an online product catalog (includes adding new product images, customizing a product catalog to reflect business and organizational changes) Outsourcing Site Creation Packages • Online instant storefront • Mid-level offline instant storefront • High-level offline instant storefront Choosing an E-Commerce Site Creation Package • Considerations: – Budget – Product information – Anticipated sales and pricing structure – Required and desired features – Site creation and management – Site hosting requirements – Payment authorization Budget • Costs divided into four categories: – Initial outlay – Monthly recurring charges – Per-product fees – Per-transaction and percentage of transaction fees Product Information • Consider these factors: – Number of different products – Product categories – Availability of products – Product information – Hard goods or soft goods Expected Sales and Pricing Structure • Examples of pricing structures – The same price for all customers – Discount pricing for certain customers – Discount pricing for bulk purchases – Wholesale pricing for B2B sales – Auctions Required and Desired Features • Some features you might consider: – Search engine and community listings – Personalization capabilities – User-interface customization capabilities – Customer relationship management features – Security features – Cross-selling and up-selling capabilities – E-mail confirmation and order tracking – Inventory tracking and reminders Site Creation and Management • • • • Templates Interface with site development software Interface for managing inventory Online management or offline management Site Hosting Requirements • Ensure that the host can support the database and e-commerce package you choose: – Web server operating system (Windows, Linux, others) – Web server application (IIS, Apache, others) – Supported databases and add-ons – Disk space • Choose a hosted solution – No hardware/software requirements The Online Instant Storefront Online Outsourcing Solutions • Independent storefronts • Portal or community storefronts Outsourcing — The Mid-Level Offline Instant Storefront Outsourcing — The High-Level Offline Instant Storefront Auctions • List on eBay or existing auction site • Create your own auction site Summary • Distinguish between in-house and online instant storefront options for creating an ecommerce site • Evaluate the advantages and disadvantages of using third-party instant storefronts • Evaluate the advantages and disadvantages of using e-commerce storefront software • Identify outsourcing options for creating ecommerce sites • Choose e-commerce site development software based on cost, ease of use, and standards compliance Summary (cont'd) • Manage the site deployment process (includes hardware, software, bandwidth, in-house hosting, outsourcing) • Create a storefront and identify the reasons for its success • Create and manage an online product catalog (includes adding new product images, customizing a product catalog to reflect business and organizational changes) Lesson 9 E-Commerce Site Creation Software Objectives • Choose e-commerce site development software based on cost, ease of use, and standards compliance • Install e-commerce site development software for B2B and B2C sites • Evaluate the advantages and disadvantages of open-source and proprietary Web servers • Manage the site deployment process • Bind multiple IP addresses to a server • Configure DNS appropriately for an ecommerce site Web Server Overview • HTML and XHTML • HTTP • Listens on port 80 (HTTP) and 443 (HTTPS) by default • Common extensions: – CGI – ColdFusion – ASP – ASP.NET – ISAPI • Deploy both client-side and server-side scripting Choosing Web Server Software • Considerations: – Supported extensions – Security features – Scalability and performance – Reliability and recoverability – Technical support infrastructure Microsoft Internet Information Services (IIS) • Windows Server 2003 security structure • Familiar interface • Built-in support for Microsoft technologies – Active Server Pages – ASP.NET applications – FrontPage Server extensions – WebDAV IIS Features • Certificates and SSL support • Application support • Integrated services and products – FTP – NNTP – SMTP • Server options – Microsoft SQL Server – Microsoft Exchange Server – Commerce Server 2002 • Virtual directories and virtual servers • IIS and industry support • Improved reliability Preparation for IIS 6.0 • • • • Sizing the Web server Securing the Web server Identifying necessary services and extensions Name resolution Sizing the Web Server • What is the available bandwidth of the server's connection to the Internet? • How many requests per minute during peak periods? • What other processing requirements will the server have? • Are there communication requirements with other servers? • How will the server be managed? • How will the content be kept up-to-date? Securing the Web Server • To secure a Web server: – Format all volumes using NTFS – Disable unnecessary services – Close unnecessary ports – Rename the administrator account – Make sure to use strong passwords for accounts with administrative permission Identifying Necessary Services and Extensions • Default components installed – Common files – Internet Information Services Manager – SMTP – World Wide Web Service • Other components – ASP.NET – Active Server Pages – FrontPage Server extensions – Internet Data Connector – Server-Side Includes Name Resolution • Registered name will be resolved by name servers on the Internet • Implement your own DNS server for internal name resolution or subdomains • Subdomain examples: – us.habitatgiftshop.com – mexico.habitatgiftshop.com – canada.habitatgiftshop.com IIS 6.0 Installation • Ways to install IIS – Add the Application server role – Use Add Or Remove Programs Application Server Role Using Add Or Remove Programs Enabling Extensions Using IIS Manager IIS 6.0 Configuration • User accounts – IUSR_computername – IWAM_computername – ASPNET • Virtual servers • Virtual directories • Default documents User Accounts Additional Web Sites • Each Web site hosted on a Web server is identified by: – An IP address – A TCP port – A host header value Web Sites and DNS Record Type Host Name Host Header IP Address A (host) WebSrv (None) 12.42.192.73 CNAME (alias) us us.habitatgiftshop.com 12.42.192.73 CNAME (alias) mexico mexico.habitatgiftshop.com 12.42.192.73 CNAME (alias) canada canada.habitatgiftshop.com 12.42.192.73 Creating a New Web Site Creating a Virtual Directory Default Documents and Directory Browsing • When a server receives a request for a URL that refers to a directory, it may: – Return a default document present in that directory – Generate an error and refuse the request – Return a formatted directory listing to the browser Default Document Directory Browsing Sun Java System Web Server • Runs on the following operating systems: – Sun Solaris 9 – Sun Solaris 8 – Trusted Solaris 8 – Red Hat Enterprise Linux AS 2.1 and ES/AS 3 – Hewlett-Packard HP-UX 11i – IBM AIX 5.1 and 5.2 – Windows 2000 Server – Windows XP – Windows Server 2003 Open-Source Solutions • LAMP-based solutions – Linux – Apache – MySQL – PHP or Perl Apache Web Server • Server configuration • Virtual hosts • Default document Apache Server Configuration Binding Multiple IP Addresses Apache Virtual Hosts Apache Default Document Sizing Your Hardware • Processor and memory – Operating system – Web server software – Other services and software – Simultaneous connections you must support • Disk space – HTML pages/graphics – Operating system – Web server software – Other software – Product catalog – Order and customer database (if stored on the Web server) Web Server Scalability • Scaling up – Add processors to the Web server – Known as Web garden • Scaling out – Add Web servers – Known as Web farm Summary • Choose e-commerce site development software based on cost, ease of use, and standards compliance • Install e-commerce site development software for B2B and B2C sites • Evaluate the advantages and disadvantages of open-source and proprietary Web servers • Manage the site deployment process • Bind multiple IP addresses to a server • Configure DNS appropriately for an ecommerce site Lesson 10: Site Development Software Implementation Objectives • Create an e-commerce site plan • Evaluate the advantages and disadvantages of using e-commerce storefront software • Choose e-commerce site development software based on cost, ease of use, and standards compliance • Install e-commerce site development software for B2B and B2C sites • Manage the site deployment process • Identify common database planning and configuration steps Commerce Site Development Overview • Site development considerations – Site usability – Site performance – Localization – Traffic rates and bandwidth use – Scalability options Site Development Software • • • • • • • • • Platform requirements Cost and product licensing Ease of use Support software Support software requirements Web server Database server Middleware and content applications Commerce development tools Database Servers Sample table Last Name First Name Employee ID Status Doe John NC1440 Exempt Cho Mary ST1002 Non-exempt Peterson Paul ST0043 Exempt Thomas Ed NC2011 Non-exempt Flat-File Databases • Data stored in files – Tab delimited – Comma-separated values (CSV) • Disadvantages – Repetitious data storage – Wasted space – Restricted performance – Lack of standards Relational Database Management System (RDBMS) • Common features – Data definition – Data relationships – Data access – Management utilities – Access control – Database language – Defined procedures – Server access control Database Languages • A database language lets you: – Create the tables and the relationships between them (DDL statements) – Access, insert and modify table data (DML statements) – Create sets of executable statements • Common languages – SQL – XPath • Used with XML • Does not support DDL statements • Supports limited DML statements Database Products • Key expectations – Performance – Reliability – Security • Remote access APIs – ODBC – DB-LIB – OLE DB – ODS • Products – Microsoft SQL Server – Oracle 10g – MySQL – Apache Xindice Microsoft SQL Server 2000 Features • Key features: – Ease of installation and use – Self-tuning performance parameters – Scalability to support multiple processors and across multiple servers – Replication support for distributed data applications – Integration with e-mail, XML data support, and other Internet technologies Commerce Site Development • Commerce Server selection – Target audience/application – Web site design tools and language compatibility – Available Web components – Automated transaction processing – Workflow design and automation – Prerequisites – Analysis capabilities – Security modules Commerce Site Development Tools • • • • • • Dreamweaver MX IBM WebSphere Sun ONE Integration Server NetSuite osCommerce Commerce Server 2002 Dreamweaver MX 2004 • ColdFusion Studio • ASP.NET • JSP • PHP • HTML • XHTML IBM Web Sphere Suite • Operating systems – Windows – Solaris – OS390 • Web servers – IBM – Netscape – Lotus Domino • Databases – DB2 – Oracle8 (and later) Sun ONE Integration Server NetSuite • Hosted solution • Targets midlevel and enterprise • Extensible – NetCRM – NetERP osCommerce • Open Source – Optimized for Apache – PHP scripting – MySQL Commerce Server 2002 • Windows 2000 or Windows Server 2003 • Integrates with – SQL Server – BizTalk Managing Commerce Server 2003 • Business Desk (BizDesk) – Creates online catalogs – Manages user accounts – Analyzes applications – Manages campaigns and profiles • Commerce Server Manager – Administers multiple site resources and properties • Pipeline Editor – Defines business processes and sequences requirements Summary • Create an e-commerce site plan • Evaluate the advantages and disadvantages of using e-commerce storefront software • Choose e-commerce site development software based on cost, ease of use, and standards compliance • Install e-commerce site development software for B2B and B2C sites • Manage the site deployment process • Identify common database planning and configuration steps Lesson 11: E-Commerce Site Development Using Commerce Server Objectives • Evaluate the advantages and disadvantages of using e-commerce storefront software • Install e-commerce site development software for B2B and B2C sites • Create a storefront and identify the reasons for its success • Manage the site deployment process • Configure DNS appropriately for an ecommerce site • Use appropriate procedures to reduce costs of e-commerce sites Building Commerce Server Solutions • Site design process – Identifying functionality requirements – Designing implementation details • Commerce Server solutions – Development modules – Development language choices – Solution Sites – Project files • Solution Sites Identifying Functionality Requirements • Administrative requirements – Remote administration • Technical requirements – Database server access – Integration with third-party servers and applications – Integration with operating system features • Functional requirements – Product ordering – Payment – Inventory control Designing Implementation Details • Are there minimum or maximum quantities that must be enforced? • When and how are inventory levels checked to see whether the product is available? • Do inventory levels update when the order is placed for when items ship? • Are shopping-cart totals updated immediately? Tax and shipping costs? • How can users remove the item from the shopping cart? Commerce Server Development Modules • Product Catalog System – Catalog and product category structure • Profiling System – User registration and tracking • Business Process Pipelines System – Custom business processes • Targeting System – Automated personalization • Business Analytics System – Data analysis and reporting Visual Studio .NET Project Files Unpacking a Solution Site • You will be prompted for: – Site name – IIS Web site – SQL Server connection information – Data warehouse database information – Profiling system files Commerce Site Management • Minimizing operation costs • System management tools – Remote execution – Remote access – Remote desktop • Communication tools and technology – Computer telephony – Scheduling – Instant messaging – Remote conferencing Commerce Server Administration • Tools – Commerce Server Manager – Commerce Site Packager – Data Warehouse Configurator – Data Warehouse Import Wizard – Pipeline Editor Commerce Server Manager Commerce Site Packager Data Warehouse Configurator Pipeline Editor Business Desk (BizDesk) Solution Site Customization • Site development • Customization requirements • Customizing the user experience Summary • Evaluate the advantages and disadvantages of using e-commerce storefront software • Install e-commerce site development software for B2B and B2C sites • Create a storefront and identify the reasons for its success • Manage the site deployment process • Configure DNS appropriately for an ecommerce site • Use appropriate procedures to reduce costs of e-commerce sites Lesson 12: Creating an Online Catalog Objectives • Create and manage an online product catalog • Identify common database planning and configuration steps • Connect Web pages to a database • Identify specific B2B and B2C issues in developing an e-commerce site • Create a storefront and identify the reasons for its success Catalog Design • Identify business objectives • Categorize products • Determine which information to store Simple Product Category Hierarchy Dogs Cats Food Toys Treats Food Plush Chew Balls String Toys Catnip Treats Balls Many-to-Many Relationship Product in Multiple Categories Dogs Cats Food Toys Treats Food Plush Chew Balls String Squoosh Ball Bouncy Ball Toys Catnip Treats Balls Primary and Secondary Categories Reptiles Primary categories Food Habitats Live Crickets Secondary categories Snakes Geckos Monitors Commerce Server 2002 Catalog Definitions • A catalog definition consists of: – Property definitions – Product definitions – Category definitions Property Definitions Supporting Multiple Languages • Multilingual Text – Used to hold short textual information • Multilingual Long Text – Used to hold long textual information • Multilingual Multiple Choice – Used when there is a choice between two or more items • Multilingual File Name – Used when a different file must be referenced for each language Product Definitions Category Definitions Building a Base Catalog • Creating the base catalog – Import an XML file – Import a CSV file – New Base Catalog dialog box • Designing the category hierarchy • Defining category relationships • Adding products and product variants New Base Catalog Dialog Box Designing the Category Hierarchy Breadcrumbs Defining Category Relationships Related Category Adding Products and Product Variants Product Properties Product Variants Product Categories Product Relationships Virtual Catalogs • Virtual catalogs can be used to: – Make multiple base catalogs appear as one catalog to the user – Support product pricing in multiple currencies – Implement pricing rules that apply to a subset of customers Creating a Virtual Catalog Limiting Catalogs, Categories and Products Defining Pricing Rules • Pricing rules can be defined based on the following: – Set price – Add amount – Add percentage – Discount amount – Discount percentage Modifying Product Categories and Relationships Using Commerce Server to Support B2B Commerce • Catalog sets – Default catalog sets: • Anonymous User Default CatalogSet • Registered User Default CatalogSet • User account overview Catalog Sets User Account Overview User Profile Summary • Create and manage an online product catalog • Identify common database planning and configuration steps • Connect Web pages to a database • Identify specific B2B and B2C issues in developing an e-commerce site • Create a storefront and identify the reasons for its success Lesson 13: Inventory Control and Order Processing Objectives • Set product inventory quantities in a database • Enter and manage product-shipping data in a database • Implement an online catalog to provide inventory status to customers • Create Web pages that display order and shipping status for customers • Implement e-mail notification for customer orders • Identify common database planning and configuration steps • Connect Web pages to a database Inventory Management • For most sites, the commerce server is only one link in an inventory management chain that could include: – Inventory tracking – Online catalog – Purchasing system – Customer order system – Accounting server Inventory Tracking • Information stored in an inventory database – Item name and description – Unique part number or SKU – Identifying information – Quantity on hand – Quantity on order – Vendor – Alternative vendor – Item cost – One or more selling prices Online Catalog Database Tables Purchasing System • Determine the items to be ordered and order quantities • Determine the vendor from which the items are ordered • Generate and transmit the purchase order • Update on-order quantities • Receive the order and update inventory quantities • Generate a payment for the order Customer Order System Inventory Systems Inventory Requirements • Three automation options: – Buy a ready-to-run inventory application – Buy an inventory application and modify it to your specific requirements – Build your own inventory application Inventory Applications • More advanced inventory applications will include additional functionality: – Sales analysis and stocking level calculations – Automated PO generation – Automated order receipt – Direct integration with accounting applications – Direct integration with commerce applications Sample Inventory Table Comparing Inventory Applications • Application must meet: – Inventory management requirements – Operating system requirements – Hardware requirements – Prerequisite application • What other applications are required? • Is a specific RDBMS server required? Commerce Inventory Management • Key questions: – How do you track inventory and what information do you need to track? – How do you order new inventory? – How do you manage stocking levels? – How are customer orders processed? Inventory Application Interfaces Steps for Retrieving Data • Connect to the database server • Pass the SQL command for execution • Retrieve results Designing Order Systems • • • • • Business process Order process Order verification Order management Order system requirements Commerce Server 2002 Order Management Order System Implementation • • • • Shopping carts Automated transactions Open orders Completed orders Shopping Carts • Temporary storage for – Order line items – Tax rates – Discounts – Shipping information • Important considerations – Ease of deployment – Ease of use – Additional integration tools – Reporting features – Administrative interface Open and Completed Orders • Open orders – Incomplete orders – Unfulfilled orders • Completed orders – Profile customers and their purchasing habits – Design targeted marketing programs – Identify suggested stocking levels – Identify item sales trends Summary • Set product inventory quantities in a database • Enter and manage product-shipping data in a database • Implement an online catalog to provide inventory status to customers • Create Web pages that display order and shipping status for customers • Implement e-mail notification for customer orders • Identify common database planning and configuration steps • Connect Web pages to a database Lesson 14: Payment Gateways Objectives • Define the process of an EFT system • Implement online payment services for an ecommerce site • Choose an appropriate payment method • Install a payment gateway • Implement online credit-card processing • Develop and implement a transaction system Objectives • • • • • • • (cont'd) Implement secure order processors Implement online check processing Develop and implement a transaction system Access online transaction information Implement monetary conversion Identify security issues for e-commerce sites Take steps to keep sensitive information private Choosing Payment Processing Methods • Cash on delivery (c.o.d.) • Advanced payment using check or money order • Credit card with offline processing • Credit card with online processing • Online checks or bank account debit • Payment services, such as PayPal and BidPay Credit Card Processing • Set up an online merchant • Install or connect to payment gateway software • Prepare the server and e-commerce site Credit Card Processing Behind the Scenes Authorization Process Settlement Process Establishing a Merchant Account • Which payment methods are supported? – Visa and MasterCard – American Express – Discover • What is the cost? – Setup fees – Monthly fees – Per-transaction fees – Percentage of sale – Statement fees Selecting a Payment Gateway • Is the payment gateway compatible with your shopping cart software? • Does the payment gateway support currency conversion for international currencies? • Will the gateway be installed on your Web server or hosted on a different server? • How much does the payment gateway software cost? • What security features are supported by the payment gateway? • How does the company handle customer support? Managing Transactions • Successful e-commerce transaction: – Items must be in stock – Payment must be approved and settled – Item quantities must be deducted from inventory – Order must be shipped • Manual transaction: – Item returned or cancelled – Order placed over the phone – Customer mails a printed order Implementing PayPal • • • • • PayPal account transfers Visa MasterCard Discover American Express • e-check Online Check Processing • Automated Clearing House (ACH) Receiver authorizes Originator RECEIVER ORIGINATOR RDFI makes funds available and reports on statement RDFI ACH ACH Operator distributes ACH file to RDFI Originator forwards transaction data to ODFI ODFI sorts and transmits file to ACH Operator ODFI Preventing Fraud • Costs of fraudulent transactions: – Loss of revenue from products purchased fraudulently – Charge-back fees – Possible lawsuits for identity theft losses – Loss of goodwill – Loss of revenue from sales with good but suspect payment information – Fines assessed for a high percentage of fraudulent transactions Protecting Customer Data • Customer data should be secured at all points. – As it is transferred from the Web page to the server – As it is transferred through the payment gateway – As it is transferred to the database server for storage – In the database Detecting Fraudulent Transactions • Verify the billing address. – Address Verification Service (AVS) • Verify the card security code (CSC) • Buyer Authentication Program Preventing Cash Theft • Use a password that is difficult to guess (use strong password) • Do not write down the password and leave it where people can find it • Change the password frequently • Do not tell the password to co-workers unless necessary Summary • Define the process of an EFT system • Implement online payment services for an ecommerce site • Choose an appropriate payment method • Install a payment gateway • Implement online credit-card processing Summary • • • • • • • (cont'd) Implement secure order processors Implement online check processing Develop and implement a transaction system Access online transaction information Implement monetary conversion Identify security issues for e-commerce sites Take steps to keep sensitive information private Lesson 15: E-Service Implementation and Support Objectives • • • • • Define the function of a knowledge base Define knowledge base components Administer a knowledge base Create a customer service plan Use FAQ and e-mail to improve customer service • Apply synchronous and asynchronous customer service methods Implementing Customer Support • E-service – E-mail/user forums – FAQ – Knowledge base systems • Designing a service plan – Support requirements – Most appropriate support methods – Personnel needs – Budget and schedule E-Service Implementation Overview • Implementation process – Identify, purchase and deploy applications – Identify, hire and train support personnel – Complete any custom configuration requirements – Add custom help and support content – Add linking code/Web pages E-mail/User forums • E-mail – E-mail links – Support – Customer service – Contact page • User forums – Self-help groups – Might be company-monitored Implementing Frequently Asked Questions • FAQ pages are popular because: – They are cost-effective and easy to maintain – They address the most common problems with minimal effort by the user or company – Users expect to see FAQ pages Knowledge Base • Knowledge base systems provide three options: – Refine the search and search again – Browse articles by category – Send an information request to support staff • Implementing a knowledge base – Install required software (in-house solution) – Install knowledge base application (in-house solution) – Configure knowledge base parameters – Load initial knowledge base articles – Organize knowledge base articles by category – Link Web site to knowledge base application Knowledge Base Example Knowledge Base Administration Summary • • • • • Define the function of a knowledge base Define knowledge base components Administer a knowledge base Create a customer service plan Use FAQ and e-mail to improve customer service • Apply synchronous and asynchronous customer service methods Lesson 16: Transaction and Web Site Security Objectives • Define the SET protocol • Define and implement encryption schemes and technologies • Use PKI to secure transactions • Request a digital certificate from a CA • Install server digital certificates • Use SSL in a transaction • Implement secure order processors • Identify security issues for e-commerce sites Objectives (cont'd) • Take steps to keep sensitive information private • Take steps to detect hacker infiltration • Report site infiltration to relevant parties • Identify e-commerce-related forensics concepts and techniques • Secure a compromised site • Avoid questionable practices Purposes of Security • Security should be designed using a layered method that includes the following checks: – Identification and authentication – Access control – Data confidentiality – Data integrity – Nonrepudiation Encryption and Decryption Key Plaintext Key Ciphertext Encryption Plaintext Decryption Encryption Strength • Strength of algorithm • Secrecy of key • Length of key Types of Encryption Symmetric Encryption Shared symmetric key Plaintext Ciphertext Encryption Plaintext Decryption Asymmetric Encryption Bob's Private Key Bob's Public Key Plaintext Ciphertext Plaintext Encryption Decryption Alicia Bob Message Digests • Two well-known hash functions – MD5 – Secure Hash Algorithm (SHA) Public Key Infrastructure • A PKI implementation includes one or more CAs • A CA is responsible for: – Issuing certificates – Renewing certificates – Revoking certificates – Publishing a certificate revocation list (CRL) Certificate Types • • • • Certificate authority certificate Server certificate Personal certificate Software publisher certificate X.509 Standard Field Description Version The version number of the certificate; currently it can be 1, 2 or 3. Serial Number A unique serial number for the certificate file. Signature Algorithm ID Indicates which message digest algorithm was used to sign the certificate file so it can be verified using the same message digest. Issuer Name The company name of the certificate issuer, most often VeriSign for public certificates. Validity Period The start and end dates for which the certificate file is valid. This range is usually one year from issuance. Once a certificate expiration has been passed, the certificate has no value unless it is renewed. Subject (User) Name Contains the holder's ID, usually the individual's name, or the company's name for a server certificate. X.509 Standard (cont'd) Field Description Subject Public Key Information Contains the holder's actual public key, usually 1024 bits long. Issuer-Unique Identifier (v2 and v3) Contains a unique number identifying the issuer, most often VeriSign's unique ID. Subject-Unique Identifier (v2 and v3) Similar to the issuer identifier but unique to every certificate holder. Extensions (v3) Can contain whatever the generating authority wants. This non-standard field can contain additional information such as date of birth. Signature A cryptographic signature of the contents of all previous fields. When certificate files are viewed in Windows, this field is most often referred to as the fingerprint. VeriSign Secure Sockets Layer (SSL) 1. Client sends request to connect to secure server 2. Server sends pre-signed certificate to client 3. Client checks trust list to verify that certificate was issued by trusted CA 4. Client checks CRL to make sure certificate has not been revoked 5. Client tells server which ciphers it supports 6. Server consults its own cipher list and chooses strongest cipher it has in common with client, then informs client of this cipher 7. Using cipher, client generates session key, encrypts session key using server's public key, and sends it to server Obtaining Certificates • VeriSign certificates • Creating a certificate request – IIS • Use the Web Server Certificate Wizard – Apache • openssl req -new > new.cert.csr • Send request to CA or self-sign the certificate Requesting a Certificate Using IIS IIS Certificate Wizard Installing Certificates on IIS • Add CA to trusted root CA list if necessary • Install the SSL certificate on the Web site • Configure each virtual directory or application that should support SSL Viewing a Certificate on IIS Certification Path Enabling SSL on a Virtual Server Enabling SSL on a Specific Virtual Directory Installing Certificates on Apache Server • Copy private and public key to the same directory • Add two SSL directives to the httpd.conf file for each virtual host that will use SSL – SSLCertificateFile = path and filename of the public key – SSLCertificateKeyFile = path and filename of the private key • Stop and restart the Apache server – apachectl stop – apachectl startssl Implementing Microsoft Certificate Services • Some e-commerce situations appropriate for implementing your own CA include: – Issuing client certificates for authentication – Business-to-business e-commerce – In-house testing Designing the CA Hierarchy • Four types of CAs: – Enterprise root CA – Standalone root CA – Enterprise subordinate CA – Standalone subordinate CA Preparing to Install Certificate Services • The computer name cannot be changed after the Certificate Services has been installed • The computer cannot be moved to a different domain, joined to a domain or removed from a domain after Certificate Services has been installed • The computer must be secured against tampering Installing Certificate Services Selecting the CA Type CA Identifying Information Certificate Database Settings Requesting a Certificate Requesting a Certificate — Certificate Type Requesting a Certificate — Identifying Information Issuing a Certificate Revoking a Certificate • The following reason codes are defined: – Unspecified – Key Compromise – CA Compromise – Change of Affiliation – Superseded – Cease of Operation – Certificate Hold Secure Electronic Transactions (SET) • User installs a wallet that has digital certificates – Digital certificates are used to encrypt payment data • SET has not gained market acceptance Securing Sensitive Data • SSL to encrypt data during transmission • EFS to encrypt data stored in flat file storage • Database encryption routines to encrypt data in a database Identifying Attack Types • • • • • • Denial-of-service Database tampering Buffer overflow Social engineering Phishing Pharming Protecting Against Attacks • Disable unnecessary services • Close unnecessary ports on computer and in firewall • Limit how users can connect for management and content updates • Limit number of accounts with administrative permission • Ensure servers are physically secure • Enable security auditing and reviewing audit logs for suspicious activity • Keep operating system and all applications up-to-date with security patches Avoid Becoming Part of the Problem • Post privacy policy on your Web site and follow it • If you sell advertising space, make sure advertisers do not download spyware or malware to computers • If you use e-mail marketing campaigns, send mail only to users who have agreed to receive it E-Commerce Forensic Techniques • Advance notification – Logging – Auditing • Recovery plan – A list of the recovery team members and their responsibilities – Procedures for dealing with the public relations aspects of the attack – Procedures for notifying law enforcement – Procedures for notifying other involved parties, such as your ISP or an ASP – Procedures for preserving evidence – Procedures for restoring service Recovery Steps • Steps for recovering from an attack: 1. Take the affected system offline to preserve evidence 2. Analyze the methods used and the extent of the attack 3. Prepare a replacement server and apply patches to keep the attack from happening again 4. Restore service 5. Monitor the restored service Summary • Define the SET protocol • Define and implement encryption schemes and technologies • Use PKI to secure transactions • Request a digital certificate from a CA • Install server digital certificates • Use SSL in a transaction • Implement secure order processors. • Identify security issues for e-commerce sites Summary (cont'd) • Take steps to keep sensitive information private • Take steps to detect hacker infiltration • Report site infiltration to relevant parties • Identify e-commerce-related forensics concepts and techniques • Secure a compromised site • Avoid questionable practices Lesson 17: E-Learning Solutions Objectives • • • • Identify e-learning models Define SCORM and relate it to e-learning Identify LMS types Differentiate between interactive Webinars and course-based or seminar-based offerings • Create initial navigation (landing) pages with objectives/learning goals, a table of contents with a completion estimate, and navigation instructions Objectives (cont'd) • Organize and present information for users • Identify methods for assessing and reinforcing user engagement and learning • Use appropriate procedures to reduce costs of e-commerce sites E-Learning Models • Instructor-led training • Self-paced instruction • Web-based instruction Distance Learning Essentials • Webinar-based – Short sessions – Also known as Webcasts • Course/seminar-based – Longer period of time – Usually self-paced with progress monitored by instructor Distance Learning Elements • Logon page – Enter authentication credentials – Might include registration button or link • Landing page – Table of contents – Objectives/learning goals – Time of completion estimates – Site navigation instructions – Instructor name and contact information Presenting Information • Web pages can use multiple frames and windows to: – Display more detailed information concerning a particular topic – Open windows to new sites – Match terms to the proper definitions Multimedia Options • • • • • Standard graphics Scalable Vector Graphics (SVG) SWF technology Audio Video Ensuring Participant Engagement • Polling – A semiformal question asked of the students. • Quizzes – A short series of questions dispersed at strategic locations • Tests – A longer series of questions usually given at the end of a particular lesson or unit • Chat – A discussion forum can open the seminar for questions from students or even a free-form discussion of the subject E-Learning Content • Delivery methods include: – HTML documents with text and graphics – Games – Assessments – Video presentations – Simulations – Case Studies • Learning styles – Visual learners – Auditory learners – Kinesthetic learners Types of Navigation • • • • • • • Linear navigation Table of contents Index Hyperlinks Search Learning map Objective map Progress Reporting • Defining completion: – The learner has visited all the content pages for the topic or learning objective – The learner has successfully completed an assessment for the topic or learning objective – The learner has visited the last page of a topic or learning objective • Other things to track – Assessment scores – Time spent on specific activities – Time spent on the content pages Reusable Learning Objects • Shareable Content Object Reference Model (SCORM) • Learning Management System (LMS) • Learning Content Management System (LCMS) SCORM • The SCORM specification (v1.2) is divided into five sections: – Introduction – LMS Conformance Requirements – Content Package Conformance Requirements – Sharable Content Objects (SCO) Conformance Requirements – Metadata Conformance Requirements Imsmanifest.xml File Structure <manifest> <metadata> </metadata> <organizations> <organization></organization> </organizations> <resources> <resource></resource> </resources> </manifest> LMS, LCMS and CMS • Content Management Systems (CMS) • Learning Management Systems (LMS) • Learning Content Management Systems (LCMS) Summary • • • • Identify e-learning models Define SCORM and relate it to e-learning Identify LMS types Differentiate between interactive Webinars and course-based or seminar-based offerings • Create initial navigation (landing) pages with objectives/learning goals, a table of contents with a completion estimate, and navigation instructions Summary (cont'd) • Organize and present information for users • Identify methods for assessing and reinforcing user engagement and learning • Use appropriate procedures to reduce costs of e-commerce sites Lesson 18: Site Management and Performance Testing Objectives • Measure and optimize the performance of a transaction system • Analyze site logs • Conduct tests to improve site performance • Monitor resources to ensure availability • Identify security issues for e-commerce sites Site Management • Maintenance – Updating Web pages and other content – Verifying links and repairing broken links – Database administration and maintenance – System hardware maintenance – Operating system maintenance and updates • Security – Monitor for security breaches • Performance monitoring – Web application – Web server – Operating system software – Support services (such as database services) – Computer hardware Managing Web Site Performance • Bottlenecks can result from a number of causes: – Processor too slow to meet processing needs – Poor disk access speed – Insufficient RAM – Improperly set configuration parameter – Poorly written database queries – Poorly written Web application Queue Processing • Factors affecting request processing: – Network bandwidth – Network adapter and network device driver management of queued incoming packets – Processor performance – RAM and disk storage resources – Operating system management of queued processor requests – Web site performance and time required to service user requests Logging and Trend Analysis • Logs typically provide information about: – Server efficiency – Usage rate – Security Event Viewer — Security Log Log Management • Determine how often to analyze logs based on: – Mission criticality – Server use – Server location – “Tempting” servers – Recent installations • Look for: – Error messages – Security violations – Usage rates Windows Event Viewer Logs • Default logs – System – Application – Security HTTP Server Log Files • Log files can include: – Access log – Error log – Referrer log – Agent log Sample Reporting Application Performance Monitoring • Resources for measuring server performance: – Protocol analyzers (packet sniffers) – System performance tools – Service analysis tools Packet Sniffers Windows Server 2003 System Monitor SQL Server Performance Objects Hardware Concerns • To improve hardware performance: – Increase RAM – Improve NIC quality – Upgrade to a faster CPU – Upgrade to a motherboard with a faster system bus – Upgrade to a faster disk subsystem • Corrective actions: – Upgrade components – Distribute load across multiple servers – Increase the capacity of the queues Summary • Measure and optimize the performance of a transaction system • Analyze site logs • Conduct tests to improve site performance • Monitor resources to ensure availability • Identify security issues for e-commerce sites
© Copyright 2024