One of good or bad point of EFS is that its use does not require any administrative

effort and keys are created automatically, if the user does not already have a publics key

pair to use. Files and Folders are encrypted on a single file or single folder basis, each
wit11 a unique encryption key and as they are encrypted uniquely, if you move an
encrypted file to an unencrypted folder on the same partition, the file will remain
encrypted. If you copy an encrypted file to a location that allows for encryption, the file
will remain encrypted.


The EFS is a very transparent in use and user may have encryption enabled without
aware of it.

 The main benefits of personal computers are that it provides you the flexibility to boot

into multiple Operating Systems for desired use. But this flexibility poses great difficulty
in the world of security. In addition to the security risks of multiple Operating Systems,
there are security risks introduced with the use of laptop computers. Laptops often get
stolen or misplaced, and the data on that computer is vulnerable to compromise as soon
as the location of the laptop is changed. With NTFS security you are able to solve the
issues of security to a certain extent. As detailed there are tools available to access
data even properly secured on an NTFS partition.


The concept of encryption has been introduced to solve this problem. Data encryption
works to make the files on the computer only useful to the authorized owner of the
data. Some of these methods provide a password for each encrypted file, which while
effective, is not practical for large volumes of files. Another method is to use a key to
unlock each file that has been encrypted, with only one user holding the key and
Microsoft's EFS uses this approach. EFS use "public key cryptography" for encryption/
decryption of data. Public key cryptography is the use of two keys, one performs
encryption and another performs decryption. The keys are keys are mathematically
related. The files are encrypted by DES encryption algorithm in EFS. EFS supports file
encryption for both on a local hard drive and on a remote file server. But, any files
encrypted on the remote server will be transmitted over the network in clear-text by
default. So, the file is decrypted at the file server, and then sent to the user. In order to
maintain the high level of security, a mechanism should be implemented to secure the
network traffic, such as IPSec.


The implementation of EFS works directly with NTFS and data can only be encrypted
on an NTFS partition. EFS can encrypt any temp files created along with the original,
and the keys are stored in the kernel using non-paged memory, so they are never
vulnerable to attackers.

 NAT and ICS

In the previous section all of the security systems and methods are for securing
operating system and data on physical hard disk. This security system is of no use if an
attacker is able to sniff network packets.

Network Address Translation (NAT), is used to mask internal IP addresses with the IP
address of the external Internet connection. Networks require NAT in their security
policies to add an additional security "layer" between the Internet and the intranet.
NAT fictions by taking a request from an internal client and making that request to
the Internet on behalf of the internal client. In this configuration clients on the internal
network, on local LAN, are not required to have a public IP address, thus conserving
publics IP addresses. The internal clients can be provided with an IP address from the
private network blocks. Private IP addresses are not routed on the Internet and the
address ranges are:


Private IP Address
10.0.0.0-10.255.255.255
172.16.0.0-172.31.255.255
192.168.0.0-192.168.255.255

However, Microsoft has designated a range for private addressing, 169.254.0.0 -
169.254.255.255.
NAT is an integral part of Routing and Remote Access Services (RRAS), as well as
part of Internet Connection Sharing (ICS). The version of NAT used by ICS is scaled
down form tile full version, and does not allow for the level of configuration that the
RRAS NAT allows. ICS is for a small office or for a home network, where there is
one Internet connection that is to be shared by the entire network. All users connect
via a single interface, usually connected via a modern, DSL, or cable access point.

The Windows 2000 RRAS is made of several components, including: (1)Network Address
Translation (NAT), (2) Routing protocols (RIP, OSPF), (3) VPN support (L2TP and
PPTP), and (4) Demote Authentication Dial-In Service (RADIUS).


The Remote Access Server of RRAS allows for PPP connections and accomplish
required authentication. For authentication, RRAS can use the Remote Authentication
Dial-In User Service (RADIUS), or Windows Authentication. If RRAS is using
RADIUS, when a user request for authentication is made to the RRAS server, the
dial-in credentials are passed to the RADIUS server. The RADIUS server then
performs the authentication and authorization to access for the client to access the
network.


The Remote Access Policy is controlled via the Internet Access Server (IAS), which
is the Microsoft version of RADIUS. The RRAS server itself does not control the
Remote Access Policy. The IAS performs several functions for remote users of the
network, including authentication, authorization, auditing, and accounting to those users
who connect to the network via dial-up and VPN connections. For authentication, IAS
allows for great flexibility, accepting PAP, CHAP, MS-CHAP, and EAR EAP is
Extensible Authentication Protocol, and is used in coelution with technologies such
as: Smart Cards, Token Cards, and One-time passwords.

IPSec
Management41
IPSec is a framework for ensuring secure private communication over IP networks.
IPSec provides security for transmission of critical and sensitive information over
unprotected networks such as the Internet. lpsec VPNs use the services defined
within Ipsec to ensure confidentiality, Integrity, and authenticity of data communications
over the public network, like Internet. IPSec operates at the network layer, protecting
arid authenticating IP packets between participating IPSec devices. The IPSec
provides the following network security services.

Data Confidentiality - The IPSec sender can encrypt packets before transmitting
them across a network.

Data Integrity - The receiver can authenticate packets sent by the IPSec sender
to ensure that the data has not been altered during transmission.

Data Origin Authentication - The IPSec receiver can authenticate the source of
the IPSec packets sent. This service is dependent upon the data integrity service.

Anti-Replay - The IPSec receiver can detect and reject replayed packet.


In Windows 2000, you have two options for IPSec implementation, Transport Mode,
and L2TP Tunnel Mode. Transport mode is designed for securing communication,
between nodes on an internal network. L2TP Tunnel Mode is designed for securing
comniunications between two networks

IPSec Features
Two high level features of IPSec are the Authentication Header (AH) and the
Encapsulated Security Payload (ESP). The AH is used to provide data commnunication
with both integrity checking and source authentication and ESP is used to provide
confidentiality. When using IPSec to secure communication, both the sender and the
receiver (and only those two) know the security key used. Once authenticated, the
receiver knows that the communication in-fact comes from the sender, and that the
data has not been modified.

Since IPSec is works at the IP layer, it is able to secure communications with multiple
protocols, including TCP, UDP, and ICMP. From a user viewpoint, the implementation
of lPSec is transparent; the user is not required to modify user's environment in any
way to use IPSec.


Windows 2000 IPSec Components
The Windows 2000 implementation of IPSec uses three components; (1) IPSec Policy
Agent Service, (2) Internet Key Exchange (IKE), and Security Associations (SA). The
IPSec Policy Agent Service gets the IPSec policy as configured in Active Directory, or
the Registry, and provides that information to the IKE. Every Windows 2000 machine
runs the IPSec Policy Agent Service, and the policy is pulled when the system starts as
Active Directory settings are applied.

The IKE manages Security Associations (SA) and creates and manages the actual
authentication keys that are used to secure the communications. This happens in two
distinct steps; (1) in the first step is the establishment of a secure authenticated channel
of communication, and (2) the second step the Security Associations are determined.
That as are used to specify both the security protocol and the key that will be
implemented.

IPSec Implementation Options
The configuration may be applied in Active Directory or directly to the Registry. IPSec
policies may bk applied to to computer, domains, OUs, or other GPOs in the Active Directory. The IPSec options are in Group Policy, under Security Settings

There exist three policy options that are predefined for IPSec implementations. They
are: Client (Respond Only), Server (Request Security), and Server (Require Security).

Client (Respond only) - As per this policy the secure communications are nct
secured most of the time. Computers with this policy respond to a request for
secure communication by using ;I default response. If a client needs to access a
secured server, it can use normal communications.

o Server (Request Security) - Communication must be secured most of the time,
and will allow unsecured communicatio~~s from non IPSec-computers. It will
request IPSec from the client first, and open a secured communication channel is
the client can respond securely.

0 Server (Require Security) - This policy states that communication must always
be secured and all traffic must use IPSec or it will not be accepted, and the
connection will be dropped.

 This section discusses user account administration. For a user to log onto a Windows

2000 network, a user account must be created. It is unique to every user and includes
a user name and a password for authentication. A user can logon as a local user
and a domain user as well. Thus by having an account a user has access to all network
resources. As discussed in previous sections, in the Windows 2000 operating system
two kinds of user accounts can be created:


• Domain account
• Local account


User account Administration includes setting up user profiles and name directories
and modifying existing user accounts.


The next section discusses Group Account Administration.

Existing User Accounts Modification
Many different kinds of modifications are required with user accounts. These
modifications may be required because of organizational or personal changes. An
instance is whenever a new employee joins, the company may want to modify an
existing account and give access to the new employee. Also, personal profiles may
need to be updated at times.


Modification may include the following:
• Renaming
• Erasing
• Disabling
• Deleting User Accounts

  1. To Rename a user Account: Normally renaming an account is done so that all
    access services to an account remain intact. When an account that has been
    created for a particular user is to be assigned to another user, all permissions,
    rights, properties set for that account are retained.

2. To Enable/Disable a user account: A user account is disabled when it is not
needed for some time but would be accessed after a certain period of time. It is
a situation when a user temporarily disables the account and needs access to it
after a fixed period of time.

3. To Delete a user account: When a user no longer needs it, it is deleted.


Use Active Directory Users And Computers Snap-In,


Modify properties. To Reset the User Password:

  1. Open Active Directory Users And Computers Snap-In and select the user
    object.

2. Activate the Action menu, click Reset Password. In the Reset Password dialog
box, enter a password and select.


User must change password at next logon to force the user to change his or her
password the next time that the user logs on.


Managing User Profiles
A user profile contains all data pertaining to a user. It also contains current desktop
settings, all connected networked computers and all mapped drives. Modifying desktop settings can modify a user profile. It is created the first time when a user logs on to a computer.

When you log on to a network computer in Windows 2000 environment you get
individual desktop settings and connections.


Windows 2000 supports Roaming User Profiles (RUPs), for users who work on more
than one computer. A user set up a RUP on a network server and it is available to all
the computers or the domain network. It is copied to client computer from Windows
2000 server when a user logs on. Thus, unlike user profile, with a Roaming User
Profile the user always gets his individual desktop settings. Also a local user profile is
on single client computer only.


Home Folder: A home folder is one that is provided to the user in addition to my
documents folder to store personal data. It is not included in RISP (Routing and
Remote Access Screen).

Group Accounts Administration
User accounts can be collected together. Such collections are called as groups. The
grouping simplifies administration as new access permissions are assigned to a group
rather than to individual accounts. All user accounts belonging to that group have
access privileges. Moreover user(s) can belong to multiple groups.


In Windows 2000 environment there are two kinds of groups, Security groups and
Distribution groups.


Windows 2000 has 4 built-in groups:
• Global groups
• Domain Local groups
• Local groups
• System groups.


Common types of user accounts are contained in groups. The group scope is
responsible for membership of a group. Active Directory Users and Computers Snapin are used to create a user group in a domain.

Group Policy
A group policy primarily comprises configuration settings that determine the layout of
an object and its successors (children) objects. Group policies provide for controlling
the programs, desktop settings, and network. In a network, group policies are
normally set for the domain. Policy administrators administer group policies.
Types of Group Policies:


• Scripts: let the policy administrator specify applications and batch files to run
at specified times.
• Software settings execute the applications. These policies can automate
application installation.
• Security Settings are responsible for restricting user access to files etc.
• Remote Installation Services (RIS).
• While executing client installation wizard, it controls RIS installation options.
• Folder Redirection facilitates movement of Windows 2000 folders from their
default user profile location to a place where they can be managed centrally

• Administration Templates consist of registry based group policies for managing
registry settings, etc.


GPO (Group Policy Objects)
These objects contain configuration settings for group policies. Information is stored
in two ways in a GPO:

  1. In containers
  2. In Templates

  • Creation of GPOs takes place before group policies. Group Policies can be modified
    using:
    1. Group Policy snap-in or
    2. Using Active Directory Users and templates snap-in.
      Only administrators, creator owner or a user with access to GPO can edit a group
      policy

    Auditing
    Windows 2000 auditing is a facility responsible for security. It is responsible for
    tracking user activities, keeps a check on them. Windows 2000 maintains a security
    log. User events are written onto their security log. All the events related actions are
    entered onto security log. An audit entry in security log not only comprises action that
    takes place, but also the user and success or failure of the event and when the action
    occurred. Thus whatever event takes place in Windows 2000, Security Log has an
    entry for the same.

    An audit group policy is configured for all domain controllers in a domain. Auditing is
    assigned to parent container and it passes it down the hierarchy to the child containers.
    However, if explicitly a child container is assigned a group policy then child container
    group overrides parent container settings.

    To plan an audit policy, computers must identify on which auditing is to be applied.
    By default, auditing option is turned off.


    Only certain specific events can be audited on computers:


    • User logging on and off.
    • User accounts and group changes.
    • Changes to Active Directory Objects.
    • Files access.
    • Shutting down Windows 2000 Server
    • Restarting Windows 2000 Server.

     In the following section we will introduce concepts of domains, workshops and

    trusted relationships.


    Concept of Domains

    A Windows 2000 domain is a logical collection of network computers that share a
    centralized directory database referred to as Active Directory Service. In a domain
    this centralized information directory resides on a computer called domain controller.
    In Windows 2000 domain controllers are peers only.

    Thus Windows 2000 domains provide the following advantages:


    • They provide extensibility features to existing networks.
    • Domains provide centralized control of all user information.
    • Thus domain can be referred to as the basic unit that is used for network growth
    and security in Windows 2000 network.


    Usually one or more domain controllers are associated with a domain. In Windows
    2000 Server a domain controller is the computer that is responsible for storing an
    entire copy of domain directory. In Windows 2000 it is the Windows 2000 Active
    Directory service that divides an organization's network logically and physically.
    Logical structuring facilitates the finding by a user of a resource by name not by its
    physical location.


    Logical structure of a domain comprises:
    • Objects
    • Organization Units (OU)
    • Domains
    • Trees
    • Forests


    Physical Structure of a domain comprises:
    • Domain controllers
    • Sites

    Objects: A distinct named network resource can be referred to as an object. This
    object comprises certain related attributes. As an example, for an object printer, the
    attribute list may include printer name, make, etc. Similar objects can be grouped into
    classes.


    Organizational Units: This is a container object. Container objects are objects that
    are residing within other objects. The purpose of an organizational unit is to organize
    the objects of a domain into logical administrative groups.


    Domains: The basic unit of Active Directory Service is a domain. It is also referred
    to as a partition of an Active Directory Service. It is the domain only that is
    responsible for containing all network objects within it. It also serves as a security
    boundary to its objects. None of the security policies and settings, such as
    administrative rights, ACLs, ACE (Access Control Entries) can cross from one
    domain to another.


    Trees: In order to support global sharing of resources trees are required. In a tree one
    or more Windows 2000 domains are arranged in a hierarchy. Thus by joining multiple
    domains in a hierarchy a large namespace can be constructed, which can further avoid
    name conflicts. All domains that are a part of a tree, or that share a tree can share
    information and resources. A domain tree has only one directory. As long as the user
    has the appropriate permissions he can use the resources of other domains in a tree.
    All domains in a tree share a common schema, which is a layout, a formal definition
    of all objects.


    The central repository of information about objects in a tree or forest is called a global
    catalog. All domains belonging to a single tree share a global catalog. Domains in a
    tree also share a common namespace.


    Forest: One or more trees can be grouped into a forest.

    A forest comprises:
    • One or more trees
    • A common schema
    • It serves transitions trust relationships between trees.
    • Different namespaces between these trees.
    • A global catalog that contains the list of all objects in the forest.


    Different users while accessing user objects must be aware of the domain name.

    Trust Relationships
    A trust relationship refers to a link between two such domains, where one domain is
    referred to as the trusting domain and other as the trusted domain. Trusting domain
    lets the trusted domain logon.

    User accounts and groups that are defined for a trusted domain can access trusting
    domain resource even though those accounts are not present in trusting domain
    directory database.

    A Kerberos (a security algorithm) transitive trust refers to a relationship type where


    Domain I trusts Domain II,
    Domain II trusts Domain III,
    Domain I trusts Domain III.


    So a domain joining a tree acquires trust relationships of every domain in the tree. In
    Windows NT and earlier versions, there used to be only one-way trust relationships
    among domains.


    Physical Structure of an Active Directory Service is responsible for affecting
    efficiency of replication in domain controllers.


    Domain Controllers contains a copy of domain database. Wherever an update in the
    directory takes place, Windows 2000 automatically replicates the change to all other
    domain controllers in a domain. In a domain having multiple domains controller’s
    directory information is replicated from time to time.


    Only those computers running Windows 2000 Server, Advanced Server, or Data
    Center server can become domain controllers.


    Sites
    is a grouping of IP subnets (ranges). For example, one site can be
    192.168.20.0/24 to 192.168.30.0/24

    Building Domains
    A computer can join Windows 2000 domain only after an account has been created in
    or added to the domain database. For that a user must have the Join A Computer to
    the Domain permission.


    By default, permission is granted to Administrator Members, Domain Administrator
    or Members of Administrators, Account Operators and Domain Administrator groups.


    To join a domain a computer account for that computer should have been created in
    advance or it may be created during the installation process by selecting the check box
    Create a Computer Account in the Domain’.

     Ans : Encrypting File System (EFS)


    The main benefits of personal computers are that it provides you the flexibility to boot
    into multiple Operating Systems for desired use. But this flexibility poses great difficulty
    in the world of security. In addition to the security risks of multiple Operating Systems,
    there are security risks introduced with the use of laptop computers. Laptops often get
    stolen or misplaced, and the data on that computer is vulnerable to compromise as soon
    as the location of the laptop is changed. With NTFS security you are able to solve the
    issues of security to a certain extent. As detailed there are tools available to access
    data even properly secured on an NTFS partition.


    The concept of encryption has been introduced to solve this problem. Data encryption
    works to make the files on the computer only useful to the authorized owner of the
    data. Some of these methods provide a password for each encrypted file, which while
    effective, is not practical for large volumes of files. Another method is to use a key to
    unlock each file that has been encrypted, with only one user holding the key and
    Microsoft's EFS uses this approach. EFS use "public key cryptography" for encryption/
    decryption of data. Public key cryptography is the use of two keys, one performs
    encryption and another performs decryption. The keys are keys are mathematically
    related. The files are encrypted by DES encryption algorithm in EFS. EFS supports file
    encryption for both on a local hard drive and on a remote file server. But, any files
    encrypted on the remote server will be transmitted over the network in clear-text by
    default. So, the file is decrypted at the file server, and then sent to the user. In order to
    maintain the high level of security, a mechanism should be implemented to secure the
    network traffic, such as IPsec.


    The implementation of EFS works directly with NTFS and data can only be encrypted
    on an NTFS partition. EFS can encrypt any temp files created along with the original,
    and the keys are stored in the kernel using non-paged memory, so they are never
    vulnerable to attackers.

    EFS and Users Management

    One of good or bad point of EFS is that its use does not require any administrative
    effort and keys are created automatically, if the user does not already have a publics key
    pair to use. Files and Folders are encrypted on a single file or single folder basis, each
    wit11 a unique encryption key and as they are encrypted uniquely, if you move an
    encrypted file to an unencrypted folder on the same partition, the file will remain
    encrypted. If you copy an encrypted file to a location that allows for encryption, the file
    will remain encrypted.


    The EFS is a very transparent in use and user may have encryption enabled without
    aware of it.

    Data Recovery Management

    EFS designed to be implemented by a user, and is designed to be transparent; it can be
    used where it was not initially intended. EFS allow for Recovery Agents and the
    default Recovery Agent is the Administrator. These agents have configured public keys
    that are used to enable file recovery process. But, the system is designed in such a way
    that only the file recovery is possible and the recovery agent cannot learn about the
    user's private key.


    Data Recovery for tides companies and organizations that have the
    requirement of accessing data if an employee leaves, or the encryption key is
    lost.

    The policy for implementing Data Recovery is defined at a Domain Controller. And
    this policy will be enforced on every computer in that domain. In case EFS is
    implemented on a MacLaine that is not part ova domain, the system, will automatically
    generate and save Recovery Keys.

    EFS Cryptography Management
    As mentioned in the previous sections EFS uses public key cryptography, based on the
    DES encryption algorithm. Data is encrypted by what is called a File Encryption Key
    (FEK), which is radiantly generated key.' The FEK itself is then encrypted using a public
    key, which creates a list of encrypted FEKs. The list is then stored with the encrypted file
    in a special attribute called the Data Decryption Field (DDF). When a user needs to
    decrypt the file, he or she will use the private key that was part of the key pair. User
    performs encryption from the command line, or from Explorer. In Explorer, the option to
    encrypt is under the advanced option on the properties Window. When using the command
    line version, the command is, cipher, with ate switch for encryption and a.d switch for
    decryption

     Ans : Default Group Types

    On Windows NT 4.0 that groups can be either Global or Local, in Windows 2000 this
    concepts is expanded. In Windows 2000 the group types are:

    (1) Domain Local

    (2) Computer Local

    (3) Global

    (4) Universal.


    Domain Local group is one that may have members from any domain in the network.
    These groups are only created on Domain Controllers, and can be used to provide
    resource access throughout the domain. The Computer Local group is used provides
    access to resources on the local machine only, and cannot be createct on a Domain
    Coil troller.


    Global group is one that combines users who often share network resources use and
    access needs. Global groups may contain members from the domain in which the
    group was created.


    Universal groups are used in multi-domain environment where groups of users
    from different domains have similar resource use and access needs. To implement
    Universal groups, the network must be running in Native mode, meaning only Windows
    2000 computers.


    It is also possible to combine groups together, such as Global Groups in Universal
    Groups. There may be a resource you are trying to control; in this case a Universal
    group will work for controlling access across the network. You may also place
    Universal Groups in Domain Local Groups, and control access lo the resource by
    placing permissions on the Doornail Local Group.


    These groups can be used for controlling access to resources; both allowing and
    denying permissions based on your security needs. If you are trying to secure the
    computer, user, and network environments, you will use Group Policies, as discussed in
    the previous sections.

    Group Policies Management
    Two of the issues that must be discussed are the options associated with Policy
    Inheritance and Overrides. The Group Policy Objects are implemented in the following
    order: Local GPO, Site GPO, Domain GPO, and OU GPO. And when there is multiple
    GPOs assigned lo an object such as a Domain that the highest GPO on the list takes
    priority over the rest of the list. You can change the order of implementation on this list
    by simply choosing a GPO and pressing the Up or down button to re-order the list as
    you desire. However, you may need to have further control than what the Up and
    Down option provides you.

    Policy Inheritance
    Policy Inheritance is the name of the process of a user or computer inheriting the final
    policy configuration from multiple policies, depending on where the object may be in
    the Active Directory hierarchy and configured GPOs. To track the policies that may be
    implemented as a user logs onto a computer, use the following list: (1) a Computer
    Policy is enabled when the computer is first turned on, (2) a User Policy is applied, (3)
    when a user logs onto the system, (4) the Local GPO is applied, (4) the site GPO is
    applied, (5) the Domain GPO is applied, and (6) the OU GPO is applied.


    It is not uncommon for Sites, Domains, and OUs to have more than one GPO
    configured. It is also not uncommon then for there to be conflicting settings in
    locations throughout the policies

    No Override
    One of the methods for you to manage a GPO implementation is through the No
    Override option arid this option is available on any Site, Domain, or OU GPO. When
    this option selected, this option means that none of the policy settings in this GPO can
    be overridden. In the event that more than one GPO is set to No Override, the highest
    GPO takes priority.


    Block Inheritance
    The other choice for managing policy implementation is called Block Policy
    inheritance and this choice is also available to any Site, Domain, or OU GPO. This
    option means that any policy that is higher will not be inherited. Enabling this option will
    ensure that the settings of the current GPO will be implemented and not the policies of
    a higher priority policy.


    Block Inheritance and No Override options must be used with proper care and if used
    with incomplete planning can cause serious disruptions to the overall policies that are
    implemented throughout the organization.

    The security in e-commerce is becoming more topical part.in the ongoing success and
    growth. However, Internet is an open communications network and anyone can exploit
    its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and
    communications tool, then the security is the most fundamental issue that needs to be
    taken care of. The following are some of the security features that can be implemented
    for success of e-commerce:

    • Identification or Authenticator : The persons/entities with whom we are
    communicating are really they arc.

    • Confidentiality: The content of the message or transaction is kept
    confidential. It should only be read and understood by the intended sender
    and receiver.


    • Integrity: The content of the message or transaction is not tampered
    accidentally or deliberately.


    • Non-Repudiation: The sender and receiver cannot deny sending and
    receiving of the message or transaction respectively.


    Access Control: Access to the protected information is only realized by the
    intended person or entity

    There are two levels for securing information over the Internet:

    • The first level is issue of a Digital certificate. Digital certificates provide a
    means of proving your identity in electronic transactions; much like a
    driving license or a passport. With a Digital certificate, you can assure
    friends, business associates, and online services that the electronic
    information they receive from you is authentic.


    • The second level is SSL (Secure Sockets Layer). SSL is a standard security
    technology that helps in establishing an encrypted link between the server
    and the client - typically a web server (e-commerce website) and a browser
    (consumer side). SSL allows client/server apil1icationsto exchange sensitive
    information such as credit card numbers and login credentials securely
    preventing others from eavesdropping, tampering or forging the information.

     Digital Signature


    Digital signature authenticates the identity of the sender of a message or signature holder
    of the document. It ensures that the contents of the message are intact. The sender cannot
    repudiate it later on. Digital Signatures are easily transportable. They cannot be imitated.
    They can be automatically time stamped.


    As per Information Technology Act, 2000, Digital Signature may be defined as
    authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provision of concerned sections of the Act.

    IT Act provides the conditions subject to whom any electronic record(s) may be
    authenticated by means of affixing digital signature.


    TCS, Safes crypt and MTNL are some of the digital signature certifying authorities in
    India licensed by the Controller of Certifying Authorities, Government of India.


    The following are various steps in the working of a digital signature:


    (a) Sender creates the message (electronic record).


    (b) Electronic record is converted into message digest by using a mathematical
    function known as hash function (which freezes the message).


    (c) The message digest is encrypted with the sender's private key.


    (d) Sender sends the message.


    (e) Receiver receives the message.


    (t) Receiver decrypts the message by the sender's public key.


    (g) Receiver verifies the message.

    Firewalls

    Firewall is a hardware or software based security system that filters the packets and
    prevents some packets from entering the network based on a security policy. A firewall
    allows to establish certain rules to determine what traffic should be allowed in or out of
    the private network. All data entering or leaving the Intranet pass through the firewall,
    which examines each packet and blocks those that do not meet the specified security
    criteria. It acts as a gatekeeper and protects a computer network from unauthorized and
    malicious access.


    A firewall may be hardware or software or both.


    • Hardware firewalls can be found in broadband routers and is an important
    part of network setup. It protects Computer on the local network. Software
    firewalls are installed on the Computer and can be customized to incorporate
    protection features.


    The following are four mechanisms used by firewalls (refer to Table 6.2):
    • Packet filter firewalls
    • Stateful inspection firewalls-
    • Proxy server firewalls, and
    • Application level firewalls.

    BasisPacket Filter
    Firewalls
    Stateful
    Inspection 
    Firewalls
    Proxy Server
    Firewalls
    Application Level
    Firewalls
    EvaluationEvaluates the headers
    of incoming and outgoing packets
    Evaluates the state
    of TCP connection.
    Act as intermediary
    between internal
    and external IP
    addresses &blocks
    direct access to internal network
    Include filtering capabilities and additional validation
    of packet content based
    on the application
    UsageUsed in small office/home office(SOHO)
    and operating system
    Inbound network
    traffic
    Domain name servers,
    mail servers and web
    servers
    Telnet, FTP, and
    HTTP
    AdvantagesFaster performance than
    application firewalls.

    Effective and transparent
    to users.
    Faster
    performance than
    application firewalls
    Effectively hides
    true network
    addresses
    Packets are evaluated
    completely.
    DisadvantagesDoes not support advanced
    user authentication
    More complex than
    other firewalls, and
    incompatible with
    some protocols
    Incompatible with all
    network protocols, and
    configuring these proxies
    is difficult
    Time taken for evaluating each packet slows network
    traffic, and limited support for new network applications
    is provided

    In practice, many firewalls use two or more of these techniques in concert. A
    firewall is considered as first line of defense in protecting private information. For
    greater security, data can be encrypted.·

     E-commerce security has the following main aspects: (i) Privacy, (ii) integrity, (iii) availability, (iv) authenticity and (v) non-repudiation of the parties to the e-commerce transaction. To deploy a fully secured e-ecommerce environment, it is essential to consider all the above mentioned aspects while implementing the information security policy. 

    The elements associated with e-commerce security are explained below: 

    Privacy/Confidentiality 

    Privacy/confidentiality is the extent to which individuals businesses make personal/confidential information available to other individuals and businesses. With any business, confidential information must remain secure and only be accessible to the intended recipient and should not reach to unauthorized people. However, this becomes increasingly difficult when dealing with e-businesses specifically. It is essential to secure data storage and data transmission of such information. 
     

    Integrity 

    Integrity is the assurance that the data is consistent and correct. When the data is transmitted over the Internet, there is a possibility of the tempering of data intentionally or unintentionally. Data integrity may be compromised in a number of ways due to human errors, hardware malfunction, natural disaster, bugs in software, and virus etc. In any e-commerce process, data integrity is of major concern as the information being transmitted over the Internet is not altered in any 'way by any unauthorized party and the data received is same as the data sent. Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Integrity is violated when data received is not as that has been sent. 

    Availability 

    Availability is the assurance that the e-commerce site continues to function as intended. It needs to be ensured that the data associated with e-commerce transactions is easily accessible. Lack of availability of data could be due to network failure, transmission errors, etc. - 

    Authenticity 

    Authenticity is the ability to verify the identity of a person, entity or website with whom the transaction is to be made. It is an integral component of e-commerce as it ensures the genuineness of parties, electronic documents, transactions and data. It is important to verify that all parties in a transaction are who they claim to be and are duly authorized to perform the same. Identity can be checked by digital signatures, certificates, biometrics, retinal scan etc. Such authenticity helps to reduce instances of fraud. 

    Non-Repudiation 

    Non repudiation is the ability to ensure that the parties in ecommerce transactions do not deny their online actions. It is a guarantee that the sender of a message cannot later deny, having sent the message and the recipient cannot deny, having received the message. This assurance makes the online transaction complete and plays a major role in e-commerce. The responsibility of submitting or receiving an electronic message is accepted by the sender and receiver, thereby protecting them against any false assertions made later. E-commerce utilizes technology like encryption and digital signatures to establish non-repudiation in a transaction. 
     

     Ecommerce security is the protection of e-commerce from unauthorized access,

    unauthorized usage, unauthorized alteration and unauthorized deletion.
    Therefore, the main objectives of security in e-commerce are the following:
    • Computer security: Protection of assets from unauthorized access, use,
    alteration or destruction.


    • Physical security: Includes tangible devices for protection.
    • Logical security: Protection of assets using non-physical means.
    • Threat minimization: Any act or object that poses a danger to computer
    assets.
    An e-commerce system faces large number of threats which create issues and concerns
    related to its security. Some of these are obvious and others are created and can be
    understood only by experts. This means that attacks can be directed on a system from

    • many different directions.
      Security concerns in e-commerce can be studied from three perspectives as given
      Table 6.1. E-commerce can be secured if the entire commerce chain is secured. That is,
      the client computer, the messages travelling on the communication channel and
      associated servers.


    Security Concerns of the Client


    Client security means privacy of the client and integrity of his Computer.

    Active Content

    Amongst various threats, active content is a major area of concern in client
    security. Active content is the program embedded transparently in web pages
    which can cause actions to occur. For example, display moving graphics,
    download and play audio etc. It is used in e-commerce in the form of Java applets,
    ActiveX controls etc. It creates security risk because malicious programs hidden
    inside webpage can reveal and destroy the confidential and sensitive information
    in the form of cookies. These cookies remember user names, passwords, etc. on the
    client computers.

    Virus, Worms and Trojan Horses


    Another security issue that arises to client and his computer are the viruses, worms
    and Trojan horses which can create havoc to the systems.
    • Virus is a piece of software that is designed to replicate itself.by
    copying itself into other programs stored in a computer which can
    cause the program to operate incorrectly or corrupt the Computer's
    memory.


    • Worm is software that is capable of reproducing itself. It can also
    spread from one computer to the next over a network.


    • Trojan horse is a program that appears to have a useful function but
    contains a hidden function which is harmful.


    • These viruses can delete stored data or manipulate actual data.
    Malicious software can damage the system and is a major threat.


    Masquerading


    Another security concern is masquerading. Masquerading occurs when one person
    uses the identity of another to gain access to a computer. This may be done in
    person or remotely. For example, a perpetrator could pretend to be a particular
    vendor and divert the payment to his own benefit. But, the customer himself could
    assume a false identity and make an invalid payment which the dealer would not
    actually receive.

    Security Concerns of the Communication Channel


    Another major concern in any e-commerce application is the security of the
    communication channel, That is, the security of the message when it passes through the
    Internet. This is probably the most obvious issue for e-commerce applications since the
    amount and severity of cyber-attacks are increasing. The data/message being transferred
    through the network must be secured from any unauthorized disclosure and alterations.
    Any theft of sensitive or personal information may become a significant danger.
    Replaying old messages, tapping of communications, unauthorized changes to messages,
    misuse of remote maintenance accesses are the dangers to the communication channel.

    Security Concerns of Server
    Another major concern in any e-commerce application is the security of the web server,
    commerce server and databases. Database contains valuable and sensitive information.
    Any loss or manipulation of stored data can create irreparable damages. The server is
    required to be protected from break-ins, site vandalism, and denial of service attacks. The
    more complex software becomes, the higher is the probability that errors exist in the
    codes. Revelation of server's folder names to a web browser leads to breach of
    confidentiality .

     Electronic newspaper is the newspaper which exists on the Internet either separately or as

    online version of a printed periodical. Online newspapers are becoming more and more
    popular to news readers who are Internet savvy. Electronic newspaper is normally called
    e-paper.

    Advantages


    The following are advantages of electronic newspapers:


    • It.is accessible 24 x 7. Online newspapers can be read anywhere, any time.
    •. Content can be updated any number of times in a day by the online
    newspaper.
    • The reader can select the news of interest and leave the rest.
    •Some e-papers are free.
    • It ,is environmental friendly than getting a printed newspaper.
    • there is no cluttering in the home.
    • It is a reliable source of news information as it is updated at regular
    intervals.
    • It is available to reader before the print version is available due to time
    consumed in shipping.
    • Archives are easily available.

    Disadvantages


    The following is an important disadvantage of online newspaper:


    • A newspaper company should be prepared for reduced revenues if it
    provides e-paper free of cost.


    There are a number of online newspapers available on the Internet which provides up to
    date news and in depth coverage. With the access of Internet on tablets, smart phones etc.
    and coupled with the fact that tech savvy people spend significant amounts of time
    online, popularity of e-papers is increasing rapidly. http://www.thehindu.com ,
    http://www.timesofindia.com 

     E-commerce security has the following main aspects: (i) Privacy, (ii) integrity,

    (iii) availability, (iv) authenticity and (v) non-repudiation of the parties to the
    e-commerce transaction. To deploy a fully secured e-ecommerce environment, it is
    essential to consider all the above mentioned aspects while implementing the information
    security policy.

    The elements associated with e-commerce security are explained below:

    Privacy/Confidentiality
    Privacy/confidentiality is the extent to which individuals/businesses make
    personal/confidential information available to other individuals and businesses.
    With any business, confidential information must remain secure and only be
    accessible to the intended recipient and should not reach to unauthorized people.
    However, this becomes increasingly difficult when dealing with e-businesses
    specifically. It is essential to secure data storage and data transmission of such
    information.

    Integrity
    Integrity is the assurance that the data is consistent and correct. When the data is
    transmitted over the Internet, there is a possibility of the tempering of data
    intentionally or unintentionally. Data integrity may be compromised in a number
    of ways due to human errors, hardware malfunction, natural disaster, bugs in
    software, and virus etc. In any e-commerce process, data integrity is of major
    concern as the information being transmitted over the Internet is not altered in any
    'way by any unauthorized party and the data received is same as the data sent.
    Integrity involves maintaining the consistency, accuracy, and trustworthiness of
    data over its entire life cycle. Integrity is violated when data received is not as that
    has been sent.

    Availability
    Availability is the assurance that the e-commerce site continues to function as
    intended. It needs to be ensured that the data associated with e-commerce
    transactions is easily accessible. Lack of availability of data could be due to
    network failure, transmission errors, etc .

    Authenticity

    Authenticity is the ability to verify the identity of a person, entity or website with
    whom the transaction is to be made. It is an integral component of e-commerce as
    it ensures the genuineness of parties, electronic documents, transactions and data.
    It is important to verify that all parties in a transaction are who they claim to be
    and are duly authorized to perform the same. Identity can be checked by digital
    signatures, certificates, biometrics, retinal scan etc. Such authenticity helps to
    reduce instances of fraud.

    Non-Repudiation
    Non repudiation is the ability to ensure that the parties in ecommerce transactions
    do not deny their online actions. It is a guarantee that the sender of a message
    cannot later deny, having sent the message and the recipient cannot deny, having
    received the message. This assurance makes the online transaction complete and
    plays a major role in e-commerce. The responsibility of submitting or receiving an
    electronic message is accepted by the sender and receiver, thereby protecting them
    against any false assertions made later. E-commerce utilizes technology like
    encryption and digital signatures to establish non-repudiation in a transaction


     Ans :

    The four layers form the basic building blocks ofEDI. They are introduced below:

    Application Layer: This layer consists of business applications which use
    the EDI. The applications can be internal enterprise systems and other B2B
    systems. The main responsibility of these applications is to convert the.
    internal documents of company in electronic format to the standard format
    supported by EDI system. So, these applications act as converters in
    application Layer

    Format Layer: This layer processes the documents in EDI formats. Two
    popular industry wide ED! standard formats are ANSI X12 and EDIFACT
    (Electronics Data Interchange for Administration, Commerce and
    Transport). More about these standard forms are discussed elsewhere in this unit.

    Data Transport Layer: This layer is responsible for automatically
    transferring the EDI Though e-mail is a popular format of data exchange,
    there are other transportation mechanisms such as FTP, HTTP, HTTPS Dad
    X.435, etc.

    • Data Connection Layer: This layer consists of enterprise network
    infrastructure which is used to transport data. This includes dial-up/modem
    based connections, Internet, point-to-point communication etc. Other
    popular format for network infrastructure includes employing of a Value
    Added network (VAN) which provides an EDI account and
    store-and-forward mailbox for subscribers.

     E-shop is also referred to as e-website or virtual store. It allows the customers to purchase

    goods from various sellers using Internet. E-shop can be of any type (B2B, B2C, C2C)
    and size. The aim of e-shop is to provide a global, reliable, 24 x 7 web based effective
    sales management system. The e-shop interface has following features:

    Product tree: It helps users in finding necessary product(s).

    Tables: User can easily manage the table data such as sorting, filtering and
    viewing table data.

    E-shop has several features to ensure that customer's e-commerce experience is
    comfortable and easy, efficient, dependable and secure. The following are some of the
    features a e-shop:

    Ease of navigation: Effective navigation is very important and critical for
    e-shops because lost visitors will result in lost sales. Large sites have huge
    range of products and have to be more careful as finding a product of choice
    is a big task. Sufficient user testing will be extremely useful for identifying
    potential navigational issues.

    Shopping cart, login and search options: An e-shop without these features
    is of no use. Many e-shops provide private accounts to customers so that
    they can check their order history. Also, such customers get special discount
    offers or can participate in different promotions or sale. Search options are
    essential for finding suitable products for customers by customers,
    specifically in large websites.

    Deals, freebies and free shipping: people generally tend to buy more
    during sales and discounted periods. Some are also attracted by free
    shipping. So making eye-catching banners with discount offers on the upper
    part of home page of e-shop website will lead to increase in sales.

    Payment system Icons: E-shops have many customers from round the
    globe and each have their own preferred payment system ranging from
    credit & debit card, gift vouchers and cash on delivery, etc. These options
    always display the delivery and after sales terms and conditions.

    Links from social media: Almost 30% of online purchases are
    accomplished after surfing through social media sites such as Twitter and
    Face book. They are good options as customers are inclined by public
    opinion also.

    Phone numbers and online chats: The customer help line numbers and
    online chat with customers to clear queries are highly appreciated forms of
    value added customer service since E-shops are working 24 x 7 and
    customer service can solve majority of pre-sales and after sales questions.

    Store finder: This feature is useful and must for E-shops that have wide
    dealer network. Many international customers prefer to visit website to find
    nearest branch as well as for information but prefer to visit nearest store
    physically.

    Trust marks: Trust marks are small images or a logo that shows a security
    guarantee .by an external party indicating that it is safe to shop onsite. Some
    of these trust marks come from Verisign, TRUSTe, McAfee, etc.

    Apart from trust marks, a clear design, easy menu and submenus, detailed product
    descriptions and clear images of products along with user review are also very important
    to build reputation of E-sh

     Being able to stand out and getting customers is very challenging task in the ever

    growing global market when too many e-commerce sites are competing for the same
    target customers. The following are some of the strategies to increase e-visibility of your
    e-commerce website:

    • Increasing traffic: It is essential for your site to regularly post on social .
    networking sites. It is paramount to create and maintain your brand
    positioning in order to survive. It is essential to remember that anything out
    of sight of customer will be out ofhislher mind. This can be improved by
    taking the following measures:

    (i) Uploading contents like special offers, news, pictures, phrases, any
    eye catering information for the regular followers.
    (ii) Knowledge about competitions, doing research and checking what the
    competitors are uploading, their offers and number of posts are they
    doing.

    • Easy URL: The website URL must be simple and catchy so that can be
    easily remembered. At the same time, name should be sensible that it can be
    guessed and easily remembered by users.

    • Adding icons of social networks: It helps user/followers and other potential
    customers to know about your site and business.

    • Advertising: Word of mouth marketing is more powerful than ever but even
    the conventional way of advertising using media such as TV, newspapers,
    etc. In fact, they play significant role in increasing visibility. The consumers
    have always trusted recommendations and advice from friends and peers
    more than they do on brand advertisement. So taking advantage of the
    power of supporters of your brand can also be useful.

    • Social empire optimization: It is a process of imposing the visibility of
    website in the search engine's search results. The higher appearance of your
    website in the search engine, the higher the probability of increase of
    number of customer.

    The following are some of the techniques that need to be followed to improve visibility:

    • Optimizing the contents of website.

    • Including list of key words related to your work on all your pages.

    • . Using buttons of social networks on your website.

    Search engines are classified into two categories.

    Crawler based search engine: These search engines called robot or bat,
    generally index sites based on the content and links to your website. Google
    and Alta vista are examples. The exact method of ranking the website by
    crawler based search engine is kept confidential as rules keep on changing
    with time.

    Human powered directories: These are actually compiled by human
    reviewers who examine and evaluate description of website and then they
    rate the contents using their own criteria. Normally, this type of combination
    is done for listing by paid search engines.

    Link popularity: Link popularity is a key factor for increasing ranking of
    web pages. It refers to the number and quality oflinks that point to website.

    Mobile Banking: This application makes it possible to perform bank-related transactions
    such as checking account status, transferring money and selling stocks, via mobile
    devices, independent of the current user location.

    Mobile Entertainment: This application offers services that provide entertainment
    through mobile devices such as ring tones, music and videos, gaming and chatting etc.

    Mobile Information Services: This term refers to mobile services that provide
    subscribers with content that provides information. Examples of such services are news
    updates of any nature (finance, politics, sport, etc.), travel information, access to search
    engines and Mobile Office (e-mails, appointments, etc.).

    Mobile Marketing: This term refers to services based on mobile communication
    'technologies that provide firms with new and innovative instruments to increase sales,
    . win and retain customers, improve after-sales service, build and sustain a positive and
    modem image/brand and carry market research.

    Mobile Shopping: This application bundles services that allow for of transactions
    involving purchase of goods using mobile devices. The user can purchase products by
    choosing them from a catalogue accessible from a mobile device .

    Mobile Ticketing: All services that must be paid for, before a lawful utilization can take
    place, are suitable for Mobile ticketing such as travelling in public transport, entry to a
    cultural event or cinema. This application ensures that the user can purchase a right to
    utilization/ticket with a mobile device, replacing the conventional paper ticket. The ticket
    is sent in digital form to the mobile device.

    Telematics Services: Telematics is an artificial term that refers to innovative
    technologies that link telecommunication technologies with informatics. The transport
    segment has been the primary area of this application, which is also known as Intelligent
    Transport System (ITS). The main services are for navigation systems, remote diagnosis
    as well as access to other mobile applications such as mobile entertainment, mobile
    content/office, mobile banking and mobile shopping. 

     E-commerce and E-business are not solely the Internet, websites or dot com companies.

    It is about a new business concept that incorporates all previous business management
    and economic concepts. As such, e-business and e-commerce impact many areas of
    business and disciplines of business management studies.

    The following are some of the areas which have an impact of E-commerce:

    • Marketing: Issues of online advertising, marketing strategies, consumer
    behavior and cultures. One of the areas in which it impacts particularly is
    direct marketing. In the past, this was mainly door-to door, home parties and
    mail order using catalogues or leaflets. This moved to telemarketing and TV
    selling with the advances in telephone and television technology and finally
    developed into e-marketing spawning 'e-CRM' (Electronic Customer
    Relationship Management), data mining etc. by creating new channels for
    direct sales and promotion.

    Computer Sciences: Development of different technologies and languages
    to support e-commerce and e-business. Linking front and back office legacy
    systems with web based technologies is an example.

    • Finance and Accounting: Online banking has become popular with
    complex transactions becoming possible without physically going to bank.

    Economics: There was a positive impact of e-commerce on local and global
    economies leading to understanding the concepts of a digital and knowledge
    based economy.

    Production and Operations Management: The impact of on-line
    processing has led to reduced cycle times. It takes seconds to deliver
    digitized products and services electronically; similarly the time for
    processing orders can be reduced by more than 90 per cent from days to
    minutes. Production systems are integrated with finance marketing and other·
    functional systems as well as with business partners and customers.

    Production and Operations Management (Manufacturing): Moving
    from mass production to demand-driven, customer pull rather than the
    manufacturer push of the past has become possible. Web based Enterprise
    Resource Planning (ERP) systems can also be used to forward orders
    directly to designers and/or production floor within seconds, thus cutting
    production cycle times by up to 50 per cent, especially when manufacturing
    plants, engineers and designers are located in different countries. In sub-
    -assembler companies, where a product is assembled from a number of
    different components sourced from a number' of manufacturers,.
    communication, collaboration and coordination are critical. So, electronic
    bidding can yield cheaper components and having flexible and adaptable
    procurement systems allow for rapid changes at a minimum cost leading to
    minimized inventories and savings.


    Management Information Systems: There has been an impact on analysis,
    design and implementation of e-business systems within an organization as
    wen as issues of integration of front end and back end systems.

    Huma Resource Management: There has been an impact leading to
    , Online recruitment and working from home.


    • Business Law and Ethics: There has been an impact on different legal and
    ethical issues that have arisen as a result of a global virtual market and on
    issues such as copyright laws, privacy of customer information, legality of
    electronic contracts, etc.

     Mobile Banking: This application makes it possible to perform bank-related transactions

    such as checking account status, transferring money and selling stocks, via mobile
    devices, independent of the current user location.

    Mobile Entertainment: This application offers services that provide entertainment
    through mobile devices such as ring tones, music and videos, gaming and chatting etc.

    Mobile Information Services: This term refers to mobile services that provide
    subscribers with content that provides information. Examples of such services are news
    updates of any nature (finance, politics, sport, etc.), travel information, access to search
    engines and Mobile Office (e-mails, appointments, etc.).

    Mobile Marketing: This term refers to services based on mobile communication
    'technologies that provide firms with new and innovative instruments to increase sales,
    . win and retain customers, improve after-sales service, build and sustain a positive and
    modem image/brand and carry market research.

    Mobile Shopping: This application bundles services that allow for of transactions
    involving purchase of goods using mobile devices. The user can purchase products by
    choosing them from a catalogue accessible from a mobile device.

    Mobile Ticketing: All services that must be paid for, before a lawful utilization can take
    place, are suitable for Mobile ticketing such as travelling in public transport, entry to a
    cultural event or cinema. This application ensures that the user can purchase a right to
    utilization/ticket with a mobile device, replacing the conventional paper ticket. The ticket
    is sent in digital form to the mobile device.

    Telematics Services: Telematics is an artificial term that refers to innovative
    technologies that link telecommunication technologies with informatics. The transport
    segment has been the primary area of this application, which is also known as Intelligent
    Transport System (ITS). The main services are for navigation systems, remote diagnosis
    as well as access to other mobile applications such as mobile entertainment, mobile
    content/office, mobile banking and mobile shopping.

     The goal of structured system analysis and design is to reduce maintenance time and

    effort. Modeling is the act of drawing one or more graphical representations of a
    System. Model driven development techniques emphasize the drawing of models to
    help visualize and analyze problems, define business requirements and design
    Information systems. The first model driven approach is Structured Analysis and
    Design approach.

    Structured Analysis is a development method for the analysis of existing manual
    systems or automated systems, leading to development of specifications (expected
    functionality or behavior) for proposed system. The objective of structured analysis
    approach is to organize the tasks associated with requirement determination to provide
    an accurate and complete understanding of a current situation. The major tasks of
    structured system analysis approach are:

    • Preliminary Investigation
    • Problem Analysis
    • Requirement Analysis
    • Decision Analysis.

    It is a process-centered technique that is used to model business requirements for a
    system. Structured analysis introduced a process-modeling tool called the Data flow
    diagram, used to illustrate business process requirements. With the help of DFD, the
    systems analyst can show the system overview. Data modeling tools such as Entity
    relationship diagrams are used to illustrate business data requirements. With the help
    of ERD, the analyst, can show database overview.

    Structured Design utilizes graphic description (Output of system analysis) and
    focuses on development of software specifications. The goal of structured design is to
    lead to development of programs consisting of functionally independent modules that
    perform relatively independently of one another. It is a specific program design
    technique, not a comprehensive design method. Thus it does not specify file or
    database design, input or output layout or the hardware on which the application will
    run. It provides specification of program modules that are functionally independent.

    It is a process-centred technique that transforms the structured analysis models into
    good software design models. Structured Design introduced a modeling tool called
    Structure Charts. They are used to illustrate software (program) structure to fulfil
    business requirements. Structure charts describe the interaction between independent
    module and the data passing between the modules. These module specifications can
    be passed to programmers prior to the writing of program code. In structure chart the
    whole application is divided into modules (set of program instructions) and modules
    are designed according to some principles of design. These principles are:

    Modularity and partitioning: Each system should consist of a hierarchy of modules.
    Lower level modules are generally smaller in scope and size compared to higher level
    modules. They serve to partition processes into separate functions.

    Coupling: Modules should be loosely coupled. It means that modules should have
    little dependence on other modules in a system.

    Cohesion: Modules should be highly cohesive. It means that modules should carry out
    a single processing function.

    Span of control: Modules should interact with and manage the functions of a limited
    number of lower level modules. It means that the number of called modules should be
    limited (in a calling module).

    Size of Module: The number of instructions contained in a module should be limited
    so that module size is generally small.

    Shared use of Functions:
    Functions should not be duplicated in separate modules
    may be shared. It means that functions can be written in a single module and it can be
    invoked by any other module

    Various approaches are available for development of Information Systems. They are:

    Model Driven: It emphasizes the drawing of pictorial system models to document
    and validate both existing and/or proposed systems. Ultimately, the system model
    becomes the blueprint for designing and constructing an improved system.

    Accelerated approach: A prototyping approach emphasizes the construction of
    model of a system. Designing and building a scaled-down but functional version
    of the desired system is known as Prototyping. A prototype is a working system
    that is developed to test ideas and assumptions about the new system. It consists
    of working software that accepts input, perform calculations, produces printed or
    display information or perform other meaningful activities.

    Joint Application Development: It is defined as a structured approach in which
    users, managers, and analysts work together for several days in a series of
    intensive meetings to specify or review system requirements. In this approach,
    requirements are identified and design details are finalized.

     

     Systems may be classified as follows:


    a) Formal or Informal
    b) Physical or Abstract
    c) Open or Closed
    d) Manual or Automated.

    a) A Formal System is one that is planned in advance and is used according to
    schedule. In this system policies and procedures are documented well in advance.
    A real life example is to conduct a scheduled meeting at the end of every month in
    which agenda of the meeting has already been defined well in advance.
    An Informal System is the system that is not described by procedures. It is not
    used.
    According to a schedule. It works on as need basis. For example, Sales order
    processing system through telephone calls.

    b) Physical Systems are tangible entities that may be static or dynamic.
    Computer Systems, Vehicles, Buildings etc. are examples of physical systems.
    Abstract systems are conceptual entities.
    Example: Company

    c) Open System is a system within its environment. It receives input from
    environment and provides output to environment.
    Example: Any real life system, Information System, Organization etc.

    Closed System: It is isolated from environment influences. It operates on factors
    within the System itself. It is also defined as a System that includes a feedback
    loop, a control element and feedback performance standard.

    d) Manual and Automated systems: The system, which does not require human
    intervention is called Automated system. In this system, the whole process is
    automatic.
    Example: Traffic control system for metropolitan cities.
    The system, which requires human intervention, is called a Manual System.
    Example: Face to face information centre at places like Railway stations etc.