processing tech malicioussoftware_ecommerce
TRANSCRIPT
Information System Architecture:Processing Technique
Presented ByEngr. Md. Fazlul Kader
Assistant Professor, Dept. of APECE
University of Chittagong, Bangladesh
Contents
Batch Processing
Distributed processing
Real Time processing
Timesharing
Multiprogramming
Multiprocessing
Engr. Md Fazlul Kader 2
Batch processing
A system that takes a set (a ―batch‖) of commands or jobs, executes them and
returns the result, all without human intervention.
Batch processing requires separate programs for input, process and output.
It is an efficient way of processing high volume of data
Advantages: Batch processing has the following benefits:
It allows sharing of computer resources among many users and programs.
It can shift the time of job processing to when the computing resources are
less busy.
It avoids idling the computing resources with minute-by-minute manual
intervention and supervision.
By keeping high overall rate of utilization, it amortizes the computer,
especially an expensive one.
Examples:
Printing
End of Day reporting(EOD)Engr. Md Fazlul Kader
3
Distributed Processing
A distributed system consists of multiple computers that communicate
through a computer network.
The computers interact with each other in order to achieve a common
goal.
Examples:
The world wide web – information, resource sharing
Distributed manufacturing system (e.g.,automated assembly line)
A computer program that runs in a distributed system is called
a distributed program, and distributed programming is the process
of writing such programs.
Distributed processing implies that processing will occur on more
than one processor in order for a transaction to be completed
Engr. Md Fazlul Kader 4
Distributed ProcessingAdvantages
Attempts to capture the advantage of both a
centralized and a decentralized system
Greater flexibility
Facilitates quick and better access to data and
information
Higher performance than a centralized computer.
Better computer resources are easily available to the
end users
Engr. Md Fazlul Kader 5
Distributed ProcessingDisadvantages
Lack of proper security control: The sharing of data
creates the problem of data security.
Lack of adequate computing/communication standard
Troubleshooting and diagnosing problems
The problems created by network infrastructure
Engr. Md Fazlul Kader 6
Real time processing
In a real time processing, there is a continual input,
process and output of data.
Data has to be processed in a small stipulated time period
(real time), otherwise it will create problems for the
system.
For example: assembly line robots and radar system.
More examples of business real time processing: Air traffic control system
Reservation system used by hotel and car rental agencies
Process control systems as in nuclear reactor plants and steel mills
Systems that provide up to the minute information on stock prices.
Engr. Md Fazlul Kader 7
Timesharing
Time sharing is a term used to describe a processing system with a number
of independent, relatively low speeds, online, simultaneously usable
stations.
Each station provides direct access to the CPU
In other words, timesharing refers to the allocation of computer resources
in a time dependent fashion to several programs simultaneously
Users who are using a timesharing system fall in one of the 3 status groups:
1. Active:
The user’s program has currently control the CPU.
One user active at a time
2. Ready:
The user’s program is ready to continue but is waiting for CPU.
More than one user can be in ready state at a time
3.Wait:
The user has no made up no request for execution of his job or the user’s program is
waiting for some I/O operation.
More than one user can be in waiting state at a time Engr. Md Fazlul Kader
8
Timesharing
Advantages
Reduces CPU idle time
Offers computing facility to small users
Provides advantage to quick response
Avoids duplication of the software
Disadvantages
Question of security
Problem of reliability
Problem of data communication
Question of overhead involved
Engr. Md Fazlul Kader 9
Multiprogramming
Multiprogramming is the allocation of computing resources to more
than one concurrent application, job or user .
It is distinguishable from monoprogramming (or uniprogramming)
in which only a single program may be run at a time.
In Multiprogramming there are a number of programs available to
the CPU(Stored in main memory) and that a portion of one is
executed, then a segment of another and so on
Engr. Md Fazlul Kader
10
Multiprogramming
Advantages Increased throughput
Lowered response time
Ability to assign priorities of jobs
Requirements/Disadvantages
Large memory
Memory protection
Program status preservation
Proper job mix
Engr. Md Fazlul Kader 11
Multiprocessing
Multiprocessing is the use of two or more central processing
units (CPUs) within a single computer system.
The term also refers to the ability of a system to support more than
one processor and/or the ability to allocate tasks between them
Advantages
1.Higher performance due to parallel processing.
2.It provides a built in backup. if one CPU get failed other CPU are
used to do that CPUs job.
3.In addition to the CPUs, also facilitates effective utilization of other
computer devices.
Disadvantages/Limitations
1.complex OS is required.
2.large main memory required.
3.very expensive.
Engr. Md Fazlul Kader 12
Multiprocessing vs Multiprogramming
Multiprogramming Multiprocessing
1 Interleaved execution of two or more
processes by a computer system
having single CPU
Simultaneous execution of two
or more processes by a
computer system having more
than one CPU
2 Involves executing a portion of one
program, then a segment of another
etc.,in brief consecutive time periods.
Simultaneous execution of
several segments of one or
more programs
Engr. Md Fazlul Kader
13
Information System Architecture:Security Control and E-commerce
Presented ByEngr. Md. Fazlul Kader
Assistant Professor, Dept. of APECE
University of Chittagong, Bangladesh
Contents
Security Control
Malicious software
Hackers and cyber-vandalism
Technologies and tools to provide security
E-Commerce
Engr. Md Fazlul Kader 15
Security and Control
Security: Refers to the policies, procedures and technical
measures used to prevent unauthorized access,
alteration, theft or physical damage to information
systems.
Control
Consists of all the methods, policies and organizational
procedures that ensure the safety of the organization's
assets, the accuracy and reliability of its accounting
records and operational adherence to management
standards.
Engr. Md Fazlul Kader 16
Malicious software
Malicious software, commonly known as malware
Malware is any software that brings harm to a computer
system.
Malware can be in the form of
worms,
viruses,
Trojans,
spyware,
adware etc.,
which steal protected data, delete documents or add software not
approved by a user.
Engr. Md Fazlul Kader 17
Malicious software:Classification
Divided into two categories:1. those that need a host program
referred to as parasitic
Parasitic, are essentially fragments of programs that cannot
exist independently
Examples: Viruses, logic bombs, and backdoors
2. those that are independent.
Independent malware is a self-contained program
Can be scheduled and run by the operating system.
Examples: Worms, Zombie
Engr. Md Fazlul Kader 18
Malicious software:Classification
Malicious Programs
Trojan
Horses
Independent
Logic
Bombs
Needs Host Program
WormsViruses ZombieTrapdoors
ReplicateEngr. Md Fazlul Kader
19
Malicious software:Backdoor or trapdoor
Is a secret entry point into a program
Allows someone who is aware of the backdoor to gain
access bypassing usual security access procedures.
Commonly used by programmers legitimately to debug and
test program
Backdoors become threats when unscrupulous
programmers use them to gain unauthorized access;
It is difficult to implement operating system controls for
backdoors.
Engr. Md Fazlul Kader 20
Malicious software:Logic Bomb
One of the oldest types of Malicious software
It is code embedded in some legitimate program
Activated when certain conditions are met.
presence or absence of certain files,
a particular day of the week or date, or
a particular user running the application.
Once triggered, typically damage system
may alter or delete data or entire files,
cause a machine halt, or
do some other damage.
Engr. Md Fazlul Kader 21
Malicious software:Trojan Horses
Useful, or apparently useful, program with hidden side-
effects(code)
When invoked, performs some unwanted or harmful
function.
When run perform some additional tasks Allows attacker to indirectly gain access they do not have directly
To gain access to the files of another user on a shared system
For example, a calculator program appears to be performing a
useful function but it may also be quietly deleting the user’s files.
Engr. Md Fazlul Kader 22
Malicious software:Viruses
A piece of self-replicating code attached to some other
code
It is a piece of software that can ―infect‖ other programs by
modifying them;
Once a virus is executing, it can perform any function, such
as erasing files and programs.
The infection can be prevented by preventing virus from
gaining entry into the system
Examples:
Boot sector virus
E-mail virus
Engr. Md Fazlul Kader
23
Malicious software:Worms
A program that can replicate itself and send copies from computer to
computer across network connections.
It is a standalone malware
Unlike a computer virus, it does not need to attach itself to an existing
program.
Worms almost always cause at least some harm to the network, even if
only by consuming bandwidth.
Example: The Morris worm or Internet worm of November 2, 1988 was
one of the first computer worms distributed via the Internet.
To replicate itself, a network worm uses some sort of network vehicle.
Examples include the following:
Electronic mail facility
Remote execution capability
Remote login capability
Engr. Md Fazlul Kader
24
Malicious software:Zombie or Bot
A program which secretly takes over another networked
computer
Computers that are infected with a 'bot' are generally
referred to as 'zombies'.
Often used to launch Distributed Denial of service(DDoS)
attacks against target websites
Typically exploits known flaws in networked computer
systems A denial of service (DoS) attack floods a network with an overwhelming
amount of traffic, slowing its response time for legitimate traffic or grinding it to a
halt completely. The intent of these attacks is to deny the service to legitimate
users.
Distributed denial of service (DDoS) attacks are DoS attacks that appear to
come from or come from a large number of IP addresses.Engr. Md Fazlul Kader
25
Hackers and Cyber-vandalism
Hacker:
A hacker is an individual who intends to gain unauthorized access to a computer
system
Cracker
The term cracker is typically used to denote a hacker with criminal intent
Spoofing
A type of deception where an intruder attempts to gain unauthorized access to a user’s
system or information via pretending to be the user
For example: In email spoofing (or phishing), the user receives an email that appears to
be from a legitimate source but actually it is sent by someone else.
Sniffer
A type of eavesdropping program that monitors information travelling over a network
A sniffer can used legitimately or illegitimately to capture data being transmitted on a
network.
When used legitimately, sniffers help identify potential network trouble spots or criminal
activity on networks
When used for illegitimately or criminal purposes, they can be damaging and difficult to
detectEngr. Md Fazlul Kader
26
Technologies and tools to provide security
1. Access Control Consists of all the policies and procedures a company uses to
prevent improper access to systems by unauthorized insiders and
outsiders.
To gain access a user must be authorized and authenticated.
Access control software is designed to allow only authorised users to
use systems or access data using some method of authentication
Examples: Biometric authentication
Authentication is the process of verifying who you are. Logging on to a PC with a
username and password is authentication.
Authorization is the process of verifying that you have access to something. Gaining
access to a resource (e.g. directory on a hard disk) because the permissions configured
on it allow you access is authorization.
Engr. Md Fazlul Kader
27
Technologies and tools to provide security
2.Firewalls A firewall is a combination of hardware and software that controls the flow of
incoming and outgoing network traffic
Firewall is used to prevent unauthorized user from accessing private network
Acts like a gatekeeper
Engr. Md Fazlul Kader
28
Technologies and tools to provide security
3.Intrusion Detection Systems
Features full time monitoring tools places at the most
vulnerable points of corporate networks to detect an deter
intruders continually.
The system generates an alarm if it finds a suspicious or
anomalous events.
Engr. Md Fazlul Kader 29
Technologies and tools to provide security
4.Antivirus Software Antivirus or anti-virus software is software used to prevent, detect
and remove malware (of all descriptions), such as: computer viruses
No matter how useful antivirus software can be, it can sometimes
have drawbacks.
Because new viruses are unleashed almost every week, antivirus
software needs constant updating — at least once a week.
Examples:
oKaspersky
oNorton
oMcafee
oAvira
Engr. Md Fazlul Kader
30
E-commerce
E-commerce, short for electronic commerce, is the process used to
distribute, buy or sell market goods and service, and the transfer of
funds online, through electronic communications or networks.
Commonly referred to as
Online commerce
Web Commerce
eBusiness
eRetail
eTailing
ecom or
EC
Engr. Md Fazlul Kader
31
E-commerce Characteristics
Business oriented:
Essentially business-oriented
Expands market and brings more customers
Convenient Service:
Customers will no longer be confined by geographic constraint in receiving
services
System Extendable
Ensure guarantee of system stability
Online Safety
First priority
Proper protective measures must be ensured
Encryption
Digital signature
Firewalls etc
Coordination: coordination among employees, customers, manufacturers,
suppliers and business partnersEngr. Md Fazlul Kader
32
E-commerce processing:
Example
Engr. Md Fazlul Kader
33
E-Commerce :Basic Benefits
Increase sales
Decreasing costs
costs of creating the product
marketing cost
costs of distribution
costs of processing (orders from the customers)
costs of storing information
lowers telecommunication costs
Provide price quotes :with a web site, you can have the prices listed, and change
them
Increase profits
Expands the size of the market from regional to national or national
to international
Reach a narrow market :focus on a more select group of customers
Engr. Md Fazlul Kader
34
E-Commerce :Limitations
Technical Limitations costs of a technological solution
some protocols are not standardized around the world
reliability for certain processes
insufficient telecommunications bandwidth
software tools are not fixed but constantly evolving (ie. Netscape
3,4,4.7,4.75 etc.)
integrating digital and non-digital sales and production information
access limitations of dial-up, cable, ISDN, wireless
some vendors require certain software to show features on their pages,
which is not common in the standard browser used by the majority
Difficulty in integrating e-Commerce infrastructure with current
organizational IT systems
Engr. Md Fazlul Kader
35
E-Commerce :Limitations
Non-Technical Limitations
customer fear of personal information being used wrongly
customer expectations unmet
rules and regulations
security and privacy: vulnerability to fraud and other crimes
lack of trust and user resistance: fear of payment information being
unsecure
tactile limitations
limitations of support services
financial cost
sourcing tech support in foreign languages
higher employee training required to be click and mortar
people's resistance to change
people may not be used to faceless / paperless / non-physical
transactions Engr. Md Fazlul Kader
36
37
THANK YOU
Engr. Md Fazlul Kader