Chapter 8 The Internet and World Wide Web 

8.1 The Internet

8.1.1 Introduction

A network is a collection of computers and devices connected together via communications devices and media. The world's largest network is the Internet, which is a worldwide collection of networks that links together millions of businesses, government offices, educational institutions, homes and individuals (Figure 8-1). Each of these networks provides resources that add to the abundance of goods, services, and information accessible via the Internet.

Figure 8-1 Internet is a worldwide collection of networks that links together millions of business, governments, educational institutions, homes and individuals.

Today, one of the major reasons business, home, and other users purchase computers is for Internet access. To say that the Internet has had a profound impact on our lives is truly an understatement. What we do at work, how we work, how we learn, and what we do during leisure time have changed dramatically during the public Internet era. People around the world use a variety of Internet services in daily activities. The virtual classroom, where students can attend classes online, is remaking our college and university system. Many companies and organizations assume the public is familiar with the Internet. Web addresses appear on television, in radio broadcasts, in printed newspapers, magazines, and other forms of advertising. Each year millions more people choose to telecommute to work from their homes. Many more people make their resume available to millions by posting it to the Internet, then using searchable jobs databases to find employment throughout the world. Many people stay connected to the Internet all day long, taking advantage of its latest resources to get help with many daily activities—planning a vacation, getting the best deal on an airline ticket, communicating with friends via e-mail or videophone, getting news and weather, and even playing games with other cybersurfers. To be successful today, you must have an understanding of the Internet. Without it, you are missing a tremendous resource for goods, services, information, knowledge and carrier opportunities.

History of the Internet

During the Cold War in the 1960s, The U.S. military decided it needed a bombproof communications system, and thus the concept for the Internet was born. The Internet began as a United States Department of Defense network to link together scientific and academic researchers around the nation in 1960s. That network, called ARPANET (Advanced Research Projects Agency network), was built to (1) allow scientists at different locations to share information and collaborate on military and scientific projects and (2) function even if part of the network were disabled or destroyed by a disaster such as a nuclear attack. One of ARPANET’s primary goals for the network was to allow multiple users to send and receive information at the same time over the same communications paths (such as phone lines). The network became functional in September 1969, linking scientific and academic researchers across the United States.

The network was designed to operate without centralized control. This meant that if a portion of the network should fail, the remaining working portions would still be able to route messages from senders to receivers over alternate paths. The protocols for communicating over the ARPANET became known as TCP—Transmission Control Protocol. TCP ensured that messages were properly routed from sender to receiver and that those messages arrived intact.

In parallel with the early evolution of the Internet, organizations worldwide were implementing their own networks for both intra-organization (i.e. within organization) and inter-organization (i.e., between organizations) communication. A huge variety of networking hardware and software appeared. One challenge was to get these to intercommunicate. ARPANET accomplished this with the development of IP—Internetworking Protocol, truly creating a “network of networks,” the current architecture of the Internet. The combined set of protocols is now commonly called TCP/IP.

As people realized the great benefit of using ARPANET to share data and information, ARPANET underwent phenomenal growth. Some organizations connected their entire networks to ARPANET to take advantage of the high-speed communications it offered. In 1986, the National Science Foundation (NSF) connected its huge network of five supercomputer centers, called NSFnet, to ARPANET. Since then, this configuration of complex networks became known as the Internet. Business rapidly realized that they could tune their operations and offer new and better services to their clients, so they started spending vast amounts of money to develop and enhance the Internet. This generated fierce competition among the communications carriers and hardware and software suppliers to meet this demand. This result is that bandwidth (i.e., the information carrying capacity) on the Internet has increased tremendously and costs have plummeted.

Because of its advanced technology, NSFnet served as the major backbone of the Internet until 1995. A backbone is high-speed network that connects regional and local networks to the Internet; other computers then connect to these regional and local networks to access the Internet. A backbone thus handles the bulk of the communications activity or traffic on the Internet. In 1995, NSFnet terminated its backbone network on the Internet to return its status to a research network. Since then, a variety of corporations, commercial firms, and other companies run backbone networks that provide access to the Internet. These backbone networks, alone with telephone companies, cable and satellite companies, and the government all contribute toward the internal structure of the Internet, making the Internet truly collaborative.

Today, the Internet consists of many local, regional, national, and international networks. Numerous corporations, commercial firms, and other companies such as IBM provide networks to handle the Internet traffic. Although each network that constitutes the Internet is owned by a public or private organization, no single person, organization, or government agency owns or controls the Internet. The Internet remains a public, cooperative, and independent network. Each organization on the Internet is responsible only for maintaining its own network. However, some organizations, such as Internet Society, Internet Architecture Board, Internet Engineering Task Force, and Internet Network Information Center, contribute toward the success of the Internet by advising, defining standards, donating resources, and addressing other issues. Especially, the World Wide Web Consortium (W3C) is the group that oversees research and sets standards and guidelines for many areas of the Internet. The mission of the W3C is to contribute to the growth of the Web. These organizations are composed of individuals, corporations, nonprofit organizations, foundations, and government agencies around the world.

Who Governs the Internet?

In fact, the Internet is tied into a complex web of governing bodies, national legislatures, and international professional societies. There is no one governing organization that controls activity on the Internet. Instead, there are several organizations that influence the system and monitor its operations. Among the governing bodies of the Internet are:

• The Internet Architecture Board (IAB), which helps define the overall structure of the Internet.

• The Internet Corporation for Assigned Names and Numbers (ICANN), which assigns IP addresses, and the Internet Network Information Center (InterNIC), which assigns domain names.

• The Internet Engineering Steering Group (IESG), which oversees standard setting with respect to the Internet.

• The Internet engineering Task Force (IETF), a private-sector group which forecasts the next step in the growth of the Internet, keeping watch over its evolution and operation.

• The Internet Society (ISOC), which is a consortium of corporations, government agencies, and nonprofit organizations that monitors Internet policies and practices.

• The World Wide Web Consortium (W3C), a largely academic group that sets HTML and other programming standards for the Web.

• The International Telecommunication Union (ITU), which helps set technical standards.

While none of these organizations has actual control over the Internet and how it functions, they can and do influence government agencies, major network owners, ISPs, corporations, and software developers with the goal of keeping the Internet operating as efficiently as possible.

Internet2: The Future Infrastructure

The current infrastructure of the Internet is several decades old. It suffers from a number of limitations, including:

• Bandwidth limitation. There is insufficient capacity throughout the backbone, the metropolitan switching centers, and most importantly, the “last mile” to the home and small businesses.

• Quality of service limitation. Today’s information packets take a circuitous route to get to their final destinations. This creates the phenomenon of latency—delays in messages caused by the uneven flow of information packets through the network. Today’s Internet uses “best-effort” quality of service, which makes no guarantees about when or whether data will be delivered, and provides each packet with the same level of service, no matter who the user is or what type of data is contained in the packet. A higher level of service quality is required if the Internet is to keep expanding into new services, such as video on demand and telephony.

• Network architecture limitations. Today, a thousand requests for a single music track from a central server will result in a thousand efforts by the server to download the music to each requesting client. This slows down network performance as the same music track is sent out a thousand times to clients that might be located in the same metropolitan area. This is very different from television, where the program is broadcast once to millions of homes.

• Language development limitations. HTML, the language of Web pages, is fine for text and simple graphics, but poor at defining and communicating “rich documents,’ such as databases, business documents, or graphics.

• Wired Internet. The Internet is based on cables—fiber-optic and coaxial copper cables. The wired nature of the Internet restricts mobility of users although it is changing rapidly as Wi-Fi hotspots proliferate, and cellular phone technology advances.

The Internet of the future will be much larger and faster. According to some Internet experts, in the next 20 years, Web surfers will be able to browse more than 250 million Web sites. This increase in volume will be based, in part, on Internet2.  Internet2 (I2) is an Internet-related research and development project. Through an extremely high-speed network, I2 develops and tests advanced Internet technologies for research, teaching, and learning. Internet2 members include more than 206 universities, 60 companies, and the U.S. government. The goal of I2 is to enhance tomorrow’s Internet with its advanced technologies. The idea behind Internet2 is to create a “giant test bed” where new technologies can be tested without impacting the existing Internet. The three primary goals of Internet2 are to:

• Create a leading-edge very high-speed network capability for the national research community.

• Enable revolutionary Internet applications.

• Ensure the rapid transfer of new network services and applications to the broader Internet community.

The advanced networks created and in use by Internet2 members provide the environment in which new technologies can be tested and enhanced. Several new networks have been established, including Abilene and vBNS (short for very high performance Backbone Network Service). Abilene and vBNS are high-performance backbone networks that interconnect the GigaPoPs used by Internet2 members to access the network. A GigaPop is a regional Gigabit Point of Presence to the Internet2 network that supports data transfers at the rate of 1 Gbps or higher.  In 2007, Internet2 deployed a 100 Gbps East-West link. At these speeds, the ability of the network to process data begins to exceed the speed at which client computers can pull data off their hard drives. By 2020, the Internet2 will allow Web surfers to access more than 250 million Web sites at speeds perhaps 10,000 times faster than today's Internet.

The Internet2 project is just the tip of the iceberg when it comes to near-term future enhancements to the Internet. In 2007, the NSF began work on the Global Environment for Networking Innovations (GENI) Initiative to develop new core functionality for the Internet, including new naming, addressing and identity architectures; enhanced capabilities, including additional security architecture and a design that supports high availability; and new Internet services and applications. Internet2 will increasingly rely on wireless technology to connect users’ handheld telephones/computers, personal organizers, and laptop and desktop computers to the Web and LANs and to one another. Clearly, a large part of the future Internet will be mobile, access anywhere, broadband service for the delivery of video, music, and Web search.

The increased bandwidth and expanded wireless network connectivity of the Internet2 era will result in benefits beyond faster access and richer communications. Some of the major benefits of these technological advancements include IP multicasting, latency solutions, guaranteed service levels, lower error rates, and declining costs. IP multicasting is a set of technologies that enables efficient delivery of very large files to many locations on a network. Rather than making multiple copies of a message intended to be distributed to multiple recipients at the point of origin of a message, multicasting initially sends just one message and does not copy it to the individual recipients until it reaches the closest common point on the network, thereby minimizing the bandwidth consumed. At that point, routers make copies as needed to serve requesting clients, and the sender sends only a single copy over the Internet. Multicasting technologies are already making their way into today’s Internet through the use of Mbone—a special-purpose backbone for delivering video data.

One of the challenges of packet switching, where data is divided into chunks and then sent separately to meet again at the destination, is that the Internet does not differentiate between high-priority packets, such as video clips, and those of lower priority, such as email messages. Internet2 holds the promise of diffserv (differentiated quality of service)—a new technology that assigns levels of priority to packets based on the type of data being transmitted.  Video conference packets, for example, which need to reach their destination almost instantaneously, would receive much higher priority than e-mail messages. In the end, the quality of video and audio will skyrocket without undue stress on the network. Live and on-demand television and movies will be possible once Internet2 is completed.

Today’s Internet promises only “best effort.” The Internet is democratic—it speeds or slows everyone’s traffic alike. With Internet2, it will be possible to purchase the right to move data through the network at a guaranteed speed in return for higher fees.

8.1.2   How the Internet Works

Data and information sent over the Internet travels via networks and communications media owned and operated by many organizations. This section presents various aspects of the Internet operations.

Internet Architecture

Figure 8-2 illustrates the layered architecture of the Internet. The Internet can be viewed conceptually as having four layers. The Network Technology Substrate layer is composed of telecommunications networks and protocols. The Transport Services and Representation Standards layer houses the TCP/IP protocol. The Applications layer contains client applications such as the World Wide Web, e-mail, and audio or video playback. The Middleware Services layer is the glue that ties the applications to the communications networks, and includes such services as security, authentication, addresses, and storage repositories. Because all layers use TCP/IP and other common standards linking all four layers, it is possible for there to be significant changes in the network layer without forcing changes in the applications layer.

Today’s Internet has several backbones that are physically connected with each other and transfer information from one private network to another. These private networks are referred to as Network Service Providers (NSPs), which own and control the major backbone networks. A backbone is a high-bandwidth fiber-optic cable that transports data across the Internet. The backbones have been linked to a giant pipeline that transports data around the world in milliseconds. In the United States, the backbone is composed entirely of fiber-optic cable with bandwidths ranging from 155 Mbps to 2.5 Gbps. The backbone has built-in redundancy so that if one part breaks down, data can be rerouted to another part of the backbone. Redundancy refers to multiple duplicate devices and paths in a network. Connections to other continents are made via a combination of undersea fiber-optic cable and satellite links.

In the United States, there are a number of hubs where the backbone intersects with regional and local networks, and where the backbone owners connect with one another. These hubs are commonly referred to as Internet Exchange Points (IXPs). IXPs use high-speed switching computers to connect the backbone to regional and local networks, and exchange messages with one another. The regional and local networks are owned by local Bell operating companies and private telecommunications firms; they generally are fiber-optic networks operating at over 100 Mbps. The regional networks lease access to ISPs, private companies, and government institutions.

Figure 8-2 The Internet can be characterized as an hourglass modular structure with a lower layer containing the bit-carrying infrastructure and an upper layer containing user applications. In the narrow waist are transportation protocols such as TCP/IP.

Internet Access Providers

Individuals cannot directly connect to the Internet. An access provider is a business that provides individuals and companies access to the Internet free or for a fee. Individuals can access the Internet through regional or national ISPs, online service providers, and wireless Internet service providers (Figure 8-3).

Figure 8-3 Common ways to access the Internet

An Internet service provider (ISP) is an organization that has a permanent Internet connection and provides temporary connections to individuals and companies for a fee. Two types of ISPs exist: regional and national. A regional ISP usually provides access to the Internet through one or more telephone numbers local to a specific geographic area. A national ISP is a larger, nation-wide business that provides local telephone numbers in most major cities; some also provide a toll-free telephone number. National ISPs generally offer more services and have a larger technical support staff then regional ISPs. Examples of national ISPs are AT&T Worldnet Service and Eearthlink. This type of connection gives you direct access to the Internet through dialup connection. The telephone number you dial to connect you to an access point on the Internet is called point of presence (POP). The most important consideration when selecting an ISP is to be sure that it provides a local POP. Otherwise, you must pay long-distance telephone bills for the time you are connected to the Internet.

You can also access the Internet through online information services such as America Online (AOL) and Microsoft Network (MSN). An online service provider (OSP) is a large self-contained network. It provides an electronic gateway to the Internet; that is, you are linked to the OSP that, in turn, links you to the Internet. An OSP also supplies members-only features that offer a variety of special content and services such as news, weather, legal information, financial data, games, computer guides, email, online calendars, photo communities, instant messaging, and travel information. For this reason, the fees for using an online service usually are slightly higher than fees for an ISP. Online information services usually have thousands of POPs all over the world and large customer and technical support staffs. This type of connection is a popular choice for people working from their home or small business and for those who wish to link their home PC to the Internet.

A wireless Internet service provider (WISP) is a company that provides wireless Internet access to users with wireless modems or Web-enabled handheld computers or devices such as cell phones, PDAs, smart phones, and smart watches. Wireless modems, which usually are in the form of a card that inserts in a slot in a computer or mobile device, generally dial a telephone number t establish a connection with the WISP, An antenna on the wireless modem or Web-enabled device typically sends signals through the airwaves to communicate with a WISP. Examples of WISPs include AT&T, T-Mobile, Verizon Wireless, Sprint Broadband Direct, and Boingo Wireless.

When connecting from home or while traveling, individuals typically use dial-up access to connect to the Internet. With dial-up access, you might use your computer and a modem to dial into an ISP or online service over a regular telephone line. Dial-up access provides an easy way for mobile and home users to connect to the Internet to check e-mail, read the news, and access research material. Because dial-up access uses regular telephone lines, however, the speed of the connection is limited. More and more home and small business users are opting for higher-speed broadband Internet connection through DSL, cable television networks, radio signals, or satellite. In most cases, broadband Internet access is always on. That is, it is connected to the Internet the entire time the computer is running.

Many users connect to the Internet through a business or school network. In this instance, their computers usually are part of a local area network (LAN) that is connected to an ISP through a high-speed connection line leased from the local telephone company. Instead of connecting via a modem, a computer connects to the LAN using a network interface card. This type of connection usually gives you faster interaction with the Internet because a LAN normally has a high-speed digital link to the Internet.

Packet Switching

The Internet operated with a technique called packet switching. Packet switching is a method of slicing digital messages into discrete units called packets, sending the packets along different communication paths as they become available, and then reassembling the packets once they arrive at their destination. Prior to the development of packet switching, early computer networks used leased, dedicated telephone circuits to communicate with terminals and other computers. These “dedicated” circuit-switching techniques were expensive and wasted available communications capacity—the circuit would be maintained regardless of whether any data was being sent. For nearly 70% of the time, a dedicated voice circuit is not being fully used because of pauses between words and delays in assembling the circuit segments, both of which increase the length of time required to find and connect circuits. A better technology was needed.

In 1964, Leonard Kleinrock published a book on packet switching, and then the technique was further developed by others in the defense research labs of both the United States and England. With packet switching, the communications capacity of a network can be increased by a factor of 100 or more. The communications capacity of a digital network is measured in terms of bits per second.

In packet-switched networks, messages are first broken down into packets. Appended to each packet are digital codes that indicate a source address and a destination address, as well as sequencing information and error-control information for the packet (Figure 8-4). The address information was used to rout the packets of data to their destination. The sequencing information was used to help reassemble the packets into their original order for presentation to the recipient. Packets of many people were intermixed on the same lines. Rather than being sent directly to the destination address, in a packet network, the packets travel from computer to computer until they reach their destination. These computers are called routers. A router is a special-purpose computer that interconnects the different computer networks that make up the Internet and routes packets along to their ultimate destination as they travel. To ensure that packets take the best available path toward their destination, routers use a computer program called a routing algorithm.

Packet switching does not require a dedicated circuit, but can make use of any spare capacity that is available on any of several hundred circuits. Packet switching makes nearly full use of almost all available communication lines and capacity. Moreover, if some lines are disabled or too busy, the packets can be sent on any available line that eventually leads to the destination point.

Figure 8-4 Packet switching

How Data Travels the Internet

Computers connected to the Internet work together to transfer data and information around the world using servers and clients. On the Internet, your computer is a client that can access data, information, and services on a variety of servers.

The inner structure of the Internet works much like a transportation system. Just as highways connect major cities and carry the bulk of the automotive traffic across the country, several main communications lines carry the heaviest amount of traffic on the Internet. These communications lines are referred to collectively as the Internet backbone. In the United States, the communications media that make up the Internet backbone exchange message at several different locations. The high-speed equipment in these locations functions similar to a highway interchange, transferring data from one network to another until it reaches its final destination. National ISPs use dedicated lines to connect directly to the Internet backbone. Smaller regional ISPs and local networks lease lines from local telephone companies to connect to national ISPs. These smaller, slower-speed regional and local networks extend out from the backbone into regions and local communities. Figure 8-5 illustrates how these components of the Internet work together to transfer data over the Internet to and from your computer.

Figure 8-5 How your message might travel the Internet using a telephone line connection.

Internet Addresses

	Figure 8-6 The IP address and domain name for the Google Web site

The Internet relies on an addressing system much like the postal service to send data to a computer at a specific destination. Each computer on the Internet has an assigned address called its uniform resource locator (URL) to identify it from other hosts. The URL gives those who provide information available over the Internet a standard way to designate where Internet elements such as servers, documents, newsgroups, etc., can be found. In fact, each computer location on the Internet has a numeric address called an IP (Internet protocol) address. The IP address usually consists of four groups of numbers, each separated by a period. For example, 198.112.68.223 is an IP address. In general, the first portion of each IP address identifies the network and the last portion identifies the specific computer.

	Figure 8-7 Examples of generic top-level domains

Because these numeric IP addresses are difficult to remember and use, the Internet supports the use of a text name that represents one or more IP addresses. The text version of an IP address is called a domain name. Like an IP address, the components of a domain name are separated by periods. In the domain name, the http specifies the access method and tells the telecommunication software to access this particular file using the HyperText Transport Protocol (http). Other access methods include ftp (File Transfer Protocol) for transferring files, telnet for logging onto a remote computer, and news for bulletin boards or newsgroups. Figure 8-6 gives an example of IP address and its associated domain name. The text in the domain name up to the first period identifies the type of Internet server. The www in Figure 8-6, for example, indicates a Web server. The google.com part of the address is domain name that identifies the Internet host site. The left part of the domain name identifies the host network or host provider, which might be the name of a university or business; the right part is a top-level domain (TLD) abbreviation that identifies the type of organization that operates the site. For international Web sites outside the United States, the domain name also includes a two-letter country code, such as au for Australia or fr for France, which usually is placed at the end of a domain name. Figure 8-7 lists some generic TLD abbreviations.

For top-level domains of biz, com, info, name, net and org, you register for a domain name from a registrar, which is an organization that maintains the master list of domain names. In addition to determining prices and policies for domain name registration, a registrar may offer additional services such as Web site hosting. The group that assigns and controls TLDs is the Internet Corporation for Assigned Names and Numbers (ICANN). Domain names and their corresponding IP addresses are registered using the domain name system (DNS) and are stored in Internet computers called domain name system servers (DNS servers). DNS is the method that the Internet uses to store domain names and their corresponding IP addresses. Figure 8-8 summarizes the important components of the Internet addressing scheme. Recall that the Internet is based on IP addresses. Every time you specify a domain name, a DNS server translates the domain name into its associated IP address, so that data can be routed to the correct computer.

Figure 8-8 Pieces of the Internet puzzle: names and addresses

In fact, the IP addressing scheme answers the question “How can 600 million computers attached to the Internet communicate with one another?”  The answer is that every computer connected to the Internet must be assigned an address—otherwise it cannot send or receive messages. For instance, when you sign onto the Internet using a dial-up, DSL, or cable modem, your computer is assigned a temporary address by your Internet Service Provider. Most corporate and university computers attached to a local area network have a permanent IP address.

There are two versions of IP currently in use. IPv4 (version 4) is still the most frequently used version. An IPv4 Internet address is a 32-bit number that appears as a series of four separate numbers marked off by periods. Each of the four numbers can range from 0-255. This “dotted quad” addressing scheme contains up to 4 billion addresses (2 to the 32^th power).

Because many large corporate and government domains have been given millions of IP addresses each (to accommodate their current and future work force), and also because the rapid growth of the Internet is expected to continue, with all the new networks and new Internet-enabled devices requiring unique IP addresses being attached to the Internet, a newer version of the IP protocol, called IPv6, has been developed. IPv6 provides for 128-bit addresses, or about 1 quadrillion addresses.

8.1.3   Internet Services

The most commonly used Internet services include e-mail, mailing list, instant messaging, chat rooms, VoIP, FTP, newsgroup and message boards, and the World Wide Web. The following pages discuss each of these Internet services.

E-mail

E-mail (electronic mail) is the transmission of messages and files via a computer network. Today, e-mail is a primary communications method for both personal and business use. The Internet has become the most important e-mail system in the world because it connects so many people from all over the world. E-mail is no longer limited to simple text messages. Depending on the hardware and software of both the sender and recipient, users can embed images, sound and video in the message and attach files that contain text documents, spreadsheets, graphics, audio, video, or executable programs. You use an e-mail program to create, send, receive, forward, reply, print, delete and store messages. Outlook and Windows Mail are two popular e-mail programs.

	Figure 8-9 An e-mail address is a combination of a user name and a domain name

Internet access providers typically supply an e-mail program as a standard part of their Internet access services. Some Web sites, such as Google Gmail, Windows Live Hotmail, and Yahoo! Mail, provide free e-mail services.  Just as you address a letter when using the postal system, you must address an e-mail message with the e-mail address of your intended recipient. An e-mail address is a combination of a user name and a domain name that identifies the user who will receive the e-mail (Figure 8-9). A user name is a unique combination of characters that identifies you. Your user name must be different from the other user names in the same domain. An @ symbol separates the user name from the domain name. Your Internet service provider or networks administrator in a LAN supplies you with the domain name. Most e-mail programs allow you to create an address book, which contains a list of names and e-mail addresses. As you receive e-mail messages, they are placed in you mailbox, which is a storage location usually residing on the computer called a mail server.

When you send an e-mail message, a program on the mail server determines how to route the message through the Internet and then sends the message. SMTP (simple mail transfer protocol) is a communications protocol used by some outgoing mail servers. When the message arrives at the recipient’s mail server, the message is transferred to a POP3 server. PO3 is the latest version of POP. POP (Post Office Protocol) is a communications protocol used by some incoming mail servers. The POP3 server holds the message until recipient retrieves it with his or her-e-mail software. Most e-mail programs have a mail notification alert that information you via a message or sound when you receive new mail.

Mailing List

A mailing list, also called distribution list, is group of e-mail names and addresses given a single name. When a message is sent to a mailing list, every member on the list receives a copy of the message in his/her mailbox. To add your e-mail name and address to a mailing list, you subscribe to it; to remove your name, you unsubscribe from the mailing list. Some mailing lists are called LISTSERVs, named after a popular mailing list program.

Thousands of mailing lists exist about a variety of topics in areas of entertainment, business, computers, society, culture, health, recreation, and education. To locate a mailing list dealing with a particular topic, you can search for the keywords, mailing lists or LISTSERVs, using your Web browser. Many vendors use mailing lists to communicate with their customer base.

Instant Messaging

Instant messaging (IM) is a real-time Internet communications service that notifies you when one or more people are online and then allows you to exchange messages or files or join a private char room with them (Figure 8-10). Some IM services support voice and video conversations. Many IM services also can alert you to information such as calendar appointments, stock quotes, weather, or sport scores. They also allow you to send pictures or other documents to a recipient. To use IM, you install instant messenger software from an instant messaging service onto the computer or device with which you wish to use IM. For IM to work, both parties must be online at the same time. Also, the receiver of a message must be willing to accept messages.

People use IM on all types of computers, including desktop computers and mobile computers and devices. Some operating systems, such as Windows Vista, include an instant messenger. Popular IM software includes AIM (AOL Instant Messenger), Google Talk, MySpace IM, Windows Live Messenger, and Yahoo! Messenger. No standards currently exist for IM. To ensure successful communications, all individuals on the contact list need to use the same or a compatible instant messenger.

Figure 8-10 An example of instant messaging

Chat Rooms

	Figure 8-11 As you type, the message you enter are displayed on the computer screens of other people in the same chat room

A chat is a real-time typed conversation that takes place on a computer. Real time means that you and the people with whom you are conversing are online at the same time. A chat room is a facility on an Internet server that enables two or more people to engage in interactive "conversation" over the Internet. Anyone in the chat room can participate in the conversation. To start a chat session, you connect to a chat server through a program called chat client. Today's browsers usually include a chat client. Some Web sites allow users to conduct chats without a chat client.

When you log into a chat session, you can "talk” by keying in messages that are immediately displayed on the screens of other chat participants or you can hear or see each other as you chat (Figure 8-11). Any number of people can join a chat session. The chat session should indicate the topic of discussion. The person who creates a chat session acts as the operator and has responsibility for monitoring the conversation and disconnecting anyone whom becomes disruptive. Operator status can be shared or transferred to someone else.

VoIP

VoIP, also called Internet telephony, enable users to speak to other users over the Internet using their desktop computer, mobile computer, or mobile device. That is, VoIP uses the Internet (instead of the public switched telephone network) to connect a calling party to one or more called parties.

To place an Internet telephone call, you need a high-speed Internet connection (e.g., via DSL or cable modem); Internet telephone service; a microphone or telephone, depending on the Internet telephone service; and Internet telephone software or a telephone adapter, depending on the Internet telephone service. Calls to other parties with the same Internet telephone service often are free, while calls that connect to the telephone network typically cost about $15 to $25 per month.

When you speak in a microphone connected to your computer or a telephone connected to the telephone adapter, the Internet telephone software and the computer's sound card or the telephone adapter convert your spoken words (analog signals) to digital signals and then transmit the digitized audio over the Internet to the called parties. Software and equipment at the receiving end reverse the process so that the receiving parties can hear what you have said.

Files Transfer Protocol (FTP) is an Internet standard that allows you to exchange files with other computers on the Internet. FTP is a quick and easy method if you know the remote computer site in which the file is stored. Once you have logged on to the remote computer, you can upload files onto the computer, or you can move around directories that have been made accessible for FTP to search for the file you want to retrieve. Once located, FTP makes transfer of the file very easy. Web authors, for example, often use FTP to upload their Web pages to a Web server.

An FTP server is a computer that allows users to upload and download files using FTP. An FTP site is a collection of files including text, graphics, audio, video, and program files that reside on a FTP server. Some FTP sites limit file transfers to individuals who have authorized accounts (user names and passwords) on the FTP server. Many FTP sites allow anonymous FTP, whereby anyone can transfer some available files. Large files on FTP sites often are compressed to reduce storage space and download time. Before you can use a compressed (zipped) file, you must uncompress (unzip) it. Many operating systems include FTP capabilities. If yours does not, you can download FTP programs from the Web, usually for a small fee.

Newsgroups and Message Boards

	Figure 8-12 Users in a newsgroup read and reply to other users’ messages

A newsgroup is an online area in which users conduct written discussions about a particular subject (Figure8-12). The entire collection of Internet newsgroups is called Usenet, which contains tens of thousands of newsgroups on a multitude of topics. To participate in a discussion, a user sends a message to the newsgroup, and other users in the newsgroup read and reply to the message. Discussion takes place in large electronic bulletin boards where anyone can post messages on the topic for others to read. Some newsgroups require you to enter your user name and password to participate in the discussion. This type of newsgroups is used when the messages on the newsgroup are to be viewed only by authorized members. A computer that stores and distributes newsgroup messages is called a news server.

To participate in a newsgroup, you use a program called a newsreader, which is included with most browsers or Windows Mail. You also can download newsreaders on the Web. Instead of using your own newsreader, some Web sites that sponsor newsgroups have a built-in newsreader. The newsreader enables you to access a newsgroup to read a previously entered message, called an article. You also can post your article. A newsreader can keep track of which articles you have and have not read. People who frequently use newsgroups refer to the original message and any posted replies to the message as a thread. A thread can be short-lived or continue for some time, depending on the nature of the topic and the interest of the participants.

The newsreader sorts and groups threads according to the original title. Using a newsreader, you can search for newsgroups discussing a particular subject such as type of musical instrument, brand of sports equipment, or employment opportunities. If you like the discussion in a particular newsgroup, you can subscribe to it, which means its location is saved in your newsreader for easy future access. In some newsgroups, posted articles are sent to a moderator instead of immediately displaying on the newsgroup. The moderator reviews the contents of the article and then posts it, if appropriate. With a moderated newsgroup, the moderator decides if the article is relevant to the discussion. The moderator may choose to edit or discard inappropriate articles. For this reason, the content of a moderated newsgroup is considered more valuable.

A popular Web-based type of discussion group that does not require a newsreader is a message board. Many Web sites use message boards instead of newsgroups because they are easier to use.

World Wide Web

The World Wide Web (the Web) is at the heart of the explosion in the business use of the Internet. The Web is a system with a universally accepted set of standards for storing, retrieving, formatting, and displaying information using a client/server architecture. The Web consists of a worldwide collection of electronic documents that have build-in hyperlinks to other related documents. Because of its ability to handle multimedia objects, including linking multimedia objects distributed on Web servers around the world, the Web is emerging as the most popular means of information access on the Internet. Next section discusses the World Wide Web in detail.

Ping

Packet InterNet Groper (Ping) is a utility program that allows you to check the connection between a client computer and a TCP/IP network. Ping will also tell you the time it takes for the server to respond, giving you some idea about the speed of the server and the Internet at that moment. You can run Ping from the DOS prompt on a personal computer with a Windows operating system by typing: Ping <domain name>, as shown in Figure 8-13. Tracert is one of a several route-tracing utilities that allows you to follow the path of a message you send from your client to a remote computer on the Internet. The Pathping utility program combines the functionality offered by Ping and Tracert, which provides the details of the path between two hosts and statistics for each node in the path based on samples taken over period of time, depending on the number of nodes between the start and end host. Therefore, you can use these utility programs to obtain information about the connection between your computer and the network.

Figure 8-13 The result of a Ping

8.2 The World Wide Web

8.2.1   Introduction

Although many people use the terms World Wide Web and Internet interchangeably, the World Wide Web is just one of the many services available on the Internet. The World Wide Web actually is a relatively new aspect of the Internet. While the Internet was developed in the late 1960s, Web was not invented until 1989-1991 by Dr. Tim Berners-Lee of the European Particle Physics Laboratory. First, Berners-Lee wrote a computer program that allowed formatted pages within his own computer to be linked using keywords (hyperlinks). Clicking on a keyword in a document would immediately move him to another document. Berners-Lee created the pages using a modified version of a powerful text markup language called SGML (Standard Generalized Markup Language). Berners-Lee called this language HyperText Markup Language (HTML). He then came up with the idea of storing his HTML pages on the Internet. The early Web was based on text only; the original Web browser only provided a line interface.

In 1993, Marc Andreesen and others at the National Center for Supercomputing Application at the University of Illinois created a Web browser with a graphical user interface called Mosaic that made it possible to view documents on the Web graphically. Mosaic was a software program that could run on any graphically based interface such as Windows, Macintosh, or Unix. Aside from making the content of Web pages colorful and available to the world’s population, the graphical Web browser created the possibility of universal computing—the sharing of files, information, graphics, sound, video, and other objects across all computer platforms in the world, regardless of operating system. In 1994, Andreeseen and Jim Clark founded Netscape, which created the first commercial browser, Netscape Navigator. In 1995, Microsoft Corporation released its own version of a browser, called Internet Explorer. In the ensuing years, Netscape has faltered, falling from 100% market share to less than 0.5% in 2007.

The World Wide Web (WWW), or Web is a worldwide collection of electronic documents. Millions of independently-owned computers work together as one in an Internet service. These computers, called Web servers, are scattered all over the world and contain every imaginable type of data and information. Thus, the Web has become a global information-retrieval system. The Web consists of a worldwide collection of electronic documents that have built-in hyperlinks to other related documents. These hyperlinks, called links, allow you to navigate quickly from one document to another, regardless of whether the documents are located on the same computer or on different computers in different countries. A link can be text or an image. To activate a link, you click it. Clicking a link causes the Web page associated with the link to be displayed on the screen.

The Web is a menu-based system that uses the client/server model. It organizes Internet resources throughout the world into a series of menu pages, or screens that appear on your computer. An electronic document on the Web is called a Web page, which can contain text, graphics, sound, and video, as well as links to other Web pages. Some Web pages are static (fixed); others are dynamic (changing). Visitors to a static Web page all see the same content. With a dynamic Web page, by contrast, visitors can customize some or all of the viewed content such as desired stock quotes, weather for a local, or ticket availability for flights.

A collection of related Web pages that you can access electronically is called a Web site. A Web site is like magazine, with a cover page called a home page that has graphics, titles, and text, which provide information about the site's purpose and content. A Web server is a computer that delivers requested Web pages to your computer. Multiple Web sites can be stored on the same Web server. For example, many Internet service providers grant their subscribers storage space on a Web server for their personal or company Web sites. Web serer software refers to the software that enables a computer to deliver Web pages written in HTML to client computers on a network that request this service by sending an HTTP request. The two leading brands of Web server software are Apache and Microsoft’s Internet Information Services. A Web client can be any device—including a computer, cell phone, handheld PDA, refrigerator, stove, home lighting system or automobile instrument panel—capable of sending and receiving information from Web servers. Web browsers are software programs whose primary purpose is to display Web pages. Browsers also have added features, such as e-mail and newsgroups. The leading Web browsers are Internet Explorer and Firefox.

Hypertext is a way of formatting pages with embedded links that connect documents to one another, and that also link pages to other objects such as sound, video, or animation files. HyperText Markup Language (HTML) is a Web page formatting language. HTML provides Web page designers with a fixed set of markup “tags” that are used to format a Web page. When these tags are inserted into a Web page, they are read by the browser and interpreted into a page display. HTML defines the structure and style of a document, including the headings, graphic positioning, tables, and text formatting. HTML Web pages can be created with any text editor such as Notepad or any one of several Web page development tools such as FrontPage or Dreamweaver. eXtensible Markup Lanugage (XML) is a markup language specification developed by the W3C that is similar to HTML, but has a very different purpose. Whereas the purpose of HTML is to control the “look and feel” and display of data on the Web page, XML is designed to describe data and information. XML is “extensible,” which means the tags used to describe and display data are defined by the user, whereas in HTML the tags are limited and predefined. XML can also transform information into new formats, such as by importing information from a database and displaying it as a table. With XML, information can be analyzed and displayed selectively. This means that a firm can describe all of its invoices, accounts payable, payroll records, and financial information using a Web-compatible markup language.

8.2.2   Browsing the Web

To browse the Web, you need a computer that is connected to the Internet and has a Web browser. With an Internet connection established, you start a Web browser. The browser retrieves and displays a starting Web page, sometimes called the browser’s home page. The initial home page that is displayed is one selected by your Web browser. You can change your browser’s home page at anytime.

The more common usage of the term home page refers to the first page that a Web site displays. Often the home page provides connections to other documents, Web pages, or Web sites. Many Web sites allow you to personalize the home page so that it contains areas of interest to you.

Internet-enabled mobile devices such as smart phones and PDAs use a special type of browser, called microbrowser, which is designed for their small screens and limited computing power. Many Web sites design Web pages specifically for display on a microbrowser. For a computer or mobile device to display a Web page, the page must be downloaded. Downloading is the process of a computer receiving information, such as a Web page, from a server on the Internet. Depending on the speed of your Internet connection and the amount of graphics involved, a Web page download can take from a few seconds to several minutes.

Each Web page on a Web site has a unique address, called a Uniform Resource Locator (URL) or Web address. For example, the home page for the United States Postal Service site has http://www.usps.com as its Web address. A Web browser retrieves a Web page using its Web address. If you know the Web address of a Web page, you can type it in the Address bar at the top of the browser window. As shown in Figure 8-14, a URL consists of a protocol, a domain name, and the path to a specific document file. Most Web page URLs begin with http://. The http stands for hypertext transfer protocol, the communications protocol used to transfer pages on the Web. HTTP is the first set of letters at the start of every Web address, followed by the domain name. The domain name specifies the organization’s server computer that is housing the document. The directory path and document name are two more pieces of information within the Web address that help the browser track down the requested page. When you enter http://www.usps.com/household/ stampcollecting/welcome.htm in the Web browser, it sends a request to the Web server that contains the usps.com Web site. The server then retrieves the Web page named welcome.htm that is located in the household/stampcollecting path and delivers it to your browser, which then displays the Web page on the screen.

Figure 8-14 A Web page at the United States Postal Service Web site is displayed

Most Web pages contain hyperlinks, which allow you to obtain information in a nonlinear way. That is, instead of accessing topics in a specified order, you move directly to a topic of interest. Branching from one related topic to another in a nonlinear fashion is what makes links to powerful. Some people use the phrase, surfing the Web, to refer to the activity of using links to explore the Web. The Web page shown in Figure 8-15 contains a variety of links, with the pointer on one of the links. To activate a link, you click it, that is, point to the link and then press the left mouse button. Clicking a link causes the Web page or document associated with the link to be displayed on the screen. The linked object might be on the same Web page, a different Web page at the same Web site, or a separate Web page at a different Web site in another city or country.

Figure 8-15 This Web page has various types of links

8.2.3   Searching for Information on the Web

	Figure 8-16 Widely used search tools

The Web is a global resource of information. One primary use of the Web is to search for specific information. No one knows for sure how many Web pages there really are. Locating information you need on the Web is a critical function given the tens of millions of Web sites in existence. Since no single organization controls additions, deletions, and changes to Web sites, no comprehensive menu or catalogue of Web site content and addresses exists. The first step in successful searching is to identify the main idea or concept in the topic about which you are seeking information. Determine any synonyms, alternate spellings, or variant word forms for the topic. Then, use a search tool to locate the information. The two most commonly used search tools are subject directories and search engines.

A search engine is a program that finds Web sites, Web pages, Internet files and other information related to a specific topic. A subject directory classifies Web pages in an organized set of categories, such as sports or shopping, and related subcategories. Some Web sites offer the functionality of both a search engine and a subject directory. Google and Yahoo!, for example, are widely used search engines that also provide a subject directory. Figure 8-16 lists the Web addresses of several popular general-purpose search engines and subject directories.

The surface Web is that part of the Web which search engines visit and record information about. For instance, Google currently searches about 50 billion Web pages and stores information about those pages in its massive computer network located throughout the United States. But there is also a “deep Web” that contains an estimated 900 billion additional Web pages, many of them proprietary or behind corporate firewalls. Search engines solve the problem of finding useful information on the Web nearly instantly. There are hundreds of different search engines in the world, but the vast majority of the search results are supplied by the top five providers including Google, Yahoo, MSN/Windows Live Search, AOL Search and Ask.com.

A search engine is particularly helpful in locating Web pages about certain topics or in locating specific Web pages, images, videos, news, and other information for which you do not know the exact Web address. Thousands of search engines are available. Some search through Web pages for all types of information. Others search engines can restrict their searches to a specific type of information.

Figure 8-17 How to use a search engine

	Figure 8-18 Use search engine operators to help refine a search

Search engines require that you enter a word or phrase, called search text or keywords, that describe the item you want to find. A search engine looks for Web pages containing one or more of the keywords entered by you, and then displays matches. A hit is any Web page name that lists as the result of search. Search engines often respond with results that include thousands of hits, whose content varies depending on the type of information you are seeking. Figure 8-17 shows how to use the Google search engine to search for the text, Michigan golf courses. The results of the search include more than two million links to Web pages that reference Michigan golf courses. Most search engine sequence the hits based on how close the words in the keywords are to one another in the Web page titles and their descriptions. Thus, the first few links probably contain more relevant information. You can eliminate the superfluous hits by carefully crafting a keyword that limits the search. Figure 8-18 lists some common operators you can include in your search text to refine your search. Other techniques you can use to improve your Web searches include the following:

• Use specific nouns and put the most important terms first in the search text.

• List all possible spellings, for example, email, e-mail.

• Before using a search engine, read its Help information.

• If the search is unsuccessful with one search engine, try another.

The first search engines employed simple keyword indexes of all the Web pages visited. They would count the number of times a word appeared on the Web page, and store this information in an index. These search engines could be easily fooled by Web designers who simply repeated words on their home pages. In 1994, two computer science students at Stanford University, David Filo and Jerry Lang, created a hand-selected list of their favorite Web pages and called it “Yet Another Hierarchical Officious Oracle” or Yahoo!. Yahoo has since developed “true” search engine capabilities.

In 1998 Larry Page and Sergey Brin, two Stanford computer science students, released their first version of Google. The Google search engine is continuously crawling the Web, indexing the content of each page, calculating its popularity, and caching the pages so that it can respond quickly to your request to see a page. The entire process takes about one-half of a second. Figure 8-19 illustrates how Google works. 

Figure 8-19 How Google works

Search engine Web sites have became so popular and easy to use that they also serve as major portals for the Internet. The search marketplace has become very competitive despite the dominance of Google. Both Microsoft and Yahoo have invested over a billion dollars each to match Google’s search engine.

Initially, few understood how to make money out of search engines. That changed in 2000 when Goto.com allowed advertisers to bid for placement on their search engine results, and Google followed the suit in 2003. The spectacular increase in Internet advertising revenues has helped search engines transform themselves into an entire new industry called “search engine marketing.” When users enter a search term at any of the major search engines, they receive two types of listings: sponsored links, for which advertisers have paid to be listed, and unsponsored “organic” search results. Search engines are now extending their services to include maps, satellite images, computer images, e-mail, group calendars, group meeting tools, and indexes of scholarly papers.

Many search engines use a program called a spider to build and maintain lists of words found on Web sites. When you enter keywords, the search engine scans this pre-built list for hits. The more sophisticated the search engine combined with precise search criteria, the more rapid the response and effective the search. Search engines actually do not search the entire Internet; such a search would take an extremely long time. Instead, they search an index of Internet sites and Web pages that constantly is updated by the company that provides the search engine. The Web is a big place. Any search engine indexes only small percentage of the Web pages. When searching the Web, you may wish to try more than one search engine to expand the total number of potential Web sites of interest.

Figure 8-20 Search information at Yahoo!’s subject directory

A subject directory provides categorized lists of links arranged by subject. Figure 8-20 gives an example of subject directory. You locate a particular topic by clicking links through different levels, moving from the general to the specific. Each time you click a category link, the subject directory displays a list of subcategory links, from which you again choose. You continue in this fashion until the search tool displays a list of Web pages about the desired topic. The major problem with a subject directory is deciding which categories to choose as you work through the menus of links presented.

	Figure 8-21 The weather map and news headlines are pushed onto this desktop.

Instead of spending hours scouring the Web, you can have the information in which you are interested delivered automatically to your computer or mobile device through "push" technology. The "push" technology refers to software that automatically sends information from the Internet to a user's personal computer or mobile device. "Push" comes from server push, a term used to describe the streaming of Web page contents from a Web server to a Web browser. From the sender's point of view, this "push" process is akin to TV broadcasting, so "push" technology is also called Webcasting. When you register for a push delivery service, you download client software on your computer. You can choose to have the entire site or just a portion of it pushed to your computer. You can customize to your information needs. You also can specify how often you want this information updated. You can choose to view the information immediately or access it later (Figure 8-21). "Push" technology saves you time by delivering information to you at regular intervals or whenever the site is updated, without your having to request it. Another advantage of Webcasting is that the Web servers pushes Web content to your computer, you can view it whether you are online or offline. Offline means you are not connected to the Internet.

8.2.4   Web Publishing

Before the World Wide Web, the means to share opinions and ideas with others easily and inexpensively was limited to the media, classroom, work, or social environments. Generating an advertisement or publication that could reach a massive audience required much expense. Today, businesses and individuals can convey information to millions of people by creating their own Web pages. The content of the Web pages ranges from new stories to product information to blogs.

Type of Web Sites

There are twelve types of Web pages: portal, news, informational, business/marketing, educational, entertainment, advocacy, blog, wiki, online social network, content aggregator, and personal. Many Web pages fall into more than one of these categories. 

Portal: A portal is a Web site that offers a variety of Internet services from a single, convenient location. Most portals offer the following free services: search engine; e-mail; instant messaging and chat rooms; news; free personal Web pages; shopping malls and auctions; stock quotes, reference tools such as yellow pages and maps. Many portals have online communities which is a Web site that joins a specific group of people with similar interests or relationships. Popular portals include Yahoo!, MSN, AOL, Lycos, Excite, HotBot, AltaVista, HotBot, GO.com, iGoogle, LiikSmart,  Netscape, and many others. A wireless portal is a portal designed for Internet-enabled mobile devices. Wireless portals attempt to provide all information a wireless user might require. These portals offer services geared to the mobile user such as search engines, news, stock quotes, weather, maps, email, calendar, instant messaging, and shopping.

News: A news Web page contains newsworthy material including stories, articles and videos relating to current events, life, money, sports, and weather. Many newspapers, magazines, television, and radio stations sponsor Web sites that provide summaries of printed articles, as well as articles not included in the printed versions. Newspaper and television and radio stations are some of the media that maintain news Web site.

Informational:  An information Web page contains factual information. Many U.S. government agencies and non-profit organizations have informational Web pages providing information such as census data, tax code and forms, government documents, public transportation schedules, government budget, and research reports.

Business/Marketing: A business/marketing Web page contains content that promotes or sells products or services. Today, nearly every business has a business/marketing Web page. Many of these companies also allow you to purchase their products and services online.

Educational: An educational Web site offers exciting, challenging avenues for formal and information teaching and learning. On the Web, you can learn how airplanes fly or how to cook a meal. For a more structured learning experience, companies provide online training to employees; and universities offer online classes and degrees. Instructors often use the Web to enhance classroom teaching by publishing course materials, grades, and other pertinent class information.

Entertainment: An entertainment Web site offers an interactive and engaging environment. Popular entertainment Web sites offer music, videos, sports, games, ongoing Web episodes, sweepstakes, chats, and more. Sophisticated entertainment Web sites often partner with other technologies. For example, you can cast your vote about a topic on a television show.

Advocacy: An advocacy Web page contains content that describes a cause, opinion, or idea. The purpose of an advocacy Web page is to convince the reader of the validity of the cause, opinion, or idea. These Web pages usually present views of a particular group or association, such as the Democratic Party, the Republican Party, the Society to Protect Human Rights, and the Royal Society for the Prevention of Cruelty to Animals.

Blog: A blog, short for Weblog, is an Web site consisting of time-stamped articles, or posts, in a diary or journal format, usually listed in reverse chronological order. A blog that contains video clips is called a video blog, or vlog. The term blogosphere refers to the worldwide collection of blogs, and the vlogosphere refers to all vlogs worldwide.  Blogs reflect the interests, opinions, and personalities of the author, called the blogger or vlogger, and sometimes site visitors. Blogs have become an important means of worldwide communications. Businesses create blogs to communicate with employees, customers, and vendors. Home users create blogs to share aspects of their personal life with family, friends, and others. Blogs have an informal style that consists of s single individual's ideas (similar to a diary) or a collection of ideas and thoughts among visitors.

Wiki: A wiki is a collaborative Web site that allows users to create, add to, modify, or delete the Web site content via their Web browser. Most wikis are open to modification by the general public. Wikis usually collect recent edits on a Web page so that someone can review them for accuracy. The difference between a wiki and a blog is that users cannot modify original posts made by the blogger. A popular wiki is Wikipedia, a free Web encyclopedia.

Online Social Network: An online social network, also called a social networking Web site, is a Web site that encourages members in its online community to share their interests, ideas, stories, photos, music, and videos with other registered users. Most include chat rooms, newsgroups, and other communications services. Popular social networking Web sites include Facebook and MySpace, which alone has more than 28 million visitors each day. In some social networking Web sites, such as Second Life, users assume an imaginary identity and interact with other users in a role-playing type of environment. A media sharing Web site is a specific type of online social network that enables members to share media such as photos, music, and videos. Flickr, Fotki, and Webshots are popular photo sharing communities; Eyespot, Google Video, and YouTube are popular video sharing communities.

	Figure 8-22 Guidelines for evaluating the value of a Web site

Content Aggregator: A content aggregator is a business that gathers and organizes Web content and then distributes, or feeds, the content to subscribers for free or a fee. Examples of distributed content include news, music, video, and pictures. Subscribers select content in which they are interested. Whenever the selected content changes, it is downloaded automatically (pushed) to the subscriber's computer or mobile device. RSS 2.0, which stands for Really Simple Syndication, is a specification that content aggregators use to distribute content to subscribers.  Atom is another specification sometimes used by content aggregators to distribute content.

Personal: A personal Web page is maintains by a private individual who normally is not associated with any organization. People publish their personal Web pages for a variety of reasons, for instance, hunting job or sharing life experiences with the world.

Do not assume that information presented on the Web is correct or accurate. Any person, company, or organization can publish a Web page on the Internet. No one oversees the content of these Web pages. Figure 2-22 lists guidelines for assessing the value of a Web site or Web page before relying on its content.

Multimedia on the Web

	Figure 8-23 When you visit multimedia Web site, you can enjoy text, colorful image, audio, video and animation presentations.

Most Web pages include more than just formatted text and links. In fact, the more exciting Web pages use multimedia. Multimedia is the capability that enables the integration of computer-based text, high-resolution still graphics, animation, video, audio, and/or virtual reality. Multimedia brings a Web page to life, increases the types of information available on the Web, expands the Web's potential uses, and makes the Internet a more entertaining place to explore (Figure 8-23). Multimedia Web pages often require specific hardware and software and take more time to download because they contain large graphics files and video or audio clips. With multimedia, the combined use of text, sound, graphics, motion video, animation, and virtual reality transforms the Web into an exciting place for learning, work, and play. The following pages discuss how the Web uses graphics, animation, audio, video, and virtual reality.

Figure 8-24 This Web page uses colorful graphical designs and images to convey its messages.

Graphics: A graphic is a digital representation of nontext information such as a drawing, chart, or photo. The introduction of graphical Web browsers allowed Web page developers to incorporate illustrations, logos, and other images into Web pages. Today, many Web pages use colorful graphical designs and images to convey messages (Figure 8-24). The Web contains countless images about a variety of subjects. You can download many of these images at no cost and use them for non-commercial purposes. Graphics files on the Web must be saved in a certain format (Figure 8-25). You can look on your computer at a file’s extension to determine the type of file. The two more common file formats for graphical images on the Web are JPEG and GIF. A JPEG (Joint Photographic Experts Group) is a format that compresses graphics to reduce their file size, which means the file takes up less storage space. Smaller file sizes result in faster downloading of Web pages because small files transmit faster than large files. The more compressed the file, the smaller the image and the lower the quality. When you create a JPEG image, you can specify the image quality to reach a balance between image quality and file size. The JPEG format often is used for scanned photographs, artwork, and other images that include smooth color variations.

	Figure 8-25 Graphics formats used on the Web

A GIF (Graphics Interchange Format) file also is saved using compression techniques to reduce its file size for downloading. The GIF format works best for images with only a few distinct colors, such as line drawing, single-color borders, and simple cartoons. The newer PNG graphics format improves upon the GIF format, and thus may eventually replace the GIF format. The BMP and TIFF formats may require special viewer software, and they have larger file sizes. Thus, these formats are not used on the Web as frequently as JPEG, GIF, and PNG formats. Some Web sites use thumbnails on their pages to reduce downloading time. A thumbnail is a small version of a larger graphical image you usually can click to display the full-sized image (Figure 8-26).

Figure 8-26 Clicking the thumbnail in the top screen displays a larger image in a separate window.

Animation: Many Web pages use animation which is the appearance of motion that is created by displaying a series of still images in rapid sequence. Animation can make Web pages more visually interesting or draw attention to important information or links. Animation often is used in Web-based games; some animations even contain links to a different page. Web page developers add animation to Web pages using a variety of techniques. Web page authoring programs, such as Adobe Flash, enable Web site developers to combine animation and interactivity in Web pages. Developers unfamiliar with Web page authoring programs can use computer animation and graphics software to create an animated GIF which combines several GIF images into a single GIF file. You also can create applets or ActiveX controls that include animation, or you simply can download many already-developed animations from the Web.

Audio: On the Web, you can listen to audio clips and live audio. Audio includes music, speech, or any other sound. Simple Web audio applications consist of individual sound files that must be downloaded completely before they can be played. As with graphics files, these sound files must be saved in a certain format. Figure 8-27 lists some common Web audio file formats. For example, the MP3 is a popular technology that compresses audio, which reduces an audio file to about one-tenth of its original file size while preserving much of the original quality of the sound. Some music publishers have Web sites that allow users to download sample tracks free to persuade them to buy the entire CD. Other Web sties allow a user to purchase and download an entire CD.

Figure 8-27 Popular Web audio file formats

To listen to an audio file on your computer, you need special software called a player. Most current operating systems contain a player. Popular players include iTunes, RealPlayer, and Windows Media Player. If your player will not play a particular audio format, you can download the necessary player free from the Web. Many Web audio applications use streaming audio. Streaming is the process of transferring data in a continuous and even flow, which allow you to access and use a file before it has been transmitted completely. Streaming audio enables you to listen to the sound as it downloads to your computer. Many radio and television stations use streaming audio to broadcast music, interviews, talk shows, sporting events, music videos, news, live concerts, and other segments. 

Podcasting is another popular method of distributing audio. A podcast is recorded audio, usually an MP3 file, stored on a Web site that can be downloaded to a computer or a portable media player such as an iPod. Podcasters register their podcasts with content aggregators. Subscribers select podcast feeds they want to be downloaded automatically whenever they connect. Some Web sites, such as podcast.net, specialize in podcast distribution. Others, such as National Public Radio, have incorporated a podcast component in their existing Web sites. 

Video: On the Web, you can view video clips or watch live video. Video consists of full-motion images that are played back at various speeds. Most video also has accompanying audio. You can use the Internet to watch live and/or prerecorded coverage of your favorite television programs or enjoy a live performance of your favorite vocalist. You can upload, share, or view video clips at a video sharing Web site such as YouTube. Educators, politicians, and businesses are using video blogs and video podcasts to engage students, voters, and consumers.

Simple Web video application consists of individual video files, such as movie or television clips, that must be downloaded completely before they can be played on your computer. Because video files often are large and can take a long time to download, these video clips usually are quit short. The Moving Pictures Experts Group (MPEG) defines a popular video compression standard, a widely used one called MPEG-4, or MP4.

	Figure 8-28 Streaming videos at CNN Web site

With streaming video, you can view longer or live video images as they are downloaded to your computer (Figure 8-28). Widely used standards for transmitting streaming video data on the Internet are AVI (Audio Video Interleaved), QuickTime, Windows Media Format, and RealVideo. Streaming video also allows you to conduct Internet videoconferences. As you are filmed by a video camera, videoconferencing software and your computer's video capture card digitize and compress the images and sounds. This compressed data is divided into packets and sent over the Internet. Equipment and software at the receiving end assemble the packets, decompress the data, and present the image and sound as video.

Another use of video on the Web is for a Web cam. A Web cam is a video camera whose output displays on a Web page. A Web cam could be used to show a work in progress, weather and traffic information, or employees at work. A Web cam attracts Web site visitors by showing images that change regularly.

	Figure 8-29 Science educators can create VR models of molecules, organisms, and other structures for learners to examine.

Virtual Reality: Virtual reality (VR) is the simulation of a real or imagined environment that appears as a three-dimensional (3-D) space. On the Web, VR involves the display of 3-D images that you can explore and manipulate interactively. Using special VR software, a Web developer creates an entire 3-D environment that contains infinite space and depth, called a VR world. A VR world, for example, might show a room with furniture. Users walk through such a VR room by moving an input device forward, backward, or to the side. Games and simulations on the Web often use VR. Many practical applications of VR also exist. Science educators create VR models of molecules, organisms, and other structures for students to examine (Figure 8-29). Companies use VR to showcase products or create advertisements. 

Most browsers have the capability of displaying basic multimedia elements on a Web page. Sometimes, however, your browser might need an additional program, called plug-in, which extends the capability of the browser. Some plug-ins run on all sizes of personal computers and mobile devices. Others have special versions for mobile devices. Plug-ins can be downloaded, or copied, at no charge from many sites on the Web (Figure 8-30).

Figure 8-30 Most plug-ins can be downloaded free from the Web

Web Publishing

Web publishing is the development and maintenance of Web pages. A Webmaster is a job title for the individuals responsible for developing Web pages and maintaining a Web site. Creating a Web site, called Web page authoring, involves working on the computer to compose the Web site. You don't have to be a computer programmer to develop a Web page. For the small business or home user, Web publishing is fairly easy as long as you have the proper tools:

• To incorporate pictures in your Web pages, you could use a digital camera to take digital photographs or a scanner to convert your existing photographs and other graphics into digital format. You also can download from the Web or purchase CD-ROM with clip art.

• With a sound card, you can add sounds to your Web page. A microphone allows you to include your voice in a Web page.

• To incorporate videos, you could use a video capture card and a video camera.

• If you are comfortable suing HTML tags, you can create an HTML document using any text editor. You must save the HTML document as an ASCII file with an .html or .htm extension.

• You also can use Web page authoring software such as Microsoft FrontPage or Adobe Plash. Web page authoring software hides the complexity of HTML instructions used to format a Web page and allows you focus on Web page design and style. Many Web page authoring products provide templates and wizards, along with collections of design elements such as bullets, backgrounds, patterns, fonts, and graphics, to assist you with Web page development.

The five major steps to Web publishing are (1) plan a Web site, (2) analyze and design a Web site, (3) create a Web site, (4) deploy a Web site, and (5) maintain a Web site. After your Web pages are created, you store them on a Web server. Many ISPs and online services provide their customers with a Web address and 10 to 100 MB of storage on a Web server without an additional charge. To help other locate your Web site, you should register it with various search engines. Doing so ensures that your site appear in the results returned for searches on keywords related to your site. Many search engines allow you to register your URL and keywords without cost. However, registering your site with the various search engines can be an extremely time-consuming task. Instead, you can use a submission service, which is a Web-based business that usually offers registration of your site with several search engines or a registration package in which you pay to register with hundreds of search engines (Figure 8-31).

Figure 8-31 Through a submission service Web site, you can register your site with several search engines

8.3   Electronic Business

In 1991, the Commercial Internet Exchange Association was established to allow businesses to fully connect to the Internet. This was the real beginning of the commercial use of the Internet. Since then the Internet and World Wide Web are revolutionizing conventional business models and in some cases producing new ones. In 2008, over 120 million American consumers spent about $285 billion purchasing online retail products and services on the Internet. This type of commerce, called electronic commerce (e-commerce), has experienced growth rates of well over 100% a year, although the rate has slowed and is now growing at about 25% a year. By 2010, analysts estimate that consumers will be spending over $400 billion and businesses about $6 trillion in online transactions.

One of the biggest benefits of the Internet is its ability to allow organizations to perform business with anyone, anywhere, anytime. In the past few years, e-business seems to have permeated every aspect of daily life. Both individuals and organizations have embraced Internet technologies to enhance productivity, maximize convenience, and improve communications globally. From banking to shopping to entertainment, the Internet has become integral to daily life. E-commerce is the buying and selling of goods and services over the Internet. E-commerce refers only to online transactions. E-business is the conducting of business on the Internet, not only buying and selling, but also serving customers and collaborating with business partners. Organizations realize that putting up simple Web sites for customers, employees, and partners does not create an e-business.

	Figure 8-32 E-business models

An e-business model is an approach to conducting electronic business on the Internet. E-business transactions take place between two major entities—businesses and consumers. Figure 8-32 illustrates all the e-business models: business-to-business (B2B), business-to-consumer (B2C), consumer-to-consumer (C2C), and consumer-to-business (C2B).

Business-to-business (B2B) applies to businesses buying from and selling to each other over the Internet. Online access to data, including expected shipping date, delivery date, and shipping status, provided either by the seller or a third-party providers is widely supported by B2B models. E-marketplaces are interactive business communities providing a central market where multiple buyers and sellers can engage in e-business activities. They present structures for conducting commercial exchange, consolidating supply chain, and creating and automating the relationship between buyers and sellers.

Business-to-consumer (B2C) applies to any business that sells its products or services to consumers over the Internet. Common B2C e-business models include e-shops and e-malls. An e-shop or e-store is a version of a retail store where customers can shop at any hour of the day without leaving their home or office. These online stores sell and support a variety of products and services. The online businesses channeling their goods and services via the Internet only, such as Amazon.com, are called pure plays. The others are an extension of traditional retail outlets that sell online as well as through a traditional physical store, such as the Gap and Best Buy.  An e-mall consists of a number of e-shops; it serves as a gateway through which a visitor can access other e-shops. An e-mall may be generalized or specialized depending on the products offered by the e-shops it hosts.

Consumer-to-consumer (C2C) applies to sites primarily offering goods and services to assist consumers interacting with each other over the Internet. eBay, the Internet’s most successful C2C online auction Web site, links like-minded buyers and sellers for a small commission. C2C business models are consumer-driven and opportunities are available to satisfy most consumers’ needs, ranging from finding a mortgage to job hunting. Consumer-to-business (C2B) applies to any consumer that sells a product or service to a business over the Internet.

Intermediaries are agents, software, or businesses that bring buyers and sellers together that provide a trading infrastructure to enhance e-business. They use the Internet to reassemble buyers, sellers, and other partners in a traditional supply chain in new ways. Examples include New Yor-based e-Steel Corp. and Philadelphia-based PetroChemNet Inc. bringing together producers, traders, distributors, and buyers of steel and chemicals, respectively, in Web-based marketplaces.

To be successful in e-business, an organization must master the art of electronic relationships. Traditional means of customer acquisition such as advertising, promotions, and public relations are just as important with a Web site. E-business provides an easy way to penetrate a new geographic territory and extend global reach. Large, small, or specialized businesses can use their online sales sites to sell on a worldwide basis with little extra cost. E-business also enables customers to help themselves by combining the communications capability of a traditional customer response system with the content richness only the Web can provide—all available and operating 24´7.

Figure 8-33 lists eight unique features of e-commerce technology that both challenge traditional business thinking and explain why we have so much interest in e-commerce. These unique dimensions of e-commerce technologies suggest many new possibilities for marketing and selling—a powerful set of interactive, personalized, and rich messages are available for delivery to segmented, targeted audiences. E-commerce technologies make it possible for companies to know much more about consumers and to be able to use this information more effectively than was ever true in the past. They can use this new information to develop new information asymmetries, enhance their ability to brand products, charge premium prices for high-quality service, and segment the market into an endless number of subgroups, each receiving a different price. To complicate matters further, these same technologies make it possible for companies to know more about other companies than was ever true in the past. This presents the possibility that companies might collude on prices rather than compete and drive overall average prices up.

Figure 8-33 Eight unique features of e-commerce technology

Before you build your e-commerce web site for your company, there are some questions you will need answered. How many Web servers will your site require? How many CPUs should each server have? How powerful does the site’s database server need to be? What kind of connection speed do you need to the Internet? Until recently, finding the answer to questions such as these was often done on a trial-and-error basis. However, hardware and software vendors such as IBM, Microsoft, and Hewlett-Packard have developed a number of simulation tools that can help you find the right answers.

	Figure 8-34 Pieces of the e-commerce site-building puzzle

Building a successful e-commerce site requires a keen understanding of business, technology, and social issues, as well as a systematic approach. E-commerce is just too important to be left totally to technologists and programmers. The two most important management challenges in building a successful e-commerce site are (1) developing a clear understanding of your business objectives and (2) knowing how to choose the right technology to achieve those objectives. The first challenge requires you to build a plan for developing your firm’s site. The second challenge requires you to understand the basic elements of e-commerce infrastructure. Without a plan and a knowledge base, you will not be able to make sound management decisions about e-commerce within your firm. Let the business drive the technology. Figure 8-34 shows the main areas where you will need to make decisions on e-commerce development.

To set up an e-business even a decade ago would have required an individual organization to assume the burden of developing the entire network infrastructure. Today, industry-leading companies have developed Internet-based products and services to handle many aspects of customer and supplier interactions. Today, customers expect seamless retailing just as they expect stores that are clean and well stocked. For this reason, retailers are working furiously to integrate their e-business sites with their inventory and point-of-sale (POS) systems so that they can accept in-store returns of merchandise bought online and allow customers to buy on the Web and pick up in the store. To take on the challenge of a-business integration, an organization needs a secure and reliable IT infrastructure for mission-critical systems. E-business network contains the following characteristics:

• Provide for the transparent exchange of information with suppliers, trading partners, and customers.

• Reliably and securely exchange information internally and externally via the Internet or other networks.

• Allow end-to-end integration and provide message delivery across multiple systems, in particular, databases, clients, and servers.

• Respond to high demands with scalable processing power and networking capacity.

• Serve as the integrator and transaction framework for both digital businesses and traditional brick-and-mortar businesses that want to leverage the Internet for any type of business.

Web application servers are software programs that provide the specific business functionality required of a e-commerce Web site. The basic idea of application servers is to isolate the business applications from the details of displaying Web page to users on the front end and the details of connecting to databases on the back end. Application servers are a kind of middleware software that provides the glue connecting traditional corporate systems to the customer as well as all the functionality needed to conduct e-commerce. There are several thousand software vendors that provide application server software. For Linux and Unix environments, many of these capabilities are available free on the Internet from various sites. Most businesses—faced with this bewildering array of choices—choose to use integrated tools called merchant server software.

E-commerce merchant server software provides the basic functionality needed for online sales, including an online catalog, order taking via an online shopping cart, and online credit card processing. Online catalog is a database capability that will allow a business to construct a customized online catalog, which provides list of products available on a Web site. The complexity and sophistication of the catalog will vary depending on the size of the company and its product lines. Online shopping carts are much like their real-world equivalent. It allows consumers to select merchandise, review what they have selected, edit their selections as necessary, and then actually make the purchase by clicking a button. The merchant server software automatically stores shopping cart data. A shopping cart typically works in conjunction with credit card processing software, which verifies the shopper’s credit card and then puts through the debit to the card and the credit to the company’s account at checkout. A merchant server software suite offer an integrated environment that promises to provide most or all of the functionality and capabilities you will need to develop a sophisticated, customer-centric site.

Choosing an e-commerce suite is one of the most important and uncertain decisions you will make in building an e-commerce site. The following are some key factors to consider:

• Functionality

• Support for different business models

• Business process modeling tools

• Visual site management tools and reporting

• Performance and scalability

• Connectivity to existing business systems

• Compliance with standards

• Global and multicultural capability

• Local sales tax and shipping rules

Many e-commerce Web sites use intelligent agents in their systems. An intelligent agent (also known as a software robot or bot for short) is a software program that gathers and/or filters information on a specific topic, and then provides a list of results for the user ranked in a number of ways, such as lowest prices. Intelligent agents were originally invented by computer scientists interested in the artificial intelligence. However, with the advent of e-commerce on the Web, interest quickly turned to exploiting intelligent agent technology for commercial purposes. Today, there are many different types of bots used in e-commerce on the Web, and more are being developed every day. The Search bots (also called Web crawlers or spiders) are automated programs that search the Web for a variety of reasons. The shopping bot is the program that searches online retail sites all over the Web and then report back on the availability and pricing of a range of products. For example, Orbitz provides bots that find the lowest prices for airfares, hotels, and rental cars. A Web monitoring bot allows you to monitor for updated materials on the Web, and will e-mail you when a selected site has new or changed information. News bots will create custom newspapers or clip articles for you in newspapers around the world. Chatterbots (sometime called “virtual reps”) are commercial-quality intelligent agents (computer programs) that could converse with a customer over the telephone or the Web either in text or voice modes. No one knows for sure, but millions of transactions in the United States and Europe are handled by chatterbots every day.

8.4   Internet Issues

8.4.1   Understanding Ethical, Social and Political Issues in the Internet

While it is a vast and exciting resource, the Internet also is a public place, and as with all other public places, you should use common sense while there. Internet technology and its use in e-commerce disrupt existing social and business relationships and understandings. Suddenly, individuals, business firms, and political institutions are confronted by new possibilities of behavior for which understandings, laws, and rules of acceptable behavior have not yet been developed. Many business firms and individuals are benefiting from the commercial development of the Internet, but this development also exacts a price from individuals, organizations, and societies. These costs and benefits must be carefully considered by those seeking to make ethical and socially responsible decisions in this new environment, particularly where there are as yet no clear-cut legal or cultural guidelines.

The Internet and its use in e-commerce have raised pervasive ethical, social, and political issues on a scale unprecedented for computer technology. The underlying features of Internet technology and the ways in which it has been exploited by business firms disrupt existing social and business relationships and understandings. No organized civilized society has ever accepted the proposition that technology can flaunt basic underlying social and cultural values. Through all of the industrial and technological developments that have taken place, societies have intervened by means of legal and political decisions to ensure that the technology serves socially acceptable ends of without stifling the positive consequences of innovation and wealth creation. The Internet is no different, and we can expect societies around the world to exercise more regulatory control over the Internet and e-commerce in an effort to arrive at a new balance between innovation and wealth creation, on the one hand, and other socially desirable objectives on the other. Governments everywhere claim to pursue public safety, health, and welfare. In the United States, critical issues in e-commerce center around the protection of children, strong sentiments against pornography in any public media, effort to control gambling, and the protection of public health through restricting sales of drugs and cigarettes. Figure 8-35 list some actual or potential ethical, social and political consequences of the technology. The following sections discuss some of these issues.

Figure 8-35 Unique features of Internet and their potential ethical, social and political implications

8.4.2   Information Privacy

Privacy is the moral right of individuals to be left alone, free from surveillance or interference from other individuals or organizations, including the state. The right to information privacy includes both the claim that certain information should not be collected at all by governments or business firms, and the claim of individuals to control the use of whatever information that is collected about them. Individual control over personal information is at the core of the privacy concept. There are two kinds of threats to individual privacy posed by the Internet. One threat originates in the private sector and concerns how much personal information is collected by commercial Web sites and how it will be used. A second threat originates in the public sector and concerns how much personal information federal, state and local government authorities collect, and how they use it. In general, the Internet and Web provide an ideal environment for both business and government to invade the personal privacy of people on a scale unprecedented in history. Figure 8-36 lists some of the major ways online firms gather information about consumers.

Figure 8-36 Internet major information gathering tools and their impact on privacy

The Internet is currently a self-regulated medium, which means the Internet industry essentially governs itself. This enables the Internet to flourish without the constraints of legislation, but it also creates problems because there are no specific guidelines to follow. On the other hand, huge databases store data online. Much of data is personal and confidential and should be accessible only to authorized users. Many individuals and organizations, however, question whether this data really is private. That is, some companies and individuals collect and use this information without your authorization. Web sites often collect data about you, so they can customize advertisements and send you personalized email messages. Some employers monitor your computer usage and email messages. Figure 8-37 lists some measures you can take to make your personal data more private.

Figure 8-37 Techniques to keep personal data private

When you fill out a form such as a magazine subscription, product warranty registration card, or contest entry form, the merchant that receives the form usually enters it into a database. Likewise, every time you click an advertisement on the Web or register software online, your information and preferences enter a database. Merchants then sell the contents of their databases to national marketing forms and Internet advertising firms. The marketing and advertising firms pride themselves on being able to collect accurate, in depth information about people through the Internet. By combining this data with information from public sources such as driver's licenses and vehicle registrations, these firms create an electronic profile of individuals.  The information in these electronic profiles includes personal details such as your age, address, telephone number, spending habits, marital status, number of dependents, ages of dependents, and so on.

	Figure 8-38 Many companies today allow people to specify whether they want their personal information distributed

Direct marketing supporters say that using information in this way lowers overall selling costs, which lowers product prices. Critics content that the information in an electronic profile reveals more about an individual than anyone has a right to know. They claim that companies should inform people if they plan to provide personal information to others, and people should have the right to deny such use. Many companies today allow people to specify whether they want their personal information distributed (Figure 8-38).

The methods used by online advertisers, online communities and online businesses to keep track of their visitors’ behavior are called tracking devices. Online tracking identifies what activities and products are most popular among consumers. Several tracking devices are used online. The following pages discuss these tracking devices.

Cookies

E-commerce, Webcasting, and other Web applications often rely on cookies to identify users, customize Web pages, and track information about viewers, customers, and subscribers. A cookie is a small text file that a Web server stores on your computer that allows a site to track the actions of its visitors. The first time a user computer visits a Web site, the site sends a small text file (the cookie) to the user’s computer so that information from the site can be loaded more quickly on future visits. The cookie can contain any information desired by the Web site designers, including customer number, pages visited, products examined, and other detailed information about the behavior of the user at the site. This cookie is reactivated each time the computer revisits that site or an affiliate site. Figure 8-39 illustrates how Web sites work with cookies. Cookie files typically contain data about you, such as your user name, viewing preferences, the length of stay at the site, and purchases made on the site. Each time you visit the Web site, your browser retrieves the cookies from your hard disk and sends the data in the cookie to the Web site. Web sites use cookies for a variety of purpose:

• Web sites that allow for personalization often use cookies to track user preferences. On such sites, you may be asked to fill in a form requesting personal information, such as your name, postal code, or site preferences. A news Web site, for example, might allow users to customize their viewing preferences to display certain stock quotes. Your preferences are stored in cookies on your hard disk.

• Many Web sites use cookies to store users' passwords, so they do not need to enter it every time they log in to the Web site.

• Online shopping sites generally use session cookies to keep track of items in your shopping cart. This way, you can start an order during one Web session and finish it on another day in another session. Session cookies usually expire after a certain time, such as a week or a month.

• Some Web sites use cookies to track how regularly you visit a site and the Web pages you visit while at the site.

• Web sites may use cookie to target advertisements. Your interests and browsing habits are stored in the cookie.

Figure 8-39 How cookies work

Although the cookie resides on an individual’s hard drive, it does not interact with other information store on the system. A Web site can read data only from its own cookie file; that is, it cannot access or view any other data on your hard disk—including another cookie file. Some Web sites do, however, sell or trade information stored in your cookie to advertisers—a practice many believe to be unethical. Cookies can be beneficial to the consumer. They record passwords for returning visitors, keep track of shopping-cart materials and register preferences. Cookies also help businesses by allowing them to address their target market with greater accuracy. However, these advantages may be gained at the price of consumer privacy.

	Figure 8-40 You can change cookie settings through your browser

If you do not want your personal information being distributed, you should limit the amount of information you provide to a Web site. You can set your browser to accept cookie automatically, prompt you if you wish to accept a cookie, or disable cookie use altogether (Figure 8-40). Keep in mind if you disable cookies use, you will not be able to use many of the e-commerce Web sites. As an alternative, you can purchase a software program that selectively blocks cookies.

Spyware and Adware

Spyware is a program placed on a computer without the user's knowledge that secretly collects information about the user. Spyware can enter a computer as a virus or as a result of a user installing a new program. The spyware program communicates information it collects to some outside source while you are online.

Some vendors or employers use spyware to collect information about program usage or employees. Internet advertising firms often collect information about users' browsing habits by hiding spyware in adware. Adware is a program that displays an online advertisement in a banner or pop-up window on Web pages, email, or other Internet services.

Another type of spyware, called a Web bug, is hidden on Web pages or in email messages in the form of graphical images. Web businesses use Web bugs to monitor online habits of Web site visitors. Often, Web bugs link to a cookie stored on the hard disk (Cookies are not considered spyware because you know they exist). To remove spyware, you can obtain spyware and adware removers that can detect and delete spyware and adware. Some operating systems and Web browsers include spyware removers.

Legitimate businesses and illegitimate hackers use a variety of techniques to secretly install spyware on unsecured computers. Legal experts say that the use of spyware is in a legal gray area, and stronger laws are needed to regulate it.

Spam

Spam is an unsolicited email message or newsgroup posting sent to many recipients or newsgroups at once. Spam is Internet junk mail. The content of spam ranges from selling a product or service, to promoting a business opportunity, to advertising offensive material. One study indicates the average user receives more than 2,200 spam e-mail messages each year. Instead of via email, some spam is sent through an instant massaging system (thus called spim). Another type, called spit, is spam sent via VoIP.

Users can reduce the amount of spam they receive with a number of techniques. Some email programs have built-in settings that allow users to delete spam automatically. Users also can sign up for email filtering form their Internet service provider. Email filtering is a service that blocks email messages from designated sources. These services typically collect the spam in a central location that users can view at anytime. An alternative to email filtering is to purchase an anti-spam program that attempts to remove spam before it reaches your inbox. The disadvantage of email filters and anti-spam programs is that sometimes they remove valid email messages. Thus, users should review the contents of the spam messages periodically to ensure they do contain valid messages.

Phishing

Phishing is a scam in which a perpetrator sends an official looking email that attempts to obtain your personal and financial information. Some phishing email messages ask you to reply with your information; others direct you to a phony Web site, or a pop-up window that looks like a Web site, that collects the information. For example, an email message may appear to be a request from your credit card company to verity your Social Security number, bank account numbers, online banking password, or other private information. Instead, the information you submit ends up in the hands of the scammer, who then either uses the information to access your accounts and take money, or sell and trade the information with other criminals. Sadly, the result often is identity theft. The FTC recommends you visit the Web site directly to determine if the request is valid. Never click a link in a e-mail message; instead, retype the Web address in your browser.

A phishing filter is a program that warns or blocks you from potentially fraudulent or suspicious Web sites. Some Web browsers include phishing filters. To further help deter spam and phishing scams, Microsoft and others are developing standards that require email messages contain sender identification so recipients can verify the legitimacy of messages. If you have been trapped in a phishing scam, visit www.ftc.gov or call the FTC help line at this number 1-877-FTC-HELP.

Pharming is a scam, similar to phishing, where a perpetrator attempts to obtain your personal and financial information, except they do so via spoofing. That is, when you type a Web address in the Web browser, you are redirected to a phony Web site that looks legitimate. The phony Web site requests you enter confidential information.

Employee Monitoring

Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity, and Web sites visited. Many programs exist that easily allow employers to monitor employees. Further, it is legal for employers to use these programs.

A frequently debated issue is whether an employer has the right to read employee e-mail messages. Actual policies vary widely. Some companies declare that they will review e-mail messages regularly, and others state that e-mail messages are private. In some states, if a company does not have a formal e-mail policy, it can read e-mail messages without employee notification. One study discovered that more than 73 percent of companies search and/or read employee files, voice mail, e-mail messages, Web connections, and other networking communications. Several lawsuits have been filed against employers because many believe that such internal communications should be private.

Content Filtering

One of the more controversial issues that surround the Internet is its widespread availability of objectionable material, such as racist literature, violence, and obscene pictures. Some believe that such materials should be banned. Others believe that the materials should be filtered, that is, restricted. Content filtering is the process of restricting access to certain material on the Web. Content filtering opponents argue that banning any materials violates constitutional guarantees of free speech and personal rights.

Many businesses use content filtering to limit employees’ Web access. These businesses argue that employees are unproductive when visiting inappropriate or objectionable Web sites. Some schools, libraries, and parents use content filtering to restrict access to minors.

	Figure 8-41 Many Internet security programs include content filtering capabilities, where users can block specified Web sites and applications.

One approach to content filtering is through a rating system of the Internet Content Rating Association (ICRA), which is similar to those used for movies and videos. Major Web sites such as AOL, Yahoo!, and MSN use the rating system established by the ICRA. If content at the Web site goes beyond the rating limits set in the Web browser software, a user cannot access the Web site. Concerned parents can set the rating limits and prevent these limits from being changed by using a password.

Another approach to content filtering is to use filtering software. Web filtering software is program that restricts access to specified Web sites. Some also filter sites that use specific words. Others allow you to filter e-mail messages, chat rooms, and programs. Many Internet security programs include a firewall, antivirus program, and filtering capabilities combined (Figure 8-41).

Privacy Laws

Privacy is one of the driving forces behind potential federal regulation. The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data (Figure 8-42). Some of these laws have the following common points:

• Information collected and stored about individuals should be limited to what is necessary to carry out the function of the business or government agency collecting the data.

• Once collected, provisions should be made to restrict access to the data to those employees within the organization who need access to it to perform their job duties.

• Personal information should be released outside the organization collecting the data only when the person has agreed to its disclosure.

• When information is collected about an individual, the individual should know what the data is being collected and have the opportunity to determine the accuracy of the data.

Figure 8-42 Summary of the major U.S. government laws concerning privacy

8.4.3   Intellectual Property: Copyright

Next to privacy, the most controversial issue related to e-commerce is the fate of intellectual property rights. Intellectual property encompasses all the tangible and intangible products of the human mind. As a general rule, the creator of intellectual property owns it. There are three main types of intellectual property protection: copyright, patent, and trademark law. But the Internet potentially changes things. Once intellectual works become digital, it becomes difficult to control access, use, distribution, and copying. The intellectual property rights are severely challenged. 

Intellectual property (IP) refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. Intellectual property rights are the rights to which creators are entitled for their work. Certain issues arise surrounding IP today because many of these works are available digitally.

Copyright, according to the U.S. Copyright Office, is the protection given to the author of an original piece, including “literary, dramatic, musical, artistic and certain other intellectual works,” whether the work has been published or not. Copyright protects only the expression or form of an idea and not the idea itself. In other words, a copyright protects any tangible form of expression.

A common infringement of copyright is piracy. People pirate (illegally copy) software, movies, and music. Many areas are not clear-cut with respect toe the law, because copyright low gives the public fair use to copyrighted material. The issues surround the phrase, fair use, which allows use for educational and critical purposes. This vague definition is subject to widespread interpretation and raises many questions:

• Should individuals be able to download contents of your Web site, modify it, and then put it on the Web again as their own?

• Should a faculty member have the right to print material from the Web and distribute it to all members of the class for teaching purposes only?

• Should someone be able to scan photos or pages from a book, publish them to the Web, and allow others to download them?

• Should someone be able to put the lyrics of a song on the Web?

• Should students be able to post term papers they have written on the Web, making it tempting for other students to download and submit them as their own work?

Because of the ease with which material can be reproduced on the Internet and because digital copies are perfect duplicates of the original, concerns have been raised regarding the level of protection offered through traditional law. The software industry and music industry are experiencing losses in sales due to online copyright infringement. The U.S. Congress has made several attempts to ensure that creators and resource providers could maintain the same protection for digitally transmitted material as is afforded for other material under traditional law. These issues with copyright law led to the development of digital rights management (DRM), a strategy designed to prevent illegal distribution of movies, music, and other digital content.

To some, however, the inability to share information freely appears to be in opposition to the founding principles of the Internet, and the ability to restrict competition would hinder the growth of e-commerce.

8.4.4   Internet Security

Internet Security Environment

Today, people rely on computers to create, store, and manage critical information. Thus, it is important that the computers and the data they store are accessible and available when needed. It also is crucial that users take measures to protect their computers and data form loss, damage, misuse. For example, businesses must ensure that information such as credit records, employee and customer data, and purchase information is secure. Home users must ensure that their credit card number is secure when they us it for online purchases.

A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Some breaches to computer security are accidental. Others are planned intrusions. Some intruders do no damage; Others intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.

An intentional breach of computer security often involves a deliberate act that is against the law. Any illegal act involving a computer generally is referred to as a computer crime. Computer crime is defined by the U.S. Department of Justice as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.” The term cybercrime refers to online or Internet-based illegal acts. Cybercrime is becoming a more significant problem for both organizations and consumers. Bot networks, DoS, DDoS attack, Trojans, phishing, data theft, identity theft, credit card fraud, and spyware are just some of the threats that are making daily headlines. Today, cybercrime is one of the FBI's top three priorities. No one knows the magnitude of the computer crime problem—how many systems are invaded, how many people engage in the practice, or the total economic damage. According to one study by the Computer Crime Research Center, U.S. companies lose approximately $14 billion annually to cybercrime. One source of cybercrime information is the Internet Crime Complaint Center (IC3), a partnership between the National White Collar Crime Center and the FBI. In 2006, the IC3 processed more than 200,000 Internet crime complaints and referred almost 90,000 of them to federal, state, and local law enforcement agencies. . The total dollar loss from all referred cases was over $200 million. Online credit card fraud and phishing attacks are perhaps the most high-profile from of e-commerce crimes.

Perpetrators of cybercrime and other intrusions fall into seven basic categories:

1. Hacker: Hacker refers to someone who accesses a computer or network illegally. Some hackers claim the intent of their security breaches is to improve security.

2. Cracker: Cracker accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. Both hackers and crackers have advanced computer and network skills.

3. Script Kiddie: A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often are teenagers that use prewritten hacking and cracking programs to break into computers.

4. Corporate Spies: They have excellent computer and network skills and are hired to break into a specific computer and steal its proprietary data and information. Unscrupulous companies hire corporate spies, a practice known as corporate espionage, to gain a competitive advantage.

5. Unethical Employees: They break into their employers computers for a variety of reasons. Some simply want to exploit a security weakness. Others seek financial gains from selling confidential information. Disgruntled employees may want revenge.

6. Cyberextortionist: A cyberextortionist is someone who uses email as a vehicle for extortion. These perpetrators send a company a threatening email message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the company's network -- if they are not paid a sum of money.

7. Cyberterrorist: A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons.  The extensive damage might destroy the nation's air traffic control system, electricity-generating companies, or a telecommunications infrastructure. Cyberterrorism usually requires a team of highly skilled individuals, millions of dollars, and several years of planning.

Internet and Network Attacks

Information transmitted over networks has a higher degree of security risk than information kept on a company’s premises. On a vast network such as the Internet with no central administrator, the risk is even greater. The Internet and Web are increasingly vulnerable to large-scale attacks and potentially large-scale failure. Increasingly, these attacks are led by organized gangs of criminals operating globally—an unintended consequence of globalization. For most law-abiding citizens, the Internet holds the promise of a huge, convenient, global marketplace, providing access to people, goods, services and businesses worldwide, at all a bargain price. For criminals, the Internet has created entirely new ways to steal from the more 2 billion consumers in the world on the Internet. The Internet was never designed to be a global marketplace with a billion users, and lacks many basic security features found in older networks such as the telephone system or broadcast television networks. Security is fundamental to e-commerce.

The explosion of e-commerce is forcing businesses and consumers to focus on Internet security. Modern computer security addresses the various problems and concerns of protecting electronic communications and maintaining network security. Companies and individuals requiring assistance or information about Internet security breaches can contact or visit the Web site for the Computer Emergency Response Team Coordination Center, which is a federally funded Internet security research and development center. To determine if your computer is vulnerable to an Internet or network attach, you could use an online security service. An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities. The service then provides recommendations of how to address the vulnerabilities.

In the following paragraphs, we describe a number of the most common and most damaging forms of security threats to e-commerce consumers and site operators: malicious code, unwanted programs, phishing and identity theft, hacking and cybervandalism, credit card fraud/theft, spoofing (pharming) and spam (junk) Web sites, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks, sniffing, insider attacks, and finally, poorly designed server and client software.

Malicious Code: Every unprotected computer is susceptible to the attack from malicious code. Malicious code (also called malware) includes a variety of threats such as viruses, worms, Trojan horses, and bots. A virus is a computer program that has the ability to replicate or make copies of itself, and spread to other files. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system. One of the latest innovations in virus distribution is to embed them in the online advertising chain, including at Google and other ad networks.

Instead of just spreading from file to file, a worm is designed to spread from computer to computer. It copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or entire network. A Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code such as bots to be introduced into a computer system. It hides within or looks like a legitimate program. A certain condition or action usually triggers the Trojan horse.

Bots are a type of malicious code that can be covertly installed on your computer when attached to the Internet. Once installed, the bot responds to external commands sent by the attacker, and your computer becomes a “zombie,” and is able to be controlled by an external third party. A Botnet is a group of compromised computers connected to a networks such as the Internet that are used for malicious activities such as sending spam, participating in a Distributed Denial of Service attack, stealing information from computers, and storing network traffic for later analysis.

Methods that guarantee a computer or network is safe from malicious code do not exist. Users can take several precautions, however, to protect their work and home computers from these malicious infections:

	Figure 8-43 Many application programs, such as Microsoft Word, allow users to set security levels for macros.

• Do not start a computer with removable media inserted in the drives or plugged in the ports. That is, CD and DVD drives should be empty; a USB port should not contain a USB flash drive, etc. During the startup process, a computer may attempt to execute the boot sector on media in certain drives and ports. Even if the attempt is unsuccessful, any virus on the boot sector of removable media can infect the computer’s hard disk. If you must start the computer with media in a drive or port, be certain the media are uninfected.

• Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.  A trusted source is a company or person you believe will not send a virus-infected file knowingly. If the e-mail message is from an unknown source or untrusted source, delete the e-mail message immediately—without opening any attachments. Many e-mail programs allow users to preview an e-mail message before or without opening it. Some viruses and worms can deliver their paypload when a user simply previews the message. Thus, you should turn off message preview in your e-mail program.

• Some viruses are hidden in macros, which are instructions saved in software such as a word processing or spreadsheet program. In programs that allow users to write macros, you should set the macro security level (Figure 8-43a) so that the application software warns users that a document they are attempting to open contains a macro (Figure 8-43b). From this warning, a user chooses to disable or enable the macro.

• User should install an antivirus program and update it frequently. Most antivirus programs also protect against worms, Trojan houses, and spyware. An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified. In addition, many antivirus programs automatically scan files downloaded form the Web, e-mail attachments, opened files, and all types of removable media inserted in the computer.  

• Check all downloaded programs for malicious codes. If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately.

• Before using any removable media, use the antivirus scan program to check the media for infection. Incorporate this procedure even for shrink-wrapped software from major developers.

• Install a personal firewall program.

• Stay informed about new virus alerts and virus hoaxes.

 One technique that antivirus programs use to identify a virus is to look for virus signatures. A virus signature, also called a virus definition, is a known specific pattern of virus codes. Computer uses should update their antivirus program’s signature files regularly. Updating signature files downloads any new virus definitions that have been added since the last update. Most antivirus programs contain an automatic update feature that regularly prompts users to download the virus signature, usually at least once a week.

Another technique that antivirus programs use to detect viruses is to inoculate existing program files. To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file. The antivirus program then uses this information to detect if a virus tempers with the data describing the inoculated program file.

If an antivirus program identifies an infected file, it attempts to remove its virus, worm, or Trojan horse. If the antivirus program cannot remove the infection, it often quarantines the infected file. A quarantine is a separate area of a hard disk that holds the infected file until the infection can be removed. This step ensures other files will not become infected. In extreme cases, you may need to reformat the hard disk to remove a virus. Having uninfected, or clean, backups of all files is important.

A virus hoax is an e-mail message that warns users of a nonexistent virus, worm, or Trojan horse. Often, these virus hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible.

Unwanted Programs: The Internet security environment is also challenged by unwanted programs such as adware, browser parasites, spyware, and other applications that install themselves on a computer, typically without the user’s informed consent. Adware is typically used to call for pop-up ads to display when the user visits certain sites. Browser parasite is a program that can monitor and change the settings of a user’s browser. Spyware is a program used to obtain information such as user’s keystrokers, e-mail, instant messages, and so on. Spyware is often used for identity theft.

Phishing and Identity Theft: Phishing is any deceptive, online attempt by a third party to obtain confidential information for financial gain. Phishing attacks do not involve malicious code but instead rely on straightforward misrepresentation and fraud, so called “social engineering” techniques. Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others. On any given day, millions of these phishing attack e-mail are sent, and unfortunately some people are fooled and disclose their personal account information.  

Hacking and Cybervandalism: A hacker is an individual who intends to gain unauthorized access to a computer system. Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent. Some hackers are satisfied merely by breaking into the files of an e-commerce site. Others have more malicious intentions and commit cybervandalism, intentionally disrupting, defacing, or even destroying the site.

Credit Card Fraud/Theft: Theft of credit card data is one the most feared occurrences on the Internet. Fear that credit card information will be stolen frequently prevents users from making online purchases. However, incidences of stolen credit card information are much lower than users think, around 1.6-1.8% of all online card transactions.

Spoofing (Pharming) and Spam (Junk) Web Sites: Hackers attempting to hide their true identity often spoof, or misrepresent themselves by using fake e-mail addresses or masquerading as someone else. Spoofing a Web site is also called “pharming,” which involves redirecting a Web link to an address different from the Intended one, with the site masquerading as the intended destination. Spam Web sites are the sites that promise to offer some product or service, but in fact are a collection of advertisements for other sites, some of which contain malicious code. Spam or junk Web sites typically appear on search results. One study found that about 13% of the pages returned for 1,000 key words were fake.

Denial of Service (DoS) and Distributed Denial of Ser vice (DDoS): A denial of service (DoS) attach is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a DoS attach in a variety of ways. For example, they may use an unsuspecting computer to send an influx of confusing data message or useless traffic to a computer network. The victim computer network eventually jams, blocking legitimate visitors from accessing the network. DoS attacks typically cause a Web site to shut down, making it impossible for users to access the site. Increasingly, DoS attacks involve the use of bot networks and so-called “distributed DoS attacks” built from thousands of compromised client computers (a zombie army). DDoS is a more devastating type of DoS attack. DDoS attacks have been able to stop operations temporarily at numerous Web sites, including powerhouses such as Yahoo!, eBay, Amazon.com, and CNN.com.

Sniffing: A sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately, sniffers can help identify potential network trouble-spots, but when used for criminal purposes, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

Back Doors and Insider Attacks: A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge. Some warms leave back doors, which have been used to spread other worms or to distribute junk e-mail from the unsuspecting victim computers.

Programmers often build back doors into programs during system development. These back doors save development time because the programmer can bypass security controls while writing and testing programs. Similarly, a computer repair technician may install a back door while troubleshooting problems on a computer. If a programmer or computer repair technician fails to remove a back door, a perpetrator could use the back door to gain entry to a computer or network.

We tend to think the security threats to a business originate outside the organization. In fact, the largest threats to business institutions come not from outsiders but from insiders. Employees have access to privileged information, and in the presence of sloppy internal security procedures, they are often able to roam throughout an organization’s systems without leaving a trace.

Spoofing: Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. Several types of spoofing schemes exist. One type, called e-mail spoofing, occurs when the sender’s address or other components of the e-mail header are altered so that it appears the e-mail originated from a different sender. E-mail spoofing commonly is used for virus hoaxes, spam, and phishing scams. Another type, called IP spoofing, occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with the phony Web site. For example, the victim may provide confidential information or download files containing viruses, worms, or other malware.

Poorly Designed Server and Client Software: Many security threats prey on poorly designed server and client software, sometimes in the operating system and sometimes in the application software. Given their complexity and design objectives, all operating systems and application software have vulnerabilities or flaw that hackers can exploit.

Safeguards against Internet and Network Attacks

There are six key dimensions to Internet security: integrity, nonrepudiation, authenticity, confidentiality, privacy, and availability. Figure 8-44 explains the six dimensions.

Figure 8-44 The dimensions of Internet security

	Figure 8-45 Internet security safeguards

Reducing risks in Internet and network is a complex process that involves new technologies, organizational policies and procedure, and new laws and industry standards that empower law enforcement officials to investigate and prosecute offenders. Figure 8-45 illustrates the multi-layered nature of Internet security. To achieve the highest degree of security possible, businesses should use new security technologies. But these technologies by themselves do not solve the problem. Organizational policies and procedures are required to ensure the technologies are not subverted. Finally, industry standards and government laws are required to enforce payment mechanisms, as well as investigate and prosecute violators of laws designed to protect the transfer of property in commercial transactions.

Technology Solutions

A great deal of progress on Internet security has been made by private security firms, business and home users, network administrators, technology firms, and government agencies. There are two lines of defense: technology solutions and policy solutions. Technology solutions include a set of tools that can make it difficult of outsiders to invade or destroy a system.  To defend against Internet and network attacks, users can implement firewall solutions, install intrusion detection software, and set op honeypots.   

Firewalls and proxy servers are intended to build a wall around your network to protect your networks. A firewall refers to either hardware or software that filters communication packets and prevents some packets from entering the network based on a security policy (Figure 8-46). The firewall controls traffic to and from servers and clients, forbidding communications from untrustworthy sources, and allowing other communications from trusted sources to proceed. Every message that is to be sent or received from the network is processed by the firewall, which determines if the message meets security guidelines established by the business. If it doesn’t, the message is blocked. All networked and online computer users should implement a firewall solution.

Figure 8-46 A firewall is hardware and/or software that protect a network from intrusion

Large companies often route all their communications through a proxy server. Proxy servers are software servers that handle all communications originating from or being sent to the Internet, acting as a spokesperson or bodyguard for the organization. Proxies act primarily to limit access of internal clients to external Internet servers, although some proxy servers act as firewalls as well. When a user on an internal network requests a Web page, the request is routed first to the proxy server. The proxy server validates the user and the nature of the request, and then sends the request onto the Internet. A Web page sent by an external Internet server first passes to the proxy server. If acceptable, the Web page passes onto the internal network Web servers and then to the client computer. By prohibiting users from communicating directly with the Internet, companies can restrict access to certain types of sites, such as pornographic, auction, or stock-trading sites.

Home and small business users often protect their computer with a personal firewall. A personal firewall is a utility that detects and protects a personal computer and its data from unauthorized intrusions. Personal firewalls constantly monitor all transmissions to and from the computer and inform you of any attempted intrusion. Some operating systems, such as Windows Vista, include personal firewalls. Home and small business users can also purchase a hardware firewall, such as a router or other device that has a built-in firewall, in addition to or instead of personal firewall software.

To provide extra protection against hackers and other intruders, large companies may use intrusion detection software to identify possible security breaches. Intrusion detection software automatically analyzes vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches. To utilize intrusion detection software requires the expertise of a network administrator because the programs are complex and difficult to use and interpret. This software, when combined with a firewall, provides an added layer of protection to companies with highly sensitive data such as credit card databases.

Some organizations use honeypots so that they can analyze an attack being perpetrated. A honeypot is a vulnerable computer that is set up to entice an intruder to break into it. These computers, which appear real to the intruder, actually are separated safely from the organization’s network. Honeypots allow the organization to learn how intruders are exploiting their network and also attempt to catch perpetrators who have been doing damage elsewhere on their network. Large Web hosting companies, such as Yahoo! And AT&T, and law enforcement agencies often use honeypots.

Information Security

Information theft is another type of computer security risk. Information theft occurs when someone steals personal or confidential information. Both business and home users can fall victim to information theft. An unethical company executive may steal or buy stolen information to learn about a competitor. A corrupt individual may steal credit card numbers to make fraudulent purchases. Information theft often is linked to other types of computer crime. For example, an individual first might gain unauthorized access to a computer and then steal credit card numbers stored in a firm’s accounting department.

	Figure 8-47 To protect files on your local hard disk from intruders, turn off file and printer sharing on your Internet connection.

Information transmitted over networks offers a higher degree of risk because unscrupulous users can intercept it during transmission. Every computer along the path of your data can see what you send and receive. Ironically, though, studies show that the biggest threat to a business’ information is its internal employees.

Most companies attempt to prevent information theft by implementing the user identification and authentication controls. These controls are best suited for protecting information on computers located on a company’s premises. To protect information on the Internet and networks, companies and individuals use a variety of encryption techniques to keep data secure and private.

Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possible illegal activities. Companies take several measures to help prevent unauthorized access and use. At a minimum, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used. A company should document and explain AUP to employees. To protect your personal computer from unauthorized intrusions, you should disable file and printer sharing on you Internet connection (Figure 8-47).

Figure 8-48 Many systems require a user to enter a user name and password

Many companies use access controls to minimize the chance that a perpetrator intentionally may access or an employee accidentally may access confidential information on a computer. An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. Many systems implement access controls using a two-phase process called identification and authentication. Identification verifies that an individual is a valid user. Authentication verifies that the individual is the person he or she claims to be.

Three methods of identification and authentication include user names and passwords, possessed objects, and biometric devices. A user name, or user ID, is a unique combination of characters that identifies one specific user. A password is a private combination of characters associated with the user name that allows access to certain computer resources. Most multiuser (networked) systems require that users correctly enter a user name and a password before they can access the data, computer, or network (Figure 8-48).

	Figure 8-49 To continue with the ticket order process at this Web site, the user must enter the characters in the CAPTCHA.

In addition to a user name and password, some systems ask users to enter one of several pieces of personal information. As with a password, if the user’s response does not match information on file, the system denies access. Some Web sites use a CAPTCHA to further protect a user’s password. A CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, is a program to verify that user input is not computer generated. A CAPTCHA displays a series of distorted characters and requires the user enter the characters correctly to continue using the Web site (Figure 8-49).

A possessed object is any item that you must carry to gain access to a computer or computer facility. Examples of possessed objects are badges, cards, smart cards, and keys. Possessed objects often are used in combination with personal identification number. A personal identification number (PIN) is a numeric password, either assigned by a company or selected by a user. A biometric device authenticates a person’s identity by translating a persona characteristic, such as a fingerprint, into a digital code that ten is compared with a digital code stored in the computer verifying a physical or behavioral characteristics (Figure 8-50). Biometric devices are gaining popularity as a security precaution because they are a virtually foolproof method of identification and authentication. Users can forget their user names and passwords. Possessed objects can be lost, copied, duplicated, or stolen. Personal characteristics, by contrast, are unique and cannot be forgotten or misplaced. However, biometric devices do have disadvantages. For example, if you cut your finger, a fingerprint reader might reject you as a legitimate user.

	Figure 8-50 A fingerprint reader verifies this traveler’s identity.

Companies and individuals use a variety of encryption to protect information on the Internet and networks. Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. This transformation of plain text to cipher text is accomplished by using a key. A key is any method for transforming plain text to cipher text. In order to decipher the message, the receiver would have to know the secret key that was used to encrypt the message. This is called symmetric key encryption. In symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt the message. Modern encryption systems are digital. The keys used to transform plain text into cipher text are digital strings. Today, the most widely used symmetric key encryption algorithm is Advanced Encryption Standard (AES), which offers key sizes of 128, 192, and 256 bits. There are also many other symmetric key systems with keys up to 2,048 bits. Symmetric key encryption requires that both parties share the same key. In order to share the same key, they must send the key over a presumably insecure medium where it could be stolen and used to decipher messages.

Public key cryptography solves the problem of exchanging keys. In this method, two mathematically related digital keys are used: a public key and private. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. However, once the keys are used to encrypt a message, that the same key cannot be used to unencrypt the message. The mathematical algorithms used to produce the keys are one-way functions. Public key cryptography is based on the idea of irreversible mathematical functions. Figure 8-51 shows a simple use of pubic key cryptography.

Figure 8-51 A simple example of public key cryptography

	Figure 8-52 Through this Windows Vista dialog box, you can encrypt files and folders.

With Windows Vista’s Encrypting File System, you easily can encrypt the contents of files and folders. To display the dialog box shown in Figure 8-52, right-click the file or folder name in Explorer, click Properties on the shortcut menu, click the General tab, and then click the Advanced button in the Properties dialog box. Windows Vista also includes a feature called BitLocker that allows you to encrypt all files on a drive.

A digital signature is an encrypted code that a person, Web site, or company attaches to an electronic message to verify the identity of the message sender. The code usually consists of the user’s name and a hash of all or part of the message. A hash is a mathematical formula that generates a code from the contents of the message. Thus, the hash differs for each message. Receivers of the message decrypt the digital signature. The recipient generates a new hash of the received message and compares it with one in the digital signature to ensure they match. Digital signatures often are used to endure that an impostor is not participating in an Internet transaction. That is, digital signatures help to prevent e-mail forgery.

There is another problem: How do we know that people and organizations are who they claim to be? Before you place an order with an online merchant such as Amazon, you want to be sure it really is Amazon.com you have on the screen and not a spoofer masquerading as Amazon. In the digital world, we need a way to know who people and organizations really are. Digital certificates and the supporting public key infrastructure are an attempt to solve this problem of digital identity.

	Figure 8-53 A certificate authority issues and verifies digital certificates.

A digital certificate is a digital document issued by a trusted third-party institution known as a certification authority (CA) that contains the name of the subject or company, the subject’s public key, a digital certificate serial number, an expiration data, an issuance data, the digital signature of the CA and other identifying information. A digital certificate guarantees a Web site is legitimate. E-commerce applications commonly use digital certificates. In the United States, private corporations such as VeriSign and government agencies such as the U.S. Postal Service act as CAs (Figure 8-53). Public key infrastructure (PKI) refers to the CAs and digital certificate procedures that are accepted by all parties.

To create a digital certificate, the user generates a public/private key pair and sends a request for certification to a CA along with the user’s public key. The CA verifies the information. The CA issues a certificate containing the user’s public key and other related information. Finally, the CA creates a message digest from the certificate itself and sings it with the CA’s private key. This signed digest is called the signed certificate. This is a totally unique cipher text document—there can be only one signed certificate like this in the world. There are many types of certificates: personal, institutional, Web server, software publisher, and CAs themselves.

Secure Sockets Layer (SSL) is a security protocol that provides private-key encryption of all data that passes between a client and a server. SSL is built into many Web browsers and numerous other software products. It operates between the Internet’s TCP/IP communications protocol and the application software. Web pages that use SSL typically begin with https:// instead of http://. Another security protocol is Secure HTTP (S-HTTP) that allows you to choose an encryption scheme for data that passes between a client and a server. With S-HTTP, the client and server both must have digital certificates. S-HTTP is more difficult to use than SSL, but it is more secure.

The Secure Electronic Transaction (SET) protocol was designed specifically to protect e-commerce payment transactions. SET uses digital certificates to authenticate each party in an e-commerce transaction, including the customer, the merchant and the merchant’s bank. Public-key cryptography is used to secure information as it is passed over the Internet.

Mobile users today often access their company networks through a virtual private network. When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network servers, as if the user has a private line. VPNs help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from an notebook computer or other mobile device.

Management Policies, Business Procedures, and Public Laws

U.S. firms and government agencies spend about 10% of their IT budgets on security hardware, software and services. That added up to about $100 billion in 2007. Most CEOs and CIOs believe that technology is not the sole answer to managing the risk of e-commerce. The technology provides a foundation, but in the absence of intelligent management policies, even the best technology can be easily defeated. Public laws and active enforcement of cybercrime statutes are also required to both raise the costs of illegal behavior in the Internet and guard against corporate abuse of information.

In order to minimize security threats, e-commerce firms must develop a coherent corporate policy that takes into account the nature of the risks, the information assets that need protecting, and the procedures and technologies required to address the risk, as well as implementation and auditing mechanisms. A security policy is a set of statements prioritizing the information risks, identifying acceptable risk targets, and identifying the mechanisms for achieving these targets. An implementation plan is the action steps you will take to achieve the goals of your security policy. Specifically, you must determine how you will translate the levels of acceptable risk into a set of tools, technologies, and procedures.

	Figure 8-54 Sample IT code of conduct employers may distribute to employees.

The public law environment today is very different from the early days of e-commerce. The net result is that the Internet is no longer an ungoverned, unsupervised, self-controlled technology juggernaut. There is a growing awareness that e-commerce markets work only when a powerful institutional set of laws and enforcement mechanisms are in place. These laws help ensure orderly, rational, and fair markets. This growing public law environment is becoming just as global as e-commerce itself. Many new laws have been passed that grant local and national authorities new tools and mechanisms for identifying, tracing, and prosecuting cybercriminals. The U.S. Department of Homeland Security operates the National Infrastructure Protection Center (NIPC) and the United States Computer Emergency Readiness Team (US-CERT). NIPC’s sole mission is to identify and combat threats against the United States’ technology and telecommunications infrastructure, and US-CERT’s work is to coordinate cyber incident warnings and responses across both the government and private sectors.

8.4.5 Codes of Conduct

Recognizing that individuals need specific standards for the ethical use of computers, a number of computer-related organizations have established IT codes of conduct, which helps determine whether a specific computer action is ethical or unethical (Figure 8-54).

Netiquette, which is short for Internet etiquette, is the code of acceptable behaviors users should follow while on the Internet; that is, it is the conduct expected of individuals while online. Netiquette includes rules for all aspects of the Internet, including the World Wide Web, e-mail, FTP, newsgroups and message boards, chat rooms, and instant messaging. Figure 8-55 outlines the rules of netiquette.

Figure 8-55 Some of the rules of netiquette