TABLE OF CONTENTS

1. Cover Page
2. Certificate
3. Abstract
4. Table of Contents
5. Chapter 1: Introduction
6. Chapter 2: Literature Review
7. Chapter 3: Work Done
8. Chapter 4: Results
9. Chapter 5: Conclusions and Future Work
10. References
 ABSTRACT

Small business e-commerce websites make an excellent target for malicious attacks. Small
businesses do not have the resources needed to effectively deal with attacks. Large and
some mid-size organization have teams that are dedicated to dealing with security incidents
and preventing future attacks. Most small businesses do not have the capabilities of dealing
with incidents the way large organizations do. Security of e-commerce websites is essential
for compliance with laws and regulations as well as gaining and maintaining the trust of
consumers, partners and stakeholders. Many security standards have been established by
various organizations to help guide security of small business servers, however, many of
those standards or guidelines are too costly or time consuming. This paper1 will discuss
how attacks are carried out and how a small business can effectively secure their networks
with minimum cost.

The aim of this project is to design the topology of the business network using the
software Cisco Packet Tracer with the implementation of wireless networking systems.
This business network consists of the following devices:

1) Router (1941)
2) Switches (2960-24TT)
3) Email server
4) DNS server
5) WEB server (HTTP)
6) Wireless Device (Access Point)
7) PCs
8) Laptops
 CHAPTER 1: INTRODUCTION

Many businesses have come to the realization that, in order to

compete in the market, key business processes need to be part of
the Internet. E-commerce has become a popular adaptation for
businesses, which has been a major transformation for many
businesses. The popularity of the Internet has transformed
traditional commerce into e-commerce, which has proven to be a
successful platform for many businesses. Small businesses
provide an easy target for attackers because they typically have
limited funds and do not have dedicated personnel to monitor,
update and defend their systems. The attacks on small businesses
continue to rise each year (above figure).

BACKGROUND STUDY

Since the advent of the Internet, people have been looking for new ways of improving it,
doing business, making money and committing crimes. "In 1990, a researcher named Tim
Berners-Lee, proposed a hypertext-based web of information that a user could navigate
using a simple interface called a browser. In 1994, Netscape 1.0's released included an
important security protocol known as Secure Socket Layer, which could send and receive
encrypted messages. Also in 1994, the first third-party services for processing online credit
card sales began to appear" (Roos, n.d.). With the ability to accept credit cards online,
businesses were no longer forced to traditional brick and mortar sales. This is where e-
commerce began. It can be challenging to gain trust, maintain trust and build relationships
with partners, customers, clients and suppliers. The relationships and trust that can take a
long time to acquire can quickly be destroyed with a breach in security.

E-COMMERCE CHALLENGES

The challenge with e-commerce has been to successfully integrate effective security
measures and mechanisms to protect the business from being compromised by attackers.
Effective security is important for the continuity of business, trust of clients, and
compliance with industry specific laws and regulations. One breach in security can cost a
business a lot of money, even shut it down.
Security is not just a "set and forget" kind of issue. Effective security involves a thorough
analysis, implementation, updating and monitoring. The constant involvement with
security can be a deterrent for some people. Some people do not want to take on the task
of dealing with security. It is a major task, and it is also a very necessary task.
ETHICAL ISSUES WITH E-COMMERCE

Companies using the internet to do business should adhere to the same ethical standards
online as they do offline. If they do not follow the same ethical standards, they face the same
consequences. A damaged reputation and a long-term loss of trust can result from not
following ethical standards.

Protecting consumer information should be a major concern for businesses. The costs can
seem high and the benefits seem low, which is why some businesses do not feel the need to
properly secure their e-commerce websites. When making purchases online, consumers
should have a general sense of security. While there is no way to completely secure consumer
information, businesses should take as many precautions as possible, while still allowing for
usability.

Technology has revolutionized the way society operates and does business. Technology is
constantly changing, criminals are constantly finding new methods of attack, and it is the
responsibility of users and administrators of various technologies to use it in a way that is
ethical and complies with all laws and regulations. Businesses need to ensure their e-
commerce infrastructures are up-to-date with the latest updates and security necessities.

Threats to Business:

Businesses are exposed to the following risks with e-commerce:

Direct Financial Loss:

• Fines or other legal repercussions could occur due to a violation of contracts, laws, or
other regulations.

Indirect Loss:
• Loss of Credibility: People will lose trust in a business that has security issues, even
if the security issues didn't cause any loss or damage.
• Loss in Productivity: The unavailability of e-commerce systems could result in loss
of productivity because employees will not be able to work during downtime.
• Disclosure of confidential information: Business secrets could be stolen as well as
employee and customer information.
• Blackmail: Malicious attackers could take over a system and demand compensation
to restore the server to the control of the business.
Technical Issues:

• Damage to files or system: Security compromises could result in damage to files or

the system as a whole. Files could be lost and the server could even be ruined by a
malicious attack.
• Errors in configuration: Some malicious attacks could reconfigure the system to
perform in ways that are different than normal.
• Errors in applications: Applications on the server could have errors and not perform
properly.

Web Server Threats

• Web server software is designed to deliver web pages by responding to HTTP
requests. Web server software is typically designed for usability and convenience,
instead of security. “The more complex the software, the greater the probability that
it contains coding errors or security weaknesses” (Schneider, 2009). The more lines
of code, the greater chance there are going to be errors. “A common estimate used in
the industry is that there are between 5-50 bugs per 1,000 lines of code. So an estimate
would be that Windows 7 has approximately 1,200,000 bugs” (Eagle, Harper, Harris,
Ness, & Williams, 2011).
• Web servers can be compromised by an attacker obtaining the user name and
password of one of the users. Once the attacker has the user name and password, he
can then gain access and escalate privileges so he can have unlimited access to the
server. The attacker can then install a backdoor so he can gain access in the future.
• Web servers are also subject to physical attacks. A person could gain access to the
room where the server is located and cause damage to it. Once a person has physical
control over a server, he is capable of doing almost anything with it.
 CHAPTER 2: LITERATURE REVIEW

● What is Packet Tracer?

Packet Tracer is a cross-platform visual simulation tool designed by Cisco Systems that
allows users to create network topologies and imitate modern computer networks. The
software allows users to simulate the configuration of Cisco routers and switches using a
simulated command-line interface. Packet Tracer makes use of a drag-and-drop user
interface, allowing users to add and remove simulated network devices as they see fit.
The software is mainly focused on Certified Cisco Network Associate Academy students
as an educational tool for helping them learn fundamental CCNA concepts. Previously
students enrolled in a CCNA Academy program could freely download and use the tool
free of charge for educational use.

● Router

A router is a device like a switch that routes data packets based on their IP addresses. The
router is mainly a Network Layer device. Routers normally connect LANs and WANs
together and have a dynamically updating routing table based on which they make
decisions on routing the data packets. Router divides broadcast domains of hosts
connected through it.

● Switch
A network switch (also called switching hub, bridging hub, officially MAC bridge is
networking hardware that connects devices on a computer network by using packet
switching to receive and forward data to the destination device. A network switch is a
multiport network bridge that uses MAC addresses to forward data at the data link layer
(layer 2) of the OSI model. Some switches can also forward data at the network layer
(layer 3) by additionally incorporating routing functionality. Such switches are
commonly known as layer-3 switches or multilayer switches.

● Network Packet

A network packet is a formatted unit of data carried by a packet-switched network. A

packet consists of control information and user data, which is also known as the payload.
● Server

A server is a computer or system that provides resources, data, services, or programs to

other computers, known as clients, over a network. In theory, whenever computers share
resources with client machines, they are considered servers. There are many types of
servers, including web servers, mail servers, and virtual servers.

Many networks contain one or more of the common servers. The servers used in our
project are as follows:

➢ DNS Server

DNS stands for Domain Name System servers which are application servers that provide a
human-friendly naming method to the user computers in order to make IP addresses readable
by users. The DNS system is a widely distributed database of names and other DNS servers,
each of which can be used to request an otherwise unknown computer name. When a user needs
the address of a system, it sends a DNS request with the name of the desired resource to a DNS
server. The DNS server responds with the necessary IP address from its table of names.

➢ WEB Server

One of the widely used servers in today’s market is a web server. A web server is a
special kind of application server that hosts programs and data requested by users across
the Internet or an intranet. Web servers respond to requests from browsers running on
client computers for web pages, or other web-based services.

➢ EMAIL Server
An e-mail server is a server that handles and delivers e-mail over a network, using
standard email protocols. For example, the SMTP protocol sends messages and handles
outgoing mail requests. The POP3 protocol receives messages and is used to process
incoming mail. When you log on to a mail server using a webmail interface or email
client, these protocols handle all the connections behind the scenes.

● Wireless Network
A wireless network broadcasts an access signal to the workstations or PCs. This enables
mobility among laptops, tablets, and PCs from room to room while maintaining a firm
 network connection continuously. A wireless network also presents additional security
requirements.

● Ethernet
This is the backbone of our network. It consists of the cabling and is typically able to
transfer data at a rate of 100mb/s. It is a system for connecting a number of computer
systems to form a local area network, with protocols to control the passing of information
and to avoid simultaneous transmission by two or more systems. Among the different
types of ethernet, we have used Gigabit Ethernet, which is a type of Ethernet network
capable of transferring data at a rate of 1000 Mbps and fast Ethernet is a type of Ethernet
network that can transfer data at a rate of 100 Mbps.

● Computing Device
Computing devices are the electronic devices that take user inputs, process the inputs,
and then provide us with the end results. These devices may be Smartphones, PC
Desktops, Laptops, printer, and many more.

● Internet Protocol
Internet Protocol (IP) is one of the fundamental protocols that allow the internet to work.
IP addresses are a unique set of numbers on each network and they allow machines to
address each other across a network. It is implemented on the internet layer in the IP/TCP
model.

● SSH Protocol
Secure Shell enables a user to access a remote device and manage it remotely. However,
with SSH, all data transmitted over a network (including usernames and passwords) is
encrypted and secure from eavesdropping.

SSH is a client-server protocol, with an SSH client and an SSH server. The client machine
(such as a PC) establishes a connection to an SSH server running on a remote device (such
as a router). Once the connection has been established, a network admin can execute
commands on the remote device.
● Benefits of wireless networking over wired networking
To better understand the wide usage of wireless networking in today’s world, is to start
with the benefits it has over traditional wired networking is crucial for our project
implementation. Some major aspects have been stated below that show the various
advantages of a wireless network over wired ones.

1. Mobility
One of the major advantages of wireless is mobility. Users have the freedom to move
within the area of the network with their computing devices staying connected to a
network without being concerned about the cable connection.

2. Less Hassle
The wireless network helps in the reduction of large amounts of cables or wires which
becomes chaotic and difficult to maintain, it makes the connection hassle-free.

3. Accessibility
Provide network access across your organization, even in areas that have been
challenging to reach with the wired network, so your entire team can stay in touch.

4. Expandability
The wireless network helps in the expansion of the network to a wide range by adding
multiple new users and locations without additional need to run cables and wires.

5. Guest Access
Offer secure network access to guest users, including customers and business partners,
while keeping your network resources protected.

With lots of advantages, there come disadvantages as well, like security issues which can
be resolved using strict protection passwords. Also, the Speed of wireless networks is
considered to be slow and having low bandwidth when compared to the direct cable
connection networks.
● Simulation Environment
The simulations of our network topology can be easily achieved using cisco packet tracer.
Using a simulation mode, you can see packets flowing from one node to another and can
also click on a packet to see detailed information about the OSI layers of the networking.
Packet Tracer offers a huge platform to combine realistic simulation and visualize them
simultaneously. Cisco Packet Tracer makes learning and teaching significantly easier by
supporting multi-user collaboration and by providing a realistic simulation environment
for experimenting with projects.
 CHAPTER 3: WORK DONE

Software and hardware requirements:

Before heading towards the implementation of what we need to make sure of the
following requirements.

● A proper workstation (any mid-high range laptop will suffice).

● Packet Tracer by Cisco
● 8 GB RAM.
● Any 10,000+ Average CPU Mark scored processor.
● 16 GB of dedicated hard disk space.
● USB 3.0+ port.

Architecture:
File transfer protocol is a way to connect two computers to one another in the safest
possible way to help transfer files between two or more points. To put it simply, it’s the
means by which files are securely shared between parties. File Transfer Protocol (FTP)
is the standard mechanism provided by TCP/IP for copying a file from one host to
another. Although transferring files from one system to another seems simple and
straightforward. Before transferring, some problems must be dealt with first, such as:
two systems may use different file name conventions. Two systems may have different
ways to represent text and data. Two systems may have different directory structures.
All of these problems have been solved by FTP in a very simple and elegant approach.
DEVICES USED IN THE NETWORK:

NETWORK DESIGN:
MAXIMUM CLIENT-SIDE USER:

MAXIMUM SERVER-SIDE USER:

IMPLEMENTATION:
IP CONFIGURATION:

Ping the servers:

Transfer A file to the server
FTP Server:

entering login details and sending .txt file into client server:

Server Get Request:

 CHAPTER 5: RESULT

Extracting files from client-side server to pc 5:

Checking if f1 file was downloaded in pc 5

Checking file f1 in server-side server -

- All connections are implemented correctly and the network is running successfully.
 CHAPTER 6: CONCLUSION AND FUTURE WORK

E-commerce is an effective way to do business. It allows businesses to provide products and

services to a wider population than they could with traditional brick and mortar operations.
However, e-commerce also comes with a wide variety of risks that need to be mitigated to
operate securely. Small businesses provide an easy target for attackers because they typically
have limited funding and do not have dedicated network professionals to monitor and protect
their network. Hackers have a wide variety of tools that allow them to attack networks even
with little technical knowledge. Hackers use a system along with their tools to attack systems.
They first need to gather as much information as possible about the target system, scan for
open ports, scan for vulnerabilities and then conduct their attack. Along with technical
attacks, some attackers might try physical attacks through social engineering and gain access
to the business servers by pretending to be someone they are not.

Small businesses need to take as many precautions as possible to protect their systems, even
if it means spending extra money to do so. There is really no way of completely securing a
network, but there are ways to minimize the chances of becoming a victim. Limiting the
chances of becoming a victim is better than trying to repair the damages after an attack, which
may not be repairable. Attacks come in many forms, so it is imperative to ensure that as many
security measures are put in place as possible. The implementation of various security
measures is important for the protection of family, business continuity and national security.
With the possible outcomes of an attack on a network, businesses should take network
security very seriously and properly protect their systems.

● Future Work

The configuration and specifications are for the initial prototype and can further be
developed and additional functionality can be added to increase support and coverage of
our existing network.
REFERENCES:

[1] Brenton, C. (2003). Mastering Network Security. 2nd ed. Alameda, CA: Skybox.
[2] Centre of Excellence Defence Against Terrorism (2008). Responses to Cyber Terrorism.
Amsterdam, NLD: IOS Press. [3] Ciampa, M. (2009). CompTIA Security+ 2008 In
Depth. Boston, MA: Course Technology.
[4] Dent, A., Mitchell, C. (2005). User’s Guide to Cryptography and Standards. Norwood,
MA: Artech
House, Incorporated.
[5] Department of Homeland Security (2003). The National Strategy to Secure Cyberspace.
Retrieved March 01, 2011 from:
http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf
[6] DevCenter (n.d.). INFO: Understanding PCI Compliance.
Retrieved from: http://dev.ektron.com/kb_article.aspx?id=26304