AK-DEVELOPER

In this section, we describe the system architecture along with implementation details. Functional diagram of the clearing house subsystem.

Clearing House Module:

The Inter-Bank Clearing and Settlement System consists of two subsystems (1) E-Check Clearing and Settlement System (2) Bank Gateway. ECCH interacts with participating bank gateway And Inter Bank Settlement System named Real Time Gross Settlement System (RTGS). This system has been recently implemented by the Reserve Bank of India (RBI). Communication between ECCH and bank Gateway is through JMS (Java Messaging Service) bridge. The communication between ECCH and RTGS is Through MQ (Message Queuing) bridge. ECCH has software modules, which carry out the following Activities: 

• Receives E-Check batches from the collecting bank gateway.

• Performs verifications and validations of these batches after decrypting them.

• Sorts E-Checks issuing bank-wise.

•  Creates E-Check batches for each issuing bank.

• encrypts the batch for each bank with the public key of that bank. The batches are digitally signed using private

• Key of the ECCH and forwarded to the issuing bank gateway.

• Receives confirmation or returned messages from the issuing bank gateway.

• Sorts returned E-Checks by collecting banks and forward them to respective collecting banks.

• for confirmed E-Checks, a net settlement matrix is prepared and the net settlement amount for each bank is arrived at.

• the net settlement file is digitally signed, encrypted, and sent to the RTGS

• Receives net settlement response from RTGS (can be either confirmation or rejection)

• decrypts the message received from RTGS.

FUNCTION DIAGRAM OF CLEARING HOUSE

The bank gateway receives E-Checks from the bank’s web server and performs necessary validations. The bank gateway functions both as the collecting bank gateway and the issuing bank gateway. The collecting bank gateway creates E-Check batches. The batches are digitally signed using their private key and sent to the ECCH. The issuing bank gateway is designed to accept E-Check batches from ECCH, validate the instruments, and send them to the core banking / TBA system of the bank. The transmission of E-Checks between the branches and the gateway system is the responsibility of the respective banks.

The functionality of these modules is Collecting Bank.

A book about hacking would be irresponsibly incomplete without a chapter giving you a fair warning on the consequences of misusing these techniques as well as the ethical considerations of hacking. To begin this discussion, you need to be familiar with two different terminologies that describe different types of hackers: black hat and white hat. I like the imagery these terms bring to mind because they always seem to remind me of Spy vs Spy. Black hat hackers are what most people typically think of when they hear the word “hacker.” A black hat hacker is the type of nefarious Internet user who exploits weaknesses in computing systems for personal gain or in order to disrupt an organization’s information systems to cause them harm. He’s the guy wearing a high-collared shirt, sunglasses, and a fedora behind an array of 20 or so computer monitors or the nerd in the movies who can break into a top-secret system illegally. There really isn’t any good that can come out of adopting a black hat approach to hacking, either. When you hear in the media that a financial institution just lost thousands of usernames and passwords or that a social media database was compromised that causing vast amounts of people to lose sensitive personal information, the attack was carried out by a black hat hacker. Recently, there was even a module of code contained in a WordPress plugin that was susceptible to an XSS vulnerability (a type of security flaw in websites with caching plugins) that was being exploited worldwide by the extremist group ISIS. If you are reading this book because you have dreams of causing mass disruption and chaos, I would highly advise you to reconsider. However, understand that security and penetration tools aren’t inherently good or evil. One could argue that they are much like firearms in the sense that a weapon is an inanimate object, and it is only as good or evil as the person wielding it White hat hackers, on the other hand, are the complete opposite. They’re the good guys who do everything in their power to find potential security flaws and correct the errors so the black hat hackers can’t break a system. As you read this book, you need to consider all of the tools and techniques I show you from the perspective of a white hat hacker and use them responsibly. If you pursue white hat hacking professionally, you can add tremendous value to the organization you work for and make big money doing so. Some white hat hackers that have the CEH (Certified Ethical Hacker) certification make salaries well into the six-figure range. Internet security is only becoming more important with each passing year, and a talented white hat hacker can use penetration testing tools and footprinting methods to identify disastrous security flaws on the organization’s network and information infrastructure and patch them before they become a problem that would cost the organization obscene amounts of money. Furthermore, you need to be aware of the consequences of misusing the knowledge you learn in this book. Though you likely won’t get caught snooping around a network attached to an unsecured SOHO (Small Office/Home Office) wireless network in your neighborhood or at your favorite local coffee shop, you need to respect other people’s rights to privacy. Think about it – how would you feel if you were sitting down for a cup of coffee while reading a book only to find out later that someone had attacked your Kindle over the coffee shop’s network and stolen your data? You would feel enraged, irritated, and violated. So, remember the golden rule as you grow into a white hat hacker. Also, consider that using penetration tools on networks where you don’t have any authority to do so could lead to some extremely negative consequences. Let’s face it, you don’t have the right to steal other people’s personal information –it’s illegal. Not only could you provoke civil lawsuits, but you could even face jail or prison time depending on the nature of your offense. If you choose to do it on your employer’s network and you get caught, the best-case scenario is that you would have some extremely uncomfortable questions to answer, and the Worst-case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started networking fundamentals Worst case scenario is that you would become fired. It’s just not worth it, so keep that in mind moving forward. Instead of testing out these techniques on public or corporate networks, my advice would be to try these in your very own home. Even a small home network will provide a digital playground for you to test out your new security skills. All you would need to run through some of these demos would be a personal computer, a wireless router, and preferably a few other devices that you can attach to your network. In the footprinting section, I will show you how to run ping sweeps and other utilities to perform reconnaissance and information-gathering methods, so having several other devices will give you more “toys” to play with on your local area network (LAN). By now I hope you understand that the word “hacker” is rather ambiguous. Years ago, it rightfully meant a black hat hacker. Today, however, it could refer to any number of different types of people who are extremely knowledgeable about technology, and the term “hacker” doesn’t necessarily mean someone who is trying to steal intellectual property or break into a restricted network. Calling someone a hacker is the layman’s approach to describing a digital thief, but security professionals will often draw the line between the white hats and the black hats. With all of the dire warnings out of the way, we can now proceed to the juicer and more pragmatic sections of the book you have all been waiting for and we can begin to learn how you personally can get your feet wet with hacking. To begin, understand that this book is written with the assumption that you have little to no understanding of rudimentary networking and security concepts. Because this book is written for beginners as opposed to seasoned Internet security professionals and expert hackers, you need to first have a basic understanding of network terminology, addressing concepts, and other fundamentals that you will be able to use as a foundation to build your hacking skills upon. So, let’s get started with networking fundamentals!

Almost everyone has used a computer at one time or another. Perhaps you have played computer games or used a computer to write a paper or balance your checkbook. Computers are used to predict the weather, design airplanes, make movies, run businesses, perform financial transactions, and control factories. Have you ever stopped to wonder what exactly a computer is? How can one device perform so many different tasks? These basic questions are the starting point for learning about computers and computer programming. A modern computer can be defined as “a machine that stores and manipulates information under the control of a changeable program.” There are two key elements to this definition. The first is that computers are devices for manipulating information. This means we can put information into a computer, it can transform the information into new, useful forms, and then output or display the information for our interpretation. Computers are not the only machines that manipulate information. When you use a simple calculator to add up a column of numbers, you are entering information (the numbers) and the Calculator is processing the information to compute a running sum which is then displayed. Another simple example is a gas pump. As you fill your tank, the pump uses certain inputs: the current price of gas per gallon and signals from a sensor that reads the rate of gas flowing into your car. The pump transforms this input into information about how much gas you took and how much money you owe. We would not consider either the calculator or the gas pump as full-fledged computers, although modern versions of these devices may actually contain embedded computers. They are different from computers in that they are built to perform a single, specific task. This is where the second part of our definition comes into the picture: Computers operate under the control of a changeable program. What exactly does this mean? A computer program is a detailed, step-by-step set of instructions telling a computer exactly what to do. If we change the program, then the computer performs a different sequence of actions, and hence, performs a different task. It is this flexibility that allows your PC to be at one moment a word processor, at the next moment a financial planner, and later on, an arcade game. The machine stays the same, but the program controlling the machine changes. Every computer is just a machine for executing (carrying out) programs. There are many dive-ferment kinds of computers. You might be familiar with Macintoshes and PCs, but there are literally thousands of other kinds of computers both real and theoretical. One of the remarkable discoveries of computer science is the realization that all of these different computers have the same power. with suitable programming, each computer can basically do all the things that any other computer can do. In this sense, the PC that you might have sitting on your desk is really a universal machine. It can do anything you want it to do, provided you can describe the task to be accomplished in sufficient detail. Now that’s a powerful machine!

Competitor analysis or the monitoring of competitor use of e‑commerce to acquire and retain customers is especially important in the digital marketplace due to the dynamic nature Of the Internet medium. This enables new services to be launched and promotions changed much more rapidly than through print communications. The implications of this dynamism are that competitor benchmarking is not an Off Activity while developing a strategy but needs to be continuous.

Benchmarking of competitors’ online services and strategy is a key part of planning activity and should also occur on an ongoing basis in order to respond to new marketing approaches Such as price or promotions. According to Chaffey et al. (2009), competitor benchmarking has different perspectives which serve different purposes:

1 Review of internal capabilities:

2 From core proposition through branding to online value proposition (OVP).

3 Different aspects of the customer life cycle:

4 Qualitative to quantitative:

from qualitative assessments by customers through surveys and focus groups to quantitative analysis by independent auditors of data across Customer acquisition (e.g., number of site visitors or reach within the market, cost of acquisition, Number of customers, sales volumes, and revenues and market share); conversion (Average conversion rates) and retention such as repeat conversion and number of active Customers.

5 In‑sector and out‑of‑sector:

benchmarking against similar sites within the sector and reviewing sectors that tend to be more advanced, e.g., online publishers, social networks, and brand sites. Benchmarking services are available from analysts such as Bowen Crags & Co (www.bowencraggs.com). An example of one of their benchmark reports is Shown in Figure 8.11. You can see that this is based on the expert evaluation of the suitability of the site for different audiences as well as measures under the overall construction (Which includes usability and accessibility), message (which covers key brand messages and suitability for international audiences) and contact (which shows integration between Different audiences). The methodology states: ‘it is not a “tick box”: every metric is Judged by its existence, its quality, and its utility to the client, rather than “Is it there or is it not?’”

6 Financial to non-Financial Measures:

Through reviewing competitive intelligence sources Such as company reports, or tax submissions additional information may be available on Turnover and profit generated by digital channels. But other forward-Looking Aspects of

The company’s capabilities which are incorporated into the balanced scorecard measurement Framework should also be considered, including resourcing, innovation, and learning.

7 From user experience to expert evaluation:

Ports, which are also sometimes called sockets, were one of the hardest Fundamental concepts for me to wrap my head around when I first started Learning networking engineering and computer hacking years ago. Basically, they are numeric values that are part of the TCP/IP protocol suite that is used to Tag different types of traffic. By tagging the traffic, devices like firewalls can take Different actions when different data streams flow through a network. There are literally thousands of different ports that are each used for different types of traffic and applications, but only a few of these are well-known Protocols. Some software developers reserve certain ports for their custom Application traffic, but you only need to be concerned with the well-known ports to get your feet wet with hacking. You must have a basic understanding of ports because later we will go through the process of port Scanning on your local network to ascertain which of these ports are open and Which are closed.

The following are some of the most common ports and their respective protocols

And traffic types:

-Port 80: HTTP (Hyper Text Transfer Protocol – used for web browsing and web

Pages)

-Port 20/21: FTP (File Transfer Protocol – used to download files remotely)

-Port 443: HTTPS (Hyper Text Transfer Protocol Secure – encrypted HTTP)

-Port 22: SSH (Secure Shell – used to remotely run command line procedures)

-Port 53: DNS (Domain Name System – used to bind IP addresses to URLs)

-Port 547: DHCP Server (Dynamic Host Configuration Protocol – automatic IP

Address assignment)

As you can see, each network protocol is assigned its own unique port number. These ports provide a way to handle various types of traffic differently. For Example, if I didn’t want anyone to download files from a personal file server I was hosting on my network, I would block connection attempts on ports 20 and 21 (FTP). This is an extremely basic example but understand that if you see a Host with an open port, that host will accept connections using that specific type Of traffic. As another example, consider a web server that hosts a website. It will Have either port 80 (HTTP) or port 443 (HTTPS) open, and clients can make a Connection on those ports with the server to download the webpages to their Browser. These ideas bring us to the next important concept: firewalls. The term ‘firewall’ is thrown around in the movies a lot, but most people don’t understand what they do. Though they have many advanced features, one of a Firewall’s most basic functions is to permit or deny traffic to a network. Firewalls in home environments act as a single point of failure – meaning that all Of the data in transit to/from the local network needs to first pass through the Firewall. Because it acts as the only way into a network, the firewall can prevent Hackers from making connections on specified ports to protect the local network. This concept refers to a hardware firewall, but there are software firewalls Aswell. For example, just consider the program adequately named Windows Firewall. It is a piece of software that will prevent the networking card in your computer from making connections on any of the ports you choose to block. We Will see how to scan a target system later with a port scanner to see which ports Are open and potentially exploitable. You should also know how to run a ping as well as view your IP address, subnet Mask, and MAC address. These are extremely simple commands, and they are used frequently by networking security professionals. They are all run from the Command prompt, so in Windows open up the command prompt by searching for it or hitting your Windows key and typing ‘cmd.’ the application’s icon is a Black box, and once you run this program you see a prompt with a blinking Underscore. To view your IP address, subnet mask, and default gateway, just type ipconfig into the command prompt. On the other hand, if you want to see your Maladdress', just type ipconfig /all into the command prompt. If you are using a Maco Linux computer, the command is only slightly different. On these systems the Command is ipconfig.

The proliferation of unsolicited commercial e-mail messages has caused a reaction from technical and legal Points of view. Some technical solutions have been proposed [DN93, GJMM98, H97], but at this moment, not All of them have been implemented. The most extended technical solution is the use of a single e-mail address and a filter. The messages received are filtered, and all suspicious messages are deleted or stored in a different folder. Filters and Blockers may help to reduce the spam volume but cannot eliminate it entirely. If the filtering is realized by The receiver, then he must pay for the reception of the messages, before the filtering is done. Filtering in the Internet Service Provider (ISP) reduces the volume of messages received by the user, and the cost of Downloading. Filtering can be done in function of the sender address (if the sender address is identified as a Spammer’s address). However, spammers can use multiple addresses and discard the addresses already used. Filtering based on keywords (in the subject or in the body of the message) can also be used. However, this approach is not cent percent accurate and can produce the removal of desired or solicited messages. Another easy solution is the use of different addresses for different purposes. An address that has been collected by a spammer must be discarded. But the change of address is not suitable for the users, because They have to notify the change of address to all his correspondents. The channelization of a single address [H97] can be used to solve this problem. If a user defines a few Channels over his address, then can adjust the addresses from where the channel can receive messages, Creating public and private channels. A channel can be closed without any repercussions on other channels. Micropayments can also be used. If a coin of a fixed value is required for the reception of the message, The cost assumed by spammers can be discouraging. If a message is received from a not commercial source, The receiver can return the coin. This approach can be used in conjunction with channelization. The user Can open a public payment channel allowing the reception of messages from all sources. Spam on mobile devices can be considered an even worse intrusion, because the message is delivered directly to a person’s handset, and for this reason, the message will find the person immediately. Due to the Price of an SMS, spam makes money for wireless operators and makes fighting spam a complex dilemma For carriers. Carriers can deploy a network solution for protection against specific service attacks and allow Subscribers to improve the solution by setting up filters. In the mobile environment, the exploration of potential receivers’ addresses is different. Brute force Attack to every possible mobile address (phone number) is commonly used.

Most of you have probably heard of viruses, worms, malware, key loggers, Rootkits, and Trojans before, but what the heck are these things, and how do Hackers utilize them to steal people’s data and disrupt their computer systems? Each of these tools is a little bit different from the other, but they all have one similar goal: to enter a target’s system to provide the attacker with the information he or she doesn’t already have access to. No, I’m not going to show you how to Craft nefarious computer software, but you should have a well-rounded understanding of these topics if you have any hope of calling yourself a hacker. First and foremost, you need to understand the concept of computer viruses Because they are one of the most popular terms thrown around in discussions About cyber security and hacking. A computer virus is a piece of malicious coder software program that can infect a target system and then make copies of itself on other local computers. They are aptly named because they reproduce Much like a virus in real life, and they facilitate their operations by attaching Themselves to computer programs. Typically, they either render a computing System completely useless or seek to destroy data. Again, you’ll hear about Computer viruses in the movies a lot, so we’ll take a look at some of the most famous computer viruses of all time after defining the other terminology. A worm is very similar to a virus, and the line between a virus and a Worm indeed gets muddied and blurred. The largest difference is that worms are not Attached to a computer program. They exist independently on the host system, and they often take advantage of network resources to spread to other hosts on the network they have compromised. Sometimes worms are also classified as Malware because there are only minute differences in the terminology. Colloquially, these terms are interchangeable, but their meanings vary slightly in Academic settings. Perhaps you have already experienced the negative consequences of malware. One of the most popular ways that malware is distributed is through the medium of online downloads, whereby a downloadable file has been corrupted with Malware that the user then downloads and installs. You’ll see this frequently with most files hosted with P2P (Peer-to-Peer) file-sharing programs such as BitTorrent. Malware gets its name by combing two other terms: Malicious Software. It can also be used as an umbrella term used to describe many Different types of attacks, and it could mean any software that is used by an Attacker to create access to a target’s data, block them from their data, or change Information on their computer. Furthermore, a key logger is yet another type of malicious program, and as you Might have guessed its sole purpose is to log the keystrokes of the user who has been infected. This is absolutely disastrous for the target user because an Attacker will be able to record and view every single key that the target types on Their host system. This includes usernames and passwords, Google searches, Private instant messaging conversations, and even payment card data. If an Attacker has successfully installed a key logger; the target is at the mercy of the Attacker. There’s no telling what the attacker could do next – they could hack into the target system by using the information they gathered such as usernames and passwords, steal money using their payment card data, or use their host System to carry out attacks on other hosts on the same network. Next, you should also be familiar with the idea of a rootkit. Rootkits are Extremely dangerous because they serve to edit background processes to hide the malicious activities of an attacker. This will help viruses, key Loggers, and other malicious codes exist for extended periods without Detection on the target system. They can even serve to hide software that would Have been otherwise detected and quarantined by security software. Last but not least is the infamous Trojan horse, sometimes called a Trojan virus or a backdoor virus. They are extremely problematic because they can be slipped into innocent-looking applications, and they are very hard to detect without the Right security software. There could even be a Trojan horse lurking in the depths of your personal computer right now, and they are frequently used to gain Complete control of a target system. Now that you have a basic understanding of the different types of malicious code Hackers employ to do their bidding; you should know about some of the largest and most famous computer viruses of all time. Some of them are actually other types of malicious code such as Trojan horses, but people still refer to them as Viruses. Any expert hacker will have heard of these famous attacks before, so You should know them as well. Also, if you get the inkling to try your hand at using one of these methods on Your own by hunting around on the Internet for freely distributable code that will allow you to attack a target system, just know that you’re setting yourself up for disaster. Humorously enough, some hacking newbies try to find rootkits and Key loggers to attack hosts. But here’s the catch – some hackers actually Facilitate their attack by taking advantage of people who want access to these types of programs. And the end result isn’t pretty. In the end, the newbie hacker might actually Install an expert hacker’s virus and unknowingly infect their own operating System! And don’t forget that there are ethical and legal implications as well. Many, if not all, of the people responsible for these famous attacks, were severely Punished. So don’t try to research and implement these types of viruses at home!

 Digital business transformation

Significant changes to organizational processes, structures, and systems implemented to improve organizational performance through increasing the use of digital media and technology platforms

Inbound Marketing

On the Internet, it is often the customer who initiates contact and is seeking information Through researching information on a website. In other words, it is a ‘pull’ mechanism where it Is particularly important to have good visibility in search engines when customers are entering Search terms relevant to a company’s products or services. Amongst marketing professionals, This powerful new approach to marketing is now commonly known as inbound marketing (Shah and Halligan, 2009). Google has referred to this consumer decision-making before the Visit to a retailer as the Zero Moment of Truth (ZMOT) in a handbook by Lewinski (2012). This Describes the combination of online and offline influences on the purchase

Inbound marketing is powerful since advertising wastage is reduced. Search marketing, Content marketing, and social media marketing can be used to target prospects with a Defined need – they are proactive and self-Selecting. But this is a weakness, since marketers May have less control than in traditional communications where the message is pushed out to a defined audience and can help generate awareness and demand. Advocates of inbound Marketing such as Dharma’s Shah and Brian Halligan argue that content, social media, and Search marketing do have a role to play in generating demand.

Social media marketing

The growth in popularity of social media is a major trend in digital business. In particular social network sites (SNS) such as Facebook, Google+, and Twitter and for business‑to‑business users LinkedIn and RSS feed. Some niche social media sites are independent of social networks, including virtual worlds such as Habbo Hotel, and blogs created by many individuals and businesses. Social media marketing also includes rich media Such as online video and interactive applications featured on specialist social networks such as YouTube or embedded into websites. All businesses need to understand the business and revenue models of the Major social networks and platforms which are today so influential in shaping people’s opinions About brands. Figure 1.3 summarises the main types of social sites that companies need to consider. Since there are so many types of social presence, it is helpful to simplify the options to Manage them. For this, we recommend these six categories based on chapters in Weinberg.

(you can see there’s more to social media than social networks):

1 Social networking. The emphasis here is on listening to customers and sharing engaging Content. Facebook tends to be most important for consumer audiences and LinkedIn for Business audiences.

2 Social knowledge. These are informational social networks like Yahoo! Answers, where You can help an audience by solving their problems and subtly showing how your products Have helped others. Wikipedia is another site in this category, although it has relatively little application for marketing.

3 Social sharing. These are social bookmarking sites like Delicious (www.delicious.com)Which can be useful for understanding the most engaging content within a category.

4 Social news. Twitter is the best-Known Example.

5 Social streaming. Rich and streaming media social sites for sharing photos, video, and Podcasting.

6 Company User-Generated Content and community. Distinct from the other types of social presence which are independent of companies, these are the company’s own social Space which may be integrated into product content (reviews and ratings), a customer support community, or a blog.