SECURITY THREATS AND SOLUTIONS
Unknown
AssalamualaikumAhlan Wa Sahlan
Annyeonghaseyo. Bienvenidos. Huan Ying. 


Welcome to our blog!!!!



For E-Ticketing System, the biggest security threats are from internal threats (empolyees), hardware and software failure. 
  • Internal Threats from employees where employees have access to privileged information, and in the presence of internal sloppy security procedures, they are often able to roam throughout the organization's system without leaving a trace.
  • Hardware failure causes from electrostatic discharge when open supercomputer to install new hardware, dust, overheat and bad hard disk sectors.
  • Software failure causes  from bug. The main source of bug is the complexity of decision-making code. Important programs within E-Ticketing system is usually much larger, containing tens of thousands or millions of lines of codes, each with many times the choices and paths of the smaller programs.
The solutions for these security threats of E-Ticketing system are:

  • For internal threats, KTB SDN. BHD. strictly need to ensure which of the employees should have the access to privileged information. They also can implement the system which can trace who are accessing the information automatically.
  • For hardware failure, to prevent ESD is to use a grounding wrist strap or stand on a grounding mat when open the supercomputer's case. Put the hardware in the disclosure space and clean up regularly with specific standard. Put extra cooling parts in the hardware components and have proper maintenance to prevent bad hard disk sectors.
  • For software failure, KTB Sdn. Bhd. can request to the software vendor creates small pieces of software called PATCHES to repair the flaws without disturbing the proper operation of the software.  

For corporate server such as bank and agents, the security threats are hacking, fraud and Denial-of-Service Attacks (DoS).
  • The outsider intends to gain unauthorized access to a computer system. They unauthorized access by finding weakness in the security protections employed (agents and bank) by Web sites and computer systems. They also often taking advantage of various features of the Internet that make it an open system and easy to use.
  • For DoS, hackers flood a network server of Web server with many thousand of false communications or request for services to crash the network. They often cause a Web site to shut down, making it impossible for legitimate users to access the site.
  • Fraud happens when the bank system cannot trace serial number of the credit card during the transaction of the payment. So that, the bank approve the transaction of the payment.
The solutions for these security threats of the agents and banks :
  • The systems using by agents should have password protected. It prevent the hackers to hack into the systems and steal data. Further more, they should using biometric authentication such as finger prints to identify person incharge for the systems.
  • Preventing DoS Attacks, the agents can use dotDefender web application firewall. It can inspects the HTTP traffic and checks their packets against rules such as to allow or deny protocols, ports, or IP addresses to stop web applications from being exploited. 
  • The bank should have better security system in order to detect the fake credit card. If the customer purchase the online ticket with the fake credit card, during the transaction the bank should be able to detect within faster time and block the transaction and approval of purchasing ticket.

 For customer, security threats facing by them are spyware,computer virus, and sniffing:

  • Customers at the client layer can cause harm by spyware such as Keyloggers. Keyloggers record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to e-mail accounts, to obtain password to protected computer system, or to pick up personal information such as credit card numbers. This is because some customer used credit card to pay their online ticket.
  • Besides that, customer at the client layer can cause harm by computer virus. A computer virus is rogue software program that attaches itself to other software program or data files in order to be executed, usually without user knowledge or permission. Sometime viruses can attack on customer e-mail. Examples of viruses are,Trojan horses, email viruses, network virus. 
  • Sniffer is a type of eavesdropping program that monitor information traveling over a network. When used for criminal purposes, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential report.
The solutions for these security threats of the spyware,computer virus, and sniffing:


  • To prevent Keylogger threat, customers can install anti-spyware programs. Good anti-spyware will protect your computer from Keylogger.
  • Customers can install anti-virus in their computers and mobile phones to prevent this problem. Customers also should update their anti-virus for effective virus protection.
  • Then, to overcome the last threat is establish an encrypted tunnel between your computers and a trusted network. for example VPN. this encrypts any and all traffic from your computers to any destination over the untrusted part of it's journey. Use only applications that encrypt their communication like HTTPS. this encrypts your communications with just that application over the whole journey.

That's all from us for this project assignment. We have learning a lot about the information system and how it works to the company to run their business.

 Thanks very much for Dr. Saadiatul Ibrahim for the guidances and suppots in completing this project. We hope what we have learned in this subject and project will help us to be a better person as well as we can help our organization when we are working later.

See you again... :))))

Zai Jian. Annyeonghigeseyo. 

Adios. Maasalama. Goodbye!!!! <3


" Do not judge a person from what he/she is doing because you also have to know the reason why he/she did it"


Publish by : Zhu Qi Long


0 comments | edit post
SYSTEM TOPOLOGY OF E-TICKETING SYSTEM
Unknown

AssalamualaikumAhlan Wa Sahlan
Annyeonghaseyo. Bienvenidos. Huan Ying. 

Welcome to our blog!!!!

Our entry today is about the IT components of the selected IS. IT components involve are hardware, software, telecommunication networks as well as system topology.




Hardware is the objects or physical parts that you can touch, see and tangible. KTB Sdn. Bhd. also need hardware to run their system. The hardware are: 
  • Supercomputer
  • 2* INTEL XEON Processor 3.2Hz/2MB
  • Intergrated Server Management (ESSMIII)
  • Intergrated Dual Broadcom Nextreme Gigabyte Network
  • Intergrated Single Channel Ultra 3 SCSI Adapter
  • 2* Hard Drive, 36 Ultra320, 15K, 80pin SCSI Memory, 4GB, DIMM.

Software is consists of the detailed, preprogrammed instructions that control and coordinate the hardware components in information system. The software in E-Ticketing system consists of system software and application software. 
  1. The system software are MS Win 2003 Cluster and MS SQL Server 2000 Cluster. 
  2. The application software is Microsoft Clustering for Web Server.
Telecommunication network is collection of terminal nodes, links and intermediate nodes which are connected so as to enable telecommunication between the terminal. There are two types of network access solutions provided by MHSB which are:
  1. Internet Protocol Virtual Private Network (IP VPN) 
  2. Combination of multiple options for all Less Busy Sites (Broadband Line TMNet Streamyx and ISDN Dial-up Lines with Internet Access TMNet 1525).

The system topology use by E-Ticketing is Fully-Connection Mesh Topology which mean there is a direct link between all pairs node. All the directions in the picture are link to each other. Firstly, the supercomputer link with ticket's counters and all the agents such as ticket4u, easybook.com, busonlineticket.com and catchthatbus.com. 

 The supercomputer provide database to all connected links. The database consists of buses, routes, drivers, trips, estimated time to arrive (ETA), time for departure, seats available and memberships data. 

The software involve in E-Ticketing are system software which are MS Win 2003 and MS SQL Server 2000 Cluster. The application software is Microsoft Clustering for Web Server. The function of the software to control, coordinate, collect, store and analyze the data for all the connected links.


The database and all the links connected to each other by IP VPN and combination of multiple options for all Less Busy Sites. Besides that, the ticket counters and agents are link together to avoid the redundant of seats booking and tickets sold.

That's all for our entry about the IT components and system topology in E-Ticketing system.

See you in the last entry about Security Threats facing by E-Ticketing system.


See you in the next entry. Zai Jian.

Annyeonghigeseyo. Adios. Maasalama. 

Goodbye!!!! <3


"Life isn't about FINDING YOURSELF. 
Life is about CREATING YOURSELF"



Publish by : Zhu Qi Long
0 comments | edit post
THE ADVANTAGES, PROBLEMS AND RECOMMENDATIONS
Unknown
AssalamualaikumAhlan Wa Sahlan
Annyeonghaseyo. Bienvenidos. Huan Ying. 

Welcome to our blog!!!!

Now, we are talking about the advantages of this system in helping KTB Sdn. Bhd in achieve their objective. The system is designed to be objective-oriented for dynamic business requirement changes and also for the provision of future requirement growth.  Now days, people are like to purchase ticket by online because of time, cost and it is easy. So, the numbers of people buying ticket online are increasing each year. By having this e-ticketing system, KTB Sdn Bhd can forecast demand of customer base on history of purchasing ticket. So they can identify where are the destination highly demanded and when they need to provide extra bus and how many extra  bus driver need to hire.  

So, KTB Sdn Bhd can promote advance booking of tickets is availability for up to two months especially in peak season. By opening advance bookings, it is cater for demand and to boost ticket sales. Lastly, e-ticketing system is a platform to KTB Sdn. Bhd to attract more customers purchase their service besides counter ticket.

Every system has their own problem. For e-ticketing system there are several problem facing by the end users and also by the KTB Sdn. Bhd itself. For example, when customer buying ticket online, the confirmation email enter junk email or spam in theie email. The customer did not check back their spam or junk email and think their purchase invalid, so, they purchase another one. This will make customer losses. Besides that, time taken for confirmation in transaction between agents and communication with bank take a longer time. KTB Sdn. Bhd has to log the seat for customer within 15 minute until bank massage success. If not, the seat will be released. 

 Besides that, the system of reservation are closed 6 hour before departure time. As we know customer mostly buying ticket in last minute, so closing booking ticket 6 hour before departure is a problem. Within that time KTB loss a lot of potential customer.

 Then, the big problem faced by KTB Sdn Bhd is fraud. There are customers, who are buying ticket online with fake credit card. Most of the cases from international card and KTB Sdn. Bhd sometime cannot detect this problem. They have to responsible in this losses. To overcome this problem, KTB Sdn. Bhd have to stop the operation of online ticketing until they detected the person or until the problem solved.


The recommendation for solve this problem is after purchasing online ticket, please check your junk email or spam. Might be the confirmation email already send. So no need to repurchase the ticket and it will waste your money. Then, if you think the massage of confirmation take too long, please call customer service. Customer service will checked if there are any problems with your purchasing. 

 KTB Sdn. Bhd. should upgrade the system to make purchasing ticket online are customer oriented. They should check back the closing reservation 6 hour before departure system are reliable or not. So that KTB Sdn. Bhd. will not loss the potential customer in future.

 Next, the bank should have better security system in order to detect the fake credit card. If the customer purchase the online ticket with the fake credit card, during the transaction the bank should be able to detect within faster time and block the transaction and approval of purchasing ticket.

 That's all for this part. Keep it up with us to know more about KTB Sdn. Bhd in next entry.
See you in the next entry. Zai Jian.. 
Annyeonghigeseyo. Adios. Maasalama. Goodbye!!!!<3

"Mistake are painful when they happen. But year's later collection of mistake is called experience, which lead to success.."


 Publish By: Nazmin
0 comments | edit post
VALUE CHAIN DIAGRAM
Unknown
Assalamualaikum, AhlanWa Sahlan. 
Annyeonghaseyo. Bienvenidos. Huan Ying. 

Welcome to our blog!!!!

We are sorry for not posting about IT components of the selected IS. This is because we still waiting for document that should be send by Mrs. Aliza.The document contains the information about the IT components of the IS.

Next, we are going to tell about the business process of the IS. The value chain model is below :
The value chain model highlights specific activities in the business where competitive strategies can best be applied and where information systems are most likely to have a strategic impact.

Primary activities are most directly related to the production and distribution of the KTB Sdn. Bhd.'s products and services, which create value for the customer. Primary activities include Advertising & Promotion Division, Stage Bus Division and Express Bus Division. 

 Advertising & Promotion Division promoting and selling KTB products. They promote early reservation to customer during peak season. They are also promote customer to used membership card to get best price. Besides that, they are also providing Mobile Advertising Services for Transport Operations (MASTRO) which is specializes in providing a wide range of bus advertising solutions. KTB Sdn. Bhd. offers unrivaled national coverage and frequency to allow any businesses to reach their consumers on the move and keep their advertising message in the market place every day of the year. 

 For Stage Division, all stage bus operations under KTB will bear the brand name, "Cityliner". All new buses that were manufactured and released for operations were painted with the new brand idenFor tity. The "Cityliner" operations are headed by a Division Head and are divided into five regions/territories. There are Cityliner – Kelantan Operations, Cityliner – Northern Operations, Cityliner – Selangor Operations, Cityliner – Negeri Sembilan Operations and Cityliner – Pahang Operations. Stage Bus Division provide routine road for state. This division will support express bus division.

 Express Bus Division will distributing finish product. It is also including scheduling the driver and routine road. In this division, they will identify when peak season so that they can provide extra buses, hirer extra driver and which route need to add to achieve demand from customer. Under the new holding company KTB, the Express Operations Division is divided into three brands with their own profit and loss which is 'Transnasional', 'Plusliner' and 'Nice'.


Support activities make delivery of the  primary activities possible. It consist of organization infrastructure which is Finance & Corporative Affair Division. This division provided listed bank that customer can used to pay for online purchasing ticket. So that, customer choose one of the listed bank to make transaction of payment. Besides that, customer also can make payment by credit card. So, this division will checked the customer transaction payment done before they locked seat for them. 

 For Talent and Culture Division, KTB Sdn. Bhd provide a disciplined, scientific diagnosis to better understanding the cultural and environment elements that produce morale, quality and service orientation that support the primary activities. In achieving customer orientation, they provide customer service centre to help customer when they have problem in online purchasing ticket. They also having details information about employee and driver in the system that help scheduling routine road and bus driver. 

 Ancillary Business Division will support primary activities or operation of KTB Sdn. Bhd. Based on history of purchasing online ticket, they can identify when is peak season and where is the place that most demanded from the customer. So that, they can provide an extra bus or double decker bus to the place in high demand and during peak season.
IT Division are includes receive booking from customer for reserve the bus seat. There are several step need to completed by customer to purchase online ticket. Besides that, IT division will control the availability of purchasing ticket online. For example, KTB Sdn. Bhd. open seat reservation or booking 2 month early especially during peak season like school holiday or festival season like Hari Raya, Chinese New Year, Deepavali and so on. In addition, IT division is also controlling the closing reservation that is 6 hour before departure time. 

In division of management in KTB Sdn. Bhd., they provide E-Ticketing system to improve efficiency of the existing system in buying at the counter ticket. This is because to cutting the cost and increasing the time efficiency for customer when buying the ticket. So, the system provide alternative to customer to purchase the ticket by online compare to the counters. KTB Sdn. Bhd. chooses to develop E-Ticketing System as a solution for the problem facing by customers.

For implementing the system, KTB Sdn. Bhd. develops software, programming, providing related hardware, testing the system within the managers of department and agents, training employees and make documentation for the system.

Lastly, IT division will in charge in maintaining E-Ticketing System design by KTB Sdn. Bhd. 
This figure shows the three-tier application design in E-Ticketing System. For the client tier, the customer will go to the agents’ website and search for the ticket that they are needed. Then the customer will fill the information of details and the payment in the agents’ website. After that, the agents will send the information of details and payments to the database of E-Ticketing System.

Next for the application tier, it consists of a set of computers that host application services using by middle managers and servers. For example hosting web sites, application forms, Web Server or Application Server. Together, set of servers such as agents provides the application service to clients and is the building block of application tier.

Business logic layer manage communication user interface and database. The customers purchase the online ticket from the agents or from the counter tickets. Then, the information of the details and payment request by customer will send from the agents and counter tickets to the business logic layer. The business logic layer will send the request to the database and the database will send back the information of the details to the agents and counter tickets through the business logic process. Then the agents and counter tickets will generate the information of details request by customers. Each ticket is targeted to be generated/ printed within 20 seconds, under Normal Circumstances. This shall be the technical benchmark for the system’s response time. The database is to be centralized to ensure performance and reliability.  

For the data access, in association to the login/password feature, there must be multiple user access level restricting them to access to different application functions within the system. Next, it will pass to common which selection window allowing input of criteria before pulling-out records. Queries of seats or trips should only pull out available ones and not all the records, to avoid tediousness of scrolling through list of records to look for available seats. Balance seats available and vacant seats should be highlighted in the seat plan. The central of database for E-ticketing System shall be sited at secured environment.
For the database tier, it consists of storage procedure and database clustering that will help middle managers to control the E-Ticketing System.  Storage procedure serving as part of the high availability design, the purpose storage procedure is recommended to present the following features:
  • Full redundancy for all hardware components
  • Online parts replacement
  • Online patch application
  • Hardware mirroring and stripping capabilities
  • Mirrored cache with battery back up
  • Load balancing and failover capabilities across all host adaptors

For database clustering, it uses two or more nodes or machine, each running an instance that accesses a single database residing on shared-disk storage. Clustering provides and help the managers to :
  1. Availability- provides near continues access to data with minimal interruption from hardware and software components failure. If an instance or node fails, the surviving instances automatically perform recovery for the failed and continue to provide database service
  2. Scalability – allows nodes to be added to the cluster to increase processing capabilities without having to redistribute data
  3. Manageability- provides a single system image to manage




Agents are ticket4u.com.my, catchthatbus.com, easybook.com, and busonlineticket.com. They need to deposit cash in E-Ticketing's account for capital topup. Through the capital topup, they can sell many online buses tickets as they want. 
After that, the agents need to register with E-Ticketing to create user ID, Password and Serial Number as identification. The E-Ticketing's control center will create the counter name for the agents. After done the registration, the agents can start selling the online buses ticket according to the current price of bus tickets that already decided by KTB Sdn. Bhd. However, if there is no capital topup or the capital topup already finish, the agents will be stop selling the online buses tickets by E-Ticketing's control center.

The second picture is about the value chain of purchasing online ticket. First, KTB Sdn. Bhd. allow the agents to sell the ticket on their behalf. Next, the agents sell the ticket to customers using E-Ticketing System. After make a reservation, customer will go to online payment or credit card payment. Then, the bank will give the confirmation payment to customer, agents and E-Ticketing control center. After the confirmation payment received, the agents will inform the successful transaction to E-Ticketing control center. Lastly, E-Ticketing control center will generate the confirmation email and travel planner to customers.

Next picture is about the customers will go to online payment or credit card payment. They should choose a convenient way to purchase tickets to make payments. There credit card or direct online transaction are CIMB Clicks, RHB now, Hong Leong Connect, AmOnline, Maybank2u.com, Bank Islam, e NETS, PB eBank.com, Master Card,  VISA and MEPS. 

That's all about the value chain diagram of E-Ticketing system by KTB Sdn. Bhd. Keep updating for the more information later.

See you in the next entry. Zai Jian. Annyeonghigeseyo. Adios. Maasalama. Goodbye!!!! <3
" No one can change the past, but everyone has a power to change the future"

Publish By : Hayati

0 comments | edit post
INFORMATION SYSTEM OF KTB SDN.BHD.
Unknown
Assalamualaikum, Ahlan Wa Sahlan. 
Annyeonghaseyo. Bienvenidos. Huan Ying. 

Welcome to our blog!!!!

We already done the interview!! Before we proceed, we would like to introduce the person incharge for our interview. Her name is Mrs. Noor Aliza binti Ghazali. She graduated from Wichita State University, Cansas, US in Bac. Computer Science. She was start working in KTB Sdn. Bhd. from 1986. Before that, it was known as Mara Holding and now change to Nadi Corp. KTB Sdn. Bhd. is one of their subsidiaries. Her position in KTB Sdn. Bhd. is Head of IT and Network Sales Service Department. She have 4 expertise staffs in the department to help her organize the IS.

Next, we are going to tell the selected information system using by this company. The information system use is E-Ticketing system. The function for this system is provide online buses ticket for the customers. KTB Sdn. Bhd. using third parties to development the web of online ticket and provide technical supports such as busonlineticket.com, easybook.com, catchthatbus.com and ticket4u.com.my. KTB Sdn. Bhd. only provide database, E-Ticketing such as buses database, routes, driver (belong to brands), trips, estimated time to arrive (ETA), time for departure, seats available and membership data of their customers. This company have 1500++ workers including drivers, staff at counters and branch managers for all buses brands, Plusliner, Transnasional and Nice Coach.

Here are the types of IS using by this company :



The end-users of these buses are young generations, working people,family and foreigners. KTB Sdn. Bhd. also promoting customers with membership card to give discount when they purchase the tickets.










That's all from us now. We will keep updating the information later on.

See you in the next entry. Zai Jian. Annyeonghigeseyo. Adios. Maasalama. Goodbye!!!! <3

"Be the good because God loves the goodness"


Publish By : Ain
0 comments | edit post
WE ARE SORRY!!!
Unknown
Assalamualaikum, Ahlan Wa Sahlan.
Annyeonghaseyo. Bienvenidos. Huan Ying. 

Welcome to our blog!!!!


We are sorry for not updating our blog after 16/3/2015.


This is because we are still contacting with Mrs. Aliza to get confirmation for conducting the interview. Luckily, we get the confirmation from Mrs. Aliza on Thursday. She agree to meet us and conduct an interview online ticket system of KTB Sdn. Bhd.


Our interview will be on Tuesday 7/4/2015 at 3 p.m. Now, we are preparing the questions as well as some study of related IT. After the interview, we will keep updating the information until the end.
Keep updating our blog for the more exciting information about these system and KTB Sdn. Bhd. :)
  

See you in the next entry... Zai Jian. Annyeonghigeseyo. 

Adios. Maasalama. Goodbye!!!! <3


" Every noble work is at first impossible"

Published By : Zhu Qi Long

0 comments | edit post