Firewalls for beginners
Types of firewalls
Types of e-commerece
The matter published here has been taken from various websites and is strictly used for noncommercial and educational purpose only
Access to e-mail and other Internet resources is very much a necessity for conducting business and accessing information. However, along with the convenience that network connectivity brings, it also raises serious security concerns. With always-on connections such as cable modems and DSL lines, Internet users need to be increasingly vigilant of security issues, as network traffic coming into the computer can cause damage to files and programs even when the user is away from the computer and the computer is idle. In a system that is not protected with any security measures, malicious code such as viruses can infect systems and cause damage that may be difficult to repair. Unscrupulous characters on the Internet are always snooping around trying to find open computers from which they can steal personal files, personal information or create other forms of mischief. The loss of financial records, e-mail, customer files, can be devastating to a business or to an individual.
In conjunction with other security measures, firewalls can help to prevent this devastation.
What are Firewalls?
Firewalls are tools that can be used to enhance the security of computers connected to a network, such as a LAN or the Internet. A firewall separates a computer from the Internet, inspecting packets of data as they arrive at either side of the firewall ? inbound to, or outbound from, your computer ? to determine whether it should be allowed to pass or be blocked.
Firewalls act as guards at the computer?s entry points (which are called ?ports?) where the computer exchanges data with other devices on the network. Firewalls ensure that packets that are requesting permission to enter the computer meet certain rules that are established by the user of the computer. Firewalls operate in two ways, by either denying or accepting all messages based on a list of designated acceptable or unacceptable sources, or by allowing or denying all messages based on a list of designated acceptable or unacceptable destination ports.
Although they sound complex, firewalls are relatively easy to install, setup and operate. This article will provide a brief introduction to firewalls. This is not intended to serve as a review of specific firewall products. Rather, it will serve as an overview of what firewalls are, how they work, the different types of firewall technology and their suitability for small office/ home office and personal computer users.
In order to understand how firewalls work it is important to understand the basics of TCP/IP, the language or protocol which all computers on the internet use to communicate. If you are not at all familiar with concepts such as packets, ports and IP addresses, please refer to the "Internet for Beginners" article at LINK. If you are, the following section may seem elementary; however, it explains each of the aspects of TCP/IP as it relates specifically to firewalls.
Let?s start by saying that TCP/IP is a ?language? that allows different computers to communicate. On the Internet, this language is spoken and understood by all different types of computers, even those using different operating systems such as Windows, Macintosh, or Unix. In order for a computer to communicate on the Internet, it must ?speak? TCP/IP.
When messages are sent along the Internet, they are broken up into small ?packets? that take different routes to get to the destination. On reaching the destination, the packets are re-assembled to form the complete original message. This method is similar to writing a letter, except the sentences that make up the letter are each sent in a separate envelope. With the large number of packets travelling the Internet, it is important that the content of the packets are transferred reliably and to the correct destination computer source information in the correct order ? this is where TCP/IP comes in.
TCP/IP ensures that messages arrive at the proper computer in the proper order. Internet Protocol (IP) is used for addressing messages so they can be exchanged between the source computer and the destination computer. Transmission Control Protocol (TCP) is responsible for making sure the entire message is received in the correct format (this will be explained in more detail later in this section). These terms may seem technical but the main thing we have to remember is that TCP/IP makes information exchange over the Internet possible. And what does this have to do with firewalls? Computers identify themselves using an IP address, which is similar to a street address. The IP address is a numerical translation of the web address. For example, the IP address of www.securityfocus.com is 220.127.116.11. When the message is in packet form, the destination address and the source address information are carried in the ?head? of the packet.
The IP address is an important concept in the discussion of firewalls because firewalls read the IP addresses in the head of the packets to determine the source of message. They then use part of that information to determine whether or not the message will be allowed access or not.
We have talked about firewalls guarding the entry points of the computer system ? these entry points are known as ?ports?. Personal computers use TCP/IP ports to communicate with other computers. Simply put, a port is a point at which computers connect to networks and to other computers so that it can exchange information with networks and other computers. Personal computers have various types of ports, each of which provides a specific and unique service. Port numbers that are open indicate which applications or services that computer is currently running.
Each port has a specific number, and each one allows computers to exchange information related to a specific application. For instance, computers typically exchange information with the World Wide Web via port 80. The port number is held in the information in the packet header. This is important for firewalls, because by reading the packet the firewall can tell what application the message is trying to run. Firewalls can be configured to deny certain applications, which they determine by reading the port number of the incoming packet.
For example, one common service is FTP, or file transfer protocol, which allows computers to exchange large files of text and graphics. The FTP server on a computer utilizes port #21. If the recipient computer is open to accepting FTP packets, it will accept packets that indicate that they are FTP packets by the inclusion of port #21 in their header. If, for instance, the recipient computer is not running FTP, it would not be open to receiving information that is addressed for port #21. Thus the firewall should be configured to deny access to any packets that are destined for that port number.
Some common TCP/IP ports and their corresponding numbers are:
• FTP (File Transfer Protocol) - #21
• SMTP (Simple Mail Transfer Protocol) - #25
• Login (Login Host Protocol) - #49
• HTTP (Hypertext Transfer Protocol) - #80
• Auth (Authentication service) - #113
• Audionews (Audio news multistream) - #114
Hackers often use software tools called port scanners to find services, such as the ones we just mentioned. Once the port scanner finds a service or an application that is running, the hacker then determines whether or not that specific service is vulnerable to attack. When they find vulnerable applications, the hacker may exploit them to gain entry into the system. Once inside the system, hackers proceed to attack the target and disrupt services by deleting or transferring critical files or by reading and/or stealing information that is stored on the computer.
There are 65,535 virtual ports on a typical personal computer that can be used to gain entry. The firewall has to keep an eye on each one of these ports. Talk about having a tough job!
Types of Firewalls
We can think of firewalls as being similar to a bouncer in a nightclub. Like a bouncer in a nightclub, firewalls have a set of rules, similar to a guest list or a dress code, that determines if the packet should be allowed entry. Just as the bouncer places himself at the door of the club, the firewall is located at the point of entry where data attempts to enter the computer from the Internet. But, just as different night clubs might have different rules for entry, different firewalls have different methods of inspecting packets for acceptance or rejection.
The most common firewall method is known as packet filtering. Maintaining our bouncer analogy, some bouncers may only check ID?s and compare this with the guest list before letting people in. Similarly, when a packet filter firewall receives a packet from the Internet, it checks information held in the IP Address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable.
In this case, a set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a particular source or destination IP address or port number is identified. For example, access to a pornographic web site can be blocked by designating the IP address of that site as a non-permitted connection (incoming or outgoing) with the users? computer. When the packet filter firewall encounters a packet from the porn site, it examines the packet. Since IP address of the porn site is contained in the header of the packet, it meets the conditions that specifically deny such a connection and the web traffic is not permitted to go through.
Although packet filters are fast, they are also relatively easy to circumvent. One method of getting around a packet filter firewall is known as IP spoofing, in which hackers adopt the IP address of a trusted source, thereby fooling the firewall into thinking that the packets from the hacker are actually from a trusted source. The second fundamental problem with packet filter firewalls is that they allow a direct connection between source and destination computers. As a result, once an initial connection has been approved by the firewall, the source computer is connected directly to the destination computer, thereby potentially exposing the destination computer and all the computers to which it is connected to attack.
Stateful Packet Inspection
A second method utilized by firewalls is known as stateful packet inspection. Stateful packet inspection is a form of super-charged packet filtering. It examines not just the headers of the packet, but also the contents, to determine more about the packet than just its source and destination information. It is called a ?stateful? packet inspection because it examines the contents of the packet to determine what the state of the communication is ? i.e. it ensures that the stated destination computer has previously requested the current communication. This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, Stateful inspection firewalls also close off ports until connection to the specific port is requested. This allows an added layer of protection from the threat of port scanning.
Other types of bouncers have stricter rules: they not only want to know who the guest is, but what he or she will be doing once they are inside the club. In the world of firewalls, this type of bouncer is known as an application-level proxy because it determines if a connection to a requested application is permitted. Only connections for specified purposes, such as Internet access or e-mail, will be permitted. This allows system administrators to control what applications their system?s computers will be used for.
For example, hackers can use the Telnet service (which in the early days of the Internet was developed to allow remote logins to computers) to gain unauthorized access to a network. However, a firewall can be setup to allow only web and e-mail applications to gain access. The firewall can be programmed to stop all packets with the destination port of 23, which is the standard port for Telnet. Any attempt by hackers to telnet into the users? computer will fail because the application level firewall will recognize this telnet connection as a non-web/e-mail application and reject the information trying to enter the users? computer.
This type of firewall is known as an application-level proxy because, in addition to screening packets for the type of application they wan to run on the user?s computer, they also serve as a proxy server. A proxy can be thought of as a computer that sits between a computer and a web server and acts as a middleman between the computer and the web server.
An application-level proxy receives all communications requests from the computers behind it (or inside the firewall.) It then proxies the request; that is, it makes the requests on behalf of its constituent computers. What this does is to effectively hide the individual computers on the network behind the firewall. The targeted computers are protected from view because outside sources never make direct contact with the computers - every communication is conducted through the proxy server.
Network Address Translation (NAT)
Network Address Translation (NAT), serves as a firewall by keeping individual IP addresses hidden from the outside world. Similar to a proxy server, Network Address Translation acts as an intermediary between a group of computers and the Internet. NAT allows an organization to present itself to the Internet with one address. NAT converts the address of each computer and device on a LAN into one IP address for the Internet and vice versa. As a result, people scanning the Internet for addresses cannot identify the computers on the network or capture any details of their location, IP address, etc. And if the bad guys can?t find you, they can?t hurt you.
Drawbacks to Using Firewalls
Although firewalls have their strengths, and are an invaluable information security resource, there are some attacks that the firewalls cannot protect against, such as eavesdropping or interception of e-mail. Furthermore, whereas firewalls provide a single point of security and audit, this also becomes a single point of failure ? which is to say, firewalls are a last line of defense. This means that if an attacker is able to breach the firewall, he or she will have gained access to the system, and may have an opportunity to steal data that is stored in that system, or to create other havoc within the system. Firewalls may keep the bad guys out, but what if the bad guys are inside? In the case of dishonest or disgruntled employees, firewalls will not provide much protection. Finally, as mentioned in the discussion of packet filtering, firewalls are not foolproof - IP spoofing can be an effective means of circumvention, for example.
For optimal protection against the variety of security threats that exist, firewalls should be used in conjunction with other security measures such as anti-virus software and encryption packages. As well, a well-thought out and consistently implemented security policy is vital to attaining optimal effectiveness of any security software.
Firewall applications vary in sophistication and cost. For the small office or home user, the easiest and least expensive firewall solutions are personal firewalls, which are software programs that install on your computer. When selecting firewalls, the following considerations should be taken into account:
• Ease of installation/configuration
• Does the firewall run without user intervention?
• Are there parameters that have to be set, and is it easy to do?
• Is there online help or technical support available?
• Does the firewall provide audit reports identifying time, location and type of attack?
• Is the cost of the firewall appropriate to the size of your business/office?
• Are maintenance/ monitoring requirements suitable for the size and type of business?
• What will be the training requirements for the firewall?
• Will the firewall have a significant impact on the operation of the system as a whole?
There are a number of firewall products available with varying feature capabilities and costs. Most of the vendors offer a free trial for evaluation purposes and SOHO users should select one based on their needs.
What are the basic types of firewalls?
Conceptually, there are two types of firewalls:
1. Network layer
2. Application layer
They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs.
Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application.
The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing.
3.2.1 Network layer firewalls
These generally make their decisions based on the source, destination addresses and ports (see Appendix C for a more detailed discussion of ports) in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block . Network layer firewalls tend to be very fast and tend to be very transparent to users.
Figure 1: Screened Host Firewall
In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that (hopefully) can resist attack.
Figure 2: Screened Subnet Firewall
Example Network layer firewall : In figure 2, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.
3.2.2 Application layer firewalls
These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.
Figure 3: Dual Homed Gateway
Example Application layer firewall : In figure 3, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.
The Future of firewalls lies someplace between network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly ``aware'' of the information going through them, and application layer firewalls will become increasingly ``low level'' and transparent. The end result will be a fast packet-screening system that logs and audits data as it passes through. Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet. Firewalls with end-to-end encryption can be used by organizations with multiple points of Internet connectivity to use the Internet as a ``private backbone'' without worrying about their data or passwords being sniffed.
ELECTRONIC DATA INTERCHANGE
AND ELECTRONIC FUNDS TRANSFER
Electronic data interchange (EDI), or electronic data processing, is the electronic transmission of data between computers in a standard, structured format. Electronic funds transfer (EFT) is the term used for electronic data interchanges that involve the transfer of funds between financial institutions.
EDI has allowed companies to process routine business transactions, such as orders and invoices, more rapidly, accurately and efficiently than they could through conventional methods of transmission. While EDI has been around for decades, it wasn't until the late 1990s that this basic principle became a driving force in the rollout of electronic commerce, corporate extranets linking suppliers and customers, and related network-based technologies.
EDI has been present in the United States in some form since the mid-1960s. Businesses had been trying to resolve the difficulties intrinsic to paper-dependent commercial transactions. These difficulties include transmission speed (because of delays in entering the data onto paper and transporting the paper from sender to receiver); accuracy (because the data had to be recreated with each paper entry); and labor costs (labor-based methods of transmitting data are more expensive than computer-based methods).
In 1968 a group of railroad companies concerned with the accuracy and speed of intercompany transportation data transmissions formed an organization called the Transportation Data Coordinating Committee (TDCC) to study the problem and recommend solutions. Large companies such as General Motors and Kmart also reviewed the problems, which arose when they used their intracompany proprietary formats to send electronic data transmissions to outside parties. Because each company had its own proprietary format, there was no common standard among transmitting parties. A company doing business electronically with three other companies would need three different formats, one for each company.
By the 1970s several industries had developed common EDI programs for their companies within those industries, and a third-party network often administered these systems. Some examples of these systems include ORDERNET, which was developed for the pharmaceutical industry, and IVANS, which was developed for the property and casualty insurance industry. While these systems were standardized for each industry, they likewise could not communicate with other industries' proprietary systems. By 1973 the TDCC began developing set of standards for generic formats to handle this problem.
HOW EDI WORKS
EDI is quite different from other types of electronic communication. It is unlike a facsimile transmission (fax), which is the transfer of completely unstructured data through a digitized image. EDI also differs from other types of electronic communications among computers, such as electronic mail, network file sharing, or downloading information through a modem. In order to access electronic mail messages, shared network files, or downloaded information, the format of the computer applications of both the sender and the receiver must agree.
Since EDI uses a defined set of standards for transmitting business information, these standards allow data to be interpreted correctly, independent of the platforms used on the computers that transmit the data. When a sender transmits data, such as a purchase order, the EDI translation software converts the proprietary format of the sender's document processing software into a mutually recognized standard format. When the receiver obtains the data, the EDI translation software automatically converts the standard format into the receiver's proprietary document processing format. Because of the speed and accuracy of an EDI, users find that the system saves time and reduces costs over paper-based business transactions.
By the 2005, major retailers relied heavily on EDI to exchange purchase orders, invoices, and other information with their trading partners. In a June 2004 poll of 20 retailers, the majority said that they were either adding new trading partners or increasing the number of EDI transactions. It is estimated that between 80 and 90 percent of business-to-business traffic is conducted through EDI, and this number is growing 3 to 5 percent annually. Retail giants such as Wal-Mart Stores Inc., J.C. Penney Co., Supervalu Inc., and Hallmark Cards Inc. have been regular users of EDI. In fact, Wal-Mart has been one of the most influential companies driving new technology trends.
Since 2003, many companies have turned to a new technology in which data is transmitted over the Internet using the Applicability Statement 2 (AS2) protocol. The AS2 rules describe how to send data securely and ensure that the messages are received.
In September 2002, Wal-Mart asked its suppliers to switch from value-added networks (VANs) to AS2. Other companies have followed suit. One company claimed to have cut its costs by 70 percent after switching from a VAN to AS2. However, others have decided not to make the switch because of the costs involved.
Retailers are not the only businesses to take advantage of this technology. The healthcare industry also uses EDI to exchange patient information between medical providers and insurance companies. EDI is such a reliable means of transmitting data that a growing number of third-party payers, including Medicare, Medicaid, and commercial insurers, have started to require providers to submit claims electronically.
The Electronic Data Interchange rule was developed as part of the Health Insurance Portability and Accountability Act (HIPAA) and required compliance by October 16, 2003. This law requires all entities that transmit clinical data (including claims, referrals, and eligibility verification) to use the same electronic data file format. This can be accomplished by purchasing and maintaining a HIPAA-compliant practice management system (PMS) or by transmitting the data through a clearinghouse. The PMS is not the most cost-effective option for smaller entities, as it usually requires an administrator to maintain and upgrade the system as necessary. With the clearinghouse option, the entity sends data to a clearinghouse. The clearing-house then sends the data to the appropriate recipients in the appropriate format.
ELECTRONIC FUNDS TRANSFER
An electronic funds transfer (EFT) is an EDI among financial institutions in which money is transferred from one account to another. Some examples of EFTs include electronic wire transfers; automatic teller machine (ATM) transactions; direct deposit of payroll; business-to-business payments; and federal, state, and local tax payments.
In general, EFT transactions are transferred through an automated clearing house (ACH) operator. An ACH operator is a central clearing facility operated by a private organization or a Federal Reserve bank on behalf of participating financial institutions, to or from which financial institutions transmit or receive ACH transactions. The ACH network is a nationwide system for interbank transfers of electronic funds. It serves a network of regional Federal Reserve banks processing the distribution and settlement of electronic credits and debits among financial institutions.
ACH transactions are stored in an ACH file, which is a simple ASCII-format file that adheres to ACH specifications. A single ACH file holds multiple electronic transactions, each of which carries either a credit or debit value. Typically, a payroll ACH file contains many credit transactions to employees' checking or savings accounts, as well as a balancing debit transaction to the employer's payroll account. An originating bank sends electronic payment instructions to a receiving bank. In those instances, the electronic transfers are processed in batches and settled within a few days.
The National Automated Clearing House Association (NACHA) oversees the ACH network and is primarily responsible for establishing and maintaining its operating rules. All financial institutions moving electronic funds through the ACH system are bound by the NACHA Operating Rules, which cover everything from participant relationships and responsibilities to implementation, compliance, and liabilities. While the NACHA rules are specific and quite detailed, adhering to a strict set of rules is crucial to the smooth and successful operation of the ACH system.
As the use of home computers becomes more and more a part of everyday life, the popularity of online banking and online bill payments continues to grow. Many banks allow their customers to access account information over the Internet and to transfer funds between accounts. Many credit card companies and utility companies allow customers to pay their bills online through EFTs. Online bill payments can save the consumer time and money. The customer can pay a bill in a matter of minutes over the Internet instead of spending money on postage to send a paper check and risking the chance that the bill may arrive past the due date.
On October 28, 2004, the Check Clearing for the 21st Century Act, also known as Check 21, took effect. This federal law allows banks to transmit checks electronically and substitute electronic images for original paper checks. Check 21 provides many advantages for banks and financial institutions. By transmitting checks electronically, banks can reduce the amount of time it takes to receive funds. This is because they no longer have to wait for another bank to receive paper checks before they send the funds. In addition to saving time, Check 21 saves banks millions of dollars in transportation and storage costs.
While Check 21 has made the banks happy, it has made many consumers unhappy. Many people write checks thinking that it will take at least two or three days for them to clear, thus giving them time to deposit the appropriate funds to cover the check. However, with Check 21 banks can clear checks within 24 hours of receiving them, cutting this safety net by days in many cases. In addition, although banks can process checks and debit the customer's accounts right away, they can still hold out-of-state checks for five days or more.
Consumer groups complain that this law increases the chances of fraud, error, bounced check fees, and inconvenience. There may be times when a bank cannot accept an electronic check image. In that case, the other bank could create a substitute check that has the same legal weight as the paper check. Having both the original check and a substitute check around could result in both checks being cashed, either fraudulently or by an honest mistake.
Types of ecommerce
Ecommerce (e-commerce) or electronic commerce, a subset of ebusiness, is the purchasing, selling, and exchanging of goods and services over computer networks (such as the Internet) through which transactions or terms of sale are performed electronically. Contrary to popular belief, ecommerce is not just on the Web. In fact, ecommerce was alive and well in business to business transactions before the Web back in the 70s via EDI (Electronic Data Interchange) through VANs (Value-Added Networks). Ecommerce can be broken into four main categories: B2B, B2C, C2B, and C2C.
Companies doing business with each other such as manufacturers selling to distributors and wholesalers selling to retailers. Pricing is based on quantity of order and is often negotiable. Business to Business e-commerce has been in use for quite a few years and is more commonly known as EDI (electronic data interchange). In the past EDI was conducted on a direct link of some form between the two businesses where as today the most popular connection is the internet. The two businesses pass information electronically to each other. B2B e-commerce currently makes up about 94% of all e-commerce transactions.
Businesses selling to the general public typically through catalogs utilizing shopping cart software. By dollar volume, B2B takes the prize, however B2C is really what the average Joe has in mind with regards to ecommerce as a whole.
B2C, sometimes also called Business-to-Customer, describes activities of E-businesses serving end consumers with products and/or services. B2C relationships are often established and cultivated through some form of Internet marketing.
Advantages of B2C e-commerce
• Shopping can be faster and more convenient.
• Offerings and prices can change instantaneously.
• Call centers can be integrated with the website.
• Broadband telecommunications will enhance the buying experience.
A consumer posts his project with a set budget online and within hours companies review the consumer's requirements and bid on the project. The consumer reviews the bids and selects the company that will complete the project.
Consumer to Business is a growing arena where the consumer requests a specific service from the business.
Example: Harry is planning a holiday in Darwin. He requires a flight in the first week of December and is only willing to pay $250. Harry places a submission with in a web based C2B facility. Dodgy Brothers Airways accesses the facility and sees Harry's submission. Due to it being a slow period, the airline offers Harry a return fare for $250.
There are many sites offering free classifieds, auctions, and forums where individuals can buy and sell thanks to online payment systems like PayPal where people can send and receive money online with ease. eBay's auction service is a great example of where person-to-person transactions take place everyday since 1995.
These sites are usually some form of an auction site. The consumer lists items for sale with a commercial auction site. Other consumers access the site and place bids on the items. The site then provides a connection between the seller and buyer to complete the transaction. The site provider usually charges a transaction cost. In reality this site should be call C2B2C.
Companies using internal networks to offer their employees products and services online--not necessarily online on the Web--are engaging in B2E (Business-to-Employee) ecommerce.
G2G (Government-to-Government), G2E (Government-to-Employee), G2B (Government-to-Business), B2G (Business-to-Government), G2C (Government-to-Citizen), C2G (Citizen-to-Government) are other forms of ecommerce that involve transactions with the government--from procurement to filing taxes to business registrations to renewing licenses. There are other categories of ecommerce out there, but they tend to be superfluous.