Professional Documents
Culture Documents
SECURITY
Security is the protection of any computer device, communication device or
network from unauthorised access of data, viruses etc. Security system is most
important aspect of E-commerce solution.
Today we take a lot of security for granted credit cards transaction in the store
at the gas station, electronic banking at the ATM. direct debit and deposits at
our banks. Yet many individual are concerned about security breaches and
scams on or via the internet.
E-SECURITY
The internet is a collection of loosely connected network where in the individual
hosts can access the former in a variety of ways through:
:-gateways
:-Routers
:-Dialup connection and
:-Internet service providers.
Secondly, manipulation of price at the payment gateway has also become quite
common. The intruders are mostly targeting this level to steal money. But this is
just the tip of the iceberg, there are many specific issues we must be aware of. Let
us take a look at different types of threats and the possible solutions to overcome
them.
1. Fraud
The users have pins or passwords to facilitate an online transaction. But payment
authorization based on just passwords and security questions does not guarantee the
identity of a person. This may lead to a fraud case if someone else gets ahold of our
passwords. This way the third person can steal money easily.
2. Tax Evasion
The invoice is provided by the companies as paper records to verify tax collection.
But in an online scenario, things become blurry and the Internal Revenue Service
faces the challenge. It becomes hard for them to process tax collection and verify if
the organization is being ethical or not.
3. Payment Conflicts
These transactions take place between automated electronic systems and the users.
Because it’s a machine at the end of the day, errors while handling payments are
possible. These glitches and anomalies lead to conflicts of payment and users end
up losing their money.
4. E-cash
The paperless cash system is by using online wallets like PayPal, GooglePay, Paytm,
etc. Because all the financial information is in that application, a single security
breach can lead to the disclosure of private information and monetary loss.
It has four components – issuers, customers, merchants, and regulators. The issuers
are the financial institutions, customers are the ones using this money, merchants are
the ones earning it and regulators are for monitoring its movement. Some of the
threats that e-commerce website face while using e-cash are –
It can also slow down the speed and make consumers go back with a negative
experience. To solve this issue in particular, always use a web application firewall,
go blacking or change server IP in the worst case scenario. You can read about more
solutions in detail below.
b. Backdoors Attacks
The hackers use this attack to enter the user’s system by escaping normal
authentication using unethical means. As the name suggests, it functions in the
background making it difficult for the users to detect and remove it.
d. Eavesdropping
This is a comparatively new way by which hackers listen to our personal
conversations over the internet. It doesn’t lead to disruption in the system
functioning but gives them access to private communication which they might
leverage upon later. The users in this case are not aware of their conversation being
tracked. Wifi eavesdropping is also a part of this type.
2. Spam
This is usually by sending out attractive baits to get personal information. The
spammers can also use blog pages and contact forms to get companies to click on
malicious links. This allows them to harm the website’s speed, security, and
consumers as well.
3. SQL Injection
It is a technique in which hackers use query submission forms to gain database
access. They corrupt all the information using viruses and make it infectious. They
may copy the data for personal benefit and delete it from the main system
permanently.
4. Bots
These are software that has web crawlers to decide website rankings of existing
pages on the internet. The hackers can use these crawlers to track competitor’s
policies and strategy leading to unfair market practices. This may be used against
the company or in favor of the competitor.
6. Trojan horses
This is a malware that users download thinking of it as legitimate software. But it
can collect the user pattern, financial information, personal details, and more without
the owner’s permission. The commercial website becomes prone to sensitive data
leaks and system infections.
7. Cross-Site Scripting (XSS)
This technique uses the planting of malicious JavaScript snippets that track
consumer behavior and patterns on websites. This is by accessing customers’
cookies and computers. Content Security Policy is one way to assure customers
about their privacy and safety.
9. Hacktivism
Hacking activism is a type of hacking that targets social media more than the
websites. It is usually to bring out social issues by breaking into a company’s social
media accounts. It can also include spamming websites with email addresses to bring
the server down.
a. Skimming
A device is attached to the card reader at the ATM which skims data as soon as the
card enters the machine. AS the user swipes the card, the information from the
magnetic strip is copied on the skimming device. The scammers by this method get
access to all financial details about the person.
b. Unwanted Presence
This is a physical way of getting financial information which is quite common. The
rule at the ATM celery says one person at a time but many people tend to lurk and
overlook the card details with negative intention.
c. POS Theft
The salesperson at the store may have an ulterior motive and use the financial
information of customers for personal benefits. It is commonly done at merchant
stores at the time of POS transactions. This may be done at the billing counter when
the person copies the information on the card using unfair means.
d. Online Transaction
Like we read above, online transactions are very risky as hackers can break at any
time. They can steal passwords, card details. Personal information, identity, and
much more by unethical means. The ways to do them are already mentioned above.
e. Vishing/Phishing
The scammers use SMS and calls to set baits for the users to make them reveal
personal information. They may act as a financial institution or some other credible
entity to get your card details for unfair practices.
IT Security Solutions
2. Use firewall
A very common technique to block security threats and control network traffic by
following defined rules. It is a type of network security software that functions
according to security measures put forward by the users. This includes protection
from most of the cyber threats like XSS, SQL injection, trojan, etc.
4. Encryption
A method of converting normal language into a coded one so that hackers can’t crack
it. It is essential for websites to follow encryption to avoid data breach at all costs.
Only a handful of trained individuals should be able to decrypt this cipher text
ensuring safety at all times.
Server:
A server is the common source that provides shared services (for example,
network security measures) with other machines and Manages resources (for
example, one printer many people use) in a network.
Client-server security threats can be divided into 2 major categories:-
a) Threats to client
b) Threats to server
1. Client threats mostly arise from malicious data or code, malicious code
refers to viruses, worms,Trojan horses & deviant.
2. A computer virus is a program or piece of code that is loaded onto your
computer without your knowledge & runs against your wishes. Virus can
also replicate themselves.
3. A program that performs a desired task but also performs unexpected
function.
4. It is a self-replicating program that a self continued & does not need any
host program to execute. Clients must scan for malicious data &
executable program fragment that are transferred form the server to the
client.
5. Unauthorized eavesdropping Denial of services(Dos) Modification of
incoming data packets
6. Watching data or information as it travels through the internet. Hackers
can use to trap username & unencrypted password sent over that network.
7. A denial of service attack is an effort to make one or more computer system
unavailable. It is typically targeted at web servers but it can also be used
on mail server, name servers & any other type of computer system. The
2 most common types of these attacks are:- service overloading
message overloading
8. Servers are vulnerable to service overloading. Dos will occur due to
overloading of the server.
9. Message overloading will occur when someone sends a very large file to
the message box of server at every few seconds. The message box rapidly
grows in size & begins to occupy all space on the disk & increase the
number of receiving process on the recipient’s machine & causing a disk
crash.
10.It is an integrity threats that involve modifying a message packet or
destroyed the message packet. In many cases, packet information not
only be modified, but its contents may be destroyed before legitimate users
can see them
• Uses various authorization methods to make sure that only user and
programs have access to information resources such as databases
Client and User Security Clients connect to servers and these connections, if left
open or not secured, provide entry points for hackers and other intruders that may
use data for evil purposes. The distribution of services in client/ server increases
the susceptibility of these systems to damage from viruses, fraud, physical
damage and misuse than in any centralised computer system.
The client PC desktop as the client machine can easily connect to server and hence
pose a great threat to organisational data. Located in an open place for users and
intruders. Require physical protection. –disk drive locks, –diskless workstations
to prevent the loading of unauthorised software and viruses
The Network Intruders can use network to break into computer systems and their
various resources –Can sniff the network to read packet of information such as
password, company details, etc. Use data encryption
Servers : The should be protected with the level of password security applicable
to the business. Encrypt database contents cryptogram or advanced DES (Data
Encryption Standard) To avoid ‘trial and error’ login attacks to database, servers
impose long delay to respond to user.
Users The easiest way to gain illegal entry to the system is by obtaining a valid
users ID and password. Password can be discovered when: –User chose short
password or can easily be guessed. –User keeps a list of password in a dek drawer.
–Share password with another users. –Attacker pretend company IT staff and
request password to fix unnamed problem.
Users To overcome this ensure that you have good security policy, and strong
password management must be implemented. For more details on establishing
Client/Server Security Model read given handout (Client_server security
issues.doc) available on my page.my page
Risks Associated with Client/Server Model Apart from the above framework of
Client/Server Model there are other risks accompanied by this model:- –
Client/Server Development Risks –Workstation Risks –The Network Wire Risk
–The DBMS Risk –And other (Read in the given handout (CS_Security.doc))
available on my pagemy page
Client/Server Risks The DBMS Risk –C/S computing is based largely on the
Database Management Software that supports the applications. Security
professional needs to identify System Manager for DBMS “System” or “Sys” for
Oracle. –More read on the handout (CS_Security.doc) available on web.
Data and Message Security
Data Security
• Data Security means protecting a database from destructive forces and
the unwanted action from unauthorized user.
• Data security is most important at a time when people are considering
banking and Finance transaction by PC.
• One of the major threat is unauthorized network accessing a data.
• Username, password and other data can be hijacked from network.
Message Security
• Message security is used for protecting ingoing and outgoing message from
unauthorized user.
• Various threat are-
1. Sensitive message such as credit card number can be used by
unauthorized user.
2. Message can be modified.
Document Security
Document Security is a significant issue faced by almost all businesses operating
worldwide. When a company uploads its documents onto the internet through
cloud storage devices and platforms, they are at an extremely high risk of falling
prey to malicious viruses and dangerous hackers. When placed in a physical form,
there is an extremely high chance that they can be lost or damaged due to
consequences like fire or theft.
Many businesses around the world have had to face difficult situations of data
theft and security breaches, forcing them to pay a heavy price. Therefore, it is
a wise and vital decision to take security measures seriously when uploading
essential documents of a business such as bookkeeping records and financial
transactions.
Define Document Security
As documents face major security threats, one must realize the importance of
developing a backup and storage plan for documents. It is a much
more complicated process than just choosing a storage platform that will provide
you ample space. It involves profoundly understanding the security features,
capacity, and ability to maintain a backup if the documents are lost. If the
documents are lost, your document storage platform should have the ability to
retrieve them quickly.
Although there are some mistakes related to document storage and management
that should be avoided at all costs:
2. One major factor that many businesses are concerned about is the
security of document storage. Most documents stored online are not as safe
as they are likely to fall prey to malicious attacks on the internet.
Documents are easily accessible to third parties and can be hacked despite
having security. Therefore, the lack of an effective encryption method can
prove to be fatal for a business.
Although document storage seems to be a bit costly and proves to be a little time
consuming, it saves the documents from vicious threats if they are adequately
encrypted, alongside providing the ‘make life easier’ benefit.
With the use of document storage platforms, effective document management can
quickly be executed. All of the documents can be placed in one spot in
an organized manner. Businesses can store all essential documents like
bookkeeping and employer records that can easily be accessed when needed.
Document storage facilities are undoubtedly the best option for effective
document security and efficient management, especially for businesses that
have essential data they want to keep secure. A cost-effective, reliable, and easy
to use document security system is a must for your business for executing
effective management strategies.
Firewall
A firewall can be defined as a special type of network security device or a
software program that monitors and filters incoming and outgoing network traffic
based on a defined set of security rules. It acts as a barrier between internal private
networks and external sources (such as the public Internet).
32.8M
746
and a gateway. For example, a broadband router. On the other hand, a software
firewall is a simple program installed on a computer that works through port
numbers and other installed software.
Apart from that, there are cloud-based firewalls. They are commonly referred to
as FaaS (firewall as a service). A primary advantage of using cloud-based
firewalls is that they can be managed centrally. Like hardware firewalls, cloud-
based firewalls are best known for providing perimeter security.
Why Firewall
Open Access
Without a firewall, we are leaving our devices accessible to everyone. This means
that anyone can access our device and have complete control over it, including
the network. In this case, cybercriminals can easily delete our data or use our
personal information for their benefit.
Network Crashes
In the absence of a firewall, anyone could access our network and shut it down.
It may lead us to invest our valuable time and money to get our network working
again.
Therefore, it is essential to use firewalls and keep our network, computer, and
data safe and secure from unwanted sources.
Firewalls have been the first and most reliable component of defense in network
security for over 30 years. Firewalls first came into existence in the late 1980s.
They were initially designed as packet filters. These packet filters were nothing
but a setup of networks between computers. The primary function of these packet
filtering firewalls was to check for packets or bytes transferred between different
computers.
The turn of the century saw a new approach to firewall implementation during
the mid-2010. The 'Next-Generation Firewalls' were introduced by the Palo
Alto Networks. These firewalls came up with a variety of built-in functions and
capabilities, such as Hybrid Cloud Support, Network Threat Prevention,
Application and Identity-Based Control, and Scalable Performance, etc. Firewalls
are still getting new features as part of continuous development. They are
considered the first line of defense when it comes to network security.
addresses, or sources.
Functions of Firewall
Since the firewall acts as a barrier or filter between the computer system and other
networks (i.e., the public Internet), we can consider it as a traffic controller.
Therefore, a firewall's primary function is to secure our network and information
by controlling network traffic, preventing unwanted incoming network traffic,
and validating access by assessing network traffic for malicious things such as
hackers and malware.
Generally, most operating systems (for example - Windows OS) and security
software come with built-in firewall support. Therefore, it is a good idea to ensure
that those options are turned on. Additionally, we can configure the security
settings of the system to be automatically updated whenever available.
Limitations of Firewall
When it comes to network security, firewalls are considered the first line of
defense. But the question is whether these firewalls are strong enough to make
our devices safe from cyber-attacks. The answer may be "no". The best practice
is to use a firewall system when using the Internet. However, it is important to
use other defense systems to help protect the network and data stored on the
computer. Because cyber threats are continually evolving, a firewall should not
be the only consideration for protecting the home network.
Types of Firewall
o Proxy Firewall
o Packet-filtering firewalls
o Stateful Multi-layer Inspection (SMLI) Firewall
o Unified threat management (UTM) firewall
o Next-generation firewall (NGFW)
o Network address translation (NAT) firewalls
Firewalls and anti-viruses are systems to protect devices from viruses and other
types of Trojans, but there are significant differences between them. Based on the
vulnerabilities, the main differences between firewalls and anti-viruses are
tabulated below:
Attributes Firewall Anti-virus
Types of Firewall
There are mainly three types of firewalls, such as software firewalls, hardware
firewalls, or both, depending on their structure. Each type of firewall has
different functionality but the same purpose. However, it is best practice to have
both to achieve maximum possible protection.
Besides, there are many other types of firewalls depending on their features and
the level of security they provide. The following are types of firewall techniques
that can be implemented as software or hardware:
o Packet-filtering Firewalls
o Circuit-level Gateways
o Application-level Gateways (Proxy Firewalls)
o Stateful Multi-layer Inspection (SMLI) Firewalls
o Next-generation Firewalls (NGFW)
o Threat-focused NGFW
o Network Address Translation (NAT) Firewalls
o Cloud Firewalls
o Unified Threat Management (UTM) Firewalls
Many business firms and individuals are benefiting from the commercial
development of the Internet, but this development also exacts a price from
individuals, organizations, and societies. These costs and benefits must be
carefully considered by those seeking to make ethical and socially responsible
decisions in this new environment.
The major ethical, social, and political issues that have developed around e
commerce over the past seven to eight years can be loosely categorized into four
major dimensions: information rights, property rights, governance, and
public safety and welfare . Some of the ethical, social, and political issues raised
in each of these areas include the following:
To illustrate, imagine that at any given moment society and individuals are more
or less in an ethical equilibrium brought about by a delicate balancing of
individuals, social organizations, and political institutions. Individuals know
what is expected of them, social organizations such as business firms know their
limits, capabilities, and roles and political institutions provide a supportive
framework of market regulation, banking and commercial law that provides
sanctions against violators. Now, imagine we drop into the middle of this calm
setting a powerful new technology such as the Internet and e-commerce.
Suddenly individuals, business firms, and political institutions are confronted by
new possibilities of behavior. For instance, individuals discover that they can
download perfect digital copies of music tracks, something which, under the old
technology of CDs, would have been impossible. This can be done, despite the
fact that these music tracks still “belong” as a legal matter to the owners of the
copyright - musicians and record label companies.
Extending ethics from individuals to business firms and even entire societies can
be difficult, but it is not impossible. As long as there is a decision-making body
or individual (such as a Board of Directors or CEO in a business firm or a
governmental body in a society), their decisions can be judged against a variety
of ethical principles. If you understand some basic ethical principles, your
ability to reason about larger social and political debates will be improved. In
western culture, there are ability and liability principles that all ethical schools of
thought share: responsibility, account- liability.
• Define the conflict or dilemma and identify the higher order value
involved. Ethical, social, and political issues always reference higher
values. Otherwise, there would be no debate. The parties to a dispute all
claim to be pursuing higher values (e.g., freedom, privacy, protection of
property, and the -enterprise system). For example, Double Click and its
supporters argue that their tracking of consumer movements on the Web
increases market efficiency and the wealth of the entire society.
Opponents argue this claimed efficiency comes at the expense of
individual privacy, and Double Click should cease its or offer Web users
the option of not participating in such tracking.
• Identify the stakeholders. Every ethical, social, and political issue has
stakeholders: players in the game who have an interest in the outcome,
who have its vested in the situation, and usually who have vocal
opinions. Find out the identity of these groups and what they want. This
will be useful later when designing a solution.
• Identity the options that you can reasonably take. You may find that
none of the options satisfies all the interests involved, but that some
options do a better job than others. Sometimes, arriving at a “good” or
ethical solution may not, always be a balancing of consequences to
stakeholders.
The major ethical issues related to ecommerce and privacy includes the
following: Under what conditions should we invade the privacy of others?
The major social issues related to e-commerce and privacy concern the
development of “exception of privacy” or privacy norms, as well as public
attitudes. In what areas of should we as a society encourage people to think they
are in “private territory” as opposed to public view? The major political issues
related to ecommerce and privacy concern the development of statutes that
govern the relations between record keepers and individuals.
Legal Protections
In the United States, Canada, and Germany, rights to privacy are explicitly
granted in or can be derived from, founding documents such as constitutions, as
well as in specific statutes. In England and the United States, there is also
protection of privacy in the common law, a body of court decisions involving
torts or personal injuries. For instance, in the United States, four privacy-related
torts have been defined in court decisions involving claims of injury to
individuals caused by other private parties intrusion on solitude, public disclosure
of private facts, publicity placing a person in a false light, and appropriation of a
person’s name or likeness (mostly concerning celebrities) for a commercial
purpose. In the United States, the claim to privacy against government intrusion
is protected primarily by the First Amendment guarantees of freedom of speech
and association and the Fourth: Amendment protections against unreasonable
search and seizure of one’s personal documents or home, and the Fourteenth
Amendment’s guarantee of due process. In addition to common law and the
Constitution, there are both federal laws and state laws that protect individuals
against government intrusion and in some cases define privacy rights vis-à-vis
private organizations such as financial, education, and media institutions.