UNIT-5

SECURITY
Security is the protection of any computer device, communication device or
network from unauthorised access of data, viruses etc. Security system is most
important aspect of E-commerce solution.
Today we take a lot of security for granted credit cards transaction in the store
at the gas station, electronic banking at the ATM. direct debit and deposits at
our banks. Yet many individual are concerned about security breaches and
scams on or via the internet.

E-SECURITY
The internet is a collection of loosely connected network where in the individual
hosts can access the former in a variety of ways through:
:-gateways
:-Routers
:-Dialup connection and
:-Internet service providers.

These are accessible to any one regardless of national or geographic boundaries

and also at any time of the day. Though this is considered as an advantage of
internet, the disadvantages are also there...
Risks that extend to valuable information may be:-
:-Lost
:-Stolen
:-Corruption
:-Misused etc
Security Threats and IT Solutions
Protecting the industry has become the need of the hour as the third party gets the
confidential information using unfair means with bad intentions.
Two major reasons why companies fail in securing their business is ignorance
and price manipulation. Inaccurate management at the companies often lead to
sacrifice of confidential information. This may be due to lack of budget or
ignorance of the employees, but the consequence is always security failure.

Secondly, manipulation of price at the payment gateway has also become quite
common. The intruders are mostly targeting this level to steal money. But this is
just the tip of the iceberg, there are many specific issues we must be aware of. Let
us take a look at different types of threats and the possible solutions to overcome
them.

Electronic Payments Threat

The idea of everything taking place online is now applicable for the finance and
banking sector as well. The system of online wallets and e-transactions have become
very common as a mode of payment. But handling money on a network is also
dangerous as hackers may break into the firewall. There are many other risks like –

1. Fraud
The users have pins or passwords to facilitate an online transaction. But payment
authorization based on just passwords and security questions does not guarantee the
identity of a person. This may lead to a fraud case if someone else gets ahold of our
passwords. This way the third person can steal money easily.

2. Tax Evasion
The invoice is provided by the companies as paper records to verify tax collection.
But in an online scenario, things become blurry and the Internal Revenue Service
faces the challenge. It becomes hard for them to process tax collection and verify if
the organization is being ethical or not.

3. Payment Conflicts
These transactions take place between automated electronic systems and the users.
Because it’s a machine at the end of the day, errors while handling payments are
possible. These glitches and anomalies lead to conflicts of payment and users end
up losing their money.

4. E-cash
The paperless cash system is by using online wallets like PayPal, GooglePay, Paytm,
etc. Because all the financial information is in that application, a single security
breach can lead to the disclosure of private information and monetary loss.

It has four components – issuers, customers, merchants, and regulators. The issuers
are the financial institutions, customers are the ones using this money, merchants are
the ones earning it and regulators are for monitoring its movement. Some of the
threats that e-commerce website face while using e-cash are –

a. Direct Access Attacks

The hackers get direct access to the device and install programs in it without
permission. These softwares have worms that automatically save information from
the device without getting caught. It can lead to server paralysis and eventually make
it offline.

It can also slow down the speed and make consumers go back with a negative
experience. To solve this issue in particular, always use a web application firewall,
go blacking or change server IP in the worst case scenario. You can read about more
solutions in detail below.

b. Backdoors Attacks
The hackers use this attack to enter the user’s system by escaping normal
authentication using unethical means. As the name suggests, it functions in the
background making it difficult for the users to detect and remove it.

c. Denial of service attacks and Distributed Denial Service

Attacks
The hacker breaks into the system and takes away all the accessibility from the user.
They block the users from all the functions and resources and disrupt the system
temporarily. This is mainly done by using an internet network and the hackers may
ask for ransom/favors to activate the device again. In case of DDoS, the hackers will
use your computer to sabotage the security of another computer.

d. Eavesdropping
This is a comparatively new way by which hackers listen to our personal
conversations over the internet. It doesn’t lead to disruption in the system
functioning but gives them access to private communication which they might
leverage upon later. The users in this case are not aware of their conversation being
tracked. Wifi eavesdropping is also a part of this type.

Personal Information Threats

1. Scraping
This is mostly done by competitive brands to get their hands on sensitive data and
valuable internal metrics. The companies are very confidential about such
information but hackers/bots can break into the system to get access.

2. Spam
This is usually by sending out attractive baits to get personal information. The
spammers can also use blog pages and contact forms to get companies to click on
malicious links. This allows them to harm the website’s speed, security, and
consumers as well.

3. SQL Injection
It is a technique in which hackers use query submission forms to gain database
access. They corrupt all the information using viruses and make it infectious. They
may copy the data for personal benefit and delete it from the main system
permanently.

4. Bots
These are software that has web crawlers to decide website rankings of existing
pages on the internet. The hackers can use these crawlers to track competitor’s
policies and strategy leading to unfair market practices. This may be used against
the company or in favor of the competitor.

5. Brute Force Attacks

The hackers use this method to draw patterns and guesses to crack user/company
passwords. They will do so by using algorithms and multiple combinations until they
get the correct password to get in.

6. Trojan horses
This is a malware that users download thinking of it as legitimate software. But it
can collect the user pattern, financial information, personal details, and more without
the owner’s permission. The commercial website becomes prone to sensitive data
leaks and system infections.
7. Cross-Site Scripting (XSS)
This technique uses the planting of malicious JavaScript snippets that track
consumer behavior and patterns on websites. This is by accessing customers’
cookies and computers. Content Security Policy is one way to assure customers
about their privacy and safety.

8. Man in the middle

Similar to eavesdropping, the hackers use open networks or weaker networks to
listen in on conversations between a store consultant and a customer. They can
manipulate the message or the response and use the information for personal gain.

9. Hacktivism
Hacking activism is a type of hacking that targets social media more than the
websites. It is usually to bring out social issues by breaking into a company’s social
media accounts. It can also include spamming websites with email addresses to bring
the server down.

Credit/Debit Card Threats

ATM
The fraudsters are very active at these machines to steal card details. Some of the
common ways are –

a. Skimming
A device is attached to the card reader at the ATM which skims data as soon as the
card enters the machine. AS the user swipes the card, the information from the
magnetic strip is copied on the skimming device. The scammers by this method get
access to all financial details about the person.

b. Unwanted Presence
This is a physical way of getting financial information which is quite common. The
rule at the ATM celery says one person at a time but many people tend to lurk and
overlook the card details with negative intention.

c. POS Theft
The salesperson at the store may have an ulterior motive and use the financial
information of customers for personal benefits. It is commonly done at merchant
stores at the time of POS transactions. This may be done at the billing counter when
the person copies the information on the card using unfair means.

d. Online Transaction
Like we read above, online transactions are very risky as hackers can break at any
time. They can steal passwords, card details. Personal information, identity, and
much more by unethical means. The ways to do them are already mentioned above.

e. Vishing/Phishing
The scammers use SMS and calls to set baits for the users to make them reveal
personal information. They may act as a financial institution or some other credible
entity to get your card details for unfair practices.

IT Security Solutions

1. Secured Payment Gateway

Using only secured payment getaway is the smartest instruction to follow during
online transactions. These gateways have better security and nondisclosure policies
to protect all the consumers.

2. Use firewall
A very common technique to block security threats and control network traffic by
following defined rules. It is a type of network security software that functions
according to security measures put forward by the users. This includes protection
from most of the cyber threats like XSS, SQL injection, trojan, etc.

3. HTTPS and SSL certificates

SSL and HTTPS certificates follow a standard protocol that encrypts personal data
before transferring it to e-commerce websites. The consumers stay protecting if the
website has both certificates. The hackers even with access to information cannot do
much with encrypted data.

Hypertext Transfer Protocol Secure (https) is a combination of the Hypertext

Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport
Layer Security (TLS) protocol. TLS is an authentication and security protocol
widely implemented in browsers and Web servers.

4. Encryption
A method of converting normal language into a coded one so that hackers can’t crack
it. It is essential for websites to follow encryption to avoid data breach at all costs.
Only a handful of trained individuals should be able to decrypt this cipher text
ensuring safety at all times.

5. Server Security and Admin Panel

The users should carefully follow the password instructions mentioned on different
websites. Using a set of charters, symbols and numbers can help users make stronger
passwords. They should be careful about restricting access to multiple websites on
the internet. Follow the admin panel instructions to avoid security breaches

6. Anti-malware and Antivirus Software

Installing anti-malware/virus software to detect and delete viruses can prevent file
or software modification. This ensures the safety of data and personal information
from threats like worms, viruses, and Trojan horses.

7. Payment Card Industry Data Security Standard

It is a set of rigid guidelines that defines how a website can remain in a safe space
all the time. It gives a direct order of how the host can secure his website at payment
level, confidentiality level, etc. Similarly, DSS instructs these websites about how
they should save and deal with debit and credit card information.
8. Content delivery networks
It acts as a layer of hosting for websites by improving server content processes in
data centers. These centers have their own safety protocols ensuring a double layer
of security for the websites.

9. Opt for Multi-Layer Security

The new features of many software allow multi-layer security ensuring data
protection from DDoS attacks and malevolent traffic. They use features like machine
filters, two-factor authentication, etc. to tighten security.

10. Data Backups

It is always a good idea to keep backup files for important data in different devices
to avoid loss. The chances of hardware malfunction and cyber-attacks are quite
common in large companies. And thus having duplicate copies can be beneficial for
the company.

11. Ecommerce Security Plugins

Security plugins ensure website protection from bad bots, SQLi, XSS, etc. by
preventing malicious requests from reaching the website. They are easy to
implement and highly secure to protect websites automatically.

12. Employee Training

The more educated the employees, the fewer chances of a security breach. Giving
proper staff training can lead to better monitoring of the activities. They will know
which policy or law is relevant according to the situation and will overcome the
problem accordingly.

13. Track Malicious Activity

Ignorance often leads to smaller problems growing into huge ones. The same goes
for malicious activities, if the company remains cautious and pays attention to every
change, they can avoid security issues. A very tiny malicious activity when
monitored from the start can save companies’ goodwill, revenues, and information.

14. Prioritize Updates

It is important to use the latest technology when dealing in e-commerce. The
outdated software lacks better features to secure websites and portals which becomes
an issue for the company. It is advisable to use updated security tools and plugins to
avoid a serious liability.

15. Solid Ecommerce Platform

Having a secure e-commerce platform is very important as they have regular updates
and security to safeguard the website. There are multiple options which are offering
tools to prioritize website safety on the internet.

15. Perform a security audit

Just like a routine check-up, a regular examination of the website is very important.
Companies should prioritize going through their security protocols on a weekly or
monthly basis. This will allow them to identify any fault in the hosting before it’s
too late.

16. Client Education

There are chances that many glitches or issues are coming from the client’s side. In
this case, it is important for users to have proper knowledge about security and safety
while using the internet. Because of them using weak passwords or unsecured
networks, they end up facing consequences. This is the company’s responsibility to
educate their customers about password creation, payment journey, network
security, and many other things.

Client Server Threats and Security

Client:

Independent computers connected to a server are called clients. Most likely,

your home or office computer does not provide services to other computers.
Therefore, it is a client.

Server:

A server is the common source that provides shared services (for example,
network security measures) with other machines and Manages resources (for
example, one printer many people use) in a network.
Client-server security threats can be divided into 2 major categories:-
a) Threats to client
b) Threats to server
1. Client threats mostly arise from malicious data or code, malicious code
refers to viruses, worms,Trojan horses & deviant.
2. A computer virus is a program or piece of code that is loaded onto your
computer without your knowledge & runs against your wishes.  Virus can
also replicate themselves.
3. A program that performs a desired task but also performs unexpected
function.
4. It is a self-replicating program that a self continued & does not need any
host program to execute.  Clients must scan for malicious data &
executable program fragment that are transferred form the server to the
client.
5. Unauthorized eavesdropping  Denial of services(Dos)  Modification of
incoming data packets
6. Watching data or information as it travels through the internet.  Hackers
can use to trap username & unencrypted password sent over that network.
7. A denial of service attack is an effort to make one or more computer system
unavailable.  It is typically targeted at web servers but it can also be used
on mail server, name servers & any other type of computer system.  The
2 most common types of these attacks are:- service overloading
message overloading
8. Servers are vulnerable to service overloading.  Dos will occur due to
overloading of the server.
9. Message overloading will occur when someone sends a very large file to
the message box of server at every few seconds.  The message box rapidly
grows in size & begins to occupy all space on the disk & increase the
 number of receiving process on the recipient’s machine & causing a disk
crash.
10.It is an integrity threats that involve modifying a message packet or
destroyed the message packet.  In many cases, packet information not
only be modified, but its contents may be destroyed before legitimate users
can see them

Client server Security

• Computing technologies in which the hardware and software components

are distributed across a network

• Uses various authorization methods to make sure that only user and
programs have access to information resources such as databases

• Security mechanism like password protection, encrypted smart cards,

biometrics and firewalls.

• Purpose of a security system is to restrict access to information and

resources to just those principals which are authorized to have access.

Client and User Security Clients connect to servers and these connections, if left
open or not secured, provide entry points for hackers and other intruders that may
use data for evil purposes. The distribution of services in client/ server increases
the susceptibility of these systems to damage from viruses, fraud, physical
damage and misuse than in any centralised computer system.

Security Considerations Security consideration must include: –he host systems –

personal computers (PCs) –local area networks (LANs) –global wide area
networks (WANs) –Users.

The client PC desktop as the client machine can easily connect to server and hence
pose a great threat to organisational data. Located in an open place for users and
intruders. Require physical protection. –disk drive locks, –diskless workstations
to prevent the loading of unauthorised software and viruses

The Network Intruders can use network to break into computer systems and their
various resources –Can sniff the network to read packet of information such as
password, company details, etc. Use data encryption
Servers : The should be protected with the level of password security applicable
to the business. Encrypt database contents cryptogram or advanced DES (Data
Encryption Standard) To avoid ‘trial and error’ login attacks to database, servers
impose long delay to respond to user.

Users The easiest way to gain illegal entry to the system is by obtaining a valid
users ID and password. Password can be discovered when: –User chose short
password or can easily be guessed. –User keeps a list of password in a dek drawer.
–Share password with another users. –Attacker pretend company IT staff and
request password to fix unnamed problem.

Users To overcome this ensure that you have good security policy, and strong
password management must be implemented. For more details on establishing
Client/Server Security Model read given handout (Client_server security
issues.doc) available on my page.my page

Risks Associated with Client/Server Model Apart from the above framework of
Client/Server Model there are other risks accompanied by this model:- –
Client/Server Development Risks –Workstation Risks –The Network Wire Risk
–The DBMS Risk –And other (Read in the given handout (CS_Security.doc))
available on my pagemy page

Client/Server Risks Client/Server Development Risks –Skills of C/Server

Development Risks –Rapid Application development Risk. Work Station Risk –
Insecurity of PC on the network Add third party security products. PC should be
used to work on select application records for few period of time. The Network
Wire Risk –Packet data can be read during the communication process. Use
encryption methods to encrypt data (Userids and password)

Client/Server Risks The DBMS Risk –C/S computing is based largely on the
Database Management Software that supports the applications. Security
professional needs to identify System Manager for DBMS “System” or “Sys” for
Oracle. –More read on the handout (CS_Security.doc) available on web.
Data and Message Security
Data Security
• Data Security means protecting a database from destructive forces and
the unwanted action from unauthorized user.
• Data security is most important at a time when people are considering
banking and Finance transaction by PC.
• One of the major threat is unauthorized network accessing a data.
• Username, password and other data can be hijacked from network.
Message Security
• Message security is used for protecting ingoing and outgoing message from
unauthorized user.
• Various threat are-
1. Sensitive message such as credit card number can be used by
unauthorized user.
2. Message can be modified.

The data and message security ensured via:

• Encryption: This technology deploys a public key and a private key
infrastructure to ensure security. The public key can be distributed but the
private key remains only with the user and the service provider. So, it
works just like the username and password system of your e-mail account.
• Digital signatures: This technology requires a recipient’s password to
decode the encrypted data. The sender’s authentication gets confirmed
through a digital certificate, issued by credible authorities such as Verisign
and Thawte.
• Secure socket layers (SSL): This process involves both public key and
digital certificate technologies to ensure privacy and authentication. To
initiate the process, a client asks for authentication from the server, which
is done through a digital certificate. Then, both the client and server design
session keys for data transfer. The session will expire following any
modification or prolonged period of inactivity.
• Firewalls: This includes both software and hardware that protects the
network against hackers and viruses. Installing premium quality anti-virus
 programs and spyware helps to fortify e-commerce protection from
malicious threats.
• Access control: Restricting user access to information on the site is an
effective way to control the site’s security. Researches show that most e-
commerce malfunctions occur due to users’ ignorance. Access control
measures can include:
o Restrictions on the use of CDs/DVDs or USB storage devices in the
company.
o Limit over opening of personal accounts, such as Gmail, Yahoo or
MSN, through official network.
o Network restrictions to regulate access to external network or system
resources.
o Application control to restrict entry into sensitive environment.
• Detection programs: These programs monitor network operations for any
suspicious activity. They will generate an alert if a potential attack is
suspected.
• Revising for new threats: Business enterprises must constantly update e-
commerce security plans to remain protected from new threats.

Document Security
Document Security is a significant issue faced by almost all businesses operating
worldwide. When a company uploads its documents onto the internet through
cloud storage devices and platforms, they are at an extremely high risk of falling
prey to malicious viruses and dangerous hackers. When placed in a physical form,
there is an extremely high chance that they can be lost or damaged due to
consequences like fire or theft.

Many businesses around the world have had to face difficult situations of data
theft and security breaches, forcing them to pay a heavy price. Therefore, it is
a wise and vital decision to take security measures seriously when uploading
essential documents of a business such as bookkeeping records and financial
transactions.
Define Document Security

Document security, defined in literal terms, is the maintenance of all of the

essential documents stored, filed, backed up, processed, delivered, and eventually
disposed of when no longer needed.

As documents face major security threats, one must realize the importance of
developing a backup and storage plan for documents. It is a much
more complicated process than just choosing a storage platform that will provide
you ample space. It involves profoundly understanding the security features,
capacity, and ability to maintain a backup if the documents are lost. If the
documents are lost, your document storage platform should have the ability to
retrieve them quickly.

Many businesses hire companies that provide storage facilities instead of

spending cash on renting/leasing more storage space. This storage space is a cost-
effective method and provides sufficient document safety because the storage
facility companies guarantee adequate security.

A cost-effective method used by many businesses for document storage is hiring

companies that offer document storage services in the form of document storage
and management platforms, instead of paying a lease for more space. Another
primary reason that document storage should be a top priority for any business
is document security.

Document security is a highly sophisticated service for document storage that

requires a secure, safe facility and provides individuals who have the expertise of
handling, retrieving, and storing documents on behalf of other
businesses/companies.

Although there are some mistakes related to document storage and management
that should be avoided at all costs:

1. Documents that are not labeled or packaged in an organized manner are

often tough to locate. Most facilities complete the task for businesses as
they mostly provide their packaging, retrieval, and storage system.

2. One major factor that many businesses are concerned about is the
security of document storage. Most documents stored online are not as safe
as they are likely to fall prey to malicious attacks on the internet.
Documents are easily accessible to third parties and can be hacked despite
having security. Therefore, the lack of an effective encryption method can
prove to be fatal for a business.

3. If not appropriately managed daily, document storage can get jumbled

up, resulting in a troublesome and time-consuming retrieval process.
The Importance of Document Security

Although document storage seems to be a bit costly and proves to be a little time
consuming, it saves the documents from vicious threats if they are adequately
encrypted, alongside providing the ‘make life easier’ benefit.

With the use of document storage platforms, effective document management can
quickly be executed. All of the documents can be placed in one spot in
an organized manner. Businesses can store all essential documents like
bookkeeping and employer records that can easily be accessed when needed.

Secondly, employees working in document storage facilities are highly trained

and have security clearance to protect them by placing them in damage resistant
areas.

Document storage facilities are undoubtedly the best option for effective
document security and efficient management, especially for businesses that
have essential data they want to keep secure. A cost-effective, reliable, and easy
to use document security system is a must for your business for executing
effective management strategies.

Firewall
A firewall can be defined as a special type of network security device or a
software program that monitors and filters incoming and outgoing network traffic
based on a defined set of security rules. It acts as a barrier between internal private
networks and external sources (such as the public Internet).

The primary purpose of a firewall is to allow non-threatening traffic and prevent

malicious or unwanted data traffic for protecting the computer from viruses and
attacks. A firewall is a cybersecurity tool that filters network traffic and helps
users block malicious software from accessing the Internet in infected computers.

32.8M

746

Features of Java - Javatpoint

Firewall: Hardware or Software
This is one of the most problematic questions whether a firewall is a hardware or
software. As stated above, a firewall can be a network security device or a
software program on a computer. This means that the firewall comes at both
levels, i.e., hardware and software , though it's best to have both.

Each format (a firewall implemented as hardware or software) has different

functionality but the same purpose. A hardware firewall is a physical device that
attaches between a computer network

and a gateway. For example, a broadband router. On the other hand, a software
firewall is a simple program installed on a computer that works through port
numbers and other installed software.

Apart from that, there are cloud-based firewalls. They are commonly referred to
as FaaS (firewall as a service). A primary advantage of using cloud-based
firewalls is that they can be managed centrally. Like hardware firewalls, cloud-
based firewalls are best known for providing perimeter security.

Why Firewall

Firewalls are primarily used to prevent malware and network-based attacks.

Additionally, they can help in blocking application-layer attacks. These firewalls
act as a gatekeeper or a barrier. They monitor every attempt between our
computer and another network. They do not allow data packets to be transferred
through them unless the data is coming or going from a user-specified trusted
source.
Firewalls are designed in such a way that they can react quickly to detect and
counter-attacks throughout the network. They can work with rules configured to
protect the network and perform quick assessments to find any suspicious
activity. In short, we can point to the firewall as a traffic controller.

Some of the important risks of not having a firewall are:

Open Access

If a computer is running without a firewall, it is giving open access to other

networks. This means that it is accepting every kind of connection that comes
through someone. In this case, it is not possible to detect threats or attacks coming
through our network. Without a firewall, we make our devices vulnerable to
malicious users and other unwanted sources.

Lost or Comprised Data

Without a firewall, we are leaving our devices accessible to everyone. This means
that anyone can access our device and have complete control over it, including
the network. In this case, cybercriminals can easily delete our data or use our
personal information for their benefit.

Network Crashes

In the absence of a firewall, anyone could access our network and shut it down.
It may lead us to invest our valuable time and money to get our network working
again.

Therefore, it is essential to use firewalls and keep our network, computer, and
data safe and secure from unwanted sources.

Brief History of Firewall

Firewalls have been the first and most reliable component of defense in network
security for over 30 years. Firewalls first came into existence in the late 1980s.
They were initially designed as packet filters. These packet filters were nothing
but a setup of networks between computers. The primary function of these packet
filtering firewalls was to check for packets or bytes transferred between different
computers.

Firewalls have become more advanced due to continuous development, although

such packet filtering firewalls are still in use in legacy systems.
As the technology emerged, Gil Shwed from Check Point
Technologies introduced the first stateful inspection firewall in 1993. It was
named as FireWall-1. Back in 2000, Netscreen came up with its purpose-built
firewall 'Appliance'. It gained popularity and fast adoption within enterprises
because of increased internet speed, less latency, and high throughput at a lower
cost.

The turn of the century saw a new approach to firewall implementation during
the mid-2010. The 'Next-Generation Firewalls' were introduced by the Palo
Alto Networks. These firewalls came up with a variety of built-in functions and
capabilities, such as Hybrid Cloud Support, Network Threat Prevention,
Application and Identity-Based Control, and Scalable Performance, etc. Firewalls
are still getting new features as part of continuous development. They are
considered the first line of defense when it comes to network security.

How does a firewall work?

A firewall system analyzes network traffic based on pre-defined rules. It then
filters the traffic and prevents any such traffic coming from unreliable or
suspicious sources. It only allows incoming traffic that is configured to accept.

Typically, firewalls intercept network traffic at a computer's entry point, known

as a port. Firewalls perform this task by allowing or blocking specific data packets
(units of communication transferred over a digital network) based on pre-defined
security rules. Incoming traffic is allowed only through trusted IP

addresses, or sources.
Functions of Firewall

As stated above, the firewall works as a gatekeeper. It analyzes every attempt

coming to gain access to our operating system and prevents traffic from unwanted
or non-recognized sources.

Since the firewall acts as a barrier or filter between the computer system and other
networks (i.e., the public Internet), we can consider it as a traffic controller.
Therefore, a firewall's primary function is to secure our network and information
by controlling network traffic, preventing unwanted incoming network traffic,
and validating access by assessing network traffic for malicious things such as
hackers and malware.

Generally, most operating systems (for example - Windows OS) and security
software come with built-in firewall support. Therefore, it is a good idea to ensure
that those options are turned on. Additionally, we can configure the security
settings of the system to be automatically updated whenever available.

Firewalls have become so powerful, and include a variety of functions and

capabilities with built-in features:

o Network Threat Prevention

o Application and Identity-Based Control
o Hybrid Cloud Support
o Scalable Performance
o Network Traffic Management and Control
o Access Validation
o Record and Report on Events

Limitations of Firewall

When it comes to network security, firewalls are considered the first line of
defense. But the question is whether these firewalls are strong enough to make
our devices safe from cyber-attacks. The answer may be "no". The best practice
is to use a firewall system when using the Internet. However, it is important to
use other defense systems to help protect the network and data stored on the
computer. Because cyber threats are continually evolving, a firewall should not
be the only consideration for protecting the home network.

The importance of using firewalls as a security system is obvious; however,

firewalls have some limitations:
 o Firewalls cannot stop users from accessing malicious websites, making it
vulnerable to internal threats or attacks.
o Firewalls cannot protect against the transfer of virus-infected files or
software.
o Firewalls cannot prevent misuse of passwords.
o Firewalls cannot protect if security rules are misconfigured.
o Firewalls cannot protect against non-technical security risks, such as social
engineering.
o Firewalls cannot stop or prevent attackers with modems from dialing in to
or out of the internal network.
o Firewalls cannot secure the system which is already infected.

Therefore, it is recommended to keep all Internet-enabled devices updated. This

includes the latest operating systems, web browsers, applications, and other
security software (such as anti-virus). Besides, the security of wireless routers
should be another practice. The process of protecting a router may include options
such as repeatedly changing the router's name and password, reviewing security
settings, and creating a guest network for visitors.

Types of Firewall

Depending on their structure and functionality, there are different types of

firewalls. The following is a list of some common types of firewalls:

o Proxy Firewall
o Packet-filtering firewalls
o Stateful Multi-layer Inspection (SMLI) Firewall
o Unified threat management (UTM) firewall
o Next-generation firewall (NGFW)
o Network address translation (NAT) firewalls

Difference between a Firewall and Anti-virus

Firewalls and anti-viruses are systems to protect devices from viruses and other
types of Trojans, but there are significant differences between them. Based on the
vulnerabilities, the main differences between firewalls and anti-viruses are
tabulated below:
Attributes Firewall
Definition A firewall is defined as the
system which analyzes and
filters incoming or outgoing
data packets based on pre-
defined rules.
Structure Firewalls can be hardware
and software both. The router
is an example of a physical
firewall, and a simple
firewall program on the
system is an example of a
software firewall.
Implementation Because firewalls come in
the form of hardware and
software, a firewall can be
implemented either way.
Responsibility A firewall is usually defined
as a network controlling
system. It means that
firewalls are primarily
responsible for monitoring
and filtering network traffic.
Scalability Because the firewall supports
both types of
implementations, hardware,
and software, therefore, it is
more scalable than anti-virus.
Anti-virus
Anti-virus is defined as the special
type of software that acts as a
cyber-security mechanism. The
primary function of Anti-virus is to
monitor, detect, and remove any
apprehensive or distrustful file or
software from the device.
Anti-virus can only be used as
software. Anti-virus is a program
that is installed on the device, just
like the other programs.
Because Anti-virus comes in the
form of software, therefore, Anti-
virus can be implemented only at
the software level. There is no
possibility of implementing Anti-
virus at the hardware level.
Anti-viruses are primarily
responsible for detecting and
removing viruses from computer
systems or other devices. These
viruses can be in the form of
infected files or software.
Anti-viruses are generally
considered less-scalable than
firewalls. This is because anti-
virus can only be implemented at
the software level. They don't
 support hardware-level
implementation.

Threats A firewall is mainly used to Anti-virus is mainly used to scan,

prevent network related
attacks. It mainly includes
external network threats?for
example- Routing attacks
and IP Spoofing.
find, and remove viruses, malware,
and Trojans, which can harm
system files and software and
share personal information (such
as login credentials, credit card
details, etc.) with hackers.

Types of Firewall
There are mainly three types of firewalls, such as software firewalls, hardware
firewalls, or both, depending on their structure. Each type of firewall has
different functionality but the same purpose. However, it is best practice to have
both to achieve maximum possible protection.

A hardware firewall is a physical device that attaches between a computer

network and a gateway. For example- a broadband router. A hardware firewall is
sometimes referred to as an Appliance Firewall. On the other hand, a software
firewall is a simple program installed on a computer that works through port
numbers and other installed software. This type of firewall is also called a Host
Firewall.

Besides, there are many other types of firewalls depending on their features and
the level of security they provide. The following are types of firewall techniques
that can be implemented as software or hardware:

o Packet-filtering Firewalls
o Circuit-level Gateways
o Application-level Gateways (Proxy Firewalls)
o Stateful Multi-layer Inspection (SMLI) Firewalls
o Next-generation Firewalls (NGFW)
o Threat-focused NGFW
o Network Address Translation (NAT) Firewalls
o Cloud Firewalls
 o Unified Threat Management (UTM) Firewalls

Ethical, Social and Political issues in e-commerce

Defining the rights of people to express their ideas and the property rights of
copyright owners are just two of many ethical, social, and political issues raised
by the rapid evolution of e-commerce.

The ethical, social, and political issues raised in e-commerce, provide a

framework for organizing the issues, and make recommendations for managers
who are given the responsibility of operating e-commerce companies within
commonly accepted standards of appropriateness. Understanding Ethical, Social,
And Political Issues in E-Commerce Internet and its use in e-commerce have
raised pervasive ethical, social and political issues on a scale unprecedented for
computer technology.

We live in an “information society,” where power and wealth increasingly depend

on information and knowledge as central assets. Controversies over information
are often in fact disagreements over power, wealth, influence, and other things
thought to be valuable. Like other technologies such as steam, electricity,
telephones, and television, the Internet and ecommerce can be used to achieve
social progress, and for the most part, this has occurred. However, the same
technologies can be used to commit crimes, despoil the environment, and threaten
cherished social values. Before automobiles, there was very little interstate crime
and very little federal jurisdiction over crime. Likewise with the Internet: Before
the Internet, there was very little “cyber crime.”

Many business firms and individuals are benefiting from the commercial
development of the Internet, but this development also exacts a price from
individuals, organizations, and societies. These costs and benefits must be
carefully considered by those seeking to make ethical and socially responsible
decisions in this new environment.

Public Policy Issues in E commerce

The major ethical, social, and political issues that have developed around e
commerce over the past seven to eight years can be loosely categorized into four
major dimensions: information rights, property rights, governance, and
public safety and welfare . Some of the ethical, social, and political issues raised
in each of these areas include the following:

• Information rights: What rights to their own personal information do

individuals have in a public marketplace, or in their private homes, when
Internet technology make information collection so pervasive and
efficient? What rights do individuals have to access information about
business firms and other organizations?
 • Property rights: How can traditional intellectual property rights be
enforced in an internet world where perfect copies of protected works
can be made and easily distributed worldwide in seconds?

• Governance: Should the Internet and e-commerce be subject to public

laws? And if so, what law-making bodies have jurisdiction - state,
federal, and/or international?

• Public safety and welfare: What efforts should be undertaken to ensure

equitable access to the Internet and ecommerce channels? Should
governments be responsible for ensuring that schools and colleges have
access to the Internet? Is certain online content and activities - such as
pornography and gambling - a threat to public safety and welfare?
Should mobile commerce be allowed from moving vehicles?

To illustrate, imagine that at any given moment society and individuals are more
or less in an ethical equilibrium brought about by a delicate balancing of
individuals, social organizations, and political institutions. Individuals know
what is expected of them, social organizations such as business firms know their
limits, capabilities, and roles and political institutions provide a supportive
framework of market regulation, banking and commercial law that provides
sanctions against violators. Now, imagine we drop into the middle of this calm
setting a powerful new technology such as the Internet and e-commerce.
Suddenly individuals, business firms, and political institutions are confronted by
new possibilities of behavior. For instance, individuals discover that they can
download perfect digital copies of music tracks, something which, under the old
technology of CDs, would have been impossible. This can be done, despite the
fact that these music tracks still “belong” as a legal matter to the owners of the
copyright - musicians and record label companies.

The introduction of the Internet and e-commerce impacts individuals, societies,

and political institutions. These impacts can be classified into four moral
dimensions: property rights, information rights, governance, and public safety
and welfare Then business firms discover that they can make a business out of
aggregating these musical tracks - or creating a mechanism for sharing musical
tracks- even though they do not “own” them in the traditional sense. The record
companies, courts, and Congress were not prepared at first to cope with the
onslaught of online digital copying. Courts and legislative bodies will have to
make new laws and reach new judgments about who owns digital copies of
copyrighted works and under what conditions such works can be “shared.” It may
take years to develop new understandings, laws, and acceptable behavior in just
this one area of social impact. In the meantime, as an individual and a manager,
you will have to decide what you and your firm should do in legal “grey”- areas,
where there is conflict between ethical principles, but no clear-cutural guidelines.
How can you make good decisions in this type of situation?

Before reviewing the four moral dimensions of e-commerce in greater depth, we

will briefly review some basic concepts of ethical reasoning that you can use as
a guide to ethical decision making, and provide general reasoning principles
about social political issues of the Internet that you will face in the future.
Basic Ethical Concepts: Responsibility Accountability, and Liability
Ethics is at the heart of social and political debates about the Internet. Ethics is
the study of principles that individuals and organizations can use to determine
right and wrong courses of action. It is assumed in ethics that individuals are free
moral agents who are in a position to make choices.

Extending ethics from individuals to business firms and even entire societies can
be difficult, but it is not impossible. As long as there is a decision-making body
or individual (such as a Board of Directors or CEO in a business firm or a
governmental body in a society), their decisions can be judged against a variety
of ethical principles. If you understand some basic ethical principles, your
ability to reason about larger social and political debates will be improved. In
western culture, there are ability and liability principles that all ethical schools of
thought share: responsibility, account- liability.

Responsibility means that as free moral agents, individuals, organizations and

societies are responsible for the actions they take. Accountability means that
individuals, organizations, and societies should be held accountable to others for
the consequences of their actions. The third principle -liability - extends the
concepts of responsibility and accountability to the area of law. Liability is a
feature of political systems in which a body of law is in place that permits
individuals to recover the damages done to them by other actors, systems, or
organizations. Due process is a feature of law-governed societies and refers to a
process in which laws are known and understood and there is an
ability to appeal to higher authorities to ensure that the laws have been applied
correctly.
Analyzing Ethical Dilemmas
Ethical, social, and political controversies usually present themselves as
dilemmas. A dilemma is a situation in which there are at least two diametrically
opposed actions, each of which supports a desirable outcome. When confronted
with a situation that seems to present ethical dilemmas, how can you analyze and
reason about the situation? The following is a five step process that should help.
• Identify and describe clearly the facts. Find out who did what to whom,
and where, when, and how. In many instances, you will be surprised at
the errors in the initially reported facts, and often you will find that
simply getting the facts straight helps define the solution. It also helps
to get the opposing parties involved in an ethical dilemma to agree on
the facts.

• Define the conflict or dilemma and identify the higher order value
involved. Ethical, social, and political issues always reference higher
values. Otherwise, there would be no debate. The parties to a dispute all
claim to be pursuing higher values (e.g., freedom, privacy, protection of
property, and the -enterprise system). For example, Double Click and its
supporters argue that their tracking of consumer movements on the Web
increases market efficiency and the wealth of the entire society.
Opponents argue this claimed efficiency comes at the expense of
individual privacy, and Double Click should cease its or offer Web users
the option of not participating in such tracking.

• Identify the stakeholders. Every ethical, social, and political issue has
stakeholders: players in the game who have an interest in the outcome,
who have its vested in the situation, and usually who have vocal
opinions. Find out the identity of these groups and what they want. This
will be useful later when designing a solution.

• Identity the options that you can reasonably take. You may find that
none of the options satisfies all the interests involved, but that some
options do a better job than others. Sometimes, arriving at a “good” or
ethical solution may not, always be a balancing of consequences to
stakeholders.

• Identify the potential consequences of your options. Some options may

be ethically correct, but disastrous from other points of view. Other
options may work in this one instance, but not in other similar instances.
Always ask yourself, “what if I choose this option consistently over
 time?” Once your analysis is complete, you can refer to the following
well established ethical principle to help decide the matter.

Privacy and Information Rights

The Internet and the Web provide an ideal environment for invading the personal
privacy of millions of users on a scale unprecedented in history. Perhaps no other
recent issue has raised as much widespread social and political concern as
protecting the privacy of over 160 million Web users in the United States alone.

The major ethical issues related to ecommerce and privacy includes the
following: Under what conditions should we invade the privacy of others?

What legitimates intruding into others lives through unobtrusive surveillance,

market research, or other means?

The major social issues related to e-commerce and privacy concern the
development of “exception of privacy” or privacy norms, as well as public
attitudes. In what areas of should we as a society encourage people to think they
are in “private territory” as opposed to public view? The major political issues
related to ecommerce and privacy concern the development of statutes that
govern the relations between record keepers and individuals.

The Concept of Privacy

Privacy is the moral right of individuals to be left alone, free from surveillance or
interference from other individuals or organizations, including the state. Privacy
is a girder supporting freedom: Without the privacy required to think, write, plan,
and associate independently and without fear, social and political freedom is
weakened, and perhaps destroyed. Information privacy is a subset of privacy. The
right to information privacy includes both the claim that certain information
should not be collected at all by governments or business firms, and the claim of
individuals to control over personal of whatever information that is collected
about them. Individual control over personal information is at the core of the
privacy concept. Due process also plays an important role in defining privacy.
The best statement of due process in record keeping is given by the Fair
Information Practices doctrine developed in the early 1970s and extended to the
online privacy debate in the late 1990s (described below).

Legal Protections
In the United States, Canada, and Germany, rights to privacy are explicitly
granted in or can be derived from, founding documents such as constitutions, as
well as in specific statutes. In England and the United States, there is also
protection of privacy in the common law, a body of court decisions involving
torts or personal injuries. For instance, in the United States, four privacy-related
torts have been defined in court decisions involving claims of injury to
individuals caused by other private parties intrusion on solitude, public disclosure
of private facts, publicity placing a person in a false light, and appropriation of a
person’s name or likeness (mostly concerning celebrities) for a commercial
purpose. In the United States, the claim to privacy against government intrusion
is protected primarily by the First Amendment guarantees of freedom of speech
and association and the Fourth: Amendment protections against unreasonable
search and seizure of one’s personal documents or home, and the Fourteenth
Amendment’s guarantee of due process. In addition to common law and the
Constitution, there are both federal laws and state laws that protect individuals
against government intrusion and in some cases define privacy rights vis-à-vis
private organizations such as financial, education, and media institutions.