EB/U2 Topic 1 Security overview and e-commerce threats
SECURITY ISSUES IN E- BUSINESS
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e-payments/transactions :−
- Confidentiality − Information should not be accessible to an unauthorized person. It should not be intercepted during the transmission.
- Integrity − Information should not be altered during its transmission over the network.
- Availability − Information should be available wherever and whenever required within a time limit specified.
- Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the required information.
- Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a message, the sender should not be able to deny sending the message. Similarly, the recipient of message should not be able to deny the receipt.
- Encryption − Information should be encrypted and decrypted only by an authorized user.
- Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
E-commerce security can be divided into two broad types:
(1) CLIENT-SERVER SECURITY
Client-server securities are popular because they increase application processing efficiency while reducing costs and gaining the maximum benefit from all resources working together. These benefits are gained by splitting processing between the client machine/software and server machine/software. Each process works independently but in cooperation and compatibility with other machines and applications (or pieces of applications).
All independent processing must be performed to complete the requested service. Cooperation of application processing produces another client-server advantage, it reduces network traffic. Since each node (client and/or server) performs part of the processing within itself, network communication can be kept to a minimum. For example, static processes, like menus or edits, usually take place on the client-side. The server, on the other hand, is responsible for processes like updating and reporting.
(2) DATA AND TRANSACTION SECURITY
Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet. It was supported initially by Mastercard, Visa, Microsoft, Netscape, and others. With SET, a user is given an electronic wallet (digital certificate) and a transaction is conducted and verified using a combination of digital certificates and digital signatures among the purchaser, a merchant, and the purchaser’s bank in a way that ensures privacy and confidentiality. SET makes use of Netscape’s Secure Sockets Layer (SSL), Microsoft’s Secure Transaction Technology (STT), and Terisa System’s Secure Hypertext Transfer Protocol (S-HTTP). SET uses some but not all aspects of a public key infrastructure (PKI).
Some of the common security threats we may come across:-
Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.
A computer virus is a type of malicious software program (“malware”) that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected” with a computer virus.
Computer viruses currently cause billions of dollars’ worth of economic damage each year, due to causing system failure, wasting computer resources, corrupting data, increasing maintenance costs, etc. In response, free, open-source antivirus tools have been developed, and an industry of antivirus software has cropped up, selling or freely distributing virus protection to users of various operating systems. As of 2005, even though no currently existing antivirus software was able to uncover all computer viruses (especially new ones), computer security researchers are actively searching for new ways to enable antivirus solutions to more effectively detect emerging viruses, before they have already become widely distributed.
Spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your postbox. However, spam is more than just annoying. It can be dangerous – especially if it’s part of a phishing scam.
Spam emails are sent out in mass quantities by spammers and cybercriminals that are looking to do one or more of the following:-
(a)Make money from the small percentage of recipients that actually respond to the message.
(b)Run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more
(c)Spread malicious code onto recipients’ computers,
- spyware threats
spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses. In addition to all of this, such activities also affect network performance, slowing down the system and affecting the whole business process. It is generally classified into four main categories: Trojans, adware, tracking cookies and system monitors.
- Trojan horse
A Trojan horse is a destructive program that masquerades as a benign application.Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses into your system.
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.