This document summarizes security issues and threats facing e-businesses. It discusses how computerization and networking have increased security risks by exposing private networks to public threats. Technical attacks like hacking, malware, and denial of service as well as non-technical social engineering pose major risks. The document recommends tools like passwords, firewalls, and encryption to protect data and transactions. Regular security audits and testing are also advised to evaluate vulnerabilities and safeguard e-commerce over the long run as threats continue evolving.
3. In the past decade there have been two major
developments;
- Computerization: almost every aspect of
business as well as human life is “computerized”.
- Networking & Internet: the entire world is now a
network of networks, connecting millions of
computers, devices and sharing petabytes of data
every second.
4. Any E-Business needs to be concerned about network
security.
The Internet is a “public” network consisting of
thousands of interconnected private computer
networks.
Private computer network systems are exposed to
threats from anywhere on the public network.
Businesses must protect against the unknown.
New methods of attacking networks andWeb sites,
and new network security holes, are being constantly
discovered or invented.
An E-Business cannot expect to achieve perfect
security for its network andWeb site.
5. How is the data protected once it is delivered
to the E-Business?
How are credit card transactions
authenticated and authorized?
The biggest potential security problem in an
E-Business is of human, rather than
electronic, origin.
The weakest link in any security system is the
people using it.
6. According to PriceWaterhouseCooper
Hacking cost United States companies $1.5 trillion
in 2000
WorldTrade Center insurable loss
$50 billion
One year of hacking equals 30Trade Center
attacks.
7. Mainly there is two types of attacks
Technical attacks
▪ An attack perpetrated using software and systems
knowledge or expertise.
Non technical attacks
▪ An attack that uses chicanery to trick people into
revealing sensitive information or performing actions
that compromise the security of a network.
8. Technical attacks
Hacking
▪ Denial of Service attack
▪ Packet Sniffing
▪ Spoofing
▪ Keystroke Monitoring
▪ Viruses / Malware
▪ Cracking
▪ Zero-day incidents
▪ Botnets (hijacked computers).
▪ Web site defacement.
Non technical attacks
Social Engineering
9. Today’s most ecommerce solutions are pre-
build customizable solutions provided by
varied range of organizations. Most of these
solutions has built in reliable security
features.
Customizations to these applications should
be done in accordance with solution provider
guide lines and standard coding methods.
10. Tools such as passwords, firewalls, intrusion detection
systems, and virus scanning software should be used
to protect an E-Business’s network andWeb site.
Transaction Security and Data Protection
Use a predefined key to encrypt and decrypt the data
during transmission
Use the secure sockets layer (SSL) protocol to protect data
transmitted over the Internet.
Move sensitive customer information such as credit card
numbers offline or encrypting the information if it is to be
stored online.
11.
12. Remove all files and data from storage devices including disk drives
and tapes before getting rid of the devices.
Shred all hard-copy documents containing sensitive information
before trashing them.
Security is only as strong as the weakest link.
Security Audits and Penetration Testing
Can provide an overall assessment of the firm’s current exposure and
vulnerabilities.
This is an outsourced item.
Consultant will provide a comprehensive recommendation to address
list of vulnerabilities.
13. E-Commerce will continue to grow and the
threats to it too will evolve. In order to safe
guard privacy and trust on E-Commerce its
critical organizations actively plan and
implement strategies prevent security
breaches.This will value added to the
business.
