3. LIMITATIONS OF
E-COMMERCE SECURITY MEASURES
• Software for Security Fault & Hardware
• Firewall and Network Configurations
• Human Elements and Company’sThreats
• Weakness of Cryptographic Designs
• Weakness and Limitation on Implementations
• Limitations againstTrust Models
• Weakness on Failure Recovery
4. SOFTWARE FOR
SECURITY FAULT & HARDWARE
• Complex software code may probably have loopholes
that an attacker can exploit.
• Tamper – Resistant hardware systems assume that public
terminals never fall into the wrong hands, but it is rarely seen the
tools for breaking tamper-resistance are also existing.
• Sometimes cryptographic processors may fail to read or process
the secret keys used.
5. FIREWALL &
NETWORK CONFIGURATIONS
• Network Security is designed to cover the problems
identified with host security.
• A Firewall security can be very simple or complex depending on the
particular requirements of the enterprise.
• Today Private, internal networks are connected to the Internet to get
access to external resources, so security measures like building firewalls
should be well planned to avoid possible risk of exposure of internal
network to outside world.
6. HUMAN ELEMENTS &
COMPANY’S THREATS
• Password is the weak link in any encryption method, so a
password is only good if it is chosen carefully.
• As complex password are hard to remember, majority chooses
simple passwords like middle names, birthday, mobile no. etc.
which could be guessed or break by brute force.
7. WEAKNESS OF
CRYPTOGRAPHIC DESIGNS
• Cracking any of the element of Cryptographic System may break entire
system.
• The value of cryptography lost due to the failure to check the size of
values, reusing parameters that never be reused, and so on.
• It is possible to build strong & weak cryptographic system using strong
algorithms and protocols, so a strong cryptographic system should be
created integrating all power elements.
8. WEAKNESS & LIMITATION ON
IMPLEMENTATION
• Not ensuring that plain text is destroyed after it is encrypted.
• To protect from data loss, systems use temporary files which
accidentally leaves plain text on the Hard Drive.
• In extreme cases OS leaves the security keys on the Hard
Drive.
9. LIMITATIONS AGAINST
TRUST MODELS
• We cannot be sure or declare that our system is fully secured,
it should be ensured by certified trusted source who will
stand as our Trust Model.
• That is there should be a Standard Trust Model which certifies
the security of the system as powerful.
10. WEAKNESS ON
FAILURE RECOVERY
• Strong Systems protect small security breaks from getting
bigger.
• Breaking the key to one file should not allow the attacker to
read every file, that is every files should be separated by any
means.
• A good system design considers methods to recover suddenly
from attacks before it gets bigger.