23-07-2012, 01:15 PM
INTERNET SECURITY AGAINST HACKING SYSTEMS
INTERNET SECURITY.doc (Size: 153 KB / Downloads: 72)
ABSTRACT
The internet has been a wide usage in all the fields in the present competitive world. It is being used in the education, research, business and what not, in everything. But providing security for the users information or transactions or any other data in any of the field has become a paramount. This paper gives a vivid picture of “E-commerce” and the vulnerabilities they are facing in providing a secure system for the users. In other words, how the security attacks are made either by the hackers or the intruders, the ways how they attack and exploit to illegitimate means.
This paper is an overview of the security and privacy concerns based on the experiences as developers of E-commerce. E-commerce is a business middleware that accelerates the development of any business transaction-oriented application, from the smallest retailer to the distributor, to the consumer (user). These transactions may apply b between manufacturers and distributors or suppliers. Here, the user needs to be assured with the privacy of his/her information. In this article, we focus on possible attack scenarios in an e-Commerce system and provide preventive strategies, including security features that one can implement.
Here we present you the better ways of how to defend from the attacks and protect your personal data without depending on the network provider’s security with the help of personnel firewalls and honey pots.
INTRODUCTION
E-Commerce refers to the exchange of goods and services over the Internet. All major retail brands have an online presence, and many brands have no associated bricks and mortar presence. However, e-Commerce also applies to business to business transactions, for example, between manufacturers and suppliers or distributors.
E-Commerce provides an integrated platform that runs both their customer facing .
SECURITY OVERVIEW AND ITS FEATURES:
A secure system accomplishes its task with no unintended side effects. Using the analogy of a house to represent the system, you decide to carve out a piece of your front door to give your pets' easy access to the outdoors. However, the hole is too large, giving access to burglars. You have created an unintended implication and therefore, an insecure system. While security features do not guarantee a secure system, they are necessary to build a secure system. Security features have four categories:
• Authentication: Verifies who you say you are. It enforces that you are the only one allowed to logon to your Internet banking account.
• Authorization: Allows only you to manipulate your resources in specific ways. This prevents you from increasing the balance of your account or deleting a bill.
• Encryption: Deals with information hiding. It ensures you cannot spy on others during Internet banking transactions.
• Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought specific merchandise.
The victims and the accused (the players):
In a typical e-Commerce experience, a shopper proceeds to a Web site to browse a catalog and make a purchase. This simple activity illustrates the four major players in e-Commerce security. One player is the shopper who uses his browser to locate the site. The site is usually operated by a merchant, also a player, whose business is to sell merchandise to make a profit. As the merchant business is selling goods and services, not building software, he usually purchases most of the software to run his site from third-party software vendors. The software vendor is the last of the three legitimate players.
Tricking the shopper:
Some of the easiest and most profitable attacks are based on tricking the shopper, also known as social engineering techniques. These attacks involve surveillance of the shopper's behavior, gathering information to use against the shopper. For example, a mother's maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.
Snooping the shopper's computer: Millions of computers are added to the Internet every month. Most users' knowledge of security vulnerabilities of their systems is vague at best. A popular technique for gaining entry into the shopper's system is to use a tool, such as SATAN, to perform port scans on a computer that detect entry points into the machine. Based on the opened ports found, the attacker can use various techniques to gain entry into the user's system. Upon entry, they scan your file system for personal information, such as passwords.
Conclusion
This article outlined the key players and security attacks and defenses in an e-Commerce system. Current technology allows for secure site design. It is up to the development team to be both proactive and reactive in handling security threats, and up to the shopper to be vigilant when shopping online.
Resources
• Learn about social factors in computer security. Schneier, Bruce. Secrets and Lies: Digital Security In A Networked World, John Wiley and Sons, Inc., 2000.
• A good introduction to computer security. Pfleeger, Charles P., Security in Computing, Second Edition, Prentice-Hall, Inc., 1996.
• Low level tips for writing secure code. Howard, Michael and LeBland, David, Writing Secure Code, Second Edition, Microsoft Press, 2003.
• An example of a denial of service attack. Yahoo on Trail of Site Hackers, Reuters News Service, February 8, 2000.
INTERNET SECURITY.doc (Size: 153 KB / Downloads: 72)
ABSTRACT
The internet has been a wide usage in all the fields in the present competitive world. It is being used in the education, research, business and what not, in everything. But providing security for the users information or transactions or any other data in any of the field has become a paramount. This paper gives a vivid picture of “E-commerce” and the vulnerabilities they are facing in providing a secure system for the users. In other words, how the security attacks are made either by the hackers or the intruders, the ways how they attack and exploit to illegitimate means.
This paper is an overview of the security and privacy concerns based on the experiences as developers of E-commerce. E-commerce is a business middleware that accelerates the development of any business transaction-oriented application, from the smallest retailer to the distributor, to the consumer (user). These transactions may apply b between manufacturers and distributors or suppliers. Here, the user needs to be assured with the privacy of his/her information. In this article, we focus on possible attack scenarios in an e-Commerce system and provide preventive strategies, including security features that one can implement.
Here we present you the better ways of how to defend from the attacks and protect your personal data without depending on the network provider’s security with the help of personnel firewalls and honey pots.
INTRODUCTION
E-Commerce refers to the exchange of goods and services over the Internet. All major retail brands have an online presence, and many brands have no associated bricks and mortar presence. However, e-Commerce also applies to business to business transactions, for example, between manufacturers and suppliers or distributors.
E-Commerce provides an integrated platform that runs both their customer facing .
SECURITY OVERVIEW AND ITS FEATURES:
A secure system accomplishes its task with no unintended side effects. Using the analogy of a house to represent the system, you decide to carve out a piece of your front door to give your pets' easy access to the outdoors. However, the hole is too large, giving access to burglars. You have created an unintended implication and therefore, an insecure system. While security features do not guarantee a secure system, they are necessary to build a secure system. Security features have four categories:
• Authentication: Verifies who you say you are. It enforces that you are the only one allowed to logon to your Internet banking account.
• Authorization: Allows only you to manipulate your resources in specific ways. This prevents you from increasing the balance of your account or deleting a bill.
• Encryption: Deals with information hiding. It ensures you cannot spy on others during Internet banking transactions.
• Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought specific merchandise.
The victims and the accused (the players):
In a typical e-Commerce experience, a shopper proceeds to a Web site to browse a catalog and make a purchase. This simple activity illustrates the four major players in e-Commerce security. One player is the shopper who uses his browser to locate the site. The site is usually operated by a merchant, also a player, whose business is to sell merchandise to make a profit. As the merchant business is selling goods and services, not building software, he usually purchases most of the software to run his site from third-party software vendors. The software vendor is the last of the three legitimate players.
Tricking the shopper:
Some of the easiest and most profitable attacks are based on tricking the shopper, also known as social engineering techniques. These attacks involve surveillance of the shopper's behavior, gathering information to use against the shopper. For example, a mother's maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.
Snooping the shopper's computer: Millions of computers are added to the Internet every month. Most users' knowledge of security vulnerabilities of their systems is vague at best. A popular technique for gaining entry into the shopper's system is to use a tool, such as SATAN, to perform port scans on a computer that detect entry points into the machine. Based on the opened ports found, the attacker can use various techniques to gain entry into the user's system. Upon entry, they scan your file system for personal information, such as passwords.
Conclusion
This article outlined the key players and security attacks and defenses in an e-Commerce system. Current technology allows for secure site design. It is up to the development team to be both proactive and reactive in handling security threats, and up to the shopper to be vigilant when shopping online.
Resources
• Learn about social factors in computer security. Schneier, Bruce. Secrets and Lies: Digital Security In A Networked World, John Wiley and Sons, Inc., 2000.
• A good introduction to computer security. Pfleeger, Charles P., Security in Computing, Second Edition, Prentice-Hall, Inc., 1996.
• Low level tips for writing secure code. Howard, Michael and LeBland, David, Writing Secure Code, Second Edition, Microsoft Press, 2003.
• An example of a denial of service attack. Yahoo on Trail of Site Hackers, Reuters News Service, February 8, 2000.