SecurityRisks for an E-Commerce site and how to protect against them.

Security

Any business that operates online is at risk from Internet threats and so security is vital to successful operation. Identity theft can make customers the victims of serious fraud and damage caused by viruses can close companies down. Businesses need to be able to prove that customers' personal details, such as credit card numbers, will be safe. If this is done well, it can reassure potential customers and widen the potential market.

Prevention of Hacking

E-commerce sites need to prevent hacking so that the running of their business is undisturbed and, more importantly, their customers' details are not stolen. Specialist software can be used to look at all the ports on a computer and see which are open and which are closed. If a port is open and not being used, that gives a hacker a way in. Therefore, the best way to deter hackers is to make sure unused ports are closed by the firewall.

Viruses

'Virus' has become a catch-all term to describe any malicious computer program that can cause an unwanted result when run . There are three main types: viruses, worms and Trojans.

To try to prevent virus infections/ anti-virus software must be installed on the web server and all of an e-commerce business/s computers. Not only must it beinstalled/ but it also must be updated regularly/ ideally every day. New viruses are developed all the time and anti-virus software must have the latest defences to provide the best protection possible. All computer users must be wary of email attachments/ down loading files/ floppy disks and any unsolicited communication.

Hacking -when someone attempts to enter a computer system with the aim of stealing data, damaging the system or just to show that they can.

Virus- a man made program or piece of code that causes an unexpected, usually negative, event and is self-replicating. It is often disguised as a game or image with a clever marketing title, such as officeparty jpg, and attached to an email or a down load file .

Worm- a virus that resides in the active memory of a computer and duplicates itself. It may send copies of itself to other computers, such as through email or Internet Relay Chat (I RC) .

Trojan- a malicious program that pretends to be a benign application, but purposely does something the user does not expect. Trojans are technically not viruses since they do not replicate, but can be just as destructive. If left in acomputer system, provides 'back door' access to the hard drive and data.

Activity

Research further into recent viruses and the effects they had on businesses and the public. Make notes for future reference.

Categorise each of the viruses as virus/ worm or Trojan.

Some examples if you are stuck are:

MelissaILOVEYOUNimdaMyDoomStorm Worm

Identity theft is a relatively new form of crime that has had a recent upsurge and has been highlighted in the media. Identity theft involves a thief who has stolen the personal details of their victim and uses them to apply for services such as credit cards/ loans and mortgages under the guise of their victim. This crime is difficult to detect if the thief has a great deal of information about the victim. The crime is often detected when the victim receives correspondence requesting payment for the thief's spending. Tracing the thief is also difficult/ although possible by following the paper trail of all the correspondence received. The type of customer details stored by e-commerce businesses provides enough information to commit identity theft so it is very important that all e-commerce businesses protect their customers data with every method possible as described on the next slides.

Firewall impact on site performance

A firewall builds a protective virtual barrier around a computer or a network of computers so that only authorised programs can access the data. It sets up agateway and only allows authorised traffic through the gateway. Incoming data is inspected and only allowed through if it is legitimate. This is done by the openingand closing of ports. If ports are left open a back door becomes available for hackers to enter the system.

When a user views a website that has passed through a firewall they might not see all of the features on the site. This is because the security policies on the firewall can be set to block certain types of scripts running on the users computer. This is done to prevent viruses and hackers attacking the system. When a security policy is decided for a firewall the administrator must balance theneed for high security with the possibility of losing functionality from websites.

Secure sockets layerSecure sockets layer (SSL) is a cryptographic protocol that provides secure communication on the Internet. It provides endpoint authentication/ meaning that both the server and the client need to be identified and confirm that they are who they say they are. This is done by public key encryption and certificate-based authentication.

Identity theft - occurs when a victim's details are stolen and someone else pretends to be him or her, for example applying for financial products and making purchases.

Firewall - a piece of software that protects the system from unauthorised access. This is especially important for web servers.

Public key encryption- a method of coding information so that only the people with the right key at both ends of the communication can decode it.

Certificate-based authentication - a method of cryptography which prevents data being read by unauthorised parties.

HTTPS- stands for secure hypertext transfer protocol.

Encryption- a method of encoding that is difficult to decipher by unauthorised parties. It uses prime numbers. The higher the prime number, the stronger the encryption .

HTTPS is the protocol usually used by websites on the Internet. HTTPS is a secure version of the protocol, which uses encryption to protect the data entered onthe site . This protocol is usually used when customers are entering their payment details.

RSA certificates are a method of coding information so that the people at either end are identified by a digital certificate, coupled with a digital signature . These can confirm the identity of the sender or recipient.

Strong Passwords

It is vital for all computer users to use strong passwords. This is especially important for web servers and other e -commerce systems .

A strong password should have:• both letters and numbers• both capitals and lowercase• symbols such as * or#• more than eight characters.

Hackers can take advantage of weak passwords, especially those which are easy to guess. If a password is personal to the user, for example a pet's name, it will not take too much effort for a hacker to guess it. Software programs, called password crackers, can run through many possible combinations of characters and test whether each one is the chosen password . The stronger the password, the longer this software will take to work it out, and the more likely hackers will be to go on to try a different website. They are not likely to spend time working their way into a w ell-protected site .

Does the password 10gbsotw seem easy to remember?

Alternative authentication methods

A new authentication method that is slowly becoming more popular is the use of digital signatures. These are the electronic equivalent of the traditional signaturesthat have been used for hundreds of years as a personal authentication method.

A digital signature allows someone to authenticate a document over the Internet. For example, a customer setting up a direct debit payment would traditionallyneed to wait for the paperwork to be posted to them, sign it, then return it. Now digital signatures can be used to authenticate the documents immediately anywhere in the world. This benefits both the customers and businesses.

Mega Fun Land

To help keep the Mega Fun Land site safe….

What measures will you take to protect your business and your customers' details?

What steps will you take for fraud protection, hackers and viruses?

How will you ensure that customers have faith in your business?

When discussing benefits and drawbacks, ensure you stay objective and give a balanced account of both.

Stretch Activity

If you have finished this activity I would like you to have a look at the following sites and research into legislation governing e-commerce sites.

www.ico.gov.ukwww.direct.gov.uk