WEB SECURITY HIMANSHU TYAGIVIJETA GANDHIJASPREET SINGH

REQUIRMENT FOR SECURE E-COMMERCE

Intellectual property  threats Client computer threats  Communication channel threats Server threats

SECURITY TRIADSConfidentiality IntegrityAvailability

Confidentiality Ensures that data or an information

system is accessed by only an authorized person. User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved

Integrity  Integrity assures that the data or

information system can be trusted. Ensures that it is edited by only authorized persons and remains in its original state when at rest. Data encryption and hashing algorithms are key processes in providing integrity

Availability Data and information systems are

available when required. Hardware maintenance, software patching/upgrading and network optimization ensures availability

NETWORK SECURITY Network security consists of the provisions

and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.

FIREWALLS A firewall is

a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

Types of firewall:- Network layer or

packet filters Application-layer Proxies Network address

translation

Network layer or packet filters Network layer firewalls generally make their

decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.

Application-layer Application layer firewalls defined, are hosts

running proxy servers, which permit no traffic directly between networks, and they perform elaborate logging and examination of traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other, after having passed through an application that effectively masks the origin of the initiating connection, Chris Partsenidis says.

Proxies Proxy firewalls offer more security than other

types of firewalls, but this is at the expense of speed and functionality, as they can limit which applications your network can support.In Proxy firewall traffic does not flow through a proxy. Instead, computers establish a connection to the proxy, which serves as an intermediary, and initiate a new network connection on behalf of the request. This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is, because they will never receive packets created directly by their target system.

Network address translation Firewalls often have network address

translation {NAT} functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range“. Firewalls often have such functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance

Problems of CIA Triad Although the CIA triad is a fundamental

model for information security, it also focuses on a limited view of IT security that is centered on information. While the priority is to protect the information and ensure that data resources are available, the CIA model does not address prevention of an unauthorized person from using the system’s hardware resources.

Another issue is the information security professionals will concentrate on the “confidentiality” part of the triad, essentially ignoring the other components of a balanced security approach. For instance, when the “accessibility” component of the triad is neglected, this could mean severe disruptions to communications, costing millions and significantly impacting an industry. Thus, it is necessary for security professionals to contribute skills and knowledge during the purchasing and selection process for an organization’s communications network.

Conclusion This Presentation gives a glimpse about

the security concerns for E-Commerce and requirement for a secure E-Commerce environment . It comprises of Security Triads I.e C.I.A (Confidentiality , Integrity, Availability). It also explains about Firewall and its various types. Network security issue and the problems faced in Network triads are also discussed.