E-Commerce Lecture 21

Clothing marketer Guess Inc. will tighten security for its Web site to resolve federal charges that it failed to protect customer credit card information from computer hackers.
Click here to read the rest of this news story.

The learning objectives of lesson 8 include:

General E-Business Security Issues
The security of a firms data and servers is of critical importance. It should be noted that fraud and other security threats are nothing new. The Internet connected business simply has more “doors” that can be kicked in.

Basic e-business security issues center around providing security for communications and guarding data. Perfect security is not possible. The instructor must note that the amount of security purchased is largely an economic decision. At some point there is a diminishing marginal return from increased security practices.

Network and Web Site Security Risks
There are a large number of potential risks that an e-business faces. Most can be addressed using a best practices approach to security. Most students have heard of, or have experienced viruses. However, they may not aware of problems such as denial of service attacks or data spills.

E-Business Security
It is important to emphasize that while prefect security is not possible, routine security precautions such as secure servers, data encryption, and proper physical network design defeat amateur hackers and many more talented interlopers. If we combine routine measures with the application of security patches from the operating systems vendors, most problems will be avoided. This is not to say problems will not occur. Even well known and professionally run sites have problems from time to time as hackers discover new holes in software that can be exploited.

It is important to note that do-it-yourself web hosting is vulnerable in many cases as the level of knowledge and experience needed for modern, effective secutity may not be available in-house. If hosting is outsourced, security arrangements are the responsibility of the hosing firm.

E-Business Security Providers
Like most functions, security can be outsourced. One aspect of security analysis involves penetration testing by consultants. Their job is to examine the firm’s site and identify weaknesses that can be fixed. This type of analysis is sometimes called ethical hacking.

E-Business Risk Management Issues
Like most conventional risks, e-business security risks can be insured against. It is possible to purchase insurance that covers the costs of a major incident. The insurance company may provide some consulting on security risks as part of its services.

Firewalls provide a line of defense between a network to be protected and the Internet or some other network that could house a threat. Firewalls are computers that pass all traffic, both inbound and outbound through their system, permitting only authorized traffic to pass by. In addition, firewalls should be immune to penetration. Three common categories of firewalls are packet filters, gateway servers and proxy servers. Packet filters examine all data flowing between the secured network and the Internet, and permits or denies access according to some preprogrammed set of rules. Gateway servers screen traffic based on the application, which they request. Proxy servers are computers that articulate with the Internet on behalf of the commercial network to determine whether the request should be passed along to the commercial network.

What role the Secure Socket Layer, Secure HTTP, and secure electronic transaction protocols play in protecting electronic commerce

Secure Sockets Layer (SSL) system produced by Netscape and the Secure Hypertext Transfer Protocol (S-HTTP) from CommerceNet are two protocols that provide secure information transfer through the Internet. SSL secures the connection between two computers at the transport layer of the multi-layer Internet protocol set. S-HTTP sends individual messages securely while operating at the application (top) layer. Both systems encrypt outgoing messages and decrypt incoming messages automatically and transparently.