Security

Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term loss of customers –Embarrassment to organisation –Loss of money owed

How is data insecure? Internal –Hardware/Power failure –Damage by smoke/fire –Damage by staff: Deliberate by unhappy staff Alteration of data by staff for fraud Accidental erasure by inexperienced staff External –Theft of Equipment –Hackers –Virus Attack

Physical Security Damage to equipment –Protect from the elements (keep indoors e.g.) –Magnetic media – keep away from magnetic fields –Drinking at computers – ban –Heat – keep away Theft –Keep rooms locked –Bolt to desks –Security tag all equipment –Locate away from the public Fire –Sprinkler/gas systems –Smoke detectors

Hacking E-Commerce sites need to prevent hacking so that the running of their business is undisturbed and more importantly their customers details are not stolen. Definition: Hacking is when someone attempts to enter a computer system with the aim of stealing data, damaging the system or just to show they can.

Viruses ‘Virus’ has become a catch all term to describe any malicious computer program that can cause an unwanted result when run. A virus is a manmade program that causes an unexpected, usually negative, event and is self replicating. It is often disguised as a game or an image with a clever marketing title and attached to an or downloadable file.

A worm is a virus that resides in the active memory of a computer and duplicates itself. It may send copies of itself to other computers, such as through or Internet Relay Chat (IRC) A Trojan is a malicious program that pretends to be a benign application, but purposely does something the user does not expect. Trojans are technically not viruses since they do not replicate but they can be just as destructive.

Prevention Anti virus software must be installed on the web server and all of an e-commerce businesses computers. Not only must it be installed but updated regularly, ideally every day. New viruses are developed all the time and anti virus software must have the latest defences to provide the best protection possible.

Identity Theft DI theft is a new form of crime that the Internet has made more common. It involves a thief who has stolen the personal details of their victim and uses them to apply for services such as credit cards, loans, mortgages under the guise of their victim. Often only detected when the victim receives correspondence requesting payment for the thief's spending.

Often this type of crime is difficult to trace. The type of customer details stored by e- commerce businesses provides enough information to commit identify theft, so it is very important that all e-commerce businesses protect their customers data with every method possible.

Firewall impact on site performance. A firewall builds a protective virtual barrier around a commuter or a network of computers so that only authorised programs can access the data. It sets up a gateway and only allows authorised traffic through the gateway. Incoming data is inspected and, if authorised, let through opened ports.

However if ports are left open. A ‘back door’ becomes available for hackers to enter the system. Security policies can be set to block certain scripts running on the users computer, this is done to prevent hackers attacking the system. When a security policy is decided for a firewall, the administrator must balance the need to high security with the possibility of losing functionality from the website.

Secure Socket Layer (SSL) SSL is a cryptographic protocol that provides secure communication o the Internet. It provides endpoint authentication, meaning that both the server and the client need to be identified and confirm that they are who they say they are. This is done by public key encryption and certificate based authentication.

HTTPS HTTPS is the protocol usually used by websites in the Internet. HTTPS is a secure version of the protocol which uses encryption to protect the data entered on the site. This protocol is usually used when customers are entering their payment details.

RSA Certificates RSA certificates are a method of coding information so that the people at either end are identified by a digital certificate, coupled with a digital signature. These can confirm the identify of the sender or recipient.

Strong passwords It is vital for all commuter users to use strong passwords, especially important for web servers and other eCommerce systems. Both letters and numbers Both capitals and lowercase Symbols such as * or # More than eight characters.

To summarise Identity theft: occurs when a victims details are stolen and someone else pretends to be him or her and applies for financial products and/or makes purchases. A firewall is a piece of software that protects the system from unauthorised access Public Key encryption is a method of coding information so that only the people with the right key at both ends of the communication can decode it.

Certificate based authentication is a method of cryptography which prevents data being read by unauthorised parties. HTTPS stands for Secure Hypertext Transfer Protocol. Encryption is a method of encoding that is difficult to decipher by unauthorised parties. It uses prime numbers. The higher the prime number, the stronger the encryption.

What is a digital signature?