Identity Theft is the fastest growing crime in the US according to the FBI
 

Security in E-Business

Written by OSAblog on Wednesday, July 1st, 2009

Security in E-Business: An Introduction

          A central issue in the commercial use of the Internet is security. Surveys state that the economic success of electronic business applications is inhibited because the Internet lacks appropriate security measures. One way to increase the trust of consumers in electronic business applications is to establish a standardized quantification of security. It is important to find a security quantifier – not only to compare systems with one another but also to analyze and design electronic business applications.

          An Electronic Business Application (EBA) is a system consisting of a server system (at the merchant’s location), a client system (at the customer’s location), and the transmission way in between, which is assumed to be insecure and un-trusted.

We need to secure our environment so that we can perform things, as we want to get them done. E-terrorism, E-damage, E-security are being the buzzword nowadays in IT world.

Security concerns in E-business have been receiving highest attention both from designers and government. Since, shift is from paper to electronic media and transactions happen from remote and unknown locations, ascertaining the genuine nature of commercial transactions is difficult.

 

What Is Security?

          Security is not a product, nor is IT technology. Security is a process. The process of security consists of many things. It contains preventive control measures and a healthy dose of awareness. It includes disaster recovery and business continuity. Various products and technologies support all of these elements of the process. The process of the security is a state of mind that must permeate a co-operation and its culture to be effective.

          If we tell the security community that you have had problem stopping a certain virus we are at the same time also enlightening the hacker’s community. We read their websites and they read ours. Time is the hacker’s strength. Our network has to keep doing what it is doing 24 hours a day, 7 days a week, to maintain our operational capability. The hacker can sit and wait and increase the probability of detection, change strategies.

A hacker targets products of the huge customer base and each successful attack leads to a very high level of damage and provides wide publicity.

 

General Security Objectives

          Traditionally, when talking about data security usually four security objectives are identified: confidentiality, integrity, authenticity, audit ability and availability. To better suit the needs of electronic business with all its legal aspects more security objectives have been identified. The most important one is accountability.

 

      Confidentiality

          Describes the state in which data is protected from unauthorized disclosure. A loss of confidentiality occurs when the contents of a communication or a file are disclosed. Information should be protected from prying eyes of unauthorized internal users, external hackers and from being intercepted during transmission on communication networks by making it unintelligible to the attacker.

 

      Integrity

          Integrity means that the data has not been altered or destroyed which can be done accidentally (e.g. transmission errors) or with malicious intent (e.g. sabotage). Suitable mechanisms are required to ensure end-to-end message content and copy authentication.

 

      Availability

          Availability refers to the fact that data and systems can be accessed by authorized persons within an appropriate period of time. Reasons for loss of availability may be attacks or instabilities of the system. The information that is stored or transmitted across communication networks should be available whenever required and to whatever extent as desired within pre-established time constraints.

 

      Accountability

          If the accountability of a system is guaranteed, the participants of a communication activity can be sure that their communication partner is the one he or she claims to be. So the communication partners can be held accountable for their actions.

 

      Authenticity

          It should be possible to prevent any person or object from hidden as some other person or object. When a message is received it should therefore be possible to verify whether it has indeed been sent by the person or object claiming to be the originator. Similarly, it should also be possible to ensure that the message is sent to the person or object for whom it was meant. This implies the need for reliable identification of the originator and recipient of data.

 

      Audit ability

          Audit data must be recorded in such a way that all specified confidentiality and integrity requirements are met. Implementing a security solution in an Electronic Commerce environment therefore, necessitates a Risk Analysis of the business scenario. All possible threats should be considered and a security requirements policy drawn out from the organization based on a combination of some or all of the services listed above.

     Non-Repudiation (NR)

          The ability to provide proof of the origin or delivery of data is an important aspect of accountability. NR protects the sender against a false denial by the recipient that the data has been received. In other words, a receiver cannot say that he/she never received the data, and the sender cannot say that he/she never sent any data.

 

Security Goals

 

      Prevent malicious damage.

      Prevent accidental damage.

      Limit the impact of deletions.

      Prevent unauthorized access to locations.

      Provide integrity and confidentiality of data.

Provide disaster recovery system.

 

Network Security Plan

          It is very important to create a list of the company’s priorities for a security system. There is no one simple answer to the network security dilemma. Each security solution has clear advantages and disadvantages, and every company’s network has a different list of needs and a different order of priorities.

          The top three concerns for an E-business network are the levels of security, simplicity, and cost efficiency. Obviously security, simplicity, and cost efficiency overlap in many areas when used in the context of network security, and that is why a list of priorities is the best way to start a security plan. A successful solution most often uses a combination of both user-based security and traffic-based security to control the network.

 

Security on web is implemented through a layered system each checking and protecting the flow of information. The layers are the following:

 

      Source and destination relation.

      Authorization of individual – password.

      Authentication.

      Encryption of message for integrity.

      Using of public key / private key for unauthorized exposure.

      Checking the access to intranet and access to other websites through internet.

      Finally but not less important is the physical security to Intranet.

      Use of fault tolerant system, disk mirroring, duplicating and use of Raid (Redundant Array of Inexpensive Disks).

 

Web Server Security

 

 

          The server that connects your company to the Internet and the Internet to your company is in constant danger. It is important to have a clear idea about what the dangers are surrounding that server and what security measures can be taken to protect it.

 

Why Web Server Security Is Needed?

          The term “hackers” sends a chill down any e-business network administrator’s spine if only because of widely published media stories that surface again and again in the form of computer legends. Although most of the hype can be attributed to paranoia, there is a lot to worry about when it comes to securing Web servers.

          Attacks on the Web servers or done for two reasons. The first is that an attack of that sort can give the intruder vital information that can be used in the future to gain access to a private network. The second possible objective behind a Web server attack is to gain access to a private network. The second possible objective behind a Web server attack is to gain access to the Internet interface itself and change the information that is posted on the Internet.

 

 

E-mail Security

Introduction

E-mail, especially Internet e-mail, has become a basic communications tool. It is one of the most versatile means of transferring information of almost any kind. Any business application where there is a need to transfer information without the requirement for online lookup can be automated with e-mail. Email is also the easiest architecture to deploy for communications with remote employees, business partners, etc.

However, email is notoriously insecure. It is highly vulnerable to interception, and forgery of e-mail is trivial. Therefore without proper security measures, it is highly inadvisable to transfer sensitive information by e-mail, or to put too much trust on information received via e-mail.

‘Spam’ is one of the most prevalent threats to network integrity on the public Internet. It causes denial of service at the network level, by flooding bandwidth and overloading email hosts. It reduces productivity both of mail administrators and of end users. This is one area where organizations should give thrust while considering email-messaging security.

 

Virus Defenses

Virus protection is an important risk factor, that any company should be considered when it will be connecting to the Internet. Thus, many companies are building defenses against the spread of viruses by centralizing the distribution and updating of antivirus software as a responsibility of there is departments. Other companies are outsourcing the virus protection responsibility to their Internet service providers or to telecommunication or security management companies.

 

Things to Be Emphasized For E-Security

 

      Creating a Security Strategy.

      Cryptographic Tools.

      Cyber terrorism.

      Defenses from Viruses.

      Firewall Systems.

      Privacy on the Internet.

      Security service management.

      Verification of Authenticity.

 

            So, if we can follow all these steps then we can make safe and secure our entire business network.

 

SUMMARY

 

E-business depends on providing customers, partners, and employees with access to information, in a way that is controlled and secure. Managing e-business security is a multifaceted challenge and requires the coordination of business policy and practice with appropriate technology. In addition to deploying standards bases, flexible and interoperable systems, the technology must provide assurance of the security provided in the products.

 

As technology matures and secure e-business systems are deployed, companies will be better positioned to manage the risks associated with disintermediation of data access. Through this process businesses will enhance their competitive edge while also working to protect critical business infrastructures from malefactors like hackers, disgruntled employees, criminals and corporate spies.

 

We have to also think about prevention of malicious damages, accidental damages, unauthorized access to locations, provide integrity and confidentiality of data, and for disaster recovery system.

 

REFERENCES

 

Books

[1]      Amor Daniel, The E-Business (R) evolution, Hewlet–Packard Professional Books – Prentice Hall PTR., New Delhi, 2000.

[2]      Bajaj Kamlesh K. & Nag Debjani, E-Commerce The Cutting Edge of Business, Tata McGraw – Hill Publishing Company Limited. New Delhi, 2003.

[3]      E-Commerce Perspectives from different parts of the World, IT Pro, Nov/Dec 1999, IEEE Publication.

[4]      Elesenpeter Robert C. & Velte Toby J., eBusiness: A Beginner’s Guide, Tata McGraw – Hill Publishing Company Limited, New Delhi, 2001.

[5]      Jawadekar W. S., Management Information System, Tata McGraw – Hill Publishing Company Limited, New Delhi, 2003.

[6]      Kanter Jerome, Managing With Information, Prentice Hall of India Private Limited, New Delhi, 1998.

[7]      O’Brien James A., Management Information System, Galgotia Publications Pvt. Ltd., New Delhi, 1995, 2002.

 

Journals, Magazines and Reports

 

[1]      Computer Today 1-15 March, 1-15 April, 16-31August           2001.

[2]      “Electronic Commerce Technologies & Applications” IPAG      journal,

          Nov-Dec 1999.

[3]      Network Computing 1-15 October 2001.

[4]      Panagariya Arvind, E-Commerce, WTO and Developing Countries, 1999.

[5]      Special Issue of IEEE Communication Magazine on E-  Commerce, 

          September, 1999.

[6]      Towards Digital eQuality, US Govt. Working Group on Electronic

          Commerce, Second Annual Report, Nov.1999.

Web Sites Visited

  1. amjadumar.com
  2. cert.org
  3. counterpane.com
  4. cswl.com
  5. loc.gov
  6. oreilly.com
  7. siegesoft.com
  8. symantec.com
  9. xforce.iss.net
  10. csrc.nist.gov/nissc/1998/proceedings/paperD13.pdf

NOTE: Add www in the links from 1-9 and http:// in the last link. Thank you.

Article Source:http://www.articlesbase.com/security-articles/security-in-ebusiness-1002938.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Profitable Online Job Thoughts During A Recession Many people suffer professionally during a recession, from those who are laid off to those who need to work extra hours to keep their company afloat. But a recession is also a time filled with opportunities, specially for those interested in starting their own online business. During a recession, people's......
  • Security and Network Vulnerability Assessment Cyber-criminal would have to search another job, could they not rely on two big “friends”. Human nature, with its traits of trusting, negligence, credulousness, ad curiosity is surely the strongest leverage in any hacker’s arsenal. Even in a world of advanced technology, hackers will use human weakness to unveil otherwise......
  • Discovering Dangerous Business Application Vulnerabilities Enterprise security consultants may spend their days at mid-size or large organizations; they may perform their assignments from anywhere in the world. Nevertheless, they possess a common assignment: to better manage the risks related to their organizational infrastructure. More and more, corporate Web application security plays a significant role to......
  • Can End User Monitoring Bring More to the Organisation Than Just Increased Security and Compliance? As firewalls, email and content filters work invisibly in the background, is the most obvious place to detect IT wrong doing, or even take a snapshot of business activity, right in front of our eyes? User activity monitoring could, potentially, yield enormous benefits for an organization far beyond just detecting......
  • Computer Security Computer security means a security which is used in computer and network. When some unauthorized person works on our computer than computer security is used in detecting that person and preventing that person from using it. In order to be safe as we use computer in day today life computer......
Blog Traffic Exchange Related Websites
  • Online Business: You Should Learn The Basics! If you want to deal with interesting sense of business you have to try out online one! Online business is the best item internet is able to give us! You can play arcades in the world wide web, you can plan casino, you can mail with your friends and mates,......
  • Start An Online Business: Here Is An Affiliate Marketing Tip To Begin With If you want to to start an Online Business this year, but you are not quite sure what to do, this article may be helpful. If you have done any internet research at all you are no doubt familiar with affiliate marketing. Affiliate marketing is a great way for anyone......
  • Start A New Life – Explore Online Business! Do not be long if you want to set up online business! There are many people who want to set up the one too and you must hurry to get your kind of online business. It is a long story what online business is. But in brief online business is......
  • You Must Know All Ins And Tips About Online Business You have to mind your step if you are with online business. We will spare you the details just will tell you about tips you have to know. There are many things you have to know about if you are with online business – about relationships, kinds of it etc.......
  • Major Aspects About Online Business For You To Take Into Consideration If you are standing as a prosecutor while talking about online business it is really the problem which must be deleted. Online business is a swell and fab way you have to try now. Why now? Because there are many folk who want to try out it too but they......
 

Leave a Comment

CommentLuv Enabled

« How To Get The Most Out Of Your Limousine Service | Home | How much is Too Much: Internet Protection »