Study Of Episodes On ECOMMERCE Systems Computer Technology Essay

Electronic commerce (e-commerce) services nowadays have grown to be a core component and more popular on Internet and Web environment. Electronic business, Internet and Web environment have empowered businesses to lessen costs and offer benefits both to the buyer and to the business. According to Forrester Research the online retail sales in the United stated for 2003 exceeded $100 billion. As the info Technology and the using of internet are increasing every day, the demand for secure information and electric services keeps growing. Every online deal in the internet can be checked and stored in a variety of locations, since the Internet is a public network it creates very important for businesses to understand possible security risks and vulnerabilities with their business. The key factor that influences the success of e-commerce is to switch security on network. In this newspaper we will summarize some of the security hazards and vulnerabilities regarding the e-commerce security.

Keywords: e-Commerce security, hazards, vulnerability, attacks

1. Introduction

The improvements that Internet has made in the past couple of years have changed the way people see and use the Internet itself. The greater their use grows, the more disorders purpose these systems and the quantity of security risks rises. Security is becoming one of most important issues and significant matter for e-commerce that must be fixed [1]. Every private and general public firm is taking computer and e-commerce security significantly more than before because any possible invasion directly comes with an effect in E-commerce business [5]. The Internet and Web environment can provide as much security hazards and vulnerabilities as opportunities for a company.

The low priced and high option of the globally Internet for businesses and customers has made a revolution in e-commerce [1]. This revolution in e-commerce subsequently increases the requirement for security, as well as the number of on-line cheats and scams as it is shown in the Figure 1. Although there's been investments and put in a very large amount of time and money to provide secures networks, still there is always the possibility of the breach of security [5]. Matching to IC3 2007 annual report, the total dollar damage from all referred complaints of fraud was $239. 09 million [3]. The majority of these frauds and cheats were dedicated over the Internet or similar online services. Security continues to be a significant concern for e-commerce and an effort for each and every company. Mitigate security threats and vulnerability continues to be a battle for every company [5]. Good security infrastructure means good productivity for the business.

Figure 1: Occurrences of Internet fraud [15]

In this paper in the first section we gives a brief describe of e-commerce and the types of e-commerce, and then in second section we will express the security issues plus some of the threats and vulnerabilities- attacks in e-commerce. Previous section discuss various defence mechanism uses to safeguard e-commerce security which continues to be high concerns of business.

2. E-commerce Background

Information and communication technology has become more and more essential and crucial part of businesses. This highly uses of information technology have changed the original way to do business. This new way to do business is recognized as Electronic Business (E-Commerce) or Electronic Business (E-Business) [12]. Electronic commerce or e-commerce means buying and selling of products or services over the part of internet called World Wide Web. Regarding to Verisign [2004] electric business is a "strategic imperative for most competitive organisations today as it is an integral to finding new sources of revenue, widening into new market segments, reducing costs, and creating breakaway business strategies". E-commerce includes electronic trading, trading of securities, banking, hotel booking, purchases of flight tickets etc [2]. There are different types of e-commerce, but we will encompass the e-commerce on there types of business exchange:

B2B ( business to business);

B2C ( business to consumer);

C2C (consumer to consumer) [4].

Business to Business (B2B) e-commerce- is simply defined as business orders among and between businesses, such as connection between two companies, between e company and wholesaler, between a wholesaler and a store [16]. You will find four basic tasks in B2B e-commerce - suppliers, clients, market-makers and web providers. Every company or business plays at least one of them, and many companies or businesses play multiple assignments [9]. According to the Queensland governments division of express development and development [2001] B2B ecommerce made up 94% of most e-commerce orders [8]. The good examples and models of B2B will be the companies such IBM, Hewlett Packard (HP), Cisco and Dell.

Business-to-Consumer (B2C) e-commerce- is the commerce between companies and consumer, businesses sell right to consumers physical goods (i. e. , such as literature, Dvd disks or consumer products), or information goods (goods of electronic materials digitized content, such as software, music, movies or e-books) [10]. In B2C the net is usually used as a medium to order physical goods or information goods [8]. A good example of B2C deal would be whenever a person will buy a booklet from Amazon. com. Regarding to eMarketer the income of B2C e-commerce form US$59. 7 billion in 2000 increase to US$428. 1 billion by 2004 [10].

Consumer to Consumer (C2C) e-commerce- this is the type of e-commerce that involves business transactions among private individuals or consumers utilising the web and World Wide Web. Using C2C, costumers can advertise goods or products and retailing them directly to other consumers. Among C2C is eBay. com, which is an online public sale where costumers by using this web site have the ability to sell a wide variety of goods and products to the other person [6]. There may be less information on how big is global C2C e-commerce [10]. Figure 2 illustrates a few of the e-commerce business explain above.

Figure 2: Common e-Commerce business design [14]

3. Security threats to e-commerce

Security has three basic principles: confidentiality, integrity, and availability. Confidentiality ensures that only the authorized persons get access to the info, not access for the unauthorized people, Integrity ensures the data stored on any devices or during a communication process aren't modified by any malicious user, Availability means that the info must be accessible when it's needed [16]. Security takes on an important role in e-commerce. The number of online transaction last years has a tremendous increase; it has been accompanied by an equal rise in the amount of threats and type of episodes against e-commerce security [13]. A threat can be explained as "the to exploit a weakness that may result in unauthorised access or use, disclosure of information or usage, theft or damage of a source, disruption or modification" [8]. E-commerce environment has different people included E-commerce network:

Shoppers who order and purchase products or services

Merchant who offer products or services to the shoppers

The Software (SITE) installed on the merchant's server and the server

The attackers who will be the dangerous part of E-commerce network

Looking on these parties mixed up in e-commerce network, it is not hard to

see that harmful hackers threaten the whole network and will be the most dangerous part of network. These hazards on e-commerce can misuse, misuse and cause high financial damage to business. Amount 3 briefly shows the techniques the hackers use in an E-commerce network [11].

Figure 3: Goal factors of the attacker [11]

The assets that must definitely be protected to ensure secure digital commerce in an E-commerce network include customer (shopper) pcs or client-side, purchase that travel on the communication route, the web page on the server and the merchant's server- including any hardware mounted on the server or server-side. Communication channel is one of the major investments that need to protect, but it is not the only matter in e-commerce security. Client- side security form the user's point of view is the major security; server-side security is a major concern form the service provider's viewpoint. For instance, if the communication channel were made secure but no security solution for either client-side or server-side, then no secure transmission of information would can be found by any means [1, 2]. According to Figure 3 above there are a few different security harm methods that an attacker or hacker may use to strike an E-commerce network. Within the next section we will describes potential security assault methods.

4. Possible Attacks

This section overviews and identifies various disorders that may appear in the sense of any e-commerce application. Moreover, ethical aspects are taken into account. From an attacker's perspective, there are multiple activities that the attacker can perform, whereas the shopper doesn't have any clue what is going on. The attacker's goal is to get access to every single information in the network flow from the when the buyer has pressed the ''buy" button until the web site server has responded again. Furthermore, the attacker attempts to attach the application form system in a most discrete and honest way. An onview of varied disorders on ecommerce receive:

Tricking the Shopper: One very profitable and simple way of taking the shopper's behavior and information to use against the attacker is by tricking the shopper, which quite simply is known as the social anatomist technique. This can be done in a variety of ways. A few of them are:

An attacker can call the shopper, representing to be an employee from a shopping site to extract information about the shopper. Thereafter, the attacker can call the shopping site and then pretend to be the shopper and ask them for an individual information, and further require a security password to reset the user account. That is a very normal scenario.

Another example would be to reset the security password by giving information about a shopper's private information, like the date of beginning, mothers maiden name, favourite movie, etc. If it is the truth the shopping websites provides away these information away, then retrieving the security password is not a major challenge any more.

A previous way of retrieving personal information, which incidentally is utilized a lot during the internet today, is by using the phishing schemes. It is very difficult to distinguish for example, www. microsoft. com/shop with www. micorsoft. com/shop. The difference between these two is a transitioning between the characters 'r' and 'o'. But by entering into the wrong bogus shop to pretend to be an original shop with login forms with password fields, will provide the attacker all private information. Which is performed if the shopper mistypes this URL link. The mistyped Web address might be sent through email and pretend to be a genuine shop with no notice from the buyer [11, 15].

Password Guessing: Attackers are also alert to that can be done to reckon a shoppers security password. But this requires information about the shopper. The attacker may need to know the birthday, this, the last name, etc. of the shopper, to try of different mixtures. It's very common that the personal information can be used into the security password by many users through the internet, since they are easy to be kept in mind. But still, it requires a lot of work from the attacker's view, to produce a software that guesses the buyers security password. One very famous episode might be to research words from the dictionary and use these as passwords, this is also called the dictionary invasion. Or the attacker might look at reports over which passwords are mostly used in the complete world [15].

Workstation Attack: A 3rd way is to seeking to strike the workstation, where the website is situated. This involves that the attacker is aware the weaknesses of the workstation, since such weak points are always shown in work channels which there exist no perfect system with no vulnerabilities. Therefore, the attacker may have a likelihood of accessing the workstations root by via the vulnerabilities. The attacker first attempts to see which jacks are available to the prevailing work stop by using either own or already developed applications. And ones the attacker has gained usage of the system, it'll therefore be possible to check out the workstations information about buyers to retrieve their Identification and passwords or other confidential information.

Network Sniffing: When a shopper is visiting a shopping website, and there is a transaction ongoing, then the attacker has a fourth opportunity. The possibility is called sniffing. An attacker is sniffing means that data which is exchanged between the customer and server are being sniffed (traced) by using several applications. Network communication is furthermore nothing like real human communication as well. Within a human communication, there might be a third person somewhere, hearing the conversation. Within the network communication technology, the info which is delivered via the two people are first divided in something called "data deals" prior to the actual sending in one part to some other. The other area of the network will therefore accumulate these packages back into the one data that was delivered to be read. Usually, the attacker looks for to be as close as possible to the either the customers site or close to the shopper to sniff information. In case the attacker places himself in the halfway between your shopper and website, the attacker might therefore retrieve every information (data packages). Given an example in this, then supposing a Norwegian local shopper wants to buy something from a webshop positioned in the United States of America. The first thing that will happen is the fact the personal information data which has been delivered from the shopper will be split into small pieces of data to the server found in the USA. Since the data flow within the network is not handled by the man, the plans might be send to different locations before achieving the destination. For example, some information might go via France, Holland and Spain before actually achieving the USA. In such a case, the sniffer/attacker was found in France, Holland or Spain, will mean that the attacker might not retrieve every and single information. And considering that data, the attacker might not analyze and get enough information. This is often the reason why attackers are as close as is feasible to either the foundation or the vacation spot point (client side or server aspect).

Known Bug Episode: The known bug attack can be utilized on both buyers' site and on the website site. Through the use of already developed tools, the attacker can apply these tools to find out which software to the target the server is having and using. From that time, the attacker further need to find areas of the software and examine which bugs never have been corrected by the administrators. And when knowing the pests which are not set, the attacker will thus hold the opportunity of exploiting the machine [11].

There are still many various of attacks you can do more than these explained above. More episodes that be utilized against ecommerce request could by doing Denial of Service (DOS) episodes where the attacker impact the servers and by using several methods, the attacker can retrieve necessary information. Another known episode is the buffer overflow episode. If an attacker has gained access to the root, the attacker might further get personal information by causing his own buffer, where all overflow (information) is transferred to the attacker's buffer. Some attackers also use the probability looking into the html code. The attacker might retrieve delicate information from that code, if the html is not well organised or optimized. Java, Javascript or Active X export are being used in html as applets, and the attacker might also distort these and established a worm in to the computer to retrieve confidential information.

5. Defence

For each new strike presented in the real world, a fresh defence system needs further to be shown as well to protect the society from unsuspicious issues. This section introduce some defence issues how to protect the attacks identified in the section before. However, the primary goal from an sellers viewpoint within an ecommerce request is to safeguard all information. Safeguarding a system can be carried out in several ways.

Education: In order to decrease the tricking problems, one might inform all shoppers. This issue requires a great deal of effort in time rather than simple, because so many customers still will be tricked by common sociable engineering work. Stores therefore have to keep and remind customers to use a secure security password since this person is employed as the individuality. It is therefore important to obtain different passwords for different websites as well and probably save these passwords in a secure way. Furthermore, it is very important not to give out information via a telephone conversation, email or online programs.

Setting a safe Password: It is very important that customers do not use passwords which can be related to themselves, such as their birthdays, children's name, etc. It is therefore important to employ a strong password. A solid security password has many meanings. For example, the distance of passwords is an essential aspect with various special heroes. In case a shopper cannot find a strong security password, then there are numerous net sites showing such strong passwords.

Managing Cookies: Whenever a shopper registers into a site with personal information, a cookie is being stored in to the computer, so no information is needed to be entered again at next logon. This information is very helpful for an attacker, it is therefore recommended to stop using cookies, which can be an very easy step to do in the internet browser [11].

Personal Firewall: An approach of guarding the shopper's computer is by by using a personal firewall. The goal of the firewall is to regulate all incoming traffic to the computer from the exterior. And further it will control all out coming traffic. In addition, a firewall in addition has an intrusion detection system installed, which means that unwanted endeavors at accessing, adjustment of disabling of the computer will never be possible. Therefore, it is strongly recommended a firewall is installed into the pc of the shopper. And since pests may appear in a firewall, it is therefore further important to revise the firewall [11].

Encryption and decryption: All traffic between two gatherings can be encrypted from it is being send from the client and decrypted when it has been received until the server, vice versa. Encrypting information will make it a lot more difficult for an attacker to retrieve confidential information. This can be performed by either using symmetric-key algorithms or asymmetric key algorithms [11].

Digital Signatures: Just like the hand signatures that happen to be performed by the real human hand, addititionally there is something known as the digital personal. This signature verifies two considerations. First, it bank checks whether the data comes from the original customer and secondly, it verifies if the concept has been customized from it's been sent until it was received. That is a great benefit for ecommerce systems [11].

Digital Certificates: Digital personal cannot handle the situation of attackers spoofing shoppers with a fake web site (man-in-the-middle-attack) to information about the shopper. Therefore, using digital certificates will solve this problem. The shopper can with very high likelihood accept that the web site is legal, since it is trusted by an authorized and much more legal party. In addition, a digital license is not a permanent unrestricted time trusted. Therefore some may be dependable to see if the license is still valid or not [11].

Server Firewall: Unlike personal firewall, there is also something known as the server firewall. The server firewall can be an more advanced program which is installation by by using a demilitarized zone technique (DMZ) [11]. In addition, it is also possible to employ a honey container server [11].

These preventions were some out of several in real life. It is very important to make users aware and administrators upgrade patches to all or any used application to help expand protect their systems against disorders. One could also evaluate and monitor security logs that are one big defence strategy, to see which traffic has took place. Therefore it is important that administrators read their logs frequently and understand which parts have been hit, so administrators can upgrade their system.

6. Conclusion

In this newspaper firstly we gave a brief history of e-commerce and its own application, but our main attention and the purpose of this newspaper was to provide e-commerce security issues and various attacks that can occur in e-commerce, also we describe a few of the defence mechanism to protect e-commerce against these problems. E-commerce has proven its great profit for the shopper and sellers by reducing the expenses, but e-commerce security is still an issue and a significant concern for everybody who is involved in e-commerce. E-commerce security dosage not belong only technical administrators, but everyone who participate in e-commerce- stores, shopper, service provider etc. Even there are several technologies and mechanisms to protect the E-commerce such as customer IDs and passwords, firewall, SSL, Digital certificates etc, still we need to take note and prepared for just about any possible attack that can occur in e-commerce.

Also We Can Offer!

Other services that we offer

If you don’t see the necessary subject, paper type, or topic in our list of available services and examples, don’t worry! We have a number of other academic disciplines to suit the needs of anyone who visits this website looking for help.

How to ...

We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)