Notes for BSc CSIT

Network Security for E-commerce  A network security is defined as a circumstance, condition with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, modification of data, denial of service, and/or fraud, waste, and abuse.  The discussion of security concerns in electronic commerce can be divided into two broad types: 1. Client-Server Security 2. Data and Transaction Security 1. Client-Server Security   Client/server security uses various authorization methods to make sure that only valid users and programs have access to information resources such as databases.  Access control mechanisms must be set up to ensure that properly authenticated users are allowed access only to those resources that they are entitled to use.  Such mechanisms include password protection, encrypted smart cards, biometrics, and firewalls. 2. Data and Transaction Security Data and transaction security ensure the privacy and con...

Security Threats in the E-commerce Environment  Vulnerabilities In E-commerce Vulnerability is a weakness that allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, an attacker's capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness From a technology perspective, three key points of vulnerability in the e-commerce environment when dealing with e-commerce:  Client,  Server and  Internet communications channels                                           OR,  Four key points of vulnerability threat:  Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g., music downloadi...

  Security Threats Any act or object that poses a danger to computer assets is known as a threat. Management must be aware of the various kinds of threats facing the organization. There are several types of threats 1. Attempt to access a website and modify or destroy its contents  2. Attempt to access a website and read confidential information such as credit card numbers and other confidential data 3. Send malicious programs such as Viruses, Worms, and Trojans to a web server by a browser Or SECURITY THREATS IN E-COMMERCE Threats in E-commerce   A threat is an object, person, or other entity that represents a constant danger to an asset.   Hackers attempt to steal customer information or disrupt the site.  A server containing customer information is stolen.  Imposters can mirror your e-commerce site to steal customer money.  Authorized administrators/users of an e-commerce website download is hidden active content that attacks the e-commerce...

Ecommerce security  eCommerce security is the guideline that ensures safe transactions through the internet. It consists of protocols that safeguard people who engage in online selling and buying goods and services. You need to gain your customers’ trust by putting in place eCommerce security basics. Such basics include: Privacy Integrity Authentication Non-repudiation Ecommerce security refers to the measures taken to protect your business and your customers against cyber threats. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.  E-Commerce security has been defined as “the technical tools backed by laws, regulations and administrative process designed to preserve the integrity and availability of digital information, assets process and transactions in e-commerce” Type of E-Commerce Security 1. Physical Security It includes tangible protection devices such as alarms, guards, fireproof doors, security fences,...

Dimension of E-commerce security  Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party  Nonrepudiation: the ability to ensure that e-commerce participants do not deny (repudiate) online actions  Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet  Confidentiality: ability to ensure that messages and data are available only to those authorized to view them  Privacy: the ability to control the use of information a customer provides about himself or herself to merchant  Availability: ability to ensure that an e-commerce site continues to function as intended

  EDI for e-commerce  • New EDI services for electronic commerce are seen as the future bridge that automates external and internal business processes, enabling companies to improve their productivity on a scale never before possible.   • The economic advantages of EDI are widely recognized.  • But until recently, companies have been able to improve only discrete processes such as automating the accounts payable function or the fund's transfer process.  • Companies are realizing that to truly improve their productivity they need to automate their external processes as well as their internal processes.  • This is the thrust of new directions in EDI.  • EDI presents information management solutions that allow companies to link their trading community electronically—order entry, purchasing, accounts payable, funds transfer, and other systems interact with each other throughout the community to link the company with its suppliers, distributors, custom...

 Components of EDI The following components and tools are necessary for performing EDI are:- 1) Trade Agreement - a legally binding trade agreement between you and your trading partner. 2) Standard Document Format - the standard agreed-upon format for the document to be electronically transmitted. 3) EDI Translation Management Software- software used to convert the document your application's format into the agreed-upon standard format. For optimum performance, the translation software should be on the same platform as your business application.  4) Communications Software - a programming tool that enables you to write communications protocols or a separate application. It can be a module to the translator or a separate software application.  5) Modem - a hardware device used to transmit electronic information between computer systems. The higher the baud rate, the faster the communications will be. 6) VAN - stands for Value Added Network. A network to which you can con...