Security threats to an e-business


As securing data and servers is critical to an organization's successful functioning, this article talks about the network and security level threats as well as their solutions.

Securing an organization's data and servers is critical to its successful functioning. According to a recent strategic research, 72 percent companies have no recovery plans, 60 percent of corporate data exists unprotected on PCs, 62 percent of time backup fails because of hardware and 83 percent of data loss is caused by system failures or human errors. This gives a clear picture of the vulnerability most organizations face against security threats.

An organization that implements e-business models needs to protect its models from multiple levels of threats- from pirates, hackers as well as insiders. Primary concern is to secure communication networks and data transfer between networks.

There is no lock in the world that cannot be broken. To implement effective security solutions, it is also necessary to understand the potential security threats.

Security threats can be broadly categorized into network level threats and data level threats. The network level threat is primarily from hackers and thus one needs to ensure the security of the complete network including internet, intranet, extranet, LANs and WANs. On the other hand, the data level threat is commonly from insiders and organizations must ensure the security of data when it moves from one computer to another.

Network Security


Network Security threat is primarily from hackers. Hackers are individuals who intend to gain unauthorized access to a system while crackers are the hackers with criminal intent. A large number of potential security threats can be prevented simply by encrypting data, securing servers and designing a proper physical network.

Following are some of the common techniques that hackers and interlopers use:

  • Denial of Service (DOS) attacks- Server starts sending DOS messages to authorized users when a hacker floods the website with large amount of useless traffic which exceeds the server's capacity to process. Distributed DOS attack is caused by a number of computers from multiple launch points. As a result, system information becomes unavailable to authorized users.

  • Spoofing- When someone inserts spurious information into the system by making it appear as if it is from a legitimate party, uses fake email addresses or masquerades some identity, it is called spoofing.

  • Sniffing- This is an eavesdropping program that monitors all information travelling over a network. The program enables unauthorized parties to browse through files or read communications.

  • Applets- Applets or malicious codes include threats like worms, viruses and Trojan horses. Viruses replicate and spread to other files, worms spread from computer to computer while Trojan horses do something other than expected or claimed.


  • Solution to network level threats

    A basic network security model would consist of three things: firewall, router and packet filters. The significance of three is stated below.

  • Firewall- Firewall is a system or a collection of components placed between two networks to insulate a private network from a public network. Only the authorized traffic defined by company's security policy will be allowed to pass through the firewall.

  • Router- Routers are network traffic managing devices placed between the networks to ensure that the route followed is as intended.

  • Packet filter- Packet filtering mechanisms identify the source, destination and filters the flowing traffic.


  • Data Security


    Data communicated between two business parties needs to be confidential and unaltered. The original data, if altered by unauthorized parties, may add new terms or deny of previous commitments made by the parties involved in the online transaction. This type of attack is more commonly made by insiders and competitors.

    Solution to data level threats

    The most effective way to secure data is to encrypt it i.e., to transform the plain text into cipher text. Cipher text cannot be read by anyone other than the sender and the receiver. This can be done in two ways: either every occurrence of a letter can be systematically replaced by another or the letters of each word can be ordered in some systematic way.

    Following are the different kinds of cryptographic techniques that e-business organizations use:

  • Symmetric key cryptography- Here, the sender and the receiver use the same key to encrypt and decrypt a message. In fact, this is where the drawback of this cryptography lies. Imagine what happens if the hacker gets the symmetric key. Yet, symmetric systems are much in demand and Data Encryption Standard (DES) developed by National Security Agency and IBM is most widely used.

  • Public key cryptography- Here, the encryption key and the decryption key are different to ensure confidentiality. The private key is held by the receiver of the data and the public key is sent to all the senders. The sender then uses the public key to encrypt the data and send it over internet. The receiver uses the private key to decrypt this data and use it.

  • Digital signature- Digital signature uses two key pairs, one for the public key encryption and the other for digital signature of the sender. Sender digitally signs the message using the private key. He then encrypts the message and the digital signature using public key of the receiver. The receiver of this digitally signed encrypted message decrypts the message by using private key and verifies the digital signature by using public key of the sender. This ensures authenticity of the sender of the message.

  • Digital certificate- Digital certificates are issued for a period of 1-2 years by third party certifying authorities. These authorities first verify the virtual organizations before issuing a certificate. Public key encryption and digital signature tools are also issued along. In India, one can approach TCS, NIC, IDRBT and MTNL for certification.


  • Read eBay hacking and lessons learnt to stay secured online


    Comments

    No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: