Example Business Essay
Internet Security Issues
Exchange of information and financial transactions to procure goods and services over the Internet is termed as e-commerce activity. For the purpose of business progression, manufacturers, suppliers and distributors also interact via e-commerce system. Majority of organisations in the contemporary world of technological advancements have prominent presence on the web and there a number of brands which do not need bricks and mortar to prove their successful market presence. The most common form of e-commerce was limited to online procurement of goods and services where consumers place an order online and receives the selected goods and services at their doorstep. With the passage of time, a multi-channel retail system has also been introduced by which consumers purchase through online transaction but receive their chosen goods from the respective store at their own convenience. In addition to this, ecommerce systems are also widely integrated in the service industry including banks, building societies and insurance companies etc. Regardless of the nature of host industry in which an e-commerce system has been integrated, the associated advantages and disadvantages are more or less similar. The paper intends to highlight the security issues pertaining to e-commerce system and proposes few vital recommendations for improvement.
2.1 E-Commerce Security
Apart from the threats of physical or hardware damage, the e-commerce system is gravely influenced by the risks associated with its technical and software mechanism. The technical and software mechanism of e-commerce relies upon three security components which are discussed below. Moreover, the key security features that facilitate an organisation to develop a secure system have also been examined.
2.1.1 Security Components
The concept of security encompasses three essential components including confidentiality, integrity, and availability. The authorised parties are allowed to access the highly confidential information and data related to the consumers. Leakage of any such private information to an unauthorised party or an individual is a breach of confidentiality. The integrity of the data is ensured by preserving the exact information contained in it however; the integrity can be violated by the addition of supplementary demand for payments within bills and statements. The third component of security is the availability which ensures secure access to resources and if it is delayed then the idea of availability is negatively influenced.
2.1.2 Key Security Features
The key security features of an e-commerce system include authentication, authorisation, encryption and auditing. Each of these features has its distinct
uniqueness and significance in an effort to preserve secure transactions.
- Authentication is the process of verifying that the individual accessing the system is the the person they claim to be and prevents an unfamiliar person to log in to process transactions.
- Authorisation is the act of taking command over the online personal resources and manipulates them through a specific mechanism. This process enables an individual to keep track of their account balance and invoice system without the hassle of unnecessary deletion.
- The process of encryption is designed to enhance maximum security measures by hiding confidential information. It prevents unauthorised access to financial transactions taking place via the internet.
- Auditing is another security feature that is devised by organisations to keep record of the online transactions. Companies use this information to prove the validity of transactions especially in the case where a consumer claims a false transaction.
2.2 Security Issues Pertaining to E-Commerce
The main objective of e-commerce activities is to grab the attention of online-surfers by effective advertising campaigns and convert them into an online-purchaser. Security of web based transactions has been identified as the main issue in the progression of e-commerce activities. Implementation of secure internet solutions for the maintenance of protected e-commerce system may incur excellent reputation and potential monetary benefits. Following are the major security issues to e-commerce system:
2.2.1 Computer Viruses
Computer viruses have been identified as the most critical threat to the security of web based transactions. The built-in apprehensive systems of the consumers are at a greater risk of accepting such viruses. With the help of advanced technology and increased number of hackers, it has become easier to invade the security area of a PC or Mac to sabotage its functioning. The older versions of operating systems including Windows 9x or MacOs 8.x have been identified as the most vulnerable systems that are endangered by the incursion of computer viruses. It is interesting to note that the newer designs of operating systems such as Windows NT, Windows 2000, are also considered to be unsafe as the hacking industry has been exceptionally prevalent. However, the new operating systems have the tendency to restrict the access point of computer viruses and considerably reduce the risks of virus attacks. The most common computer viruses include Melissa, ILOVEYOU, Resume, KAK and IROK which require system privilege for disruption.
2.2.2 Trojan Horses
The introduction of hacker tools has tremendously influenced the security system of e-commerce activities. The most common hacker tools include Back Orifice, Net bus, BO2K7 which permit the remote user to direct, examine, monitor the information and has the ability to transfer any data from the target PC to another. The process of transmitting the data from one PC to another can be done by commercial tools including CUCme, VNCviewer. The concept of data transfer without any authorisation has made it perplexing to determine the authenticity of the received messages. There are Trojan horse programs available on several websites for System administrators to control large numbers of workstations8 however; there is a considerable risk of malicious users to abuse these tools for wrong purposes.
2.2.3 Network Sniffing
Network sniffing is security risk by which the personal information of the consumer is stolen by monitoring the exchange of data between the consumer's system and the server. Technically, the request sent by the consumer to the server is broken into packets and then reconstructed to transmit it via numerous routes. The security features of the wireless hubs are usually disabled which makes it the perfect choice for the attacker to scan the unencrypted traffic from the user's computer.
2.2.4 Denial of Service Attack
DoS is a process by which hackers compel the server to employ excessive computational resources as compared to the adversary in order to process the request. The main objective of the distributed DoS is to infect the computer by means of virus to take control over its functioning at a predetermined time to sabotage the targeted server as a result of which the target server is over-whelmed with intensive resource consuming request and thereby, collapse.
2.3 Recommendations to Overcome Security Issues
Despite of the numerous security concerns associated with e-commerce, it is still a viable and widely-accepted way of doing business across the globe. The large business organisations comprehend their responsibilities and ensure to offer maximum protection to their consumers in terms of safe transactions. The following are some suggestions to formulate a defence mechanism for safer e-commerce activities.
- Organisations can employ stringent password policies to ensure maximum protection.
- Confidential information shall be secured in encrypted form.
- Integrate robust encryption algorithms such as triple the confidential information.
- Encrypting streams with Secure Socket Layer (SSL) protocol to maximise security.
- Educate consumers about the significance of choosing strong passwords.
- Installation of firewalls limits the traffic initiated by and directed to the computer.
- Setup a demilitarized zone (DMZ) by using two firewalls having the ability to detect unauthorised attempts to access the system with the help of intrusion detection software.
- Hire external auditors to develop third-party software for e-Commerce applications.
- Use multiple privilege access schemes of multi-user operating systems to prevent the damage of operating systems via computer viruses.
To conclude, it can be instituted that the integration of e-commerce system within an organisational framework can be exceedingly beneficial but there are certain constraints which questions the sanctuary of e-commerce system. It has been identified that a protected business network can be established followed by employing a discreet set of precautionary measures which can considerably reduce the associated risks to the security of e-commerce system.
Bishop, M., 2005. Introduction to computer security. Boston: Addison-Wesley
Gordon, L. A. and Loeb, M. P., 2006. Managing cyber-security resources: A cost-benefit analysis. New York: McGraw-Hill.
Howard, M. and LeBland, D. 2003. (2nd Ed.), Low level tips for writing secure code. Writing Secure Code, Microsoft Press.
Khosrow-Pour, M., 2004. E-commerce security: Advice from Experts. Hershey, PA: Cyber-Tech Publishing.
Schneier, B., 2000. Learn about social factors in computer security. Secrets and Lies: Digital security in a networked world, John Wiley and Sons.
Smith, G. E., 2004. Control and security of e-commerce. Hoboken, NJ: John Wiley.