Security issues in E-commerce
Introduction
This report will explain security measures that threaten an E-commerce web-site, such as hacking, viruses, and identity theft. The effects of these can have a serious impact on the organisation.
Prevention of Hacking
Hackers get in to the computer system through ports, when the ports are open the hacker can get in, this may be with viruses or other means, users can stop hackers by installing a firewall onto the computer which blocks off the ports so users can't get through.
Viruses
A computer virus is a bug that affects your computer in many ways, it can come from anything, mostly from the internet or emails, it can copy itself and manipulate a computer's files. By installing anti-virus protection, the user can protect against viruses from affecting the computer.
Identity Theft
Identity theft is when a hacker gets through to a users computer via a virus and acquires their personal credit card details, and then uses the details for their own personal use.
How firewalls affect the performance
Effectively, installing a firewall can slow down the computer depending on what it does, and where it came from. Firewalls are programs that monitor traffic, which is the incoming and outgoing data communication that takes place when the user is online.
The software needs to be configured to permit or deny communication with websites, as chosen by the user. In general, once configured, there is no real impact on the performance of websites, but it can take time to set up the relevant permissions between the site and the users computer.
SSL (secure sockets layer)
A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS).
HTTPS
Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks.
RSA Certificates
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that the user knows who created the document and you know that it has not been altered in any way since that person created it.
Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.
Strong passwords
Passwords need to be on the website to prevent hacker from maliciously attempting to break into the website. Strong passwords use both letters, numbers, lower case and upper case so it is more difficult for someone to guess it.
Alternative Authentication Methods
Other authentication methods include biometrics such as:
Retinal scanners, fingerprint scanners, voice patterns, these can be used in addition to traditional password combinations to ensure extra security and authentication. The hardware for this is not yet available to the general public.
Introduction
This report will explain security measures that threaten an E-commerce web-site, such as hacking, viruses, and identity theft. The effects of these can have a serious impact on the organisation.
