Chapter 5 Security Threats to Electronic Commerce

Security Overview Many fears to overcome: Intercepted e-mail messages is a concern Unauthorized access to business information by a competitor Credit card information falling into the wrong hands while typing during payment processing

Security Definition Computer security is the protection of unauthorized access, use, alteration, or destruction hardware, software, and data. Two types of computer security: Physical - protection of computing devices using physical objects such as guards, alarms, security doors, vaults, etc. Logical - protection through password, firewall, and encryption are logical solutions to security.

Security Overview Threat: Any act or object that poses a danger to computer assets is known as a threat. Countermeasures are procedures, either physical or logical, that recognize, reduce, or eliminate a threat Threats that are low risk and unlikely to occur can be ignored if the cost of protection is higher the asset (hardware, software, data) value.

Risk Management Model

Computer Security Classification Computer security can be classified into three categories: Secrecy Protecting against unauthorized data disclosure and ensuring the authenticity of the data’s source Integrity Preventing unauthorized data modification Necessity Preventing data delays or denials (removal)

Security Policy A Security policy is a written statement describing what assets are to be protected and why, who is responsible, which behaviors are acceptable or not. Any organization involved in e-commerce, should have a security policy in place. Specific elements of a security policy addresses: Authentication Who is trying to access the site? Access Control Who is allowed to logon and access the site? Secrecy Who is permitted to view selected information Data integrity Who is allowed to change data? Audit What and who causes selected events to occur, and when?

Integrated Security Security policy should address an integrated security of an organization. Integrated security policy should address all security measures in order to prevent unauthorized disclosure, destruction, or modification of assets. It includes: Physical security Network security Access authorizations Virus protection Disaster recovery

Electronic Commerce Threats Secure electronic commerce include protection of three assets in the “commerce chain”. These are: Client computers Messages travelling from the client computer to the Web server through the Internet Web/Commerce servers

Client Threats Active Content Java applets, Active X controls, JavaScript, and VBScript, which are programs that interpret or execute instructions embedded in downloaded objects from a Web/commerce server Malicious active content can be embedded into seemingly innocuous Web pages Cookies remember user names, passwords, and other commonly referenced information

Java and Java Applets Java is a high-level programming language developed by Sun Microsystems Java code embedded into appliances can make them run more intelligently Largest use of Java is in Web pages as Java Applets Java is Platform independent - will run on any computer

Java Applets An applet is a program that executes within another program and cannot execute directly on a computer Once downloaded, a Java applet can run on a client computer, so security violations can occur Java sandbox security: Confines Java applet actions to a security model-defined set of rules Rules apply to all untrusted applets, that have not been proven secure Applets obeying sandbox rules can not perform file input, output, or delete operations of the operating system. Signed Java applets: Contain embedded digital signatures from a third party, which serve as a proof of identity of the source of the applet. If the applet is signed, then it can be let out of sandbox to use the full system resources

JavaScript JavaScript is a scripting language developed by Netscape Corporation to enable Web page designers to build active content. When downloaded a Web page with embedded JavaScript, it runs in the client computer and can destroy hard disk, send back e-mail accounts to the originating Web server, and so on. Having a secure communication channel is not useful under this condition

ActiveX Controls ActiveX is an object, called a control, that contains programs and properties that perform certain tasks ActiveX controls only run on computers with Windows 95, 98, or 2000 Once downloaded, ActiveX controls execute like any other program, having full access to a computer’s resources reformatting a hard disk, sending e-mail addresses, or shut down the computer.

Communication Channel Threats Secrecy Threats: Secrecy is the prevention of unauthorized information disclosure. It requires sophisticated physical and logical mechanism to implement Theft of sensitive or personal information (e-mail address, credit card number)is a significant danger in e-commerce Sniffer programs can tap into a router of the Internet and record information while it passes from a client computer to a Web server. IP address of a computer is continually revealed to a Web server while a user is on the web

Communication Channel Threats How to Hide an IP address from a Web site: A Web site called “Anonymizer” that provides a measure of secrecy by hiding the IP address of a client computer from sites that a user visits. It requires that a users starts his/her visit from the “anonymizer” home page: http://www.anonymizer.com Anonymizer acts as a firewall and shields private information from leaking out.

Communication Channel Threats Integrity Threats: Also known as active wiretapping Unauthorized party can alter data such as changing the amount of a deposit or withdrawal in bank transaction over the Internet A hacker can create a mechanism such that all transactions from a Web site redirects to a fake location.

Communication Channel Threats Necessity Threats: Also known as delay or denial threats Disrupt normal computer processing Deny processing entirely Slow processing to intolerably slow speeds such that customers get bored not to visit the site anymore. Remove file entirely, or delete information from a transmission or file Divert money from one bank account to another

Server Threats The more complex a Web server software becomes, the higher the probability that errors (bugs) exist in the code - security holes through which hackers can access. Web servers run at various privilege levels: Highest levels provide greatest access and flexibility to a Web user (from a browser) Lowest levels provide a logical fence around a running program

Server Threats Secrecy violations occur when the contents of a server’s folder names are revealed to a Web browser Web site administrators can turn off the “Allow Directory Browsing” feature to avoid secrecy violations Cookies requested by a Web server, containing a user’s Userid and Password in a client computer, should never be transmitted unprotected

Server Threats

Displayed Folder Names Figure 5-9

Server Threats One of the most sensitive files on a Web server holds the username and password pairs The Web server administrator is responsible for ensuring that this, and other sensitive files, are secure

Database Threats A company database systems store data on user, products, and orders for e-commerce In addition, a company’s valuable and private information could be stored in a company database Security in a database is often enforced through defining the user “privileges” which must be enforced Some databases are inherently insecure and rely on the Web server to enforce security measures

Other Threats Common Gateway Interface (CGI) Threats CGIs are programs that present a security threat if misused CGI programs can reside almost anywhere on a Web server and therefore are often difficult to track down CGI scripts do not run inside a sandbox, unlike JavaScript