1. Chapter 5 Security Threats to Electronic Commerce

2. Security Overview Many fears to overcome:
Intercepted messages is a concern
Unauthorized access to business information by a competitor
Credit card information falling into the wrong hands while typing during payment processing

3. Security Definition
Computer security is the protection of unauthorized access, use, alteration, or destruction hardware, software, and data.
Two types of computer security:
Physical - protection of computing devices using physical objects such as guards, alarms, security doors, vaults, etc.
Logical - protection through password, firewall, and encryption are logical solutions to security.

4. Security Overview
Threat: Any act or object that poses a danger to computer assets is known as a threat.
Countermeasures are procedures, either physical or logical, that recognize, reduce, or eliminate a threat
Threats that are low risk and unlikely to occur can be ignored if the cost of protection is higher the asset (hardware, software, data) value.

5. Risk Management Model

6. Computer Security Classification
Computer security can be classified into three categories:
Secrecy
Protecting against unauthorized data disclosure and ensuring the authenticity of the data’s source
Integrity
Preventing unauthorized data modification
Necessity
Preventing data delays or denials (removal)

7. Security Policy
A Security policy is a written statement describing what assets are to be protected and why, who is responsible, which behaviors are acceptable or not. Any organization involved in e-commerce, should have a security policy in place.
Specific elements of a security policy addresses:
Authentication
Who is trying to access the site?
Access Control
Who is allowed to logon and access the site?
Secrecy
Who is permitted to view selected information
Data integrity
Who is allowed to change data?
Audit
What and who causes selected events to occur, and when?

8. Integrated Security
Security policy should address an integrated security of an organization.
Integrated security policy should address all security measures in order to prevent unauthorized disclosure, destruction, or modification of assets. It includes:
Physical security
Network security
Access authorizations
Virus protection
Disaster recovery

9. Electronic Commerce Threats
Secure electronic commerce include protection of three assets in the “commerce chain”.
These are:
Client computers
Messages travelling from the client computer to the Web server through the Internet
Web/Commerce servers

10. Client Threats Active Content
Java applets, Active X controls, JavaScript, and VBScript, which are programs that interpret or execute instructions embedded in downloaded objects from a Web/commerce server
Malicious active content can be embedded into seemingly innocuous Web pages
Cookies remember user names, passwords, and other commonly referenced information

11. Java and Java Applets
Java is a high-level programming language developed by Sun Microsystems
Java code embedded into appliances can make them run more intelligently
Largest use of Java is in Web pages as Java Applets
Java is Platform independent - will run on any computer

12. Java Applets
An applet is a program that executes within another program and cannot execute directly on a computer
Once downloaded, a Java applet can run on a client computer, so security violations can occur
Java sandbox security:
Confines Java applet actions to a security model-defined set of rules
Rules apply to all untrusted applets, that have not been proven secure
Applets obeying sandbox rules can not perform file input, output, or delete operations of the operating system.
Signed Java applets:
Contain embedded digital signatures from a third party, which serve as a proof of identity of the source of the applet.
If the applet is signed, then it can be let out of sandbox to use the full system resources

13. JavaScript
JavaScript is a scripting language developed by Netscape Corporation to enable Web page designers to build active content.
When downloaded a Web page with embedded JavaScript, it runs in the client computer and can destroy hard disk, send back accounts to the originating Web server, and so on. Having a secure communication channel is not useful under this condition

14. ActiveX Controls
ActiveX is an object, called a control, that contains programs and properties that perform certain tasks
ActiveX controls only run on computers with Windows 95, 98, or 2000
Once downloaded, ActiveX controls execute like any other program, having full access to a computer’s resources reformatting a hard disk, sending addresses, or shut down the computer.

15. Communication Channel Threats
Secrecy Threats:
Secrecy is the prevention of unauthorized information disclosure. It requires sophisticated physical and logical mechanism to implement
Theft of sensitive or personal information ( address, credit card number)is a significant danger in e-commerce
Sniffer programs can tap into a router of the Internet and record information while it passes from a client computer to a Web server.
IP address of a computer is continually revealed to a Web server while a user is on the web

16. Communication Channel Threats
How to Hide an IP address from a Web site:
A Web site called “Anonymizer” that provides a measure of secrecy by hiding the IP address of a client computer from sites that a user visits.
It requires that a users starts his/her visit from the “anonymizer” home page:
Anonymizer acts as a firewall and shields private information from leaking out.

17. Communication Channel Threats
Integrity Threats:
Also known as active wiretapping
Unauthorized party can alter data such as changing the amount of a deposit or withdrawal in bank transaction over the Internet
A hacker can create a mechanism such that all transactions from a Web site redirects to a fake location.

18. Communication Channel Threats
Necessity Threats:
Also known as delay or denial threats
Disrupt normal computer processing
Deny processing entirely
Slow processing to intolerably slow speeds such that customers get bored not to visit the site anymore.
Remove file entirely, or delete information from a transmission or file
Divert money from one bank account to another

19. Server Threats
The more complex a Web server software becomes, the higher the probability that errors (bugs) exist in the code - security holes through which hackers can access.
Web servers run at various privilege levels:
Highest levels provide greatest access and flexibility to a Web user (from a browser)
Lowest levels provide a logical fence around a running program

20. Server Threats
Secrecy violations occur when the contents of a server’s folder names are revealed to a Web browser
Web site administrators can turn off the “Allow Directory Browsing” feature to avoid secrecy violations
Cookies requested by a Web server, containing a user’s Userid and Password in a client computer, should never be transmitted unprotected

21. Server Threats

22. Displayed Folder Names
Figure 5-9

23. Server Threats
One of the most sensitive files on a Web server holds the username and password pairs
The Web server administrator is responsible for ensuring that this, and other sensitive files, are secure

24. Database Threats
A company database systems store data on user, products, and orders for e-commerce
In addition, a company’s valuable and private information could be stored in a company database
Security in a database is often enforced through defining the user “privileges” which must be enforced
Some databases are inherently insecure and rely on the Web server to enforce security measures

25. Other Threats Common Gateway Interface (CGI) Threats
CGIs are programs that present a security threat if misused
CGI programs can reside almost anywhere on a Web server and therefore are often difficult to track down
CGI scripts do not run inside a sandbox, unlike JavaScript