Monday, June 22, 2009

The Threat of Online Security:How safe is our data?








Due to the reducing rate of security in e-commerce business, many business operators are considering to use back the traditional way to carry out their business. There are many threat and attacks that are worrying most of the e-commerce operators such as client threat, communication channel threat, server threat (such as Web server, Data Based server), Common Gateway Interface (CGI) and many more. However the top five threat that are spreading fast in today’s e-commerce industry are hacking into other computer system, Infection by viruses and other malicious software, staff misuse of information system, theft or fraud involving computer last but not least failure and data corruption.

Out of the five threats infection of viruses and other malicious software shows the highest rate followed by hacking into other computer system. The most recent virus attack on Microsoft Outlook is (The NIMDA, Code Red Worms, the ILOVEU,” Resume” and KAK viruses)In the case of hacking, due to the low security detection and prevention of the website, hackers hack into other business site to obtain confidential information on customers such as their credit card balances and so on.

The Target: The attackers mostly target on the shoppers, shopper’s computer, Network Connection between shoppers and website server and Website Server.

Shoppers: Involve tricking the shopper (also know as social engineering techniques) by reading the shoppers behavior and getting info to be used against the shoppers.

Shoppers Computer: By using a tool called SATAN to perform port scans on a computer that detect entry points in the machine.

Network Connection between shoppers and Website server: The attacker monitors the data between the shopper’s computer and the server. Then he collects data about the shopper or steals personnel information such as credit card number.

Website Server: the attacker analyzes the site to find what kind of software is being use on the site. Then he proceeds to find out what patches are being issued in order to exploit a system without using the patches.

Prevention Steps: Many steps can be taken to prevent the attacker to continuously gain confidential information by hacking into other individual business site. The prevention steps are such as:

Education: The shoppers need to be aware that by using weak pass word it will able the attacker to hack in the computer system to possess all the confidential information.

Personal firewall: Help reduce the various type of traffic initiated and directed to your computer. The intruder can scan the hard drive to detect any stored password.

Secure Socket Layer (SSL): Is a protocol that encrypts data between the shopper’s computer and the site server. Furthermore, a certificate authority authorized by the government will issue SSL certificate that will be issue to the server. When the shopper’s make a request using a browser to the site server using http://..., the particular shopper browser will check whether it has a certificate it can recognized. If it is not recognized it will pop up a warning signal.


Server Firewall: It helps to ensure that request from specified ports only can enter the system and all access are only from certain physical machines.

Password: Pass word should be strong enough so that it cannot be easily guessed. Account lock out capability helps to make sure that an automated schemes cannot make more than few guesses before the account is actually locked.

For Malaysia Company such as Locus they develop and create dynamics transactional web and flow system that is incorporated will all the security needed to transact business online safely. With the expertise and advance technology they posses it enable them to do business online 24 hours a day, 7 days a week, 365 days a year without any disruption. From my point of view, prevention and detection from online threat is a must. Business operators must pay more attention on this issue or else they will loose their customer trust if shopper information is leak to an unauthorized party. More expertise should be employed in order to prevent the problem from getting worse.


References:

0 comments:

Post a Comment