There are numerous security threats involved when conducting business on the internet, especially when information of a sensitive nature is concerned. Throughout this article I will discuss various security threats and how to best defend against them. The first security threat that will be discussed is malicious code which is often referred to as malware. Malicious code encompasses a “variety of threats including viruses, worms, Trojan horses, and bots. A virus is a computer program that has the ability to replicate or make copies of itself and disperse to other files. Also, most viruses deliver a “payload” which can annihilate files, reformat a computer’s hard drive, or cause programs to run incorrectly.” (E-commerce: business. technology. society., 2010, p. 275) The three main types of viruses are macro viruses, file-infecting viruses and script viruses.
There are other types of malicious code and software that can infect a computer. “Viruses can sometimes be intermingled with a worm. A worm is created to move from computer to computer and doesn’t need to be executed by a user in order for it to duplicate itself. A Trojan horse, which is another form of malicious software, appears harmless at first, but then releases another virus or worm that was hidden inside it into a computer.” (E-commerce: business. technology. society., 2010, p. 276) Yet another form of malicious code is called a “bot” which is short for robot. “Once a bot has entered a computer it responds to external directions sent by the attacker. At this point the computer becomes a “zombie” which is able to be manipulated by a third party which is referred to as a “bot-herder”. Botnets are clusters of seized computers utilized for virulent purposes such as sending spam, cooperating in a Distributed Denial of Service attack, stealing data from computers, and accumulating network traffic for review at a later time.” The term Distributed Denial of Service will be examined in greater detail later in this report. (E-commerce: business. technology. society., 2010, p. 276)
When dealing with computer security, users must also be aware of unwanted programs. An example of this type of security threat is called a browser parasite. “A browser parasite is a program that can observe and alter the settings of a browser. An example of this is called Websearch which can alter Internet Explorer’s default home page and search settings. A second type of unwanted program is called spyware. Spyware can be utilized to collect data such as a user’s keystrokes, copies of e-mail and instant messages, and take screenshots which can be used to copy passwords.” (E-commerce: business. technology. society., 2010, p. 277)
Identity theft is of great concern to most online users. A popular type of identity theft is called phishing. “Phishing is a fraudulent, online effort by a third party to gain confidential data for monetary gain. Phishing attacks depend on direct misrepresentation and fraud.” (E-commerce: business. technology. society., 2010, p. 277) Most of these types of attacks tend to impersonate other websites that the user has been affiliated with in order to obtain personal information. Examples of these types of websites may be the user’s bank, eBay, PayPal or any other site with which they can obtain monetary gain.
Other types of security risks for online businesses involve hackers and cybervandalism. “A hacker is defined as someone who plans to obtain unauthorized entry to a computer system. The term “cracker” is used to designate a hacker with malicious intent. These individuals obtain unauthorized entry by discovering vulnerabilities in the security operations of Web sites and computer systems, often taking advantage of assorted features of the Internet which make it an open system that is not difficult to manipulate.” (E-commerce: business. technology. society., 2010, p. 280) Hackers may also perpetrate cybervandalism which is purposely upsetting, deforming, or even eradicating a Web site.
Another concern of online users is credit card fraud or theft. Some internet users are concerned that their credit card information will be stolen if it is used on particular Web sites. This concern is somewhat unsubstantiated due to the fact that occurrences of stolen credit card information are only about 1.4% of all online credit transactions. Typically, most stolen credit card data is done by methodical hacking and looting of a corporate server where the data on millions of credit card transactions are saved.” (E-commerce: business. technology. society., 2010, p. 282)
Hackers can use several tools to deceive online users or businesses and gain access to their personal information. Some of these tools include spoofing, which is also known as pharming, spam or junk Web sites, splogs and sniffing. “Spoofing is an individual misrepresenting himself/herself by means of a counterfeit e-mail address or disguising as someone else. Spoofing a Website is also known as “pharming” which involves diverting a Web link to a Web address other than the one intended with the alternate site disguising as the intended destination. Spam blogs or “splogs” are counterfeit blogs designed entirely to boost the search engine rank of affiliate Web sites.” (E-commerce: business. technology. society., 2010, p. 283) Finally, hackers may also use “sniffing” or a “sniffer” program. “This type of program is an eavesdropping program designed to track data traveling over a network. Utilized properly, a sniffer program can assist in detecting possible network trouble-spots. On the other hand, a sniffer program can also be used maliciously to steal proprietary or business data from anywhere on a network. This type of information may include e-mails, company records, or confidential reports.” (E-commerce: business. technology. society., 2010, p. 284)
As mentioned earlier, Denial of Service (DOS) and Distributed Denial of Service (DDOS) are also forms of attacks hackers use to disrupt or destroy online businesses. “DOS attacks involve “hackers overwhelming a Web site with meaningless page requests that engulf and overwhelm the site’s Web servers. These attacks can cause a Web site to cease functioning and interfere with a user’s ability to gain access to the site. Such attacks can be expensive for e-commerce sites due to the fact that consumers are unable to make purchases or conduct any other type of business on their site. A DDOS refers to an attack that utilizes an indefinite number of computers to bombard a target network from several launch points. Both the DOS and the DDOS are designed to shut down a Website’s operations for an indeterminate amount of time.” (E-commerce: business. technology. society., 2010, p. 284)
Although hackers are a constant threat to consumers and businesses, there are threats that are even more common and costly. These types include insider attacks and inadequately designed server and client software. An insider attack can be committed by current or even past employees. “Employees usually have access to confidential data with which they can commit various criminal or malicious acts. These acts can include an interruption to a company’s service, destruction or corruption of sites, and alteration or theft of consumer credit data and personal information.” (E-commerce: business. technology. society., 2010, p. 285) Another threat to a company’s security is an inadequately designed server and client software. “These threats can occasionally be caused by designs in the operating system or in the application software, including browsers. The growth in intricacy and size of software programs has added to an increase of software defects or deficiencies with which hackers and insiders can take advantage of or manipulate.” (E-commerce: business. technology. society., 2010, p. 285)
Although maintaining a business website can present many problems in regards to security, there are several ways to prevent or alleviate such problems. Businesses use encryption to safeguard information that is being transmitted and stored. “It uses a key, or cipher, to convert plain text to cipher text. Encryption performs four of the six key dimensions of e-commerce security. It helps to ensure message integrity, prevents nonrepudiation, provides authentication, and ensures confidentiality. Symmetric encryption is used in digital envelopes to encrypt and send larger documents to speed up transmission time.” (E-commerce: business. technology. society., 2010, p. 286-292)
Consumers also need to think about security when making purchases online. In order to verify a company’s identity, digital certificates are granted by a trusted entity known as a certification authority. These certificates contain relevant information regarding the business entity such as the “company’s name, public key, digital certificate serial number, an expiration date, an issuance date, the digital signature of the certification authority, and other identifying data.” (E-commerce: business. technology. society., 2010, p. 293)
Another method of providing security on the internet is to use secure channels of communication. The most widely used system of securing channels is through the Secure Sockets Layer (SSL). Servers use the SSL to create a secured negotiated session. Browsers and servers communicate through a secure negotiated session in which each of the party’s identity is established. Once this has occurred, a session key is used to encrypt the information being transmitted. Other methods of securing and encrypting messages or information are S-HTTP and VPN. “S-HTTP, which stands for Secure Hypertext Transfer Protocol, is devised to secure individual messages as opposed to large amounts of data. Virtual Private Network, or VPN, permits remote users to securely gain entry to internal networks through the Internet. This is done using the Point-to-Point Protocol (PPTP) which connects one local network to another utilizing the Internet as channel.” (E-commerce: business. technology. society., 2010, p. 295-299)
Securing the channels of communication is not the only means of providing protection on the internet. User networks also have to be secured. One way that this is accomplished is by use of firewalls and proxy servers. “A firewall is the hardware or software that screens communication packets and prohibits some packets from gaining access to the network contingent upon an established security policy. It manages communications coming into and going out of servers and clients, prohibiting information from questionable sources while permitting other information from dependable sources. A proxy server is a software server that manages all transactions emanating from or being transmitted to the internet. It acts as a representative for the association.” (E-commerce: business. technology. society., 2010, p. 299-300)
Servers and clients can also be further safeguarded against some types of attacks by utilizing certain operating system tools and anti-virus software. “Microsoft and Apple both offer automatic updates for their operating systems to protect against inadequacies that are uncovered by hackers. The least difficult and costly way to avoid threats to system stability is to use anti-virus software. These types of software offer very reasonable priced tools to recognize and remove the most well-known types of malicious code as they infiltrate a computer. They can also remove those already hiding on a hard drive.” (E-commerce: business. technology. society., 2010, p. 300-301)
It is recommended that Grandma’s Treats use the following measures to produce a more secure business internet environment. Ensure that the operating system being used has all of the current security updates and review it often. Invest in the most reliable anti-virus software available and verify that the computer’s firewall is in optimal operating order. Implement authorization policies and utilize an authorization management system. Perform security audits on a regular basis to identify any current or potential security risks.
There have been several attacks on internet security since its inception. Instances of computer hacking and cybervandalism have become very common occurrences. One example of such an attack was the “Slammer worm”. “This worm corrupted over 90% of susceptible computers around the world within ten minutes of it being dispersed on the Internet; crashed Bank of America cash machines; disrupted cash registers at grocery stores; and interrupted most Internet connections in South Korea, creating a dip in the stock market there.” (E-commerce: business. technology. society., 2010, p. 276) Another example of an internet security breach was the attack committed by Robert Lyttle and Benjamin Stark. “These two men, who called themselves the “Dynamic Duo”, hacked into the computer at NASA’s Ames Research Center and stole data regarding associates of the agency’s Astrobiology Institute. The men claimed that their attacks were designed to illuminate the weaknesses in the government’s computer security systems.” (E-commerce: business. technology. society., 2010, p. 281) These and other attacks on the security of various computer networks may have been avoided had the organizations performed more frequent and thorough security audits. As mentioned earlier, the use of specific operating system enhancements, firewalls, anti-virus software, and comprehensive security management plans will help to ensure the ongoing security and functionality of computer networks.
Laudon, K. & Traver, C. (2010). E-commerce: business. technology. society. New Jersey: