Describe Security Risks and preventive Measures to be taken
The first objective for any e-commerce site is to assure clients or customers that their personal data remains private and safe as it passes across the Internet.
You also have to assure clients that personal information will remain private after it reaches your site. Security risks include attacks on middleware[1] common gateway interface (CGI) programs, credit card fraud, the generation of false orders, and virus and Trojan infiltration. These attacks are designed to expose confidential company information, which results in the loss of customer trust.
Historical Attack on Hotmail in 1999
On August 30, 1999, the Hotmail site was attacked. The attack focused on Hotmail's use of CGI and occurred on servers located in Sweden, affecting the entire site. Hackers used code that defeated the authentication process and allowed any user to log in to any Hotmail account without any password at all. This incident raised serious questions in the industry about the ability to keep information private in an ecommerce setting. At the very least, it suggests that current Web-based email practices have raised serious security issues. This specific incident illustrates some of the general problems experienced by e-commerce sites that provide any service across the Web.
First, the attack shows how an e-commerce site can become a target for an attack due to its popularity. Second, any complex e-commerce site requires constant auditing and improvement to ensure privacy. The more complex the solution, the more likely a hacker will be able to subvert any one part of it.
Finally, you may want to consider possible legal repercussions if a hacker is able to steal information from your site.
Michael Calce (Mafiaboy) :
In 2000, a high school student named Michael Calce whose alias was Mafiaboy, brought down the websites of Amazon, CNN, Dell, E*Trade, eBay, and Yahoo!. At the time, Yahoo! was the biggest search engine in the world and a forum for liberal talking heads. The NYSE reacted in panic because they were all investing in ecommerce companies such as Amazon. If a 15-year-old teenager has the ability to bring us down at any point, are our routers safe?For years after the attack, Calce declined to speak to the media, but he has recently begun to open up about his story and says that he was experimenting in the area of distributed computing. He says his goal had nothing to do with money and was performing penetration testing[2].
Mike started off early with computers and became more involved in online hacker groups in his teenage years.
In 2000, he launched the hack that made him famous
first taking over a handful of university networks, and then
harnessing their combined computing power to attack outside websites.
By implementing a Denial of Service attack on various websites, he was able to bring them down. "The overall purpose was to intimidate other hacker groups," says Calce. Back then, "the hacking community was all about notoriety and exploration, whereas you look at hackers today and it is about monetization by means of malware botnets." For the national security apparatus, the attack was a wake-up call.
ecommerce Security
Security is an essential part of any transaction that takes place over the internet. A client can loose their faith in
e-business
if its security is compromised. Following are the essential requirments for safe e-payments/transactions
Confidential: Information should not be accessible to an unauthorized person and should not be intercepted during transmission.
Integrity: Information should not be altered during its transmission over the network.
Availability: Information should be available wherever and whenever the requirement within a time limit is specified.
Authenticity: There should be a mechanism to authenticate the user before giving them access to the required information.
Non-Repudiation: This is protection against denial of order or denial of payment. Once a sender sends a message, the sender should not able to deny sending the message. Similary the receipient of message should not be able to deny receipt.
Encryption: Information should be encrypted and decrypted only by an authorized user.
Auditability: Data should be recorded in such a way that it can be audited for integrity requirements.
The primary security threats are shown in the diagram below.
1) User-created breach
Users may unknowingly create a security risk by using weak passwords or by downloading a file containing a virus.
2) Password cracking
Dictionary programs specifically written to break into a password-protected system are frequently used to gain access to network systems.
3) Trojan horse
Users can inadvertently download destructive viruses and Trojan horses, thereby compromising a network's ability to function. A Trojan horse, or Trojan, is an illicit service that defeats authentication and access control measures.
4) Denial of service
To prevent legitimate users of a service from using that service, attackers may attempt to flood a network or disrupt connections or services.
5) Packet sniffer
Sniffers, devices, or programs that are used to monitor traffic on a network can be installed anywhere in a networked system.
6) IP spoofing
Many hackers can imitate any Internet protocol (IP) device that has an address that allows them entrance into your system.
7) System snooping
Using Transmission Control Protocol/Internet Protocol (TCP/IP), a hacker can enter a system through a device that does not have specific security mechanisms in place.
8) Bugs
Many times, an operating system or program running on the server contains coding problems or bugs that create an unintentional opening. Hackers often know about such problems and exploit them.
9) Back door
Program designers sometimes intentionally place a back door in an operating system or program so they can support the product quickly. Hackers can use the back door to gain access to the system.
10) Social engineering
A hacker may use tricks and disinformation to gain access to passwords and other sensitive information. For example, a hacker might imitate a legitimate user by confusing a switchboard operator or a guard.
11) DNS poisoning
It is possible for a hacker to misdirect users to other sites. For example, hackers can send bogus information to a DNS server that may make someone else's site appear as it were yours.
Network Security System involving a Firewall
Privacy Considerations for Internet Protocols
The Internet Engineering Task Force (IETF) requires consideration of security threats, and has a process to threat model focused on their organizational needs. As of 2013, they sometimes require consideration of privacy threats. An informational RFC Privacy Consideration for Internet Protocols, outlines a set of security-privacy threats, a set of pure privacy threats, and offers a set of mitigations.
The combined security-privacy threats are as follows:
Surveillance
Stored data compromise
Mis-attribution or intrusion (in the sense of unsolicited messages and denial-of-service attacks, rather than break-ins)
The privacy-specific threats are as follows:
Correlation
Identification
Secondary use
Disclosure
Exclusion
(users are unaware of the data that others may be collecting). Each is considered in detail in the RFC. The set of mitigations includes data minimization, anonymity, pseudonymity, identity confi dentiality, user participation and security. While somewhat specific to the design of network protocols, the document is clear, free, and likely a useful tool for those attempting to threat model privacy.
Although there is no such thing as a completely secure site, you can achieve a sufficient level of security that the effort involved to penetrate the site exceeds the gain of doing so. This is the essence of successful Internet security. If the required effort to penetrate security costs more than the gain that results from doing so, perpetrators will seek out easier targets.
Security Policy A well-defined, well-written security policy[3] should be the foundation of your e-commerce site. This policy should include a private series of documents that discusses procedures for purchasing equipment, as well as procedures to follow in case of a break-in. The public series of documents has two purposes:
To inform employees about accepted activity. This is often called an acceptable use policy (AUP).
To inform customers about their expectations of privacy.
If you do not have a security policy in place, your company is unprotected. You should endeavor to publish this security policy in as many ways as possible, so that employees and clients have free access to it. Elements of your employee security policy may include the following best practices:
Advice about protecting passwords. For example, employees should not write passwords down on sticky notes or under the keyboard.
Stipulations about proper conduct in regard to email use and access to the World Wide Web.
Directions for contacting individuals in case of a security breach.
Authorized procedures for logging on to systems.
Statements about acceptable and unacceptable software loaded on systems. For example, you could stipulate that a specific browser that must be used. You could even stipulate that only the IT department can load software on systems.
Short examples of acceptable and unacceptable activities.
Packet Sniffers that can cause unacceptable Activities on your Network:
An example of unacceptable activity in regard to e-commerce sites might include running special programs called "packet sniffers." In an e-commerce site, IT employees have a unique opportunity to eavesdrop on sensitive information, including passwords and credit card information. It is a good idea to state explicitly that such activities are expressly forbidden. The only exceptions to this rule should be when the senior IT manager has to scan the system as part of regular maintenance.
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the raw data of the packet, showing the values of various
fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.
Host-based intrusion detection systems
Host-based IDSs are designed to monitor, detect, and respond to activity and attacks on a given host. In most cases, attackers target specific systems on corporate networks that have confidential information. They will often try to install scanning programs and other vulnerabilities that can record user activity on a particular host. A host-based IDS allows an organization or individual owners of a host on a network to protect against and detect adversaries who may incorporate security loopholes or exploit other vulnerabilities. Some host-based IDS tools provide policy management, statistical analysis, and data forensics at the host level.
Host-based IDSs are best used when an intruder tries to access particular files or other services that reside on the host computer. In most cases, the host-based IDS is integrated into the operating systems that the host is running. Because attackers mainly focus on operating system vulnerabilities to break into hosts, such placement of the IDS proves very beneficial. Historically, many host-based IDSs were installed on the respective hosts themselves, because no separate intrusion detection entity could be provided for large mainframes (which needed much security) in a cost-effective manner. This method caused some security bottlenecks. An intruder able to successfully overcome the IDS and the inherent security features of the host could disable the IDS for further actions. Such disadvantages are overcome when the IDS is physically separated from the hosts themselves. With the advent of personal computers and cheaper hardware accessories, separate entities for placing IDSs are favored as show in figure 4-3.
A network is only as secure as the weakest host connected to it. Therefore, it follows that a host is only as secure as the weakest service that it is running. After all, the only way into a system from the network is through the services that it offers. Because of this, a large part of network security involves ensuring that your services are configured securely. This entails configuring services to provide only the functionality that is required of them to accomplish the tasks they need to perform. Additionally, you should give services access to only the bare minimum of system resources needed.
If a network service operates in clear-text, all of your work spent locking it down can be for nothing. In most cases, all an attacker has to do to gain access to such a service is use a packet sniffer to capture the login details of a user authenticating with the service. This chapter shows how to deploy IMAP, POP3, and SMTP servers that are protected with encryption, in order to prevent your users from accidentally disclosing their login credentials and keep their data safe from prying eyes.
In the next lesson, you will learn about designing for security.
[1]Middleware: Software systems and utlities that provide a service and sit between the client and backend databases or legacy systems.
[2]penetration testing: A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities.
[3]Security policy: The foundational building block for a site's security.