Web Development (ICA50601)

In today’s busy life it is easy to get caught up in all the little things that are happening around us and we can lose the advantage of taking in the big picture. This over all awareness, the taking in of the big picture is what is needed when considering the security threats of ecommerce. It is no good focusing on only one aspect of security when security threats may be coming from more that one source. Potential threats to ecommerce sites may come from outside the organisation or may come from within. The threat themselves may also come in many forms.

If we have a source of information and this information is flowing to an authenticated destination we can say that this is the normal way in which this transaction takes place. Security may be compromised if there is a possibility that the flow of information is interrupted in any way. This information could be blocked before reaching its destination. It may be stopped and then redirect to another destination. Once data is collected by this unauthorised site it could be modified before been sent on to the original destination. Figure 1 shows how information from the normal source can be interrupted, intercepted, modified and fabricated. The potential for the flow of information through the internet to be interrupted modified or fabricated is very real. To develop a good structure to examine security threats is to classify the threats into three categories; secrecy, integrity and necessity.

Figure 1.(Figure1.gif – not sure how to get it in here)

Secrecy refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data’s source. We have lots of private information that we would like to keep secret as we use the internet. This can include information on emails, your IP address and credit card information. Procedures need to be in place that can minimise the potential threat of this information been passed onto third parties.

Integrity threats can take place when an unauthorized party can alter the information sent across the internet. When secrecy is breached the transmitted information can be seen and if integrity has been breach then the information can be changed. Integrity attacks have the potential to change your personal information, can be pretending to be a web site that they are not or can delete, alter or add information to a web site.

Necessity as the name implies is the need to be online and working to your full potential. A threat to this ability could cost businesses in the form of ongoing client loyalty and new clients may be dissatisfied with the service if it is operating at snail pace. For authorized personal to be able to update and modify your site it is also necessary for the site to be running to its full capability.

Table 1 shows the relationship that secrecy, integrity and necessity has with the assets of your site.

Table 1.

While this article takes a quick look at the communication threats of ecommerce we must also realise that client threats and server threats must also be considered in any strategy to secure the site. To think that you can build a wall around your perimeter and ensure security is not enough in this day and age because you can no longer be sure where the perimeter starts and stops. Firewalls that deny unauthorised entry are needed for the part they play in site defence but a well thought out layered approach to security must be implicated to protect the ecommerce site of today.

Bibliography:

Electronic ecommerce. Published by Course Technology ISBN 0-7600-1179-6

http://www.ebcvg.com/articles.php – Data Integrity – The Unknown Threat.htm

http://fog.ccsf.cc.ca.us/~pthiry/135a/l13security.htm – Web 101 Chapter 11 -