1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.
SET:
RSA 128-bit encryption:
Encryption hides or the contents of a message in such a way that the original information can recover from a corresponding decryption process. It converts the text message or a key and changes the original message in to mathematically base on the key’s bits to create a new encrypted message. The single key for useing cryptographic algorithms uses encryption and decryption.
Several years ago the makers of web browser software recognized moved to 128-bit encryption to increase the strength of it. It offers 88 additional bits of key length and translates to a whopping
309, 485, 009, 821, 345 068, 724, 781, 056
From the past history of improvements in computer performance, security experts expect that 128-bit encryption will work well on the Internet for minimum ten years.
References
Mitchell, B. (n.d.). Wireless/Networking :Encryption. Retrieved May 28, 2010, from http://compnetworking.about.com/od/networksecurityprivacy/l/aa011303a.htm
2. What can you find out about network and host-based intrusion detection systems?
NIDS:
Network Intrusion Detection System monitors packets on the network wire and make an effort to discover if a hacker or cracker is attempting to break into a system. For example a system that watches for large number of TCP connection requests to many different ports on a target machine, and discovering if someone tries a TCP port scan. A NIDS may run either on the target machine who watches its own traffic or on an independent machine promiscuously watching all network traffic like hub, router, probe. It is interesting to know that “network” IDS monitors many machines, whereas the others monitor only a single machine.
Host-based Intrusion Detection System:
A Host-based IDS helps to analyse several areas to determine misuse (i.e. abusive activity inside the network) or intrusion (i.e. branches from the outside). It consults several types of log files like kernel, system, server, network, firewall etc. It compares the logs against an internal database of common signatures for known attack. The host-based IDS filters logs, analyses them, re-tags the anomalous messages with its own system of severity rating, and collects them in its own specialized log for administrator analysis.
Host-based IDS can also verify the data integrity of important files and executables. It checks a database of sensitive files and creates a checksum of each file with a message-file digest utility such as md5sum (128-bit algorithm) or sha1sum (160-bit algorithm).
References:
Network Intrusion Detection Systems, Version 0.8.3. (2000, March 21). Retrieved May 28, 2010, from Linux Security: http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html
Red Hat Documentation. (n.d.). Security Guide : Chapter 9 Intrusion Detection. Retrieved May 28, 2010, from Red Hat Enterprise Linux Manuals: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-ids-host.html
3. What is 'phishing'?
Phishing is an act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The web site, however, is bogus and set up only to steal the user’s information.
References
What is phissing? - Word Defination. (n.d.). Retrieved May 28, 2010, from The Webopedia Computer Dictionary: http://www.webopedia.com/TERM/P/phishing.html
4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?
The Secure Electronic Transaction (SET) is an open encryption and security specification that is designed for protecting credit card transaction on the Internet. MasterCard and Visa were jointly the pioneer in 1996. They were joined by IBM, Microsoft, Netscape, RSA, Terisa and VeriSign.
The need for SET came from the fact that MasterCard and Visa realized that for e-commerce payment processing, software vendors were coming up with new and conflicting standards.
References
kahate, A. (2008, February 03). Security and Threat Models – Secure Electronic Transaction (SET) Protocol . Retrieved May 28, 2010, from http://www.indicthreads.com/1496/security-and-threat-models-secure-electronic-transaction-set-protocol/
5. What are cookies and how are they used to improve security?
Can the use of cookies be a security risk?
Can the use of cookies be a security risk?
Cookies are small files that Web sites put on your computer hard disk drive when you first visit. Cookies do the job to notify the site when website visitor returned. Cookies should not be confused with viruses. While it is possible to misuse a cookie in case where there is personal data in it, cookies by themselves are not malicious.
References
Microsoft Security: What is a cookie? (n.d.). Retrieved May 28, 2010, from Microsoft Online Safety: http://www.microsoft.com/protect/terms/cookie.aspx
6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?
According to Microsoft, firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
- If you use a computer at home, the most effective and important first step you can take to help protect your computer is to use a firewall.
- In Windows, Windows XP SP2 or higher and Windows Vista have a firewall built-in and turned on by default.
What makes a firewall a good security investment?
If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. They can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your computer.Some firewalls can also help to prevent other people from using your computer to attack other computers without your knowledge. Using a firewall is important no matter how you connect to the Internet—with a dial-up modem, cable modem, or digital subscriber line (DSL or ADSL).
| If you have more than one computer connected in the home, or if you have a small-office network, it is important to protect every computer. You should have a hardware firewall (such as a router) to protect your network, but you should also use a software firewall on each computer to help prevent the spread of a virus in your network if one of the computers becomes infected. If your computer is part of a business, school, or other organizational network, you should follow the policy established by the network administrator. There are various firewalls available to protect your system. Microsoft, AVG, Norton, Cisco, Net-gear, IBM etc are different companies provided firewall protections. AVG and Norton are the companies who provide software firewalls which normally come with antivirus security kit. Software firewalls does not require any additional hardware or computer wiring and good option for single computer. Cisco, Net-gear and IBM are the companies who gives hardware firewall security in which user need to buy additional hardware router / wireless router or may comes free with your ISP or security kit. It requires additional hardware attachment to your computer and in wired router can disorder your computer area. |
References:
Microsoft Security. (n.d.). Protect your computer: Firewall. Retrieved May 28, 2010, from http://www.microsoft.com/security/firewalls/faq.aspx
7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
It was attack of 9/11 or new budget but the next year’s budget after first terrorist attack in America changes the measurement of security in most powerful country on the earth. With the collapse of the world trade centre twin towers not only the people who felt secure fall down but also putting down few other thing with it too like lives, property and stock market. This led to loss of opportunity, economic decline and constant fear of terror. So what I want to say is that same logic can apply in IT security too and particularly in E-Commerce.
So to win the trust of the customers and to maintain it there are few points we should focus on.
E commerce Security
Use of https to perform secure transactions
Deploy up-to-date security product to protect their server, database in internal infrastructure.
Transactions in the web using SSL and digital certificates for making online purchase more secure.
Using privacy policy and registering website’s logo and information under copyright can make your site looks professional and help to win customer’s mind.
Reliability
Provide consistency is the keys. To making too many changes can confuse customers.
Provide right information about product and be sure on delivery data and all.
It takes life time to win the trust, but only a day to lose it.
Good after sale customer service.
Third party Certified
It is necessary to verified by the third party and available for customer to see it. There are organisations like TRUSTe, BBBOnline and Verisign who can gives certification to E Commerce websites.
8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy.
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
According to Wikipedia, “Pretty Good Privacy (PGP) is a computer program that provides cryptographic privacy and authentication.”
It is frequently using by the e-mail service provider to encrypt and decrypt the username and password of the users.
PGP encryption uses a serial combination of hashing, data compression, symmetric-key cryptography, and, finally, public-key cryptography; each step uses one of several supported algorithms. Each public key is bound to a user name and/or an e-mail address.
Some other tools for provide data privacy are Biometrics, Calculator token, confirmation of identity using SMS token in banking account etc.
No comments:
Post a Comment