Free Essay

Computer Security

In: Computers and Technology

Submitted By angel8te1
Words 2106
Pages 9


Client Security 4
Server Security 5
Document Confidentiality 5

Risks and threats to E-commerce Sites 5
Hackers 5
Software/hardware failure 5

Exposure of confidential data 6
Modification of Data 6
Errors in Software 6
Poor stipulation and testing 6
Repudiation 6

Solutions to E-commerce Security Risks 7
Encryption 7
Data Encryption Standard (DES) 7
RSA Public Key Algorithm 8
Digital signatures 8
Digital certificates 9
Security for Transactions 9
Secure sockets layer 10
Secure Electronic Transactions (SET) 10

Conclusions 11


Internet security is not fully understood by many. However, it is an integral part of
Using the Internet safely, most of the security on the Internet is not seen nor its
Existence known to the user. The importance of web security is to keep the user, the E-
Commerce Merchants and Authorised third parties safe whilst carrying out normal
Browsing and transactions online.


To examine web security we need to look at all the main components of a connection, which are the browser and the Server and then examine the connection between the two. The user, via their web Browser, connects to a remote web server and requests a document. The server then Returns the document, and the browser displays it. This seems a simple enough process,
So what could go wrong?

From the users point of view, the remote server is owned and operated by the
Organisation that it seems to be owned by so the user expects that the documents that
The server returns are free from viruses and malicious intent and the user will also
Expect the remote server not record or distribute information that the user considers
Private, such as their web browsing habits.

From the webmasters view they expect the user not attempt to break into the web
Server computers system or alter the contents of the website also that the user will not
Try to gain access to documents that they are not allowed.

From both their views they expect that the transaction of service between browser and
Server is delivered intact, free from tampering from third parties. The main purpose of
Web security is to ensure that these assumptions remain valid, as the web
Connection has three parts; web security also has three parts

1. Client security
2. Server security
3. Document Confidentiality

Client Security
These are security measures that protect the user’s privacy and the integrity of their
Computer and data. Safeguards are introduced to protect users against computer
Viruses and other malicious software as well as monitor the amount of personal
Information that browsers can transmit without the users consent. Also in this category
Are steps that organisations can take to prevent employee’s web browsing activities
From compromising the security of the company’s confidential information or the
Integrity of its local area network.

Server Security
These are measures that protect the web server and the machine it runs on from break
Downs and tumours. To aid this are software’s like firewall systems to operating system
Security measures.

Document Confidentiality

These are measures that protect private information from being disclosed to third
Parties, i.e. spoofing.

Risks and threats to E-commerce Sites

1) Hackers
2) software/hardware failure

The most eminent threat to E-commerce comes from malicious computer users
Known as hackers and all businesses run the risk of becoming targets of criminals.

Securing a site involves a combination of:
 Storage and handling o Keeping backups of important information o Having hiring policies that attract honest staff and keep them loyal. o Taking software-based precautions, such as choosing secure software and
 keeping up-to-date o Training staff to identify targets and weaknesses o Auditing and logging to detect break-ins or attempted break-ins
Software/hardware failure

It is always safer to have multiple backup data/files in different locations in case of a
Software/hardware failure so that if a failure should occur it does not affect the
Operation of the whole system.

Now that the more general risks that E-commerce websites face have been examined,
The security issues that present themselves to E-commerce websites can be
Crucially examined.


Exposure of confidential data

A web server is the wrong place for the storage of confidential information as it is
Information that is made accessible by the public unless intended. To reduce the risk of
Exposure it is important to limit the methods by which information can be accessed
And Limit the people who can access it as it can also lead to loss of files. Authentication is a main requirement for websites. It means asking people to prove their identity. The most common ways of authentication are passwords and digital signatures.

Modification of Data

Modification to files could include changes to data files or executable files. A hacker’s motivation for Altering a data file Might be to vandalise a company’s site or to obtain fraudulent Benefits. Replacing The Data can be protected from modification as it travels over the network by using digital Signatures. This does not stop somebody from modifying the data but if the signature Still matches when the files arrive, it can be seen whether the file has been modified.

Errors in Software

Errors in software can lead to all sorts of unpredictable behaviour including service unavailability, security Breaches, financial losses and poor service to customers. Common causes of errors that can be looked for are poor specifications, faulty assumptions made by developers and inadequate testing.

Poor stipulation and testing

It is not possible to test for all possible input conditions, on all possible types of
Hardware, running all possible operating systems with all possible user settings. This
Is even more true than usual with web-based systems. What is needed is a well-
Designed test plans that tests all the functions of the software on a representative


Repudiation occurs when a party involved in a transaction denies haven taken part.
A customer might include a person ordering goods off a website and then
Denying having authorised the change on his credit card. Ideally financial transactions should provide the peace of mind of non-repudiation to both Parties. Authentication provides some surety about whom you are dealing with. If issued by a trusted organisation, digital certificates of authentication can provide Comfortable confidence.

Solutions to E-commerce Security Risks


This is the translation of data into a secret code making data unreadable to potential
Hackers. It’s the most effective way to achieve data security. Encryption also known as
Cryptography can also be used to check the authenticity of a message or the integrity of
A file.

There are two basic ways of encrypting:
• Symmetrical
• Asymmetrical

Symmetrical Algorithms use a single key that both the person sending and the person
Receiving the coded message must know. Asymmetrical methods, on the other hand,
Use two keys, one of which is deliberately published. If a message is to be sent to more than
One person, a key has to be produced for each and it must be sent to each of them.
Therefore, key management and distribution are the main problems with symmetrical
Encryption algorithms.

Example in fig I

Data Encryption Standard (DES)

The best-known standard for symmetrical encryption is the Data Encryption Standard
(DES), which IBM developed for the National Bureau of Standards in the 1970s.
DES encryption uses a 64-bit key (including eight parity bits - so the actual key itself
Is 56-bits long) converting 64-bit blocks of plain text into 64-bits blocks of code.
Authorized users of encrypted computer data must have the key that was used to
Encipher the data in order to decrypt it.

RSA Public Key Algorithm

This algorithm is perhaps the best known and the most popular embodiment of the
Diffie-Hellmann public key algorithm principles is the RSA algorithm, which is
Named after its inventors; Ronald Rivest, Adi Shamir and Leonard Alderman (1978).
The high level of security the RSA algorithm offers derives from the difficulty of
Decomposing large integers into prime factors: that is, two primes which, when
Multiplied by one another, give the original number. One of the drawbacks with RSA
Algorithm compared, with symmetrical methods is that encrypting and decrypting
Messages takes much more computing power. The fastest RSA chip now in existence
Can only manage a throughput put of 600KBit/s when using 512-bit primes.
Comparable DES hardware implementations are anything from1000 to 10 000 times
Faster. At present, DES software implementations can encrypt around 100
Times faster than the RSA algorithm.

Digital signatures

A digital signature is like a normal signature, in that it identifies you uniquely and is Difficult to fake. It really enables the merchant to verify that the communication actually came from the user. The full description of the digital signature process is described below.
 Encrypt message. As normal, first the sender encrypts the message with the recipient's public key
 Add signature. Then the sender adds their signature to the encrypted message, perhaps some text like "This message is from angel ideh", and then encrypts the whole thing with their own private key.
 Decrypt signature. The recipient receives the message and decrypts it with the sender's public key, which produces the digital signature and the encrypted message.
 Decrypt message. The recipient then decrypts the remaining message with their own private key.

Digital certificates

Digital certificates play an integral role in keeping E-commerce safe.
A digital certificate contains an entity's name, address, serial number, public key,
Expiration date and digital signature, among other information. When a Web
Browser like Firefox, Netscape or Internet Explorer makes a secure connection,
The digital certificate is automatically turned over for review. The browser checks it for
Anomalies or problems, and pops up an alert if any are found.
When digital certificates are in order, the browser completes secure connections
Without interruption.

Security for Transactions

Cryptographic principles are incorporated into communications protocols and
Software. On the web, SSL (Secure Sockets Layer) is the dominant protocol for
Encrypting general communications between browser and server, while SET (Secure
Electronic Transactions) is a specialised protocol for safeguarding credit-card based

Secure sockets layer

The SSL protocol was originally developed by Netscape, to ensure security of data
Transported and routed through HTTP, LDAP or POP3 application layers. SSL is
Designed to make use of TCP as a communication layer to provide a reliable end-to-end
Secure and authenticated connection between two points over a network e.g.
Between the service client and the server.

Secure Electronic Transactions (SET)
SET is an open standard available to anyone engaged in electronic commerce. It’s a Protocol designed to ensure the security and integrity of online communications and Purchases, Secure Electronic transaction (SET) uses digital certificates, issued to Merchants and other businesses and customers, to perform a series of security checks Verifying that the identity of a customer or sender of information is valid. Digital certificates, digital signatures, and digital wallets all function according to the SET protocol.


Internet shopping is growing around the world and as it does the number of
E-businesses are also increasing. This results in a rise in the amount of exposure that
Customer’s confidential data may face through poor security measures implemented by
The e-Commerce merchant. There are always going to be customer concerns about
Security and the best thing that merchants can do is try to reassure customers by
Implementing appropriate security measures and displaying trust marks on the
Website. Through the course of this coursework the main aspects of security that were
Found to be implemented are:
• Encryption
• Digital signature
• Digital certificates
• SSL channels set-up for secure transactions

"E-commerce is an evolution" - By using electronic technology through the internet, it achieved * More competitions, more marketplaces, faster transactions, and more advanced technologies to make activities between customers and producers more active. * We as customers and internet users are responsible to keep our e-commerce healthy and safe so that e-business can be more reliable in the future.


E-business an e-journal that provides e-commerce headlines as well as links to other resources including reports and white papers.

E-Business Research Centre CIO Magazine's e-commerce site includes discussion forums, articles, and other useful resources.
The e-commerce Guidebook provides a step-by-step guide to the process of becoming e-commerce enabled, a directory of online transaction providers, and a compilation of Web resources.
E-Commerce 2010 (6th Edition)
Kenneth laudon.

Similar Documents

Premium Essay

Computer Security

...Computer Security Protecting Your Computer System Do’s and Don’ts Abstract This paper explores the computer security process of preventing and detecting unauthorized use of computers. I will also discuss: A. The prevention measures (do’s and don’ts) to help you stop unauthorized users (also known as “intruders”) from accessing any part of your computer system. B. Detections methods that help you to determine whether or not someone attempted to break into your system; a. If an attack was successful b. If so, what they may have done.   Computer Security Protecting Your Computer System Do’s and Don’ts We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications “top secret,” you probably do not want strangers reading your email, using your computer to attack other systems, sending forged emails from your computer, or examining personal information stored on your computer (such as financial statements). Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Once an intruder takes control of your computer, they have the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems....

Words: 1909 - Pages: 8

Premium Essay

Computer Security

...CHAPTER 3 CO M P U TE R A N D I NT E R N E T C R IME QUOTE In view of all the deadly computer viruses that have been spreading lately, Weekend Update would like to remind you: when you link up to another computer, you’re linking up to every computer that that computer has ever linked up to. —Dennis Miller, Saturday Night Live, U.S. television show VIGNETTE Treatment of Sasser Worm Author Sends Wrong Message Unleashed in April 2004, the Sasser worm hit IT systems around the world hard and fast. Unlike most computer viruses before it, the Sasser worm didn’t spread through e-mail, but moved undetected across the Internet from computer to computer. It exploited a weakness in Microsoft Windows XP and Windows 2000 operating systems. By the first weekend in May, American Express, the Associated Press, the British Coast Guard, universities, and hospitals reported that the Sasser worm had swamped their systems. Computer troubles led Delta Airlines to cancel 40 flights and delay many others. Microsoft quickly posted a $250,000 reward, and by mid-May, authorities apprehended Sven Jaschen, a German teenager. Jaschen confessed and was convicted after a three-day trial. Jaschen could have received up to five years in prison, but because he was tried as a minor, the court suspended his 21-month sentence, leaving him with only 30 hours of community service. Copyright © 2007 by Thomson Course Technology. All rights reserved....

Words: 18526 - Pages: 75

Premium Essay

Computer Security

...TITLE: PERSONAL NETWORK SECURITY INTRODUCTION: Computer security is the process of detecting unauthorised use of your computer or PC . As the old saying goes “prevention is better than cure” , going by this we realise that if we learn about the possible loopholes in the security we can prevent it in the first place. But the big question is 'why should i care about my computer security?' . We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs.Although we may not consider our communiction a 'top secret' ,but you dont want others to eavesdrop on you conversations, read your mails, use your computer to attack others system , send forged mails from your computer to others or check the stuff from your computer hard drive. There are many people who whould want to break into you computer system they are generally known as hackers or crackers . More often they do this because they want to launch an attack on some computer system through your computer and other times it is done by some teenage kid who want to showcase his skills and feel proud of himself and maybe even gain some limelight. If your computer is connected to the internet then you dont need some hacker to personally attack your system . There are thousand of computer programs to do this job on the net. Even if you use your internet just to check your e-mails you could still be a huge target for attackers....

Words: 1142 - Pages: 5

Premium Essay

Computer Security

...Consider the information stored on your personal computer. Do you, at this moment, have information stored in your computer that is critical to your personal life? If that information became compromised or lost, what effect would it have on you? (150 - 200 words) I do have personal information stored on my computer that is very critical to my personal life. My personal computer holds credit card numbers, bank account details, passwords, medical information, websites I have visited, personal family pictures, some private letters and all my business ideas. Basically my whole life is on my personal computer and if it fell into the wrong hands someone might use it to commit fraud against me. I will have to take action quickly to minimize the potential for the theft of my identity. I will have to close compromised credit card accounts immediately and put an initial fraud alert on my credit report. I will have to place new passwords on old and new accounts that I open. I think getting my personal information compromised would leave me very paranoid and I will be watching for signs that my information is being misused and I think at the end it will leave me feeling much violated. 2. What is a mission statement? What is a vision statement? What is a values statement? Why are they important? What do they contain?...

Words: 651 - Pages: 3

Premium Essay

Computer Security

...Computer Security Victoria M. Deardorff Brevard Community College April 10, 2012 This paper is written as a basic overview of computer security for the non-technical user. This paper is meant to educate the reader on practical steps that can be implemented to secure their home-based computers. Additionally, the reader will be informed of industry and government needs for and methods of computer security. With this information, the reader should gain a better understanding of why agencies and companies have their rules and regulations pertaining to computer security. What do you think when you read or hear the words “computer security”? The word security implies freedom from risk, danger, doubt, anxiety, or fear and invokes a feeling of safety and confidence. As security relates to our computers, you may immediately ask yourself if you have done everything possible to guard your personal computer as well as the information stored on that computer. Also, you may think about the companies with which you do business and ask the same question; have they done everything possible to protect my personal information? The world of computer security or information security, as it is sometimes called, continues to evolve as consumers expand the use of computer systems. “The story of network attacks, bugs, viruses, and criminal actions stretches as far as the computer industry itself....

Words: 1938 - Pages: 8

Premium Essay

Computer Security

...---Information security and computer systems are closely tied entities, these fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there a very fine line that distinguishes them.These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. ---Computer Security is concerned with the risks related to computer use, and ensures the availability,...

Words: 314 - Pages: 2

Premium Essay

Computer Security

...Allowing a computer without the most current updates and patches could be a harmful. New threats have come along and need the newest updates to keep from allowing Viruses, Malware, or Spyware from getting into our Internal Use Only documents. Leaving your desk with your computer unlocked leaves it open for unauthorized access . A simple control+alt +del with a password protection would prevent this from taking place. Home media (CD’s, DVD’s, and USB’s) are great to have and should be used just not at work without proper authorization. These can carry small backdoors and leave our system open to attacks. One of the...

Words: 465 - Pages: 2

Premium Essay

Computer Security

...Computer Security Careers Blake Eubank Harrisburg Community College 1 A. After going to I learned it is a great place to get certified in more than 20 different specialized information security areas. It targets specific skills sets rather than generalizing. They offer more disciplines and focus on the skills required to master specific jobs. (Northcutt, 2011) The Information Systems Security Association (ISSA) is a non-profit organization which provides forums, education, and publications for its security professional members. The main goal of ISSA is to promote leadership which will ensure confidentiality, integrity, and availability of information resources. Members include all levels of security professionals in a variety of different fields including government, public, and private sectors. ( 2011) Technology in Action doesn’t really cover computer security careers, it does reference the Information Systems Security Association web site on page 469 but no further discussion can be found in the text. (Evans, 2011) B. On the Helium web site author Chris Stubbs explains that one of the basic skills needed for any computer user is the ability to type. (Stubbs, 2009) In my opinion you don’t have to be able to type fast you just need a working knowledge of the QWERTY keyboard....

Words: 554 - Pages: 3

Premium Essay

Computer Security

...| | NIST 800-12 discussion of cryptography is remarkably up to date and correctly points out that cryptography depends on other controls for effective implementation.Question #05: Numerically list the 5 security controls that cryptography requires. In your own words, explain each control. | | Question #06: What is the main idea behind cryptography?Question #07: What is the main problem with symmetric cryptography?Question #08: What is the basic idea in asymmetric cryptography?Question #09: What does key length have to do with security?Question #10: What is a one-way hash function? Why is it used? SHA-1 is discussed...

Words: 1379 - Pages: 6

Free Essay

Computer Security

...Contents 1.1) Computer threats categories 2 This attack covers: 2 2.) Bob signs up for internet banking. 3 2.1) how the security scheme works 3 2.2) is it secure against dongle theft 3 2.3) if safe from eavesdropping, does this eliminate need for dongle 3 2.4) the cryptographic primitives used 3 2.5) purpose of the serial number 3 2.6) does the serial number need to be randomly generated 3 Computer security and protecting our systems 4 Bibliography 5 Question 1 1.1) Computer threats categories This attack covers: i) Deliberate acts are the main threat category for this type of attack because the hacker is deliberately trying to cause harm. It also deliberates acts of espionage or trespass; deliberate acts of sabotage or vandalism; and deliberate acts of theft. ii) Compromises to intellectual property – copying of files, defacing the web page, and stealing credit card numbers iii) Technical failures. For instance, if part of the organizations software has an unknown trap door, then this type of hacker attack could occur. iv) The final category is management failure. This hacker attack could happen if management were to have a lack of sufficient planning and foresight to anticipate the technology need for evolving business requirements. Question 2 2.)...

Words: 898 - Pages: 4

Free Essay

Computer Security

...Jensen English 1A-21 14 November 2015 Computer Security: Worms and viruses Nowadays, in the domain of computer sciences, there is a big problem to face: Worms and viruses. Being in the technology is a good thing, but being n the technology without knowing how to avoid the consequences of the technology is worse. Viruses and worms affect the computer and damage, or in other words corrupt some files that are important to the good functioning of the computer. Viruses have many ways of penetration that computers user ignore, and that’s what makes the damage even more severe. First of all, let’s start by defining a viruses and a worm. A virus is a malware program (not a computer program), that auto run, and replicates by adding copies of their code into other computer program, any other type of data that it comes across. This will create an overall corruption of your database and your computer. In reality, there are three categories of computer infections malwares and we defined the first one which is viruses. The two second malwares are worms and Trojan horses. In a questions of codes or designs they are all similar, but the differences come in the way these three categories act. Contrarily to viruses that need a human action to spread, such as sharing files, running an infected program, and so on, worms have the ability to auto spread themselves, which mean that they don’t require the action of a human....

Words: 1076 - Pages: 5

Premium Essay

Computer Security

...PA r T O N e Foundations of Network Security Fundamentals of Network Security 2 Firewall Fundamentals 43 VPN Fundamentals 79 Network Security Threats and Issues 111 CHAPTer Fundamentals of Network Security 1 C OMPUTER NETWORK SECURITY is very complex. New threats from inside and outside networks appear constantly. Just as constantly, the security community is always developing new products and procedures to defend against threats of the past and unknowns of the future. As companies merge, people lose their jobs, new equipment comes on line, and business tasks change, people do not always do what we expect. Network security configurations that worked well yesterday, might not work quite as well tomorrow. In an ever-changing business climate, whom should you trust? Has your trust been violated? How would you even know? Who is attempting to harm your network this time? Because of these complex issues, you need to understand the essentials of network security. This chapter will introduce you to the basic elements of network security. Once you have a firm grasp of these fundamentals, you will be well equipped to put effective security measures into practice on your organization’s network. While this textbook focuses on general network security, including firewalls and virtual private networks (VPNs), many of the important basics of network security are introduced in this chapter....

Words: 16205 - Pages: 65

Premium Essay

Computer Security

...Computer Network Security Alternatives Computer network security and integrity is a large concern among all types and sizes of companies. The options for solving security risks are as varied as the companies themselves. However, it is possible to break down the methods for dealing with security risks into three major categories. Companies have the option to: 1. Select best of breed products for their various security needs and assemble the products together to form their own customized solutions. 2. Purchase a security suite that contains security products that will address their various security needs. 3. Outsource security to another company rather than handle it internally. This paper will summarize primary research conducted by Kang-hun Lee, Yonghoon Choi, Mike Loveridge, Tom Gonzales and David Linford over a three month period to determine market trends in the security software industry. A survey instrument was prepared to capture the following data. 1. What do companies consider threats to their network environment? 2. What preferences do they have regarding specific security services? 3. What sort of security option do they prefer when choosing between: best of breed, suites or outsourcing. Findings and analysis Once the data were collected, we were able to organize and analyze the results. This section will both specify the analytical procedures we used as well as report on the findings....

Words: 766 - Pages: 4

Free Essay

Computer Security

...Computer Security Assignment 2 Solutions ECE568, Winter 2011 Introduction Answer the following questions. When a word count restriction is given for a question, exceeding it will result in marks being deducted. If your answer is more than twice the maximum length, you will get zero for the question. Please include a word count for all your answers. We recommend that you use a utility like wc on ECF to count the number of words in your answer. Your answers should be written in proper English, with full sentences. We reserve the right to deduct marks for poor English, unintelligible answers or illegible handwriting. All answers should be written in your own words - no copy-pasting! The completed assignments should be submitted in hardcopy during class on April 4, 2011. Note that all written assignments should be done individually. 1 DES and differential cryptanalysis Read and answer the following questions: 1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize? [1 mark] 2. When was differential cryptanalysis first discovered? Which organization had knowledge of it at the time? [2 marks] 3. When did differential cryptanalysis first appear in public literature? List the title and the authors of the paper. [2 marks] 4. What is an active S-box as described in the article? Why is it important to maximize the number of active S-boxes?...

Words: 2608 - Pages: 11

Premium Essay

Computer Security

...Many of these policies are just adopted, but till many companies find it necessary to be tailored so that it is tailored to an organization security needs and most till need to be updated to reflect ever changing impact of the cyberspace transactions in everyday activities. Like all company document, cyberspace follows good design and various format in order to make the document not be vague and follow government policies on security design. These policies also need to be reviewed regularly to ensure that they conform to the business needs that are ever changing gin the business environment. The following are the major items involved in the cybercrime plan actions. 1. Establish security roles and responsibilities Establishing security roles and responsibility in a company is one step towards combating cybercrime. The policies should clearly define the separation of roles with responsibility depending on the system in place. This means that a system will be designed on role based control which might not be well utilized when the procedures and policies are not well defined. The extend of employees can go with a system should show how much they can access in the system and the policies should be maintained at minimum. This means that: The security procedure clearly identifies data ownership in the company and employee roles are well defined. The employees should not inherit privileges from other users....

Words: 2072 - Pages: 9