The Adoption of E-commerce as a Business Platform - Essay Example

E COMMERCE No Lecturer) & The adoption of e-commerce as a business platform has negative impacts. This proposal seeks to address the security vulnerabilities faced by our e-commerce site and preventive strategies. E commerce security issues that are more likely to be encountered in the business deals with the privacy of personal data and unauthorized access. There will be conflict between developing a site that is convenient and easy to use versus security concerns. The security scare will not only be addressed at the at the business site –servers and network but also on the client site. Customer computers are the most targeted entry points of attack, and for that matter we will ensure that trust levels on both sides are at a maximum (Habiyaremye, 2011). Security has three important features for consideration; Confidentiality, integrity and availability. Confidentiality will allow the authorized user to access the company information. Integrity will allow the safe transmission of data and information from the sender to the receiver. In this business scenario, the focus is on safe relay of company information such as emails and safe consumer transaction over the internet such as online purchases. Availability deals with the timely and secure access of requested information to the company and customer (Habiyaremye, 2011). ECommerce players are classified into three; • The shopper/ customer • Software vendor • Web site • Attacker. All these three components are interlinked together in a system. Systems are vulnerable to threats and vulnerabilities. A vulnerability is defined as a weakness in the system which is not necessarily known by the user and the attacker. A threat is a possible attack directed to the system. However, the system is not necessarily vulnerable. Our website will be made invulnerable to threats through preventive measures that will be provided below. Because a system cannot be 100% secure, we anticipate building a security system that will address all the security issues as and guarantee safe transaction. In order to attain this, we categorise security features into four and deal with them separately. Authentication. This is the verification required to log into services provided over the internet such as wire transfer and internet banking. Authorization This will prevent the modification or deletion of of crucial information such as bank bills and balance charged to a credit card. Encryption. Encryption safeguards information from unauthorised persons. Transactions done online by customers will be encrypted to hide information such as passwords from attackers. Auditing. Auditing keeps a record of operations conducted between the merchant and customers. A merchant would use auditing to confirm that a transaction took place. A standard client server model contains three components; the server system, the network and the client system. In order to secure the transaction between the client and the business, we are going to use the firewall in our internal systems. Firewall A firewall is a combination of softwares and hardwares that allow only external trusted users to bypass a protected network. By installing a firewall, unwanted users and programmes are prevented from accessing the system. We shall employ demilitarized zone technology using two firewalls, the outer and the inner firewall. The outer firewall will contain open ports that will allow incoming and outgoing HTTP requests. The shoppers browser will thus be allowed to communicate with our servers. A second firewall situated behind our e-commerce server will be heavily fortified to accept only requests from trusted servers on specific ports. Both firewalls will use advanced intrusion software to detect unauthorized access attempts (Habiyaremye, 2011). In order to fool attackers, we shall implement a concurrent server known as a honey pot server. It will serve as a fake payment server strategically situated in the DMZ to convince the hawker that he has penetrated the firewall. With close monitoring, we can detect any attack. Encryption. Sniffer programs are detected and prevented by use of encryption. Encryption removes all traces of transaction data from intermediate websites. Encryption techniques such as secret-key, public-key and digital signatures will ensure that the integrity, privacy, confidentiality of the transaction data is achieved. Through intermediate nodes, transaction data will not be retained. By implementing encrypting technologies,transit data in the website will be prevented from manipulation. For example, a double key technology used by encrypting companies such as Cryptzone use one key to encrypt the message by the sender and other mathematically related keys at the receiving side used to decrypt. Secure socket layer. SSL is another advanced encrypting technology that will be used to encrypt the data at the between the shoppers computer and the sites server. An SSL certificate issued by the certificate authority will be used to authenticate our companies URL when a shopper’s browser request it. The shoppers browser will check it will check and authenticate the certificate only if it belongs to our company (Habiyaremye, 2011). Security policy As a business enterprise, the company will formulate policies that will dictate the conduct of employees. All user passwords should be kept encrypted using one-way hashing algorithm to prevent them from extraction. The company will employ external consultants on a regular basis to to analyse the systems. The company will also use cookies to store a record of authenticated and session information with shoppers. However in situations where the use of cookies is not practical, the company will use SSL client side authentication, URL and "sent user ID on request mechanisms. URL rewriting method will encode each HTTP link on a page. Security will be enhanced while using online payment methods. 128-bit encryption will be adopted by the company. The card details of all shoppers will be cryptographically secured to safeguard it against hackers and even network technicians. Advance features such as CVC2 and CVV2 will be considered in the building of the website to instill trust on the online shoppers. Likewise, the use of a lock symbol in the address line of the page will boost customer confidence in our site. A partnership with established online payment companies such as Paypal and Visa would not be inevitable. Our company will seek partnership with such companies to make it easy for shoppers to purchase online (Habiyaremye, 2011). Reference Habiyaremye, J. d. (2011). E-Commerce Security Threats. GRIN Verlag. Read More