Internet Security and Its Impact on Electronic Business Design - Essay Example

Internet Security Impact on Electronic Business Design Contents Introduction Electronic Business: An Introduction Electronic Business Threats Internet Security: The prevalent perspective Conclusion Introduction The advent of Internet has drastically changed lifestyles. This change has taken its effect on individuals and businesses alike. Corporations are dependant on internet for successful completion of various business activities. Electronic business also known as E Commerce is the latest revolution in Internet which companies to exploit the power of the Internet to boost their sales. It allows users to buy goods while sitting at the luxury of their home. It provides innumerable benefits to businesses; broadens the customer base, provides products a healthy brand equity, spreads the roots and reach of a company to name a few; which directly have a positive impact on the returns on investment of a company. However, E Commerce is no panacea. As the dependence on the Internet increases, so do the pertinent risks that might hamper the profitability of a business due to computer criminals. The past few years have revealed that most people are not proactive towards Internet security and tend to wake up to its importance only after the disaster has already struck. This paper aims at analysing the impact Internet security has on electronic business. The prevalent norms of electronic business are analysed and the security mandated are considered. Current security standards are analysed and their loopholes are presented. Finally the paper concludes with the presentation of the prospective state of Internet security. Electronic Business: An Introduction The availability of commodity priced IT systems, high speed and affordable communications infrastructure and ever increasing research and development in computer languages have swelled Electronic Commerce. But what exactly is E Commerce The ubiquitous definition of E Commerce would be, "Buying and selling of goods on the Internet". However this definition is a little too coarse; too simple. The eCommerce Innovation Centre provides a more pragmatic view by defining E Commerce as every form of business or administrative transaction or exchange of information between a company and its outside world (eCIC, 2001). The first implementations of E Commerce applications can be traced back to the early 1970s, when a few companies began exchanging data among themselves through Electronic Data Interchange (EDI), a prevalent industry standard for inter enterprise communication. Since then there has been no looking back. Companies began deploying huge corporate networks with groups of systems perform certain business tasks. The major springboard to E Commerce was provided by the low cost entry of the Internet. Virtually every major company started transforming their businesses to global level through Internet (Gottardi et al, 2004). However today, just a decade after the revolution, E Commerce is plainly considered to be a synonym for high profits. It is an underlying business philosophy assumption of major companies and not some necessary technological breakthrough. Such a ubiquity of E Commerce was mainly due to its potential to lead to dramatic growth in trade and improved efficiency and effectiveness of business practises. As of today, E Commerce consists of several theoretical models, which provide a company with the tools to support the 5 essential elements of conducting business, namely price, promotion, presence, product and place. The important models are: Merchant Model: This model is typically used by traders, resellers, wholesaler and retailers of goods and services. It includes 24x7 ordering and one to one custom marketing (embellix, 2000). Auction Model: This model emulates the traditional 'bidding' model. It implements the bidding mechanisms by presenting goods and their value online. Manufacturer Model: It is used by the manufacturers directly to communicate to the consumers about their goods and services. Affiliate Model: In this model a company becomes an 'affiliate' of another company to advertise itself or its products and needs to pay certain amount for using it. Advertising Model: In this model, a company uses another website to advertise with the use of banners. Subscription Model: This model is generally used by Online Libraries and Scientific Organizations, where certain amount has to be paid as subscription charges to view or download any content offered (commissionjunction.com, nd). Logistics Model: In this model a company manages the logistical activities of another company. It is useful to organizations that have a strong foothold and already generated sufficient revenue. Electronic Business Threats Internet offers very attractive features for the design of electronic business. It is open and provides a level playing field in which all businesses can play. It is built on the underlying principle of platform independence which allows businesses with any IT implementation to turn to E Commerce. However Internet is unmanaged, uncontrolled and unregulated. Some of the most common among the millions of Internet Security threats and their impact on businesses are presented below. Risk: Denial of Service (DOS) attack on the company's servers. The web server of a company is the most important part of E Commerce. The server receives requests from company's clients and associates, performs the necessary actions and returns results. DOS attacks generate a heavy load of fake requests and transactions which drastically slows down the server and finally crashes it completely. Business Impact: DOS attacks have a direct impact on the market share of the company since the servers will not be able to process important requests faster. It is noted that clients hate to wait for their transactions to complete and a DOS attack leads to dissatisfaction among the customers. Risk: Vandalism of company websites. Hackers generally are employed by rival companies to deface the website of a company and render it useless for E Commerce. Business Impact: The company website is the interface for the company's clients to generate transactions with the company. Vandalism leads to several days of E Commerce shut-down to re construct the website. This leads to huge losses for the company in not only restoring the website back to order but also due to the halt of several days' business. Risk: Property Thefts. Many attackers (including pranksters) break into a system with the aim of gaining illegitimate access to company's sensitive information such as business plans, e mails, customer information and intellectual property of the company Business Impact: Property thefts lead to loss of revenue, lack of long term sustainability, tarnished public image, heavy expenditures in R&D work and negative reactions from investors. Risk: Viruses, Worms and Trojans. Viruses sabotage the hardware and software implementations of a company. Viruses are specially crafted to affect the servers and communications infrastructure in specific ways. Worms are crafted to affect not only the base system but also all other systems that are pursuing communications with the base system. Trojans are softwares that look benign externally but are programmed to perform disastrous tasks in the background. Business Impact: Loss of consumer base, heavy loss and consequent expenditures due to breakage of hardware infrastructure and loss of confidential business data. Apart from the above mentioned threats, are many more threats arising due to loopholes in the Internet. The Centre For Asia Pacific Technology Law & Policy enumerates the various Internet threats to E Commerce (CAPTEL, 2004): 'theft of Internet and telephone services', 'financial frauds', 'catalogue fraud', 'forgery', 'funds transfer fraud', 'cyber stalking', 'illegal pornography', 'illegal betting', 'espionage', 'extortion' and several others. All of these threats have an impact on the authenticity, confidentiality and integrity of the company's associates, clients and sensitive data. These threats prove that robust security standards and implementations are essential to ward off several of the threats and to ensure successful online business operations. The following sections will limn the current security options available to secure E Commerce and the possible future developments in this field. Internet Security: The Prevalent Perspective In today's highly competitive business environments, companies from all domains need to take the need for robust internet security seriously and establish as many security measures in place to avoid dire consequences. Regardless of the several threats looming across the Internet, E Commerce has not moderated. Companies are still investing tons of money in Business-to-Consumer and Business-to-Business establishments. The primary reason for this is the availability of several security standards and implementations. Several companies like CISCO and VERISIGN are now offering services and consultancy to companies considering migrating to E Commerce. Any company aiming to establish an E Commerce solution must ensure 3 features: Authentication Authorization Integrity Authentication Authentication mechanisms ensure that a person or a system is really what he/it claims to be. Authentication is particularly important when sensitive information is to be revealed. The ubiquitous method of providing authentication is by logins. Whenever a customer, employee or another associate registers with the company he is issued a username and a password. Whenever the user would like to communicate with the company he has to authenticate himself through the same username and password. However hackers are now able to steal the passwords by using sniffer tools. Therefore modern authentication mechanisms also include 'two factor authentication' according to which the user should not only submit his username and password in combination with a second level authentication such as a randomly generated unique number or a personal digital certificate. Authorization Once the user signs in, his access to resources on the server must be controlled. Not everyone will have the right to access all resources. For example trends in sales can not be viewed by customers of a company. To ensure authorization a company maintains Access Control Lists (ACL) which consists of all the access privileges of different sets of people. Whenever a user makes a request for a resource; the server checks with the ACL to check if the user has sufficient privileges to complete the transaction. Integrity Integrity deals with ensuring that the data that is being communicated between two people/systems is not tampered with and modified on the way. Encryption is generally the method used to ensure integrity of messages. The messages are encrypted based on a private cipher key that can be decrypted only with the private key. Therefore, even if an eavesdropper gets access to the message he will not be able to understand it unless he has the cipher key. Various standards and technologies exist commercially; which the companies can use to secure their E Commerce establishments. Some of the technologies existing for E Commerce security are enumerated in the following section. Virtual Private Networks A Virtual Private Network (VPN) is a private communications network used by several companies to communicate confidentially over a public network such as the Internet. Companies deploy VPNs to communicate with their suppliers, associate branches and customers in a remote way. VPN is created by deploying secure tunnels between two networks. These tunnels are created on top of secure standard protocols. The protocols encrypt all the messages being transferred across the tunnel. Various protocols are available to create a VPN. The most commonly used protocols are IPSec, SSL/TLS, PPTP, L2TP and VPN-Q. Intrusion Detection Systems Intrusion Detection Systems (IDS) are either hardware devices of software programs that detect any intrusions on any system and report it to the administrator. IDS works in two ways. In one implementation, an IDS keeps track of user activity in log files and any deviation from the normal activity results in the IDS raising an alarm. As a second implementation, an IDS keeps a log of illegal signatures and regularly matches the users' current activity with the signatures in the log. If a match is found it reports an intrusion. Firewalls Firewalls act as gatekeepers that allow only known users to access a company's resources. All transactions with the company's systems pass through the firewall, and the firewall drops any packet that it might find suspicious or from a suspect source. Public Key Infrastructure Public Key Infrastructure (PKI) is commonly used for encryption. The company obtains a public key from a trusted third party such as VeriSign and lists it publicly. The public key is used by a user to set up connection with the company's server. The public key is used to encrypt the data. The company then uses its private key to decrypt the data at its end. RSA algorithm is currently the most widely used PKI algorithm. Secure Protocols A protocol defines the syntax and semantics of a communication. Several secure protocols have been developed that ensure that the data is being transferred in between the company and the outsider in a secure fashion. HTTPS protocol is an enhancement to the existing HTTP protocol that adds a layer of encryption. Secure Shell (SSH) protocol is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (optionally) to allow the remote computer to authenticate the user. Secure Electronic Transaction (SET) protocol defines security for online credit card transactions. Apart from the establishment of these basic security protocols and technologies, a company must perform regular auditing to ensure that their systems, softwares and infrastructure is free of major loopholes. Independent auditors are employed by a company to audit their servers and internetwork to check for possible security threats. Internet security is one of the most widely researched subjects. New technologies are creating breakthroughs in this field. New technologies include biometrics, which will lead to impassable authentication. Unique individual identities such as the retina and fingerprints will soon be used as passwords. Intrusion Forecasting System (IFS) is another technological breakthrough that is proactive as opposed to the reactive nature of an IDS. Using complex algorithms and artificial intelligence, an IFS will be able to forecast an intrusion and block it before it takes place. Conclusion Internet Security without a doubt is the most important aspect of successful E Commerce and in the near future; with every company looking at transitioning to E Commerce; will gain more impetus. Therefore security of data and infrastructure must be of prime emphasis. Organizations should not hesitate in investing on security measures as this will have a direct impact on the ROI. References eCommerce Innovation Centre (2001), "An E Commerce Primer for Small Businesses", Cardiff University Press. Gottardi G, Bolisani E & M. Di Biagi (2004), "Electronic commerce and open communities: An assessment of Internet EDI", International Journal of Services Technology and Management, Volume 5, pp. 151-169. Embellix (2000), "E Marketing Planning: Accountability and eMetrics", Sponsored by Embellix Software, Pg 4 Commission Junction (nd), "What is Affiliate Marketing", found at: http://www.cj.com/frame_hom.asp Centre For Asia Pacific Technology Law & Policy (2004), "Best Practises for Legally Securing E Commerce", Submitted to UNESCAP Read More