E-Commerce: Software, Security, Payments, & Planning


Security for Client Computers There are many threats that can be presented to a computer accessing files and other content on the Web. Some of these threats can be minimal, but some can prove to impact many other computers with or without the knowledge of the user. Some of the more common threats come from cookies, Web bugs, active content, Java applets, JavaScript, ActiveX Controls, graphics and plug-ins, viruses and worms. Some of the means in which to control or prevent these threats include anti-virus software or digital certificates. Steganography is another threat that, to the average user, can seem like nothing, but may be used for unethical purposes. Also, there are some means in which a user can physically protect their computer. Cookies are files that Web sites create to store user information for future use. These can be of great use, but some sites may use cookies to access information on your computer or that you input on the site. The latter of these is used with ID theft, since many e-commerce sites have forms where you enter personal information that, if the site is hacked by someone who places a cookie on their, can be stolen. This is often done through a Web bug, whose only purpose is to link to another site that will provide a cracker (someone who uses their knowledge for unethical purposes) access to the information a user inputs on a site. Active content is a program that enables various content to be provided on a Web site. In terms of e-commerce, it is used in shopping cart software to place items in the shopping cart and calculate other costs for that purchase. Some crackers will use active content to place content on a site that is meant to do harm to a computer. The most common form of this is a Trojan horse, or a program that may look like it is legitimate, but is actually serving an unethical purpose, such as accessing personal information and sending that back to the person who inserted the Trojan horse on a site. Some of the more known types of active content include Java applets, which are used on e-commerce sites to perform business processes that otherwise cause congestion on a company server, but can also leave a user's computer open to security threats; JavaScript, which is a scripting language that is used in a similar manner to Java applets, but the user must initiate it for the script to begin, therefore if a user feels there is something not right about the site, they can leave the site before any damage is done; and ActiveX controls are commonly found on gaming sites, and if used by crackers, can also pose various security threats to a user's computer since they cannot be stopped once executed. Some other files that can cause security threats include graphics, plug-ins for various browsers, and e-mails with files attached. Some graphic formats are generated with a set of instructions, which can be altered by a cracker for ill-intentioned purposes. This is often the case with e-mail attachments, so the best way to prevent the risk of a virus or other malicious file from being downloaded to your computer is to only open e-mails that are from those you know, and if you are not sure, ask first before opening. Plug-ins are usually used by users to view additonal content on Web sites, but some can be used to secretly gather user information for various uses. As technology has improved, so have the threats that are presented to users. Two of the most common threats are viruses, which are files that are attached to another program that is usually downloaded unethically and can cause problems on the computer when the originally downloaded program is started; and worms, which are a type of virus that can spread over computers connected to the Internet. There have been numerous viruses that have become famous for various reasons, the most recent being named Storm, which would send out spam messages with fake news articles and clips. To prevent these threats, it is advised to have an antivirus program installed on you computer. There are many to choose from, and though many people use Norton or McAfee, I personally use Avast. It is free, and has kept my computer from having but a few issues pop up. When trying to prevent threats from active content, you should check to see if the content you are accessing has a digital certificate that states that the program is legitimate. One of the most common uses for digital certificates is on game sites that use ActiveX controls, such as MSN games. Another issue that has presented itself as technology has gotten more advanced is steganography, or having an image with hidden content that can only be accessed by those who have the required software. For more information, you can check out this site: While having security on the virtual level is important, users should also implement physical security on their computer. One of the best ways to do this is by having a fingerprint reader installed on the computer, since it only allows the user access to the computer by scanning the fingerprint and matching it with the stored information. Some other options include an ey scanner, writing pad that detects a user's handwriting style and pressure used, and palm readers.	Security for Server Computers There are many threats that are present on the server side of an e-commerce site, which can occur in secrecy or security violations. Some issues involving secrecy on a server include not having the home page file named index.htm or index.html, since it will bring up a list of all the files on the site, which can be accessed and can contain personal information. Security issues on a server can include someone accessing the file that stores all of the usernames and passwords of its users as well as the passwords the users choose. If someone gains access to this file, they can cause damage to various parts of the server while posing as someone else. Sometimes the issue is in the password the user chooses. It is best to choose a password that, while being easy to remember, is not able to be cracked easily. Another area in which issues may occur is in the database a company uses to store customer information or other valuable information that, if accessed and modified, can cause major problems in the company. One of the biggest threats to databases is a Trojan horse, which can be hidden in a database and be used to reveal otherwise secure information. Some other threats include buffer overflows and mail bombs. A buffer overflow occurs when a bug or error is contained in the program causing it to use resources not typically requried. This can be used to bring down a server by overloading the server with a buffer overflow that uses all resources until the hardware cannot operate. A mail bomb is when a cracker has accessed a large number of e-mail addresses and sends messages to one address, which can cause the total amount of space on the e-mail server to be surpassed, causing it to crash. Some physical security threats include someone accessing the location of the server without being authorised to do so, as well as fire, flooding, and other unexpected incidents. For this reason, even companies with the resources and money to have their server in-house may rely on a CSP to house their server hardware. As has been stated many times, one of the biggest threats to a server, whether physical or logical, is unauthorised access. There are many ways to prevent this from occuring, but it is not possible to completely defer someone from gaining access if they are determined enough, but one of the best ways to do prevent access is through the use of firewalls, which will control the information flow to and from the server, and only permits access to the server by those who have permission to do so.
Previous Topic: Software	Overview	Communication Security	Next Topic: Payments
Copyright 2010, Albert Smarowsky	Site Map	Home	Contact

Security for Client Computers

security

There are many threats that can be presented to a computer accessing files and other content on the Web. Some of these threats can be minimal, but some can prove to impact many other computers with or without the knowledge of the user. Some of the more common threats come from cookies, Web bugs, active content, Java applets, JavaScript, ActiveX Controls, graphics and plug-ins, viruses and worms. Some of the means in which to control or prevent these threats include anti-virus software or digital certificates. Steganography is another threat that, to the average user, can seem like nothing, but may be used for unethical purposes. Also, there are some means in which a user can physically protect their computer.

Cookies are files that Web sites create to store user information for future use. These can be of great use, but some sites may use cookies to access information on your computer or that you input on the site. The latter of these is used with ID theft, since many e-commerce sites have forms where you enter personal information that, if the site is hacked by someone who places a cookie on their, can be stolen. This is often done through a Web bug, whose only purpose is to link to another site that will provide a cracker (someone who uses their knowledge for unethical purposes) access to the information a user inputs on a site.

Active content is a program that enables various content to be provided on a Web site. In terms of e-commerce, it is used in shopping cart software to place items in the shopping cart and calculate other costs for that purchase. Some crackers will use active content to place content on a site that is meant to do harm to a computer. The most common form of this is a Trojan horse, or a program that may look like it is legitimate, but is actually serving an unethical purpose, such as accessing personal information and sending that back to the person who inserted the Trojan horse on a site.

Some of the more known types of active content include Java applets, which are used on e-commerce sites to perform business processes that otherwise cause congestion on a company server, but can also leave a user's computer open to security threats; JavaScript, which is a scripting language that is used in a similar manner to Java applets, but the user must initiate it for the script to begin, therefore if a user feels there is something not right about the site, they can leave the site before any damage is done; and ActiveX controls are commonly found on gaming sites, and if used by crackers, can also pose various security threats to a user's computer since they cannot be stopped once executed.

Some other files that can cause security threats include graphics, plug-ins for various browsers, and e-mails with files attached. Some graphic formats are generated with a set of instructions, which can be altered by a cracker for ill-intentioned purposes. This is often the case with e-mail attachments, so the best way to prevent the risk of a virus or other malicious file from being downloaded to your computer is to only open e-mails that are from those you know, and if you are not sure, ask first before opening. Plug-ins are usually used by users to view additonal content on Web sites, but some can be used to secretly gather user information for various uses.

As technology has improved, so have the threats that are presented to users. Two of the most common threats are viruses, which are files that are attached to another program that is usually downloaded unethically and can cause problems on the computer when the originally downloaded program is started; and worms, which are a type of virus that can spread over computers connected to the Internet. There have been numerous viruses that have become famous for various reasons, the most recent being named Storm, which would send out spam messages with fake news articles and clips. To prevent these threats, it is advised to have an antivirus program installed on you computer. There are many to choose from, and though many people use Norton or McAfee, I personally use Avast. It is free, and has kept my computer from having but a few issues pop up.

When trying to prevent threats from active content, you should check to see if the content you are accessing has a digital certificate that states that the program is legitimate. One of the most common uses for digital certificates is on game sites that use ActiveX controls, such as MSN games.

Another issue that has presented itself as technology has gotten more advanced is steganography, or having an image with hidden content that can only be accessed by those who have the required software. For more information, you can check out this site:

While having security on the virtual level is important, users should also implement physical security on their computer. One of the best ways to do this is by having a fingerprint reader installed on the computer, since it only allows the user access to the computer by scanning the fingerprint and matching it with the stored information. Some other options include an ey scanner, writing pad that detects a user's handwriting style and pressure used, and palm readers.

Security for Server Computers

There are many threats that are present on the server side of an e-commerce site, which can occur in secrecy or security violations. Some issues involving secrecy on a server include not having the home page file named index.htm or index.html, since it will bring up a list of all the files on the site, which can be accessed and can contain personal information. Security issues on a server can include someone accessing the file that stores all of the usernames and passwords of its users as well as the passwords the users choose. If someone gains access to this file, they can cause damage to various parts of the server while posing as someone else. Sometimes the issue is in the password the user chooses. It is best to choose a password that, while being easy to remember, is not able to be cracked easily.

Another area in which issues may occur is in the database a company uses to store customer information or other valuable information that, if accessed and modified, can cause major problems in the company. One of the biggest threats to databases is a Trojan horse, which can be hidden in a database and be used to reveal otherwise secure information.

Some other threats include buffer overflows and mail bombs. A buffer overflow occurs when a bug or error is contained in the program causing it to use resources not typically requried. This can be used to bring down a server by overloading the server with a buffer overflow that uses all resources until the hardware cannot operate. A mail bomb is when a cracker has accessed a large number of e-mail addresses and sends messages to one address, which can cause the total amount of space on the e-mail server to be surpassed, causing it to crash.

Some physical security threats include someone accessing the location of the server without being authorised to do so, as well as fire, flooding, and other unexpected incidents. For this reason, even companies with the resources and money to have their server in-house may rely on a CSP to house their server hardware.

server

As has been stated many times, one of the biggest threats to a server, whether physical or logical, is unauthorised access. There are many ways to prevent this from occuring, but it is not possible to completely defer someone from gaining access if they are determined enough, but one of the best ways to do prevent access is through the use of firewalls, which will control the information flow to and from the server, and only permits access to the server by those who have permission to do so.

Previous Topic: Software

Overview

Communication Security

Next Topic: Payments

Site Map

Home

Contact