Professional Documents
Culture Documents
Security, Legal and Ethical Issues
Security, Legal and Ethical Issues
Rapid advancements in technology is allowing everyone to send and receive information from
anywhere in the world. This facility is thoroughly exploited by the commerce as e-commerce.
Commerce taking place using WWW as the enabling transport is e-commerce. It includes any
computer mediated business process over the internet. However, any transaction (message
delivery) taking place across the public internet is open to a wide variety of security problems.
The successful functioning of e-commerce security depends on a complex interrelationship
between several components, including the applications development platforms, database
management systems, system software and network infrastructure.
2. Privacy: Privacy ensures that only authorized parties can access information in any system.
The information should also not be distributed to parties that should not receive it. Issues
related to privacy can be considered as a subset of issues related to access control.
5. Availability: Availability ensures that the required systems are available when needed, i.e.
the customer order systems are available all the time. Two major threats to availability
problems are virus attacks and denial of service (DoS).
One complicating factor for any e-commerce venture is security for customer information,
such as credit card numbers and personal data and this issue has kept many customers from
purchasing products on the internet. Transaction security has kept many customers from
purchasing products on the internet. Even if secure software programs are more protective,
foolproof systems may never be developed because new threats are always there.
4. Firewall: Firewall is a hardware or software security device that filters information passing
between internal and external networks. It controls access to the Internet by internal users,
preventing outside parties from gaining access to systems and information on the internal
network. A firewall can be applied at the network level to provide protection for multiple
workstations or internal networks or at the personal level where it is installed on an
individual PC.
A firewall typically takes one of two forms:-
Software firewall: Specialized software running on an individual computer.
Network firewall: A dedicated device designed to protect one or more computers.
Both types of firewall allow the user to define access policies for inbound connections to the
computers they are protecting. Many also provide the ability to control what services the
protected computers are able to access on the Internet. Most firewalls intended for home use
come with pre-configured security policies from which the user choose, and also allow the user
to customize these policies for their specific needs.
Types of Firewalls: There are three basic types of firewalls depending on:-
a. Whether the communication is being done between a single node and the network, or
between two or more networks.
b. Whether the communication is intercepted at the network layer, or at the application
layer.
c. Whether the communication state is being tracked at the firewall or not.
With regard to the scope of filtered communication there exist:-
• Personal firewalls: A software application, which normally filters traffic entering, or
leaving a single computer.
• Network firewalls: Normally running on a dedicated network device or computer
positioned on the boundary of two or more networks. Such a fire wall filters all traffic
entering or leaving the connected networks.
Intrusion Detection
The software related to intrusion detection monitor system and network activity to spot any
attempt being made to gain access. If a detection system suspects an attack, it can generate an
alarm, such as an e-mail alert, based upon the type of activity it has identified.
Despite the sophistication of these controls, they are only as good as the people who use them
and hence a continual awareness program is a vital component of any security policy.
Anti-Virus Software
Anti-virus software is used to protect against viruses, Trojans and worms. It can detect them,
prevent access to infected files, repair them and if can’t be repaired then quarantine such
infected file.
Different types of anti-virus software:-
• Virus Scanners: Must be updated regularly, usually by connecting to the supplier’s
website, in order to recognize new viruses.
• Heuristics Software: Detects viruses by applying general rules about what viruses look
like. While it does not require frequent updates, this software can be prone to giving
false alarms.
The threat of virus infection can be minimized by:-
• Using a virus checker on one’s Internet connection to trap viruses both entering and
leaving the business’ IT system.
• Running virus checkers on servers to trap any viruses that have managed to evade the
above check.
• Running individual virus checkers on users’ PCs to ensure that they have not
downloaded a virus directly, or inadvertently introduced one via a CD, pen drive etc.
Other Methods of Preventing Viruses:-
• Installing software patches provided by the supplier of one’s operating system to close
security loopholes that could be exploited by viruses.
• Using a firewall to prevent unauthorized access to one’s network.
• Avoiding download of unauthorized programs and documents from the Internet and
ensuring that everyone in the organization adhere to this policy.
One’s system may still become infected even if the above guidelines are followed. Hence
regular back-ups of the data and software should be taken so that the infected files can be
replaced with clean copies if required.
Virus Alerting Services: One can subscribe to a service or supplier who will provide virus alerts.
Some are available on a paid-for basis, while others are provided by suppliers of anti-virus
software to their customers.
Spyware: There are software available that scan the systems and detect for known spyware
programs. Spyware can then be removed or quarantined. As with anti-virus software, it is
important to keep this software up-to-date.
Digital Identity & Digital Signature: Digital identity refers to the aspect of digital technology
that is concerned with the mediation of people’s experience of their own identity and the
identity of other people and things.
Digital identity is a safe personal web platform that gives the individual the power to control
how they interact with the Internet and share their personal information. Each individual is
assigned a personal web address that functions as a master key to all his or her online
communication.
Through a number of practical tools such as online business cards, CV, favorites, personal
messages, access control etc. the individual creates and have full control of their online
information. With Digital identity each individual becomes an integrated part of the Internet, so
other websites, search engines and applications automatically can interact with the online
identity.
The basis of Digital identity are:-
• It is the online presence of an individual or business which gives access to online
services – Authentication.
• It defines the level of access to online services – Authorization.
• It is a repository of information for use by the subscriber, for the subscriber and is the
first point of all online communications.
Biometric: Biometric refers to the automatic identification of a person based on his
physiological or behavioral characteristics. Example of physical characteristics include
fingerprints, eye retinas and irises, facial patterns and hand measurements; while examples of
behavioral characteristics include signature, gait and typing patterns.
This method of identification offers several advantages over traditional methods involving ID
cards or PIN numbers for various obvious reasons:-
i. The person to be identified is required to be physically present at the point-of-
identification.
ii. Unlike biometric traits, PINs or passwords may be forgotten, and tokens like passports
and driver’s licenses may be forged, stolen, or lost.
iii. By replacing PINs (or using biometrics in addition to PINs), biometric techniques can
potentially prevent unauthorized access to sensitive places and sensitive equipment.
There are also differences regarding ethics among different countries. What is unethical in one culture
may be perfectly acceptable in another. Hence, many companies and professional organizations have
developed their own codes of ethics – a collection of principles intended as a guide for its members.