Professional Documents
Culture Documents
Unit Ii (E Commerce)
Unit Ii (E Commerce)
Unit Ii (E Commerce)
Here are some key points about the internet’s role in e-commerce and the security
measures associated with it:
1
b) Payment Gateway Security: Payment gateways handle the processing of
online transactions securely transmitting payment information between the
buyer and the seller’s bank. They implement various security measures such
as encryption tokenization and fraud detection systems to protect sensitive
payment data.
c) Two-Factor Authentication (2FA): To enhance security many e-commerce
platforms implement 2FA requiring users to provide two forms of
identification such as a password and a unique code generated by a separate
device or app.
d) Secure Data Storage: E-commerce platforms must securely store customer
data including personal information and order history. Robust data encryption
access controls and regular security audits are crucial to safeguarding this data
from unauthorized access.
2
4) Mobile Commerce (m-commerce): With the increasing use of smartphones and
tablets mobile commerce has gained significant importance.
The internet provides the infrastructure to support secure mobile transactions
allowing users to browse purchase and make payments through mobile apps or
mobile-optimized websites.
Network Security
Network security encompasses all the steps taken to protect the integrity of a
computer network and the data within it. Network security is important because it
keeps sensitive data safe from cyber-attacks and ensures the network is usable and
trustworthy. Successful network security strategies employ multiple security
solutions to protect users and organizations from malware and cyber-attacks, like
distributed denial of service.
3
A network is composed of interconnected devices, such as computers, servers,
and wireless networks. Many of these devices are susceptible to potential attackers.
Network security involves the use of a variety of software and hardware tools on a
network or as software as a service. Security becomes more important as networks
grow more complex and enterprises rely more on their networks and data to conduct
business. Security methods must evolve as threat actors create new attack methods
on these increasingly complex networks.
➢ Users
➢ Locations
➢ Data
➢ Devices
➢ Applications
4
➢ Intellectual property protection. Intellectual property is key to many
companies’ ability to compete. Securing access to intellectual property
related to products, services and business strategies helps organizations
maintain their competitive edge.
➢ Compliance. Complying with data security and privacy regulations,
such as HIPAA and GDPR, is legally required in many countries.
Secure networks are a key part of adhering to these mandates.
The basic principle of network security is protecting huge stored data and networks
in layers that ensure the bedding of rules and regulations that must be acknowledged
before performing any activity on the data.
5
1. Physical Network Security: This is the most basic level that includes
protecting the data and network through unauthorized personnel from
acquiring control over the confidentiality of the network. These include
external peripherals and routers that might be used for cable connections. The
same can be achieved by using devices like biometric systems.
2. Technical Network Security: It primarily focuses on protecting the data
stored in the network or data involved in transitions through the network. This
type serves two purposes. One is protected from unauthorized users, and the
other is protected from malicious activities.
3. Administrative Network Security: This level of network security protects
user behaviour like how the permission has been granted and how the
authorization process takes place. This also ensures the level of sophistication
the network might need for protecting it through all the attacks. This level also
suggests necessary amendments that have to be done to the infrastructure.
➢ Access Control
➢ Antivirus and Anti-Malware Software
➢ Cloud Security
➢ Email Security
➢ Firewalls
➢ Application Security
➢ Intrusion Prevention System (IPS)
6
1. Access Control: Not every person should have a complete allowance for the
accessibility to the network or its data. One way to examine this is by going
through each personnel’s details. This is done through Network Access
Control which ensures that only a handful of authorized personnel must be
able to work with the allowed number of resources.
2. Antivirus and Anti-malware Software: This type of network security
ensures that any malicious software does not enter the network and jeopardize
the security of the data. Malicious software like Viruses, Trojans, and Worms
is handled by the same. This ensures that not only the entry of the malware is
protected but also that the system is well-equipped to fight once it has entered.
3. Cloud Security: Now a day, a lot of many organizations are joining hands
with cloud technology where a large amount of important data is stored over
the internet. This is very vulnerable to the malpractices that few unauthorized
dealers might pertain to. This data must be protected and it should be ensured
that this protection is not jeopardized by anything. Many businesses embrace
SaaS applications for providing some of their employees the allowance of
accessing the data stored in the cloud. This type of security ensures creating
gaps in the visibility of the data.
4. Email Security: Email Security depicts the services, and products designed
to protect the Email Account and its contents safe from external threats. For
Example, you generally see, fraud emails are automatically sent to the Spam
folder. Because most email service providers have built-in features to protect
the content.
5. Firewalls: A firewall is a network security device, either hardware or
software-based, which monitors all incoming and outgoing traffic and based
on a defined set of security rules accepts, rejects, or drops that specific traffic.
7
Before Firewalls, network security was performed by Access Control Lists
(ACLs) residing on routers.
6. Application Security: Application security denotes the security
precautionary measures utilized at the application level to prevent the stealing
or capturing of data or code inside the application. It also includes the security
measurements made during the advancement and design of applications, as
well as techniques and methods for protecting the applications whenever.
7. Intrusion Prevention System (IPS): An intrusion Prevention System is also
known as Intrusion Detection and Prevention System. It is a network security
application that monitors network or system activities for malicious activity.
The major functions of intrusion prevention systems are to identify malicious
activity, collect information about this activity, report it, and attempt to block
or stop it.
Firewalls:
8
a firewall is to allow non-threatening traffic and prevent malicious or unwanted data
traffic for protecting the computer from viruses and attacks. A firewall is a
cybersecurity tool that filters network traffic and helps users block malicious
software from accessing the Internet in infected computers.
9
Since the firewall acts as a barrier or filter between the computer system and
other networks (i.e., the public Internet), we can consider it as a traffic controller.
Therefore, a firewall’s primary function is to secure our network and information by
controlling network traffic, preventing unwanted incoming network traffic, and
validating access by assessing network traffic for malicious things such as hackers
and malware.
Generally, most operating systems (for example – Windows OS) and security
software come with built-in firewall support. Therefore, it is a good idea to ensure
that those options are turned on. Additionally, we can configure the security settings
of the system to be automatically updated whenever available.
When it comes to network security, firewalls are considered the first line of defence.
But the question is whether these firewalls are strong enough to make our devices
safe from cyber-attacks. The answer may be “no.” The best practice is to use a
firewall system when using the Internet. However, it is important to use other
defence systems to help protect the network and data stored on the computer.
10
Because cyber threats are continually evolving, a firewall should not be the only
consideration for protecting the home network.
Types of Firewalls
Depending on their structure and functionality, there are different types of firewalls:
➢ Proxy Firewall
➢ Packet-filtering firewalls
➢ Stateful Multi-layer Inspection (SMLI) Firewall
11
➢ Unified threat management (UTM) firewall
➢ Next-generation firewall (NGFW)
➢ Network address translation (NAT) firewalls
You can divide firewall types into several categories based on their general
structure and method of operation. Here are the five types of firewalls and their
three modes of deployment.
As the most “basic” and oldest type of firewall architecture, packet-filtering firewalls
create a checkpoint at a traffic router or switch. The firewall performs a simple check
of the data packets coming through the router—inspecting information such as the
destination and origination IP address, packet type, port number, and other surface-
level details without opening the packet to examine its contents. It then drops the
packet if the information packet does not pass the inspection
The good thing about these firewalls is that they are not very resource-intensive.
Using fewer resources means they are relatively simple and do not significantly
12
impact system performance. However, they are also relatively easy to bypass
compared to firewalls with more robust inspection capabilities.
This firewall type combines packet inspection technology and TCP handshake
verification to create a more significant level of protection than either of the two
architectures could provide alone.
13
device. Rather than letting traffic connect directly, the proxy firewall first establishes
a connection to the source of the traffic and inspects the incoming data packet.
This check is like the stateful inspection firewall in looking at both the packet
and the TCP handshake protocol. However, proxy firewalls may also perform deep-
layer packet inspections, checking the actual contents of the information packet to
verify that it contains no malware.
Once the check is complete and the packet is approved to connect to the
destination, the proxy sends it off. This creates an extra layer of separation between
the “client” (the system where the packet originated) and the individual devices on
your network—obscuring them to create additional anonymity and protection for
your network.
The one drawback to proxy firewalls is that they can create a significant
slowdown because of the extra steps in the data packet transfer process.
14
The issue is that there is no one definition of a next-generation firewall, so
verifying what specific capabilities such firewalls have before investing in one is
essential.
Hardware firewalls use a physical appliance that acts like a traffic router to intercept
data packets and traffic requests before they are connected to the network’s servers.
Physical appliance-based firewalls like this excel at perimeter security by ensuring
malicious traffic from outside the network are intercepted before the company’s
network endpoints are exposed to risk.
However, the major weakness of a hardware-based firewall is that it is often easy for
insider attacks to bypass them. Also, the actual capabilities of a hardware firewall
may vary depending on the manufacturer—some may have a more limited capacity
to handle simultaneous connections than others, for example.
Firewall D-Hand shows a data cloud with a protective shield for cloud firewall
Whenever you use a cloud solution to deliver a firewall, it can be called a cloud
15
firewall or firewall-as-a-service (FaaS). Many consider cloud fire walls synonymous
with proxy firewalls since a cloud server is often used in a firewall setup (though the
proxy does not necessarily have to be on the cloud, it frequently is).
A Client-Server relation is made with the help of the Security so that there is
only one server and various clients which are authorized persons to use that server
for example On Amazon site there are various clients that are their costumers and
each person have their own account which has a username and password so that only
the valid person can use that account.
In this proper access control mechanism is maintained to ensure that only the
authenticated users are allowed to access the resources in which they are interested.
Such mechanism includes password protection, bio-metrics, encrypted payment
system and firewalls.
16
2. Common Security Threats in e-commerce:
➢ Physical Security Holes: In this there is the unauthorized access to the data
and the hackers gain the password.
18
➢ Software Security Holes: In this there is hole due to bad program and due to
send mail hole- knee88, root access.
➢ Inconsistent usage Holes: In this the admin assembles the hardware and
software.
➢ To overcome these problems the following Protection methods have been
developed
PROTECTION METHODS:
➢ Trust based Security: In this approach we assume that no one get access to
the data that it will get the root access and delete the files.
➢ Security through Obscurity: In this we hide our password in binary files or
in the scripts with the
➢ Password Schemes: In this we make a strong password by using a mixed
password or changing password.
➢ Biometric System: In this there are finger prints, palm prints, signature
verification, voice recognition and retinal patterns
Firewalls are important for e-commerce security because they help to control
traffic that goes in and out of a network. They can also detect and prevent
unauthorized access to a network.
Here are some aspects of firewall and network security in e-commerce that should
be considered:
1. Access Control: By defining access policies and rules firewalls ensure that
only authorized personnel can access critical resources such as servers and
databases. This helps prevent unauthorized users from gaining access to
sensitive customer data or e-commerce systems.
2. Intrusion Detection and Prevention: Firewalls equipped with intrusion
detection and prevention systems (IDPS) can detect and respond to various
types of attacks including malware DoS (Denial of Service DDoS (Distributed
Denial of Service SQL injection and cross-site scripting. These systems
analyse network traffic patterns and behaviour to identify and mitigate
potential threats.
3. Secure Remote Access: Many e-commerce organizations provide remote
access to their employees and partners. Virtual Private Network (VPN)
technologies can be used to establish secure encrypted connections over the
internet allowing authorized individuals to access the e-commerce systems
securely.
4. Secure Sockets Layer (SSL)/Transport Layer Security (TLS):
Implementing SSL/TLS protocols ensures secure communication by
encrypting data transmitted between clients and e-commerce servers.
SSL/TLS certificates enable the verification of the identity of a website
20
protecting sensitive information such as credit card details and personal data
during transmission.
5. Network Segmentation: In an e-commerce network it is crucial to segment
different types of systems and resources. By implementing network
segmentation organizations can isolate sensitive databases payment gateways
and other critical assets from less secure components like web servers.
Firewalls can enforce access control policies between these segments limiting
the attack surface and containing potential breaches.
6. Continuous Monitoring and Logging: It is essential to continuously monitor
network traffic system logs and security events to identify any malicious or
abnormal activities promptly. Firewalls should be configured to log relevant
information allowing security teams to perform forensic investigations in case
of security incidents.
7. Regular Updates and Patching: Firewalls and associated security systems
should be kept up to date with the latest firmware patches and security
updates. Regularly applying these updates helps address known
vulnerabilities and protect against emerging threats.
In summary firewalls and network security measures are crucial for maintaining
a secure e-commerce environment. These measures help protect customer data
prevent unauthorized access detect and respond to threats enable secure remote
access and ensure the confidentiality integrity and availability of e-commerce
systems. Implementing a multi-layered security approach including firewalls
IDS/IDPS SSL/TLS network segmentation and continuous monitoring is essential
to safeguarding an e-commerce infrastructure.
21
Data and message security:
Data Security:
Electronic data security is important at a time when people are considering banking
and other financial transaction by PCs. One major threat to data security is
unauthorized network monitoring also called Packet sniffing.
Data and message security in e-commerce refer to the measures and practices
put in place to protect sensitive information during online transactions. Given the
increasing prevalence of cyber threats and the potential risks associated with online
transactions ensuring data and message security is vital for the trust and confidence
of customers in e-commerce platforms.
Data security generally suffers from packet sniffing. Sniffing attack begin
when a computer is compromised to sharing some data or program. Cracker starts to
install packet sniff into data that monitors the networks sniffer program to attack on
network traffic, telnet, FTP, or rlogin sessions: session that legitimate user initiates
to gain access to another system. The session contains the login ID, password and
name of the person that are logging into other machines, all this type of necessary
information a sniffer needs to login into machine.
22
1. Secure Sockets Layer (SSL) Encryption: SSL is a cryptographic protocol
that ensures secure communication between web servers and browsers. It
encrypts data during transmission making it difficult for hackers to intercept
and decipher the information. For example, when you enter your credit card
details on an e-commerce website SSL encrypts the data to protect it from
being accessed or manipulated.
2. Payment Card Industry Data Security Standard (PCI DSS) Compliance:
PCI DSS is a set of security guidelines established by major credit card
companies to protect cardholder data. E-commerce businesses that process
credit card payments must comply with these standards. Failure to comply can
result in fines and loss of reputation. Compliance ensures that customer credit
card information is stored securely and securely transmitted during
transactions.
3. Two-Factor Authentication (2FA): 2FA adds an extra layer of security to e-
commerce platforms by requiring users to provide additional verification such
as a unique code or fingerprint in addition to their password. This prevents
unauthorized access even if the password is compromised. For instance, when
logging into an e-commerce account a one-time code is sent to the user’s
registered mobile number which needs to be entered along with the password.
4. Secure Password Policies: Strong password policies are essential to protect
customer accounts from being hacked. E-commerce platforms should enforce
password complexity such as requiring a combination of letters numbers and
special characters. Passwords should also be encrypted and stored securely in
databases making it difficult for attackers to obtain and use them.
5. Regular Security Audits and Vulnerability Assessments: E-commerce
businesses should conduct frequent security audits and vulnerability
assessments to identify and address any potential weaknesses in their systems.
23
For example, automated tools can be used to scan websites for vulnerabilities
such as outdated software versions or XSS (Cross-Site Scripting)
vulnerabilities. Timely detection and remediation of these vulnerabilities can
prevent potential data breaches.
6. Secure Data Storage: E-commerce platforms must ensure that customer data
such as personal information and payment details is stored securely. This
involves implementing strong access controls encryption and data backup
systems. Regularly monitoring the storage infrastructure and employing
secure data storage practices helps to minimize the risk of data breaches.
7. Secure Third-Party Integrations: Many e-commerce platforms rely on
third-party integrations or services for various functionalities such as payment
gateways or analytics tools. It is crucial to ensure that these integrations are
secure and comply with data security standards. Regularly assess and monitor
the security measures implemented by these third parties to safeguard
customer data.
Message Security:
24
Here are some essential aspects of message security in e-commerce:
25
5. Digital Signatures: Digital signatures ensure message authenticity by using a
cryptographic algorithm to attach a unique identifier to a message. This
identifier can be verified by the recipient to ensure the message has not been
modified and originated from the claimed sender.
6. Two-Factor Authentication (2FA): By implementing 2FA e-commerce
platforms can add an extra layer of security during the login process requiring
users to provide an additional authentication factor such as a one-time
password (OTP in addition to their regular credentials.
7. Intrusion Detection Systems (IDS): IDSs monitor network traffic to detect
and respond to malicious activity. They can help identify and prevent
unauthorized access attempts and potential security breaches in real-time.
8. Regular Security Updates and Vulnerability Assessments: E-commerce
platforms should implement regular security updates to ensure the latest
security patches and fixes are applied. Additionally conducting vulnerability
assessments and penetration testing helps identify any potential weaknesses
in the system and address them proactively.
26
Encrypted Documents and Electronic Mail:
Encrypted Documents:
3. SSL/TLS: Secure Socket Layer (SSL) and Transport Layer Security (TLS)
protocols play a crucial role in establishing a secure communication channel
for e-commerce transactions. They enable encrypted connections between a
web server and a client’s browser ensuring that sensitive data such as credit
card information is encrypted during transmission.
29
key rotation and employing strong unique passwords for encryption keys
helps maintain the security of the system.
Electronic mail
Electronic mail commonly known as email is a digital method of exchanging
messages and other types of electronic communication through a computer network.
It has revolutionized communication in many areas including e-commerce.
To enhance email security encryption can be applied to protect the content and
attachments within emails. Email encryption safeguards sensitive information by
rendering it unreadable to unauthorized parties.
30
b. Pretty Good Privacy (PGP): PGP is a widely-used encryption technology
that allows users to encrypt and digitally sign individual emails. It uses both
symmetric and asymmetric encryption to ensure confidentiality and
authenticity.
32