Hewlet Packard

Hewlet Packard

Security in E-Business

Security in E-Business: An Introduction

          A central issue in the commercial use of the Internet is security. Surveys state that the economic success of electronic business applications is inhibited because the Internet lacks appropriate security measures. One way to increase the trust of consumers in electronic business applications is to establish a standardized quantification of security. It is important to find a security quantifier – not only to compare systems with one another but also to analyze and design electronic business applications.

          An Electronic Business Application (EBA) is a system consisting of a server system (at the merchant’s location), a client system (at the customer’s location), and the transmission way in between, which is assumed to be insecure and un-trusted.

We need to secure our environment so that we can perform things, as we want to get them done. E-terrorism, E-damage, E-security are being the buzzword nowadays in IT world.

Security concerns in E-business have been receiving highest attention both from designers and government. Since, shift is from paper to electronic media and transactions happen from remote and unknown locations, ascertaining the genuine nature of commercial transactions is difficult.

 

What Is Security?

          Security is not a product, nor is IT technology. Security is a process. The process of security consists of many things. It contains preventive control measures and a healthy dose of awareness. It includes disaster recovery and business continuity. Various products and technologies support all of these elements of the process. The process of the security is a state of mind that must permeate a co-operation and its culture to be effective.

          If we tell the security community that you have had problem stopping a certain virus we are at the same time also enlightening the hacker’s community. We read their websites and they read ours. Time is the hacker’s strength. Our network has to keep doing what it is doing 24 hours a day, 7 days a week, to maintain our operational capability. The hacker can sit and wait and increase the probability of detection, change strategies.

A hacker targets products of the huge customer base and each successful attack leads to a very high level of damage and provides wide publicity.

 

General Security Objectives

          Traditionally, when talking about data security usually four security objectives are identified: confidentiality, integrity, authenticity, audit ability and availability. To better suit the needs of electronic business with all its legal aspects more security objectives have been identified. The most important one is accountability.

 

      Confidentiality

          Describes the state in which data is protected from unauthorized disclosure. A loss of confidentiality occurs when the contents of a communication or a file are disclosed. Information should be protected from prying eyes of unauthorized internal users, external hackers and from being intercepted during transmission on communication networks by making it unintelligible to the attacker.

 

      Integrity

          Integrity means that the data has not been altered or destroyed which can be done accidentally (e.g. transmission errors) or with malicious intent (e.g. sabotage). Suitable mechanisms are required to ensure end-to-end message content and copy authentication.

 

      Availability

          Availability refers to the fact that data and systems can be accessed by authorized persons within an appropriate period of time. Reasons for loss of availability may be attacks or instabilities of the system. The information that is stored or transmitted across communication networks should be available whenever required and to whatever extent as desired within pre-established time constraints.

 

      Accountability

          If the accountability of a system is guaranteed, the participants of a communication activity can be sure that their communication partner is the one he or she claims to be. So the communication partners can be held accountable for their actions.

 

      Authenticity

          It should be possible to prevent any person or object from hidden as some other person or object. When a message is received it should therefore be possible to verify whether it has indeed been sent by the person or object claiming to be the originator. Similarly, it should also be possible to ensure that the message is sent to the person or object for whom it was meant. This implies the need for reliable identification of the originator and recipient of data.

 

      Audit ability

          Audit data must be recorded in such a way that all specified confidentiality and integrity requirements are met. Implementing a security solution in an Electronic Commerce environment therefore, necessitates a Risk Analysis of the business scenario. All possible threats should be considered and a security requirements policy drawn out from the organization based on a combination of some or all of the services listed above.

     Non-Repudiation (NR)

          The ability to provide proof of the origin or delivery of data is an important aspect of accountability. NR protects the sender against a false denial by the recipient that the data has been received. In other words, a receiver cannot say that he/she never received the data, and the sender cannot say that he/she never sent any data.

 

Security Goals

 

      Prevent malicious damage.

      Prevent accidental damage.

      Limit the impact of deletions.

      Prevent unauthorized access to locations.

      Provide integrity and confidentiality of data.

Provide disaster recovery system.

 

Network Security Plan

          It is very important to create a list of the company’s priorities for a security system. There is no one simple answer to the network security dilemma. Each security solution has clear advantages and disadvantages, and every company’s network has a different list of needs and a different order of priorities.

          The top three concerns for an E-business network are the levels of security, simplicity, and cost efficiency. Obviously security, simplicity, and cost efficiency overlap in many areas when used in the context of network security, and that is why a list of priorities is the best way to start a security plan. A successful solution most often uses a combination of both user-based security and traffic-based security to control the network.

 

Security on web is implemented through a layered system each checking and protecting the flow of information. The layers are the following:

 

      Source and destination relation.

      Authorization of individual – password.

      Authentication.

      Encryption of message for integrity.

      Using of public key / private key for unauthorized exposure.

      Checking the access to intranet and access to other websites through internet.

      Finally but not less important is the physical security to Intranet.

      Use of fault tolerant system, disk mirroring, duplicating and use of Raid (Redundant Array of Inexpensive Disks).

 

Web Server Security

 

 

          The server that connects your company to the Internet and the Internet to your company is in constant danger. It is important to have a clear idea about what the dangers are surrounding that server and what security measures can be taken to protect it.

 

Why Web Server Security Is Needed?

          The term “hackers” sends a chill down any e-business network administrator’s spine if only because of widely published media stories that surface again and again in the form of computer legends. Although most of the hype can be attributed to paranoia, there is a lot to worry about when it comes to securing Web servers.

          Attacks on the Web servers or done for two reasons. The first is that an attack of that sort can give the intruder vital information that can be used in the future to gain access to a private network. The second possible objective behind a Web server attack is to gain access to a private network. The second possible objective behind a Web server attack is to gain access to the Internet interface itself and change the information that is posted on the Internet.

 

 

E-mail Security

Introduction

E-mail, especially Internet e-mail, has become a basic communications tool. It is one of the most versatile means of transferring information of almost any kind. Any business application where there is a need to transfer information without the requirement for online lookup can be automated with e-mail. Email is also the easiest architecture to deploy for communications with remote employees, business partners, etc.

However, email is notoriously insecure. It is highly vulnerable to interception, and forgery of e-mail is trivial. Therefore without proper security measures, it is highly inadvisable to transfer sensitive information by e-mail, or to put too much trust on information received via e-mail.

‘Spam’ is one of the most prevalent threats to network integrity on the public Internet. It causes denial of service at the network level, by flooding bandwidth and overloading email hosts. It reduces productivity both of mail administrators and of end users. This is one area where organizations should give thrust while considering email-messaging security.

 

Virus Defenses

Virus protection is an important risk factor, that any company should be considered when it will be connecting to the Internet. Thus, many companies are building defenses against the spread of viruses by centralizing the distribution and updating of antivirus software as a responsibility of there is departments. Other companies are outsourcing the virus protection responsibility to their Internet service providers or to telecommunication or security management companies.

 

Things to Be Emphasized For E-Security

 

      Creating a Security Strategy.

      Cryptographic Tools.

      Cyber terrorism.

      Defenses from Viruses.

      Firewall Systems.

      Privacy on the Internet.

      Security service management.

      Verification of Authenticity.

 

            So, if we can follow all these steps then we can make safe and secure our entire business network.

 

SUMMARY

 

E-business depends on providing customers, partners, and employees with access to information, in a way that is controlled and secure. Managing e-business security is a multifaceted challenge and requires the coordination of business policy and practice with appropriate technology. In addition to deploying standards bases, flexible and interoperable systems, the technology must provide assurance of the security provided in the products.

 

As technology matures and secure e-business systems are deployed, companies will be better positioned to manage the risks associated with disintermediation of data access. Through this process businesses will enhance their competitive edge while also working to protect critical business infrastructures from malefactors like hackers, disgruntled employees, criminals and corporate spies.

 

We have to also think about prevention of malicious damages, accidental damages, unauthorized access to locations, provide integrity and confidentiality of data, and for disaster recovery system.

 

REFERENCES

 

Books

[1]      Amor Daniel, The E-Business (R) evolution, Hewlet–Packard Professional Books – Prentice Hall PTR., New Delhi, 2000.

[2]      Bajaj Kamlesh K. & Nag Debjani, E-Commerce The Cutting Edge of Business, Tata McGraw - Hill Publishing Company Limited. New Delhi, 2003.

[3]      E-Commerce Perspectives from different parts of the World, IT Pro, Nov/Dec 1999, IEEE Publication.

[4]      Elesenpeter Robert C. & Velte Toby J., eBusiness: A Beginner’s Guide, Tata McGraw - Hill Publishing Company Limited, New Delhi, 2001.

[5]      Jawadekar W. S., Management Information System, Tata McGraw - Hill Publishing Company Limited, New Delhi, 2003.

[6]      Kanter Jerome, Managing With Information, Prentice Hall of India Private Limited, New Delhi, 1998.

[7]      O’Brien James A., Management Information System, Galgotia Publications Pvt. Ltd., New Delhi, 1995, 2002.

 

Journals, Magazines and Reports

 

[1]      Computer Today 1-15 March, 1-15 April, 16-31August           2001.

[2]      "Electronic Commerce Technologies & Applications" IPAG      journal,

          Nov-Dec 1999.

[3]      Network Computing 1-15 October 2001.

[4]      Panagariya Arvind, E-Commerce, WTO and Developing Countries, 1999.

[5]      Special Issue of IEEE Communication Magazine on E-  Commerce, 

          September, 1999.

[6]      Towards Digital eQuality, US Govt. Working Group on Electronic

          Commerce, Second Annual Report, Nov.1999.

Web Sites Visited

1. amjadumar.com
2. cert.org
3. counterpane.com
4. cswl.com
5. loc.gov
6. oreilly.com
7. siegesoft.com
8. symantec.com
9. xforce.iss.net
10. csrc.nist.gov/nissc/1998/proceedings/paperD13.pdf

NOTE: Add www in the links from 1-9 and http:// in the last link. Thank you.

About the Author

Packard $70.1 High Quality Content by WIKIPEDIA articles Packard was an American luxury automobile marque built by the Packard Motor Car Company of Detroit, Michigan, and later by the StudebakerPackard Corporation of South Bend, Indiana. The first Packard automobiles were produced in 1899 and the last in 1958.Packard was founded by James Ward Packard (Lehigh University Class of 1884), his brother William Doud Packard and their partner, George Lewis Weiss, in the city of Warren, Ohio. James Ward Packard believed that they could build a better horseless carriage than the Winton cars owned by Weiss (an important Winton stockholder) and, being himself a mechanical engineer, had some ideas for improvement on the designs of current automobiles. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 92 Publication Date: 2010/09/05 Language: English Dimensions: 9.02 x 5.98 x 0.22 inches

ACP - Memory Upgrades 512MB DDR2 SDRAM Memory Module $18.99 1 x 512 MB 240-pin 512 MB 512MB DDR2 SDRAM Memory Module 667 MHz Hewlet Packard: DC7600 Series DX7200 Series Add-On Computer's entire line of memory modules allows you and your business to be more efficient. Our memory line includes the most reliable & high performing memory modules. ACP - Memory Upgrades DDR2 SDRAM DDR2-667/PC2-5300 Lifetime PX975AAAA RAM Module www.addoncomputer.com

Packard, c.1913 $39.99 Earl Horter Packard, c.1913 - Giclee Print

Packard at Shoreline $39.99 Graham Reynold Packard at Shoreline - Premium Giclee Print

Hewlett Packard $37.5 Cardpool pays out 75% for Hewlett Packard Gift Cards

EDGE Tech 2GB DDR2 SDRAM Memory Module $82.99 1 x 2 GB 2 GB 240-pin 2GB DDR2 SDRAM Memory Module 667 MHz Hewlet Packard: xw8400 Workstation xw6400 Workstation EDGE Memory products provide maximum power, speed, quality and reliability. Peripheral's trademarked, distinctive blue EDGE is our assurance to users that they have purchased a high quality memory upgrade that meets or exceeds the OEM's specifications and has passed our rigorous quality control processes. DDR2 SDRAM DDR2-667/PC2-5300 ECC EDGE EDGE Tech Corporation EM161AA-PE Fully Buffered Lifetime RAM Module www.edgetechcorp.com

EDGE Tech 1GB DDR2 SDRAM Memory Module $50.99 1 GB 1 x 1 GB 1GB DDR2 SDRAM Memory Module 240-pin 667 MHz Hewlet Packard: xw6400 Workstation xw8400 Workstation EDGE Memory products provide maximum power, speed, quality and reliability. Peripheral's trademarked, distinctive blue EDGE is our assurance to users that they have purchased a high quality memory upgrade that meets or exceeds the OEM's specifications and has passed our rigorous quality control processes. DDR2 SDRAM DDR2-667/PC2-5300 ECC EDGE EDGE Tech Corporation EM160AA-PE Fully Buffered Lifetime RAM Module www.edgetechcorp.com

Author Vance Packard $79.99 Author Vance Packard - Premium Photographic Print

Packard Plant, Detroit, Michigan $24.99 Packard Plant, Detroit, Michigan - Premium Poster

Classics Packard, 1955 $16.99 Kenneth Gregg Classics Packard, 1955 - Art Print

1938 Packard Phaeton $16.99 Graham Reynolds 1938 Packard Phaeton - Art Print

1953 Packard Carribbean $16.99 Graham Reynolds 1953 Packard Carribbean - Art Print

packard cardigan $195 The Packard Cardigan is part of our Knitwear collection. Made from the finest cashmere and cotton, these pieces are great for layering on cold days or for adding a splash of colour to your outfit. The Packard Cardigan features: Available colours: Black,Navy Available sizes: XS,S,M,L,XL,XXL

Packard Patrician $70.1 High Quality Content by WIKIPEDIA articles The Packard Patrician was an automobile built by the Packard Motor Car Company of Detroit, Michigan, from model years 1951 through the 1954, and by the StudebakerPackard Corporation of South Bend, Indiana, during model years 1955 and 1956. During its four years in production, the Patrician was built in Packards Detroit facilities.In 1951 and 1952, the automaker attempted to use a numeric naming structure that designated Packards least expensive models as Packard 200 and Packard 250 and its midrange vehicles as the Packard 300. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 92 Publication Date: 2010/09/05 Language: English Dimensions: 9.02 x 5.98 x 0.22 inches

Packard 300 $74.88 High Quality Content by WIKIPEDIA articles The Packard 300 was an automobile built and sold by the Packard Motor Car Company of Detroit, Michigan for model years 1951 and 1952. The 300 represented the upper midrange Packard model, providing better appointments than the Packard 200 or the Packard 250 models. The premiere Packard offered during these years was the Packard Patrician 400.The 300 model was built as a fourdoor sedan only for both model years, and rode upon Packards 127inch (3,200 mm) wheelbase. The car included the basic trim appointments found in the 200 and 250 models lines plus tinted windows, robe rail for backseat passengers and striped interior fabrics. Exterior trim included full wheel covers and Packards graceful pelican hood ornament. The 300 also received a wrap around rear window which it shared with the Patrician models. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 80 Publication Date: 2010/11/11 Language: English Dimensions: 9.02 x 5.98 x 0.19 inches

Packard Cavalier $58.94 High Quality Content by WIKIPEDIA articles The Packard Cavalier is an automobile produced by the Packard Motor Car Company of Detroit, Michigan during 1953 and 1954. Produced only as a sedan, the Cavalier took the place of the Packard 300 model which was fielded in 1951 and 1952 as Packards midrange priced vehicle.The 1953 Cavalier was easily identified from other Packards by its unique chrome side spear trim.Packard also created a Cavalier subseries under which three other Packard models, marketed under various names were grouped: Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 18 Publication Date: 2010/09/05 Language: English Dimensions: 9.02 x 5.98 x 0.04 inches

Packard, Magazine Advertisement, USA, 1929 $19.99 Packard, Magazine Advertisement, USA, 1929 - Premium Poster

Robert Taylor and His Packard, 1930s $19.99 Robert Taylor and His Packard, 1930s - Premium Poster

Packard Eight Cars, USA, 1938 $19.99 Packard Eight Cars, USA, 1938 - Premium Poster

Packard, Magazine Advertisement, USA, 1930 $19.99 Packard, Magazine Advertisement, USA, 1930 - Premium Poster

Packard Executive $70.1 High Quality Content by WIKIPEDIA articles The Packard Executive was an automobile produced by the PackardClipper Division of the StudebakerPackard Corporation in 1956.The Pacrd Executive was introduced on March 5, 1956 to fill a perceived price gap between the prestige Packard line and the new Clipper brand, which was in its first year as separate brand. In previous years, Clipper models had been Packards. The most expensive Clipper, the Clipper Custom, listed at 3,065 for the 4door sedan. The Packard Executive sedan retailed for 3,465, the Executive 2door coupe 3,560, while the topoftheline Patrician sedan sold for 4,160. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 18 Publication Date: 2010/09/05 Language: English Dimensions: 9.02 x 5.98 x 0.04 inches

Packard Caribbean $58.94 High Quality Content by WIKIPEDIA articles The Packard Caribbean was a halo vehicle produced by the Packard Motor Car Company of Detroit, Michigan during model years 1953 through 1956. Some of the Caribbeans styling was derived from the Pan American Packard show car of the previous year. Produced only as a convertible from 1953 to 1955, the Caribbean added a hardtop model in its final year of 1956.Introduced as part of the Packard Cavalier model range, the 1953 Caribbean was perhaps Packards most easily identified car because of its full cutout rear wheel housing and side trim, limited to a chrome band outline that stretched the entire length of the car. The band also helped to further delineate the cars wheel openings. A steel continental spare tire was also standard. Author: Surhone, Lambert M./ Tennoe, Mariam T./ Henssonow, Susan F. Binding Type: Paperback Number of Pages: 72 Publication Date: 2010/09/05 Language: English Dimensions: 9.02 x 5.98 x 0.17 inches

Packard Vintage Sign by SignPast $68.4 SignPast Vintage Signs in stock now! Read Packard Vintage Sign by SignPast customer reviews. AutoAccessoriesGarage.com has the best selection of SignPast Garage Accessories at the lowest prices around. Packard Vintage Sign by SignPast are chosen by auto enthusiasts everywhere to personalize their vehicles. Packard Vintage Sign by SignPast available now at AutoAccessoriesGarage.

Packard Old Style Light $60 Download the Packard Old Style Light font for Mac or Windows in OpenType, TrueType or PostScript format.