E-commerce Security Issues THIS CHAPTER DISCUSSES THE ROLE OF SECURITYin e-commerce.We will discuss who might be interested in your information and how they might try to obtain it, the p
Trang 1nonexistent, in the pipeline, or immature.This is unlikely to last Some business models might be threatened, regulated, or eliminated by future legislation.Taxes might be added You cannot avoid these issues.The only way to deal with them is to keep up-to-date with what is happening and keep your site in line with the legislation.You might want
to consider joining any appropriate lobby groups as issues arise
System Capacity Limits
One thing to bear in mind when designing your system is growth.Your system will hopefully get busier and busier It should be designed in such a way that it will scale to cope with demand
For limited growth, you can increase capacity by simply buying faster hardware.There
is a limit to how fast a computer you can buy Is your software written so that after you reach this point, you can separate parts of it to share the load on multiple systems? Can your database handle multiple concurrent requests from different machines?
Few systems cope with massive growth effortlessly, but if you design it with scalability
in mind, you should be able to identify and eliminate bottlenecks as your customer base grows
Deciding on a Strategy
Some people believe that the Internet changes too fast to allow effective planning.We would argue that it is this very changeability that makes planning crucial.Without setting goals and deciding on a strategy, you will be left reacting to changes as they occur, rather than being able to act in anticipation of change
Having examined some of the typical goals for a commercial Web site, and some of the main threats, you hopefully have some strategies for your own
Your strategy will need to identify a business model.The model will usually be some-thing that has been shown to work elsewhere, but is sometimes a new idea that you have faith in.Will you adapt your existing business model to the Web, mimic an existing com-petitor, or aggressively create a pioneering service?
Next
In the next chapter, we will look specifically at security for e-commerce, providing an overview of security terms, threats, and techniques
Trang 2E-commerce Security Issues
THIS CHAPTER DISCUSSES THE ROLE OF SECURITYin e-commerce.We will discuss who might be interested in your information and how they might try to obtain it, the princi-ples involved in creating a policy to avoid these kinds of problems, and some of the tech-nologies available for safeguarding the security of a Web site including encryption, authentication, and tracking
Topics include
n How important is your information?
n Security threats
n Creating a security policy
n Balancing usability, performance, cost, and security
n Authentication principles
n Using authentication
n Encryption basics
n Private key encryption
n Public key encryption
n Digital signatures
n Digital certificates
n Secure Web servers
n Auditing and logging
n Firewalls
n Backing up data
n Physical security
Trang 3what you are protecting.You need to consider its importance both to you and to poten-tial crackers
It might be tempting to believe that the highest possible level of security is required for all sites at all times, but protection comes at a cost Before deciding how much effort
or expense your security warrants, you need to decide how much your information is worth
The value of the information stored on the computer of a hobby user, a business, a bank, and a military organization obviously varies.The lengths to which an attacker would be likely to go in order to obtain access to that information vary similarly How attractive would the contents of your machines be to a malicious visitor?
Hobby users will probably have limited time to learn about or work towards securing their systems Given that information stored on their machines is likely to be of limited value to anyone other than its owner, attacks are likely to be infrequent and involve lim-ited effort However, all network computer users should take sensible precautions Even the computer with the least interesting data still has significant appeal as an anonymous launching pad for attacks on other systems
Military computers are an obvious target for both individuals and foreign govern-ments As attacking governments might have extensive resources, it would be wise to invest personnel and other resources to ensure that all practical precautions are taken in this domain
If you are responsible for an e-commerce site, its attractiveness to crackers presumably falls somewhere between these two extremes
Security Threats
What is at risk on your site? What threats are out there?
We discussed some of the threats to an e-commerce business in Chapter 12,
“Running an E-commerce Site.” Many of these relate to security
Depending on your Web site, security threats might include
n Exposure of confidential data
n Loss or destruction of data
n Modification of data
n Denial of service
n Errors in software
n Repudiation Let’s run through each of these threats
Trang 4Exposure of Confidential Data
Data stored on your computers, or being transmitted to or from your computers, might
be confidential It might be information that only certain people are intended to see such as wholesale price lists It might be confidential information provided by a cus-tomer, such as his password, contact details, and credit card number
Hopefully you are not storing information on your Web server that you do not intend anyone to see A Web server is the wrong place for secret information If you were storing your payroll records or your plan for world domination on a computer, you would be wise to use a computer other than your Web server.The Web server is inher-ently a publicly accessible machine, and should only contain information that either needs to be provided to the public or has recently been collected from the public
To reduce the risk of exposure, you need to limit the methods by which information can be accessed and limit the people who can access it.This involves designing with security in mind, configuring your server and software properly, programming carefully, testing thoroughly, removing unnecessary services from the Web server, and requiring authentication
Design, configure, code, and test carefully to reduce the risk of a successful criminal attack and, equally important, to reduce the chance that an error will leave your infor-mation open to accidental exposure
Remove unnecessary services from your Web server to decrease the number of potential weak points Each service you are running might have vulnerabilities Each one needs to be kept up-to-date to ensure that known vulnerabilities are not present.The services that you do not use might be more dangerous If you never use the command
rcp, why have the service installed?1If you tell the installer that your machine is a net-work host, the major Linux distributions and Windows NT install a large number of services that you do not need and should remove
Authentication means asking people to prove their identity.When the system knows
who is making a request, it can decide whether that person is allowed access.There are a number of possible methods of authentication, but only two commonly used forms—
passwords and digital signatures.We will talk a little more about both later
CD Universe offers a good example of the cost both in dollars and reputation of allowing confidential information to be exposed In late 1999, a cracker calling himself Maxus reportedly contacted CD Universe, claiming to have 300,000 credit card numbers stolen from their site He wanted a $100,000 (U.S.) ransom from the site to destroy the numbers.They refused and found themselves in embarrassing coverage on the front pages of major newspapers as Maxus doled out numbers for others to abuse
Data is also at risk of exposure while it traverses a network Although TCP/IP
net-works have many fine features that have made them the de facto standard for connecting
diverse networks together as the Internet, security is not one of them.TCP/IP works by
1 Even if you do currently use rcp , you should probably remove it and use scp (secure copy) instead.
Trang 5could view your data as it passes by.
Source Destination
The Internet
Figure 13.1 Transmitting information via the Internet sends your information via a number of potentially untrustworthy hosts.
To see the path that data takes from you to a particular machine, you can use the com-mand traceroute(on a Unix machine).This command will give you the addresses of the machines that your data passes through to reach that host For a host in your own country, data is likely to pass through 10 different machines For an international machine, there can be more than 20 intermediaries If your organization has a large and complex network, your data might pass through five machines before it even leaves the building
To protect confidential information, you can encrypt it before it is sent across a net-work, and decrypt it at the other end.Web servers often use Secure Socket Layer (SSL), developed by Netscape, to accomplish this as data travels between Web servers and browsers.This is a fairly low-cost, low-effort way of securing transmissions, but because your server needs to encrypt and decrypt data rather than simply sending and receiving
it, the number of visitors-per-second that a machine can serve drops dramatically
Loss or Destruction of Data
It can be more costly for you to lose data than to have it revealed If you have spent months building up your site, gathering user data and orders, how much would it cost you, in time, reputation, and dollars to lose all that information? If you had no backups
of any of your data, you would need to rewrite the Web site in a hurry and start from scratch