After studying this unit, students would be able to understand
The concept of E-Security
Dimensions of Security Design
Firewalls and system integrity
Protection from intruders
The term “e-security” is often interchangeable used with other terms such as “internet
security”, “cyber security”, and / or “IT Security”.
Broadly “e-security encompasses security aspects of the information economy, including
information systems and communications networks”.
E-Security is a branch of computer security specifically related to the Internet, often involving
browser security but also network security.
Its objective is to establish rules and measures to use against attacks over the Internet.
Importance of E-commerce security:
E-security addresses the security of a company, locates its vulnerabilities and supervises
the mechanisms implemented to protect the on-line services provided by the company, in order
to keep adversaries (hackers, malicious users and intruders) from getting into the company’s
networks, computers and services.
Thus, in order to protect the critical information in electronic form belonging to any private or
public sector organization, we need to employ the e-security measures.
Common e-commerce pitfalls
In an enterprise, a security exposure might result in possible damage in the organizations information and
communication systems. Example of exposure includes unauthorized disclosure of information,
modification of business or employer’s data and denial of legal access to the information system.
Hackers gain access to information
Inadequate security enables hackers to gain access to sensitive business data (price lists, catalogues, intellectual
property, etc).Hackers may also gain access to the information of your business or customers with a view to
Loss of customer confidence
Security breaches can damage the confidence of customers in e-commerce service. A lack of customer confidence is
fatal to the success of online venture.
Denial-of-service attacks prevent access to authorized users, so that the site is forced to offer a reduced level of
service or cease operation completely.
The tools which are used to secure e-commerce are:
Firewalls-hardware and software
Fundamentals of Computer Security
Computer security has several fundamental goals:
Confidential − Information should not be accessible to unauthorized person. It should not be intercepted during
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever requirement within time limit specified.
Authenticity − There should be a mechanism to authenticate user before giving him/her access to required
Non-Reputability − It is protection against denial of order or denial of payment. Once a sender sends a
message, the sender should not able to deny sending the message. Similarly the recipient of message should
not be able to deny receipt.
Encryption − Information should be encrypted and decrypted only by authorized user.
Auditable − Data should be recorded in such a way that it can be audited for integrity requirements.
All security solutions need to begin with a policy. Some basic security policy questions that must be
What components are most critical but vulnerable?
What information is confidential and needs to be protected?
How will confidentiality be ensured?
What authentication system should be used?
What intrusion detection systems should be installed?
Who has authority and responsibility for installing and configuring critical e-business infrastructure?
What plans need to be in place to ensure continuity or minimum disruption of service?
A viable security policy should have the following characteristics:
The policy must be clear and concise
Compliance must be verifiable and enforceable
Systems must have good control for legitimate use: access, authentication, and authorization
There must be regular backup of all critical data
There must be a disaster recovery and business continuity plan
Measures to ensure Security
Major security measures are as follows:
Anything with the capability, technology, opportunity and intent to do harm is called threat. E-commerce
threats can be classified into the following categories;
1. Intellectual property threats -- use existing materials found on the Internet without the owner's permission,
domain name (cybersquatting),
2. Client computer threats
3. Server threats
4. Communication channel threats
A procedure that recognizes, reduces, or eliminates a
1. Intellectual property protection
2. Client computer protection
Computer forensics expert
A procedure that recognizes, reduces, or eliminates a
– Access control and authentication
* Username and password
* Access control list
Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list
of trusted addresses (prone to IP spoofing)
A computer virus is a type of malware that is intentionally written to gain entry into your computer, without
your knowledge or permission. It has the capacity to modify or replicate itself, in which case it will continue
Types of Computer Viruses
Macro viruses infect files that are created using certain applications or programs that contain macros, like
.doc, .xls, .pps, .mdb, etc.
These types of viruses delete any information in a file they infect, leaving them partially or completely
useless once they are infected.
Web Scripting Virus
Most web pages include some complex codes in order to create an interactive and interesting content. Such
a code is often exploited to cause certain undesirable actions.
This program is very similar to a virus and has the ability to self-replicate leading to negative effects on your
computer. But they can be detected and eliminated by an antivirus software.
Trojans can illegally trace important login details of users online. For example E-Banking is very common
among users, therefore, vulnerability of tracing your login details whenever your PC is working without any
strong powerful antivirus installed.
This is a virus spread via an email. Such a virus will hide in an email and when the recipient opens the mail.
They are not considered viruses because they do not replicate. They are not even programs in their own
right, but rather camouflaged segments of other programs. They are only executed when a certain
predefined condition is met.
The following points will highlight the ways in which virus can be detected:
If your computer starts performing differently for no apparent reason, it may be infected by a virus.
Antivirus software will give a warning of an infection. However, that may not happen if it is not updated or if
antivirus software stops functioning for some reason. (For example, some viruses attack antivirus software).