I suppose
the good news is that in this day and age you can no longer shoot the
messenger. Sometime back in 2th
century BC Persia, messengers would take messages from kings to kings. These messages were usually in encrypted form
and at times tattooed on the scalp of the messenger. Frequently if these would turn out to be bad
news and the receiver did not like the content he would order beheading of the
messenger. I suppose during those days
there was a high turn over of messengers not just through beheading but also
due to limited surface area of their scalp.
I suppose at
this stage best thing to do would be to consider a typical scenario of
transaction on the Internet. This should
help us put in perspective the types of security threats that one is likely to
suffer from.
Consumer
logs into merchant's website in order to purchase a product. Consumer places the product in a shopping
cart and gives the merchant particulars such as delivery address and credit
card number. Merchant forwards a
delivery note to its warehouse and product is delivered to the consumer
possibly through the use of an external service provider such as FedEx. Credit card information is forwarded by the Merchant
to the appropriate financial institution such as MasterCard via a payment gateway
and its bank and there is communication between the merchant's and consumer's
banks with regard to clearing of funds.
Here assumption is made that all communication takes place on the
Internet. Some of these connections
could be on very private leased lines or proprietary networks.
Let us
consider some of the risks. I suppose
the most obvious of risks are to the consumer although merchant is also
suseptable.
What if consumer
pays for the product but never receive it?
What if credit card information of consumer is intercepted on the Internet
and a considerable amount is charged to the account? Bogus sites could be set up to con the consumer
to divulge private inofrmation. This is called Web spoofing.
Privacy is
a major concern to the consumer. Every
time a message is forwarded from one computer to another across the Internet,
it travels through many networks and routing devices. Any other computer that is connected to these
networks can intercept the message through a method called sniffing.
The more
frequent dangers to the merchant (and to a certain extent to the consumer) are
if merchant's system is compromised and intruders get access to customer information?
Merchant's
system like any other system is limited in terms of its resources (bandwidth,
memory, speed,..). What if merchant's
system is overwhelmed by sudden malicious increase in traffic that would impair
its performance? Organisations that
do bulk of hteir business online are highly suseptable to denial of service attack.
|
State
and explain as many ways as you can think of, in which online business
systems can be compromised? Which are
the more frequent ones? Justify your
comments. |
|
|
|
Can
you name three major threats that a merchant should be concerned with? |
|
|
|
Why
do peaple endovour to compromise systems? |
|
|