ESecurity,ESecurityCurrent,Sit DIY ESecurity


Normal 0 false false false MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable{mso-style-name:"Table Normal";mso-tstyle-rowband-size:0;mso-tstyle-colband-size:0;mso-style-noshow:yes;mso-style-parent:"";mso-padding-alt:0in When starting a new work at home business it is very easy to become consumed by it. We spend so much time trying to get the business up and running that we may end up becoming burned out and lose our motivation. There is so much to learn and


ESecurityCurrent SituationUp until recently, security was very much like teenage sex in that it was typified by lots of talk but no action. Companies declared their sites as secure simply because the credit card payment page was protected by SSL (Secure Socket Layer). Even now, there is an overwhelming sense of complacency across the industry.However, Etailers, are reportedly still finding that web shoppers are still very concerned about security. It is becoming increasingly essential that Etailers gain the trust and confidence of their customers in order to gain competitive advantage over their competition, but also, simply to stay in business.With the increasing use of Ebusiness for enabling business processes and operations across the internet, it is critical for organizations to recognize information as a valuable business asset and implement controls to secure it, to ensure the privacy of their customer’s data, the integrity of that data and to ensure that they do not lose it!General Security IssuesThe aim of a good security strategy for an Ebusiness organization should be to combine maximum flexibility, performance, and scalability with the highest availability and security. The goal of a security strategy is to protect information assets through:•Authentication – identifying the parties involved in communications and transactions•Access – provide access to appropriate levels of information (with as little inconvenience as possible) to those who should have access, but prevent access to anyone who should not have access, and prevent access beyond the level of information that is appropriate to the user’s ‘class’•Confidentiality – ensuring that information is not accessed by unauthorized parties•Non-Repudiation – ensuring that transactions, once committed, are legally valid and irrevocable•Availability – ensuring that transactions or communications can be executed reliably upon demand. Top management needs to understand that security is a hygiene factor: when it is there, and is effective and efficient, people hardly notice it at all; however, when it is not there it can mean the end of business overnight. It is essential to get it right, particularly for transactions placed over the Internet.Further, management needs to understand that security is a never-ending process. Security policies and measures should be under constant review, network support teams should monitor newsgroups etc for information about the latest threats to security (e.g. the latest virus attacks, hackers , security loopholes in software products, etc), security audits must take place to ensure procedures are working, logs of unauthorized access should be reviewed, and disaster recovery plans should be tested out regularly. Many companies have now either been bitten by the problems inherent in having no real built in security policies, or have seen media reports about others who have been bitten. MSNBC reported cases in which large numbers of credit card numbers and associated information had been stolen from sites in March 2000. Visa had earlier announced that around half its disputes concern internet based credit card transactions, despite these only making up 2% of its total revenue . The Melissa virus caused an estimated $80 million damage, and the Love Bug similarly wreaked havoc across the world. Denial of Service attacks have hit big names like Amazon.com, Ebay and Yahoo, causing loss in terms of revenue and public image. There is much evidence to suggest that reported cases are simply the tip of a very large iceberg as many security breaches go unreported due to the embarrassment caused by admitting to them and the risks to future business of doing so.For the consumer, there is not only the worry that personal information such as credit card data could be stolen, but there is also the worry that anyone they appear to be dealing with on the internet could be untrustworthy – and even when dealing with a company known and trusted there is the risk that in reality the consumer is dealing with an imposter. Thus, it is up to those with integrity who are running websites to find ways to reassure the consumer that it is safe to use their websites – for example, by providing Digital Certificates verified by a trusted third party such as Verisign .It is very difficult for Governments and the Legislation systems to protect the consumer from internet fraudsters and conmen because national boundaries are very difficult to establish or enforce on the internet as content is accessible from everywhere. The US and UK, among others, are investigating the possibility of policing the internet using national ‘cybercrime units’. Financial regulators such as the SEC in the US and the FSA in the UK are looking at measures to help them in controlling websites within their own jurisdictions. International bodies like the OECD and the European Union are working on standards for Ecommerce to be implemented and enforced at a national level by governments, but progress is very slow because industry opposes the idea of government intervention, preferring to rely on self-regulation.Procedures At last, many large organizations are now taking security fairly seriously. However there is still a great deal of misunderstanding about what security really means for an organization that uses Internet technologies to trade. Organizations deploying internet technologies tend to focus on the technologies rather than the procedures behind the technologies. Having solid security procedures in place is often much more important than the technology which is used to implement security. The benefits of using SSL to gather credit card information from a consumer over the web could be nullified if it is common practice within the organization to subsequently email them from one department to another. Putting virus scanning technology into place in an organization is only useful if the virus scanner is updated regularly as new viruses are found. Procedures are required to ensure that the technologies are being used effectively to meet the organizational security goals.Such procedures should include clear divisions of responsibility for the different areas of security: backup procedures, disaster recovery procedures, physical security (security card control, building security, etc), password procedures, system access levels and authorization procedures, virus control procedures, firewall policies, and all other traditional areas of security which an organization should have under control. Procedures should ensure that whenever not in use, server consoles should be locked using passwords, that all access attempts to all systems are logged and audited and that passwords are not easily guessed and are changed regularly. They should ensure that all network systems and web servers are kept in secure locations, and that redundancy systems exist for all key hardware – not only the network systems themselves (including servers, firewalls, hubs and routers) but also air conditioning and power systems.In addition, it is key that proper testing procedures, source code/change control and defect tracking procedures are in place. It should go without saying that internet applications which carry out transactions should be thoroughly tested and yet it is incredible how many ‘holes’ are created on Ecommerce web sites due to shoddy programming and testing. Preferably web applications should be tried out by ‘professional hackers’ who can look for loopholes in programs written on the web. Silicon.com reported in October that Marks and Spencer’s website (marksandspencer.com) had an error on it caused by a broken link, that when activated caused an error message which contained confidential material such as passwords, credit card dummies and other log-in information.Testing of internet applications should be supported by systems which enable changes to code to be made easily and effectively, so that unauthorized/untested changes do not slip through into the production system and that changes made to source code are not later ‘undone’ accidentally due to poor source code control.Internet Specific Issues While security should be a concern for any IT organization, there are some aspects of security which are specific to internet-based activities. Authentication, non repudiation, encryption, privacy, and integrity of data are all issues made more important by the use of web technologies, inherently an open and anonymous form of communication.The internet provides added security issues, because there is no centralised infrastructure, it operates 24 x 7, over a huge global scale and therefore has millions of potential users, of whom any one could at any time attempt to access non-public information. Some will do so by accident, some just out of curiosity and some using malicious intent will relentlessly test out every aspect of your system until they find a security hole through which they can create havoc. Security is also a moving target, as new methods become available to hackers all the time, with technology increasing rapidly. By its very nature, the internet was developed to allow openness and this makes it all the more complex to implement security over the top of the internet without making it difficult for authorized parties to access data you wish them to be able to access. Severe damage is often detected too late.TechnologiesAccess controls and cryptography can help to prevent unauthorized access to information, but they are only part of the picture. Organizations are now employing complete PKI and CA infrastructures, such as Onsite Managed Trust Services provided by Verisign, in order to provide them with the flexibility and control they need throughout the enterprise, allowing them to issue their own digital certificates, secure access to extranets/intranets, secure transactions, encrypt email and to carry out authentication.Access ControlsHidden URLs –one easy way to restrict access to information and services is to put the information at unpublished URLs and provide the URL only to those who should have access to the information at that address. Clearly this is not a high security option and is unacceptable for most purposes. There are various tools open to serious hackers that enable them to ‘find’ hidden URLs (spiders etc.), and of course it is possible that the locations of the URLs are passed on to others by those who are authorized to access the URLs.Host-based Restrictions – it is possible to restrict access to a web address (or to a web server, if using a firewall) by IP address or DNS hostname. This method can enforce that only web users operating from within a particular domain or network can access the web page. This is useful if an external web site contains some pages which should only be accessed by employees of the company, as it can be used to deny access to anyone not operating from within the company’s network. This method is not totally foolproof as it cannot deal with unauthorized access due to ‘spoofing’ (whereby a user ‘pretends’ to come from an authorized network address).Identity-based ControlsThe most common method of access control on websites is via usernames and passwords. However, passwords are so easily shared/forgotten, often users select easily-guessed passwords and there are a number of tools available to serious hackers to enable them to easily guess most passwords. Thus, alternative identity-based controls have been developed. Many companies now implement a VPN (Virtual Public Network) to enable employees to connect to internal networks from outside of the company, though these can be costly and troublesome to implement. Smart cards, or software, containing an encrypted public key, to identify valid users are one of the many other options in this area. AuthenticationSingle Sign-on – this technology allows the same user to sign on to multiple Ebusiness applications without having to type in their userid/password for each site. There are a number of offerings of this kind of technology. The most common names in this field are Netegrity SiteMinder and X at the top end, and Gator Ewallet and RoboForms at the lower end of the market.Integrated Authentication – The best known offering in this area is Nt/Windows 2000/3 authentication. This, in effect, provides single sign-on to Microsoft applications that support it – such as SQL Server and any of the Windows operating systems.CryptographyCryptography can be implemented through the encryption of data sent to and from a website and through digital signatures and certificates which ‘prove’ that the sender and recipient are who they claim to be. Non-repudiation – cryptographic receipts are created so that the author of a message cannot falsely deny sending the message.Code Signing – a digital certificate can be enclosed within a Jar file (for java code) or a Cab file (for activex controls) to indicate that the code was created by a trusted party and has not been tampered with since being created.Confidentiality- encryption can scramble information sent over the internet so that eavesdroppers cannot access the data’s content.Integrity – digitally signed message digest codes can be used to verify that a message has not been modified while in transit.To read this complete article go to http://mishj.brinkster.net/intranet/esecurity.doc

ESecurity,ESecurityCurrent,Sit

DIY

Soil testing as important as oil changes are for engines

When you have a vehicle that you are driving a lot, you know that oil changes are something that you need to do on a regular basis to keep your vehicle in good condition. This is the same as soil testing. Soil testing ensures that your soil ...

DIY

Foam bitumen - Sustainable Eco-friendly Roads

Dont you think it will be great if we have eco-friendly roads that will be sustainable and durable as well? If there are roads that are not harming the environment anymore? This isnt just something that is for the future. There are countrie ...

DIY

Soil Testing: It’s all about that soil

Soil testing. The success of your harvest is all about the quality of the soil. And, the only way to ensure that you have the best soil, is to know what your soil needs.Many dont think that soil testing is needed. They are only adding nutrie ...

DIY

Mobile Work and Aluminum Platforms That Fit Your Needs

There are many domestic, trade and industrial applications where an extension ladder is the best and safest choice. Although many people try to make do with tall stepladders, most don't know it's hazardous to stand on the top work platform o ...

DIY

Truck Access Platforms That suitable for you

Looking to plan and specialist a few kinds of platforms that give your workers safe access to single or multiple hatches on an assortment of Tank Trucks. In the event that your administrators are as of now getting to the highest points of tr ...

DIY

How to Choose a Custom T-shirt Printing Company?

Be it a family event, a noble cause, company event, or personal interest, wearing custom t-shirts gives importance to it. The fame of personalized shirts is soaring high with this. More and more men and women are wearing custom shirts while ...

DIY

Moving Jurney By Interm Packers and Movers

They perceive the ins and outs of transferring so it's a protected option to allow them to deal with your whole belongings as a result of they'll do it proper and do it with care. When you might be in a predicament corresponding to not havin ...

DIY

Use a Vacuum Excavation for an Unearthing Project

You may very well get yourself that you have to utilise a vacuum excavation for an uncovering venture. This can be anything from disposing of a channel that is blocked or to penetrate a gap in the ground without harming the encompassing zone ...

DIY

Detailed Information about Non-Destructive Digging

At the point when you consider digging a gap in the ground, the principal thing that rings a bell is this ordinarily winds up a total wreckage around the gap.Be that as it may, there is one technique called non-destructive digging. This is t ...

DIY

A Complete Guide to buying a Vacuum Truck

Buying a vacuum truck are something that you should consider on the off chance that you are searching for another business opportunity. There are a few advantages to having this sort of business in the event that you have a completely prepar ...

DIY

Best Methods of Underground Cable Detection!

While we are continually fabricating and remolding properties, unearthing is unavoidable and can be attempted for an assortment of reason. What we are going to discover right now while playing out an exhuming, you should discover any undergr ...

DIY

Vacuum Trucks Can Deal with Exact Unearthing Needs!

Some intriguing data about vacuum trucks. That it will have the option to give in your precise excavation and drilling needs. You may imagine that those enormous trucks won't have the option to penetrate precisely, without harming anything a ...

DIY

Utility Locators - Locating Underground Cable

There are numerous reasons why it is imperative to locate underground cables. Also, if the Cables can't be found effectively, the fiasco will be immense and can be destroying.This is the reason you have to ensure that you know however much a ...

DIY

Important Information about Hydro Excavation

Hydro excavation is the way toward expelling or moving soil with pressurized water. An air movement or vacuum is then used to move the dirt or trash to a garbage tank. This takes into account a non-damaging and progressively exact approach t ...

DIY

Foam Bitumen - Lab Tests for Pavement Construction

Foam Bitumen. Something that you probably won't have found out about. All in all, for what reason would it be advisable for you to consider what the different lab tests on bitumen for asphalt development are? But on the off chance that you a ...

DIY

Soil Testing & analysing Is Worth the Effort

There's nothing of the sort as a free lunch, even in the nursery. Contingent upon your soil's local ripeness and what you develop, your plants may perform for quite a long time without requiring extra manure. Be that as it may, at some point ...

DIY

Soil Testing For Construction

Soil testing is a significant piece of building and street development. Truth be told, no development task can continue without first ensuring the soil can bolster the heap. Subsequently, the reason for soil testing for construction is to de ...

DIY

Soil Testing Services for Construction Projects

Regardless of whether you are building your fantasy home, making an expansion to your current home or building up a business property, there is one thing that is of most extreme significance, soil testing. There are various building consulta ...

DIY

Property Insurance

Property is Peoples HopeIt is not wrong to say that property is a hope and main aim of every person. People put all their efforts and then purchase some property for time ahead reliability and safety. This property is result of a long term s ...