The source of this article is at the bottom
What threats are there,
and what can be done to protect against them?
Threats
Tricking the customer -
Imagine an ecommerce system where credit card details are stored within the
system itself. A criminal might trick a customer into revealing information
about his account. Then the criminal contacts the customer services and request
a password change. Now the criminal can log onto the system and order goods on
the customer's credit card, giving a different delivery address and absconding
with the delivered goods.
Snooping on the
customer's computer - Sometimes a hacker can break into a user's computer and
find logon information for one or more ecommerce systems. The hacker can then
log on and place fraudulent orders.
Sniffing the network -
There is usually some distance between the customer's computer and the
ecommerce server. A hacker can steal information shared between both ends of
the link, by snooping near to one end or the other and recording what is sent/received.
Providing the information is readable, the hacker might gain enough to log onto
the ecommerce system fraudulently.
Guessing passwords -
This is a traditional hacking technique shown in movies and TV shows. The
hacker is seen to sit down and guess a user's password after two or three
attempts. In reality, hackers use a combination of techniques, such as social
engineering to trick a user into revealing a password, or brute force methods
(trying many passwords until one works).
Denial of Service (DoS)
attacks - If you were in a meeting, and everyone present asked you
for your name, and whenever you replied they asked again, you wouldn't be able
to do much else. In the same way, the server can become overwhelmed and stop
working properly if a hacker repeatedly asks it to respond to the same request
over and over again. A distributed DoS is where a number of hijacked sources
are used to send the same requests to the ecommerce server repeatedly.
Using known server bugs -
The hacker finds out what types of software are used on the ecommerce server,
and then determines if there are any known problems or bugs that have been
fixed by patches or updates. The hacker finds out if the server has missed one
or more patches, and exploits the overlooked vulnerability to gain access.
Protection
User education - It
is vital to enforce strict password policies to ensure that users don't choose
passwords that are easy to guess. There are numerous examples online of
recommended password policies.
Personal firewalls -
If all customers' computers were protected by firewalls, it would greatly
reduce the chances of hackers breaking into them by stealthy means. A firewall
can stop intruders from scanning a computer for stored passwords.
Secured Socket Layer
(SSL) - This is a method of encrypting the information sent
between the customer's computer and the ecommerce server. When implemented by
the developers of the server, the URL will normally start with the letters
https, the "s" denoting SSL. In addition, there should be an icon in
the browser screen that confirms a secured connection.
Server firewalls - The
ecommerce server should have a firewall that locks out unusual and abnormal
connections, and ONLY permits normal browser access to the ecommerce system.
Intrusion detection -
If a user repeatedly fails to log on correctly, the password rules should
eventually lock the account. There should be an automatic function to discover
these problems from the system's log files and flag them up to the
administrator so that the customer can be emailed about this.
Get Logitrain Cloud Services, for a
smooth, low-risk transition to cloud. We're a trusted provider with a strong
heritage of delivering great solutions. Our Cloud Solutions provide a complete
solution for Small to Medium Businesses (SMB's) and Corporates.
This article was written by ( Isla Hazel) This link to the personal page for writer On the original site For this article
Article Source: http://EzineArticles.com/?expert=Isla_Hazel
Article Source: http://EzineArticles.com/8192855
No comments:
Post a Comment