Mt-23 C: E-Commerce, M-Commerce & Security

MT-23 C: E-COMMERCE, M-COMMERCE & SECURITY
E COMMERCE, M COMMERCE
MT-23 C
Max. Marks – 10
ASSIGNMENT-1
Q.1 What is the need of Securing?
Q.2 What are the threats and vulnerabilities?
Q.3 What are the firewall Components?
Q.4 Explain VPN?
Q.5 Explain varicis methods of attacks?
Q.6 State the anti virus technologies?
Q.7 What is IP address sporting?
Q.8 Describe digital Signature?
Q.9 Explain the process of Risk Management?
Q.10 Explain IP Security and security structure?

-1-
A-1
Security overview
In the software industry, security has two different perspectives.
In the software development community, it describes the security features of a system.
Common security features are ensuring passwords that are at least six characters long and
encryption of sensitive data. For software consumers, it is protection against attacks
rather than specific features of the system. Your house may have the latest alarm system
and windows with bars, but if you leave your doors unlocked, despite the number of
security features your system has, it is still insecure. Hence, security is not a number of
features, but a system process. The weakest link in the chain determines the security of
the system. In this article, we focus on possible attack scenarios in an e-Commerce
system and provide preventive strategies, including security features, that you can
implement.
Security has three main concepts: confidentiality, integrity, and availability.
Confidentiality allows only authorized parties to read protected information.
Security features
While security features do not guarantee a secure system, they are necessary to build a
secure system. Security features have four categories:
• Authentication: Verifies who you say you are. It enforces that you are the only
one allowed to logon to your Internet banking account.
• Authorization: Allows only you to manipulate your resources in specific ways.
This prevents you from increasing the balance of your account or deleting a bill.
• Encryption: Deals with information hiding. It ensures you cannot spy on others
during Internet banking transactions.
• Auditing: Keeps a record of operations. Merchants use auditing to prove that you
bought a specific merchandise.

-2-
Defenses
Despite the existence of hackers and crackers, e-Commerce remains a safe and secure
activity. The resources available to large companies involved in e-Commerce are
enormous.
• Install personal firewalls for the client machines.
• Store confidential information in encrypted form.
• Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect
information flowing between the client and the e-Commerce Web site.
• Use appropriate password policies, firewalls, and routine external security audits.
• Use threat model analysis, strict development policies, and external security
audits to protect ISV software running the Web site.
Education
Your system is only as secure as the people who use it. If a shopper chooses a weak
password, or does not keep their password confidential, then an attacker can pose as that
user. This is significant if the compromised password belongs to an administrator of the
system. In this case, there is likely physical security involved because the administrator
client may not be exposed outside the firewall. Users need to use good judgement when
giving out information, and be educated about possible phishing schemes and other social
engineering attacks.
Personal firewalls
When connecting your computer to a network, it becomes vulnerable to attack. A
personal firewall helps protect your computer by limiting the types of traffic initiated by
and directed to your computer. The intruder can also scan the hard drive to detect any
stored passwords.
Secure Socket Layer (SSL) is a protocol that encrypts data between the shopper's
computer and the site's server. When an SSL-protected page is requested, the browser
identifies the server as a trusted entity and initiates a handshake to pass encryption key
information back and forth. Now, on subsequent requests to the server, the information
flowing back and forth is encrypted so that a hacker sniffing the network cannot read the
contents.
Secure icon in Mozilla Firefox
Secure icon in Microsoft Internet
Server firewalls
A firewall is like the moat surrounding a castle. It ensures that requests can only enter the
system from specified ports, and in some cases, ensures that all accesses are only from
certain physical machines.
A common technique is to setup a demilitarized zone (DMZ) using two firewalls. The
outer firewall has ports open that allow ingoing and outgoing HTTP requests. This allows
the client browser to communicate with the server. A second firewall sits behind the e-
Commerce servers. This firewall is heavily fortified, and only requests from trusted

-3-
servers on specific ports are allowed through. Both firewalls use intrusion detection
software to detect any unauthorized access attempts.
Another common technique used in conjunction with a DMZ is a honey pot server. A
honey pot is a resource (for example, a fake payment server) placed in the DMZ to fool
the hacker into thinking he has penetrated the inner wall. These servers are closely
monitored, and any access by an attacker is detected.
You may choose to have different policies for shoppers versus your internal users. For
example, you may choose to lockout an administrator after 3 failed login attempts instead
of 6. These password policies protect against attacks that attempt to guess the user's
password. They ensure that passwords are sufficiently strong enough so that they cannot
be easily guessed. The account lockout capability ensures that an automated scheme
cannot make more than a few guesses before the account is locked.
Intrusion detection and audits of security logs
If a shopper makes 6 failed logon attempts, then his account is locked out. In this
scenario, the company sends an email to the customer, informing them that his account is
locked. This event should also be logged in the system, either by sending an email to the
administrator, writing the event to a security log, or both.
You should also log any attempted unauthorized access to the system. If a user logs on,
and attempts to access resources that he is not entitled to see, or performs actions that he
is not entitled to perform, then this indicates the account has been co-opted and should be
locked out. Analysis of the security logs can detect patterns of suspicious behavior,
allowing the administrator to take action.
In addition to security logs, use business auditing to monitor activities such as payment
processing. You can monitor and review these logs to detect patterns of inappropriate
interaction at the business process level.
A-2
Common Security Vulnerabilities in e-commerce Systems:
1. Introduction
The tremendous increase in online transactions has been accompanied by an equal rise in the
number and type of attacks against the security of online payment systems. Some of these
attacks have utilized vulnerabilities that have been published in reusable third-party
components utilized by websites, such as shopping cart software. Other attacks have used
vulnerabilities that are common in any web application, such as SQL injection or cross-site

-4-
scripting. This article discusses these vulnerabilities with examples, either from the set of
known vulnerabilities, or those discovered during the author's penetration testing
assignments. The different types of vulnerabilities discussed here are SQL injection, cross-
site scripting, information disclosure, path disclosure, price manipulation, and buffer
overflows.
Successful exploitation of these vulnerabilities can lead to a wide range of results.
Information and path disclosure vulnerabilities will typically act as initial stages leading to
further exploitation. SQL injection or price manipulation attacks could cripple the website,
compromise confidentiality, and in worst cases cause the e-commerce business to shut down
completely.
Wherever examples of such vulnerabilities are given in advisories published by Bugtraq, we
have given the Bugtraq ID in square brackets. Details of the vulnerability may be viewed by
navigating to http://www.securityfocus.com/bid/<bid_number> .
2. Vulnerabilities
2.1 Background
There are a number of reasons why security vulnerabilities arise in shopping cart and online
payment systems. The reasons are not exclusive to these systems, but their impact becomes
much greater simply because of the wide exposure that an online website has, and because of
the financial nature of the transactions.
One of the main reasons for such vulnerabilities is the fact that web application developers
are often not very well versed with secure programming techniques. As a result, security of
the application is not necessarily one of the design goals. This is exacerbated by the rush to
meet deadlines in the fast-moving e-commerce world. Even one day's delay in publishing a
brand new feature on your website could allow a competitor to steal a march over you. We've
typically found this in cases where e-commerce sites need to add functionality rapidly to deal
with a sudden change in the business environment or simply to stay ahead of the competition.
In such a scenario, the attitude is to get the functionality online; security can always be taken
care of later. Another reason why security vulnerabilities appear is because of the inherent
complexity in most online systems. Nowadays, users are placing very demanding
requirements on their e-commerce providers, and this requires complex designs and
programming logic.
2.2 SQL Injection

SQL injection refers to the insertion of SQL meta-characters in user input, such that the
attacker's queries are executed by the back-end database. Typically, attackers will first
determine if a site is vulnerable to such an attack by sending in the single-quote (') character.
The results from an SQL injection attack on a vulnerable site may range from a detailed error
message, which discloses the back-end technology being used, or allowing the attacker to
access restricted areas of the site because he manipulated the query to an always-true
Boolean value, or it may even allow the execution of operating system commands.
SQL injection techniques differ depending on the type of database being used. For instance,
SQL injection on an Oracle database is done primarily using the UNION keyword [ref 1] and
is much more difficult than on the MS SQL Server, where multiple queries can be executed
by separating them with the semi-colon [ref 2]. In its default configuration, MS SQL server
runs with Local System privileges and has the 'xp_cmdshell' extended procedure, which

-5-
allows execution of operating system commands.

The most publicized occurrences of this vulnerability were on the e-commerce sites of
Guess.com and PetCo.com.
2.3 Price Manipulation

This is a vulnerability that is almost completely unique to online shopping carts and payment
gateways. In the most common occurrence of this vulnerability, the total payable price of the
purchased goods is stored in a hidden HTML field of a dynamically generated web page. An
attacker can use a web application proxy such as Achilles [ref 5] to simply modify the
amount that is payable, when this information flows from the user's browser to the web
server. Shown below is a snapshot of just such a vulnerability that was discovered in one of
the author's penetration testing assignments.
2.4 Buffer overflows

Buffer overflow vulnerabilities are not very common in shopping cart or other web
applications using Perl, PHP, ASP, etc. However, sending in a large number of bytes to web
applications that are not geared to deal with them can have unexpected consequences. In one
of the author's penetration testing assignments, it was possible to disclose the path of the
PHP functions being used by sending in a very large value in the input fields. As the
sanitized snapshot below shows, when 6000 or more bytes were fed into a particular field,
the back-end PHP script was unable to process them and the error that was displayed
revealed the location of these PHP functions.
Multiple buffer overflows were also discovered in the PDGSoft Shopping Cart [bid 1256],
which potentially allowed the attacker to execute code of his choice by over-writing the
saved return address.
2.5 Cross-site scripting

The Cross-site Scripting (XSS) [ref 6] attack is primarily targeted against the end user and
leverages two factors:
1. The lack of input and output validation being done by the web application
2. The trust placed by the end-user in a URL that carries the vulnerable web site's name.
The XSS attack requires a web form that takes in user input, processes it, and prints out the
results on a web page, which also contains the user's original input. It is most commonly
found in 'search' features, where the search logic will print out the results along with a line
such as 'Results for <user_supplied_input>'. In this case, if the user input is printed out
without being parsed, then an attacker can embed JavaScript by supplying it as part of the
input. By crafting a URL, which contains this JavaScript, a victim can be social engineered
into clicking on it, and the script executes on the victim's system.
In most cases, the attacker would craft the URL in order to try and steal the user's cookie,
which would probably contain the session ID and other sensitive information. The JavaScript
could also be coded to redirect the user to the attacker's website where malicious code could
be launched using ActiveX controls or by utilizing browser vulnerabilities such as those in
Internet Explorer or Netscape Navigator.
However, the JavaScript can also be used to redirect the user to a site that looks similar to the
original web site and requests the user to enter sensitive information such as his
authentication details for that web site, or his credit card number or social security number. A
related attack is shown below:
-6-
2.6 Remote command execution

The most devastating web application vulnerabilities occur when the CGI script allows an
attacker to execute operating system commands due to inadequate input validation. This is
most common with the use of the 'system' call in Perl and PHP scripts. Using a command
separator and other shell metacharacters, it is possible for the attacker to execute commands
with the privileges of the web server. For instance, Hassan Consulting's Shopping Cart
allowed remote command execution [bid 3308], because shell metacharacters such as |;&
were not rejected by the software. However, directory traversal was not possible in this
software.
2.7 Weak Authentication and Authorization

Authentication mechanisms that do not prohibit multiple failed logins can be attacked using
tools such as Brutus [ref 8]. Similarly, if the web site uses HTTP Basic Authentication or
does not pass session IDs over SSL (Secure Sockets Layer), an attacker can sniff the traffic
to discover user's authentication and/or authorization credentials.
Since HTTP is a stateless protocol, web applications commonly maintain state using session
IDs or transaction IDs stored in a cookie on the user's system. Thus this session ID becomes
the only way that the web application can determine the online identity of the user.
3. Countermeasures
The most important point is to build security into the web application at the design stage
itself. In fact, one of the key activities during the design phase should be a detailed risk
assessment exercise. Here, the team must identify the key information assets that the web
application will be dealing with. These could include configuration information, user
transaction details, session IDs, credit card numbers, etc. Each of these information assets
needs to be classified in terms of sensitivity. Depending upon the tentative architecture
chosen, the developers along with security experts must analyze the threats, impact,
vulnerabilities and threat probabilities for the system. Once these risks are listed out, system
countermeasures must be designed and if necessary the architecture itself may be modified.
Countermeasures should also include strict input validation routines, a 3-tier modular
architecture, use of open-source cryptographic standards, and other secure coding practices.
Ecommerce Threats
ECommerce has forever revolutionized the way business is done. Retail has now a long
way from the days of physical transactions that were time consuming and prone to errors.
However, eCommerce has unavoidably invited its share of trouble makers. As much as
eCommerce simplifies transactions, it is occasionally plagued by serious concerns that
jeopardize its security as a medium of exchanging money and information.
Major threats to present day eCommerce include
Breach of Security:
Money Thefts
eCommerce services are about transactions, and transactions are very largely driven by
money. This attracts hackers, crackers and everyone with the knowledge of exploiting
loopholes in a system. Once a kink in the armor is discovered, they feed the system(and

-7-
users) with numerous bits of dubious information to extract confidential data(phishing).

This is particularly dangerous as the data extracted may be that of credit card numbers,
security passwords, transaction details etc.
Also, Payment gateways are vulnerable to interception by unethical users. Cleverly
crafted strategies can sift a part or the entire amount being transferred from the user to the
online vendor.
Identity thefts
Hackers often gain access to sensitive information like user accounts, user details,
addresses, confidential personal information etc. It is a significant threat in view of the
privileges one can avail with a false identity.
For instance, one can effortlessly login to an online shopping mart under a stolen identity
and make purchases worth thousands of dollars. He/she can then have the order delivered
to an address other than the one listed on the records. One can easily see how those orders
could be received by the impostor without arousing suspicion. While the fraudsters gains,
the original account holder continues to pay the price until the offender is nabbed.
Threats to the system
Viruses, worms, Trojans are very deceptive methods of stealing information. Unless a
sound virus-protection strategy is used by the eCommere Solutions firm, these malicious
agents can compromise the credibility of all eCommerce web solution services. Often
planted by individuals for reasons known best to them alone, viruses breed within the
systems and multiply at astonishing speeds. Unchecked, they can potentially cripple the
entire system.
Solutions
Authentication
Most notable are the advances in identification and elimination of non-genuine users.
Ecommerce service designers now use multi-level identification protocols like security
questions, encrypted passwords(Encryption), biometrics and others to confirm the
identity of their customers. These steps have found wide favor all around due to their
effectiveness in weeding out unwelcome access.
Intrusion Check
The issue of tackling viruses and their like has also seen rapid development with anti-
virus vendors releasing strong anti-viruses. These are developed by expert programmers
who are a notch above the hackers and crackers themselves.
Firewalls are another common way of implementing security measures. These programs
restrict access to and from the system to pre-checked users/access points.
Educating Users
eCommerce is run primarily by users. Thus, eCommerce service providers have also
turned to educating users about safe practices that make the entire operation trouble free.
Recent issues like phishing have been tackled to a good extent by informing genuine
users of the perils of publishing their confidential information to unauthorized
information seekers.

-8-
A-3
Firewall components
A built-in firewall is provided for scenarios where servers (managers) are separated from
destination clients (agents) by one or more intermediary networks because of firewall
policies or address space concerns. The firewall components are used to tunnel traffic
between network zones, and can be chained together to allow for multiple hops.
The firewall components are intended to be used with the scalable distribution
infrastructure. It does not allow communication between the provisioning server and the
common agent using the port number 9510 for any provisioning workflow that you want
to run. If your scenario requires a provisioning workflow to communicate with the
common agent, then the provisioning server must be able to communicate with the
common agent using the listening port (9510 by default) or an alternative protocol.
The following graphic is a high-level, functional overview of the firewall components:
1. An agent connects to gateway service and sends command to connect to the

Agent Manager on the provisioning server.
2. The gateway service sends a command to gateway manager.
3. The gateway manager creates connection to manager.
4. The gateway creates a connection to the gateway service using the proxy relay.
5. The gateway manager ties connections 3 and 4 to form a virtual connection from
the manager to the gateway service.

-9-
6. The gateway service ties connections 4 and 6 to form a virtual connection from
the manager to the agent.
Proxy relay
The firewall components operate by opening default port 1960 on the proxy relay
system, and then listening on this port for routed traffic. When a connection is made to
this port, the proxy relay expects control information to be sent, which instructs the
relay to create a new TCP/IP connection to the specified address and port. Once the
new connection is created, the two input and output stream connections are joined
together using a thread that reads data from an input stream and writes data to another
output stream.
Each proxy relay is configured with an access control list (ACL) which determines
which incoming and outgoing connections to allow.
Gateway manager and service

The gateway includes the gateway manager and the gateway service. The gateway is
used to tunnel TCP/IP traffic from point 1 through the gateway service and gateway
manager to the final destination 2.
Each gateway manager can connect to and manage one or more gateway services. In
turn, each gateway service can be managed by one or more gateway managers. For
gateway communications, all connections are created from the gateway manager to the
gateway service.
For example, a target computer must create a TCP/IP connection to a resource (2).
Because of unidirectional firewall rules, connections can only originate from the
network where the resource (2) resides. Using the gateway, the target computer (1)
creates a connection to the gateway service (3), which is allowed, as they are in the
same network. A gateway manager (4) creates a connection to a resource (2), which
resides in the same network. Next, the gateway manager (4) creates a new connection
to the gateway service (3). Then, using the input and output streams, the original
connection from the target computer (1) to the gateway service (3) acts as though it is
connected directly to the resource (2). When the gateway manager and gateway service

- 10 -
are operating correctly, there is a persistent TCP/IP from the gateway manager to the
gateway service.
This “command channel” enables the gateway service to alert the gateway manager
when it receives a new connection request. A periodic “heartbeat” signal is sent to keep
the connection alive. If the “command channel” is closed, the gateway manager will
attempt to reconnect periodically. The gateway service will automatically stop listening
on that particular gateway manager's service ports when the connection is broken. The
gateway service can be configured to advertise a particular service. To use this feature,
user datagram protocol (UDP) broadcasting must be enabled for the local subnet. A
target computer can discover a service by sending a broadcast UDP packet containing
the service's name. If the gateway service receives the UDP packet and it currently
advertises that service name, then it will respond back with an addressed UDP packet
which contains the port number that service is listening on. The target computer can
then use the source address of the UDP packet and the port contained within the packet
to connect to the given service.
Configuring the firewall components:

The following procedures are required to configure the firewall components, including
setting up the gateway manager, starting the gateway service and gateway manager, and
enabling the firewall support for the common agent.
A-4
A virtual private network (VPN) is a computer network that is implemented in an
additional software layer (overlay) on top of an existing larger network for the purpose of
creating a private scope of computer communications or providing a secure extension of
a private network into an insecure network such as the Internet.
The links between nodes of a virtual private network are formed over logical connections
or virtual circuits between hosts of the larger network. The Link Layer protocols of the
virtual network are said to be tunneled through the underlying transport network.
One common application is to secure communications through the public Internet, but a
VPN does not need to have explicit security features such as authentication or traffic
encryption. For example, VPNs can also be used to separate the traffic of different user
communities over an underlying network with strong security features, or to provide
access to a network via customized or private routing mechanisms.

- 11 -
VPNs are often installed by organizations to provide remote access to a secure

organizational network. Generally, a VPN has a network topology more complex than a
point-to-point connection. VPNs are also used to mask the IP address of individual
computers within the Internet in order, for instance, to surf the World Wide Web
anonymously or to access location restricted services, such as Internet television.
Virtual private wire and private line services (VPWS and VPLS)
In both of these services, the provider does not offer a full routed or bridged network, but
components from which the customer can build customer-administered networks. VPWS
are point-to-point while VPLS can be point-to-multipoint. They can be Layer 1 emulated
circuits with no data link structure.
The customer determines the overall customer VPN service, which also can involve
routing, bridging, or host network elements.
An unfortunate acronym confusion can occur between Virtual Private Line Service and
Virtual Private LAN Service; the context should make it clear whether "VPLS" means
the layer 1 virtual private line or the layer 2 virtual private LAN.
Virtual LAN
A Layer 2 technique that allows for the coexistence of multiple LAN broadcast domains,
interconnected via trunks using the IEEE 802.1Q trunking protocol. Other trunking
protocols have been used but have become obsolete, including Inter-Switch Link (ISL),
IEEE 802.10 (originally a security protocol but a subset was introduced for trunking), and
ATM LAN Emulation (LANE).
Virtual private LAN service (VPLS)

Developed by IEEE, VLANs allow multiple tagged LANs to share common trunking.
VLANs frequently comprise only customer-owned facilities. The former[clarification needed] is a
layer 1 technology that supports emulation of both point-to-point and point-to-multipoint
topologies. The method discussed here extends Layer 2 technologies such as 802.1d and
802.1q LAN trunking to run over transports such as Metro Ethernet.
As used in this context, a VPLS is a Layer 2 PPVPN, rather than a private line, emulating
the full functionality of a traditional local area network (LAN). From a user standpoint, a
VPLS makes it possible to interconnect several LAN segments over a packet-switched, or
optical, provider core; a core transparent to the user, making the remote LAN segments
behave as one single LAN.
In a VPLS, the provider network emulates a learning bridge, which optionally may
include VLAN service.
Categorizing VPN security models

From the security standpoint, VPNs either trust the underlying delivery network, or must
enforce security with mechanisms in the VPN itself. Unless the trusted delivery network
runs only among physically secure sites, both trusted and secure models need an
authentication mechanism for users to gain access to the VPN.
Some Internet service providers as of 2009 offer managed VPN service for business
customers who want the security and convenience of a VPN but prefer not to undertake
administering a VPN server themselves. Managed VPNs go beyond PPVPN scope, and

- 12 -
are a contracted security solution that can reach into hosts. In addition to providing
remote workers with secure access to their employer's internal network, other security
and management services are sometimes included as part of the package. Examples
include keeping anti-virus and anti-spyware programs updated on each client's computer.
Mobile virtual private network

Mobile VPNs apply standards-based authentication and encryption technologies to secure
communications with mobile devices and to protect networks from unauthorized users.
Designed for wireless environments, Mobile VPNs provide an access solution for mobile
users who require secure access to information and applications over a variety of wired
and wireless networks. Mobile VPNs allow users to roam seamlessly across IP-based
networks and in and out of wireless-coverage areas without losing application sessions or
dropping the secure VPN session. For instance, highway patrol officers require access to
mission-critical applications as they travel between different subnets of a mobile network,
much as a cellular radio has to hand off its link to repeaters at different cell towers.
The Host Identity Protocol (HIP), under study by the Internet Engineering Task Force, is
designed to support mobility of hosts by separating the role of IP addresses for host
identification from their locator functionality in an IP network. With HIP a mobile host
maintains its logical connections established via the host identity identifier while
associating with different IP addresses when roaming between access networks.
A-5
Attacks
Attack methods from an attacker or hacker.
Tricking the shopper
Some of the easiest and most profitable attacks are based on tricking the shopper, also
known as social engineering techniques. These attacks involve surveillance of the
shopper's behavior, gathering information to use against the shopper. For example, a
mother's maiden name is a common challenge question used by numerous sites. If one of
these sites is tricked into giving away a password once the challenge question is
provided, then not only has this site been compromised, but it is also likely that the
shopper used the same logon ID and password on other sites.
A common scenario is that the attacker calls the shopper, pretending to be a

representative from a site visited, and extracts information. The attacker then calls a

- 13 -
customer service representative at the site, posing as the shopper and providing personal
information. The attacker then asks for the password to be reset to a specific value.
Another common form of social engineering attacks are phishing schemes. Typo pirates
play on the names of famous sites to collect authentication and registration information.
For example, http://www.ibm.com/shop is registered by the attacker as
www.ibn.com/shop. A shopper mistypes and enters the illegitimate site and provides
confidential information. Alternatively, the attacker sends emails spoofed to look like
they came from legitimate sites. The link inside the email maps to a rogue site that
collects the information.
Snooping the shopper's computer

Millions of computers are added to the Internet every month. Most users' knowledge of
security vulnerabilities of their systems is vague at best. Additionally, software and
hardware vendors, in their quest to ensure that their products are easy to install, will ship
products with security features disabled. In most cases, enabling security features
requires a non-technical user to read manuals written for the technologist. The confused
user does not attempt to enable the security features. This creates a treasure trove for
attackers.
A popular technique for gaining entry into the shopper's system is to use a tool, such as
SATAN, to perform port scans on a computer that detect entry points into the machine.
Based on the opened ports found, the attacker can use various techniques to gain entry
into the user's system. Upon entry, they scan your file system for personal information,
such as passwords.
While software and hardware security solutions available protect the public's systems,
they are not silver bullets. A user that purchases firewall software to protect his computer
may find there are conflicts with other software on his system. To resolve the conflict, the
user disables enough capabilities to render the firewall software useless.
Sniffing the network
In this scheme, the attacker monitors the data between the shopper's computer and the
server. He collects data about the shopper or steals personal information, such as credit
card numbers.
There are points in the network where this attack is more practical than others. If the
attacker sits in the middle of the network, then within the scope of the Internet, this attack
becomes impractical. A request from the client to the server computer is broken up into
small pieces known as packets as it leaves the client's computer and is reconstructed at
the server. The packets of a request is sent through different routes. The attacker cannot
access all the packets of a request and cannot decipher what message was sent.

- 14 -
Figure 4. Attacker sniffing the network between client and server
Guessing passwords
Another common attack is to guess a user's password. This style of attack is manual or
automated. Manual attacks are laborious, and only successful if the attacker knows
something about the shopper. For example, if the shopper uses their child's name as the
password. Automated attacks have a higher likelihood of success, because the probability
of guessing a user ID/password becomes more significant as the number of tries
increases. Tools exist that use all the words in the dictionary to test user ID/password
combinations, or that attack popular user ID/password combinations. The attacker can
automate to go against multiple sites at one time.
Using denial of service attacks
The denial of service attack is one of the best examples of impacting site availability. It
involves getting the server to perform a large number of mundane tasks, exceeding the
capacity of the server to cope with any other task. For example, if everyone in a large
meeting asks you your name all at once, and every time you answer, they ask you again.
You have experienced a personal denial of service attack. To ask a computer its name,
you use ping. You can use ping to build an effective DoS attack. The smart hacker gets
the server to use more computational resources in processing the request than the
adversary does in generating the request.
Distributed DoS is a type of attack used on popular sites, such as Yahoo! In this type of
attack, the hacker infects computers on the Internet via a virus or other means. The
infected computer becomes slaves to the hacker.
Denial of service attacks:

- 15 -
Using known server bugs

The attacker analyzes the site to find what types of software are used on the site. He then
proceeds to find what patches were issued for the software. Additionally, he searches on
how to exploit a system without the patch. He proceeds to try each of the exploits. The
sophisticated attacker finds a weakness in a similar type of software, and tries to use that
to exploit the system. This is a simple, but effective attack. With millions of servers
online, what is the probability that a system administrator forgot to apply a patch?
Using server root exploits
Root exploits refer to techniques that gain super user access to the server. This is the most
coveted type of exploit because the possibilities are limitless. When you attack a shopper
or his computer, you can only affect one individual. With a root exploit, you gain control
of the merchants and all the shoppers' information on the site. There are two main types
of root exploits: buffer overflow attacks and executing scripts against a server.
In a buffer overflow attack, the hacker takes advantage of specific type of computer
program bug that involves the allocation of storage during program execution. The
technique involves tricking the server into execute code written by the attacker.
The other technique uses knowledge of scripts that are executed by the server. This is
easily and freely found in the programming guides for the server. The attacker tries to
construct scripts in the URL of his browser to retrieve information from his server. This
technique is frequently used when the attacker is trying to retrieve data from the server's
database.
A-6
Antivirus Technologies
Acomputer virus is a self-replicating program that spreads by inserting copies of itself
into other executable code or documents. The term virus is often extended to refer to
computer worms and other sorts of malware. The most common are:
• Viruses - A virus is a small piece of software that piggybacks on other programs
or files. Each time the program runs or file opens, the virus runs, too. It can
reproduce itself by attaching to other programs or files or wreak havoc.
• E-mail viruses - An e-mail virus moves around in e-mail messages, and usually
replicates itself by automatically mailing itself to dozens of people in the victim's
e-mail address book. Pharmers send e-mails contains a virus that installs small
software programs on users' computers. When a user tries to go to the bank's real
Web site, the program redirects the browser to the pharmer's fake site. It then asks

- 16 -
a user to update information such as logons, PIN codes or other sensitive

information.
• Worms - A worm is a small piece of software that uses computer networks and
security holes to replicate itself. A copy of the worm scans the network for
another machine that has a specific security hole. It copies itself to the new
machine using the security hole, and then starts replicating from there, as well.
• Trojan horses - A Trojan horse is simply a computer program, which claims to
do one thing but instead does damage such as erase your hard disk when you run
it. Trojan horses have no way to replicate automatically.
Anti-virus software and other countermeasures
There are many anti-virus software products svailable that can detect and eliminate
known viruses. Some virus scanners can also warn a user if a file is likely to contain a
virus based on the file type. Some antivirus vendors also claim the effective use of other
types of heuristic analysis, which work by examining the contents of the computer's
memory (its RAM, and boot sector) and the files stored on fixed or removable drives
(hard drives, floppy drives), and comparing those files against a database of known virus
"signatures". Some anti-virus programs are able to scan opened files in addition to sent
and received emails 'on the fly' in a similar manner. This practice is known as "on-access
scanning." Anti-virus software typically does not change the underlying capability of host
software to transmit viruses. Anti-virus software must be updated regularly for the latest
threats and hoaxes.
Antivirus software typically has the host based version for individual PCs and
workstations and the gateway version to protect a network or a subnetwork. Now,
antivirus technologies are often combined with other technologies such as anti-spam,
anti-spyware, firewalls and intrusion detections to provide broader protection to end
users. Anti-virus systems are trationally software solutions. When one system is
performing mutiple functions such as scanning virus, spam, spyware and detect and
blocking intrusions, the performance becomes one of the main concerns. To increase
performance of such integrated gateways and reduce delay of message passing though,
many integrated gateway products are migrating from pure software products to a
combination of hardware and software. Now, many integrated gateways have achieved
line speed at the gigabit or multi-gagabit level.
A-7
In computer networking, the term IP address spoofing or IP spoofing refers to the
creation of Internet Protocol (IP) packets with a forged source IP address, called

- 17 -
spoofing, with the purpose of concealing the identity of the sender or impersonating
another computing system.
Background
The basic protocol for sending data over the Internet network and many other computer
networks is the Internet Protocol ("IP"). The header of each IP packet contains, among
other things, the numerical source and destination address of the packet. The source
address is normally the address that the packet was sent from. By forging the header so it
contains a different address, an attacker can make it appear that the packet was sent by a
different machine. The machine that receives spoofed packets will send response back to
the forged source address, which means that this technique is mainly used when the
attacker does not care about the response or the attacker has some way of guessing the
response.
In certain cases, it might be possible for the attacker to see or redirect the response to his
own machine. The most usual case is when the attacker is spoofing an address on the
same LAN or WAN. Hence the hackers have an unauthorized access over computers.
Applications
IP spoofing is most frequently used in denial-of-service attacks. In such attacks, the goal
is to flood the victim with overwhelming amounts of traffic, and the attacker does not
care about receiving responses to the attack packets. Packets with spoofed addresses are
thus suitable for such attacks. They have additional advantages for this purpose—they are
more difficult to filter since each spoofed packet appears to come from a different
address, and they hide the true source of the attack. Denial of service attacks that use
spoofing typically randomly choose addresses from the entire IP address space, though
more sophisticated spoofing mechanisms might avoid unroutable addresses or unused
portions of the IP address space. The proliferation of large botnets makes spoofing less
important in denial of service attacks, but attackers typically have spoofing available as a
tool, if they want to use it, so defenses against denial-of-service attacks that rely on the
validity of the source IP address in attack packets might have trouble with spoofed
packets. Backscatter, a technique used to observe denial-of-service attack activity in the
Internet, relies on attackers' use of IP spoofing for its effectiveness.
IP spoofing can also be a method of attack used by network intruders to defeat network
security measures, such as authentication based on IP addresses. This method of attack on
a remote system can be extremely difficult, as it involves modifying thousands of packets
at a time. This type of attack is most effective where trust relationships exist between
machines. For example, it is common on some corporate networks to have internal
systems trust each other, so that users can log in without a username or password
provided they are connecting from another machine on the internal network (and so must
already be logged in). By spoofing a connection from a trusted machine, an attacker may
be able to access the target machine without an authentication.
Another more-recent use is to change a computer's country of origin for the purposes of
accessing internet content limited to specific geopolitical areas. For example, Hulu's
online-tv service can only be accessed by American residents, but theoretically also by
computers spoofing american locations.
Services vulnerable to IP spoofing
Configuration and services that are vulnerable to IP spoofing:
• RPC (Remote Procedure Call services)

- 18 -
• Any service that uses IP address authentication

• The X Window system
• The R services suite (rlogin, rsh, etc.)
Defense against spoofing
Packet filtering is one defense against IP spoofing attacks. The gateway to a network
usually performs ingress filtering, which is blocking of packets from outside the network
with a source address inside the network. This prevents an outside attacker spoofing the
address of an internal machine. Ideally the gateway would also perform egress filtering
on outgoing packets, which is blocking of packets from inside the network with a source
address that is not inside. This prevents an attacker within the network performing
filtering from launching IP spoofing attacks against external machines.
It is also recommended to design network protocols and services so that they do not rely
on the IP source address for authentication.
A-8
A digital signature or digital signature scheme is a mathematical scheme for
demonstrating the authenticity of a digital message or document. A valid digital signature
gives a recipient reason to believe that the message was created by a known sender, and
that it was not altered in transit. Digital signatures are commonly used for software
distribution, financial transactions, and in other cases where it is important to detect
forgery and tampering.
Digital signatures are often used to implement electronic signatures, a broader term that
refers to any electronic data that carries the intent of a signature,[1] but not all electronic
signatures use digital signatures.[2][3][4] In some countries, including the United States, and
in the European Union, electronic signatures have legal significance. However, laws
concerning electronic signatures do not always make clear whether they are digital
cryptographic signatures in the sense used here, leaving the legal definition, and so their
importance, somewhat confused.
Digital signatures employ a type of asymmetric cryptography. For messages sent through
an insecure channel, a properly implemented digital signature gives the receiver reason to
believe the message was sent by the claimed sender. Digital signatures are equivalent to
traditional handwritten signatures in many respects; properly implemented digital
signatures are more difficult to forge than the handwritten type. Digital signature schemes
in the sense used here are cryptographically based, and must be implemented properly to
be effective. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming their private

- 19 -
key remains secret; further, some non-repudiation schemes offer a time stamp for the
digital signature, so that even if the private key is exposed, the signature is valid
nonetheless. Digitally signed messages may be anything representable as a bitstring:
examples include electronic mail, contracts, or a message sent via some other
cryptographic protocol.
Definition
Diagram showing how a simple digital signature is applied and then verified
A digital signature scheme typically consists of three algorithms:

• A key generation algorithm that selects a private key uniformly at random from a
set of possible private keys. The algorithm outputs the private key and a
corresponding public key.
• A signing algorithm which, given a message and a private key, produces a
signature.
• A signature verifying algorithm which given a message, public key and a
signature, either accepts or rejects.
Two main properties are required. First, a signature generated from a fixed message and
fixed private key should verify on that message and the corresponding public key.
Secondly, it should be computationally infeasible to generate a valid signature for a party
who does not possess the private key.

- 20 -
A-9
Risk management is the identification, assessment, and prioritization of risks followed
by coordinated and economical application of resources to minimize, monitor, and
control the probability and/or impact of unfortunate events.[1] Risks can come from
uncertainty in financial markets, project failures, legal liabilities, credit risk, accidents,
natural causes and disasters as well as deliberate attacks from an adversary. Several risk
management standards have been developed including the Project Management Institute,
the National Institute of Science and Technology, actuarial societies, and ISO standards.[2]
[3]
Methods, definitions and goals vary widely according to whether the risk management
method is in the context of project management, security, engineering, industrial
processes, financial portfolios, actuarial assessments, or public health and safety.
The strategies to manage risk include transferring the risk to another party, avoiding the
risk, reducing the negative effect of the risk, and accepting some or all of the
consequences of a particular risk.
Certain aspects of many of the risk management standards have come under criticism for
having no measurable improvement on risk even though the confidence in estimates and
decisions increase.[1]
Introduction
This section provides an introduction to the principles of risk management. The
vocabulary of risk management is defined in ISO Guide 73, "Risk management.
Vocabulary".
In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss and the greatest probability of occurring are handled first, and risks with
lower probability of occurrence and lower loss are handled in descending order. In
practice the process can be very difficult, and balancing between risks with a high
probability of occurrence but lower loss versus a risk with high loss but lower probability
of occurrence can often be mishandled.
Intangible risk management identifies a new type of a risk that has a 100% probability of
occurring but is ignored by the organization due to a lack of identification ability. For
example, when deficient knowledge is applied to a situation, a knowledge risk
materialises. Relationship risk appears when ineffective collaboration occurs. Process-
engagement risk may be an issue when ineffective operational procedures are applied.
These risks directly reduce the productivity of knowledge workers, decrease cost
effectiveness, profitability, service, quality, reputation, brand value, and earnings quality.
Intangible risk management allows risk management to create immediate value from the
identification and reduction of risks that reduce productivity.
Risk management also faces difficulties allocating resources. This is the idea of
opportunity cost. Resources spent on risk management could have been spent on more

- 21 -
profitable activities. Again, ideal risk management minimizes spending while

maximizing the reduction of the negative effects of risks.
Methodology
For the most part, these methodologies consist of the following elements, performed,
more or less, in the following order.
1. identify, characterize, and assess threats
2. assess the vulnerability of critical assets to specific threats
3. determine the risk (i.e. the expected consequences of specific types of attacks on
specific assets)
4. identify ways to reduce those risks
5. prioritize risk reduction measures based on a strategy
Principles of risk management

The International Organization for Standardization identifies the following principles of
risk management:
• Risk management should create value.
• Risk management should be an integral part of organizational processes.
• Risk management should be part of decision making.
• Risk management should explicitly address uncertainty.
• Risk management should be systematic and structured.
• Risk management should be based on the best available information.
• Risk management should be tailored.
• Risk management should take into account human factors.
• Risk management should be transparent and inclusive.
• Risk management should be dynamic, iterative and responsive to change.
• Risk management should be capable of continual improvement and enhancement.
Process
According to the standard ISO 31000 "Risk management -- Principles and guidelines on
implementation", the process of risk management consists of several steps as follows:
1. Identification of risk in a selected domain of interest
2. Planning the remainder of the process.
3. Mapping out the following:
o the social scope of risk management
o the identity and objectives of stakeholders
o the basis upon which risks will be evaluated, constraints.
4. Defining a framework for the activity and an agenda for identification.
5. Developing an analysis of risks involved in the process.
6. Mitigation of risks using available technological, human and organizational
resources.

- 22 -
A-10
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
communications by authenticating and encrypting each IP packet of a data stream. IPsec
also includes protocols for establishing mutual authentication between agents at the
beginning of the session and negotiation of cryptographic keys to be used during the
session. IPsec can be used to protect data flows between a pair of hosts (e.g. computer
users or servers), between a pair of security gateways (e.g. routers or firewalls), or
between a security gateway and a host. [1]
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the
Internet Protocol Suite or OSI model Layer 3. Some other Internet security systems in
widespread use, such as Secure Sockets Layer (SSL), Transport Layer Security (TLS)
and Secure Shell (SSH), operate in the upper layers of these models. Hence, IPsec can be
used for protecting any application traffic across the Internet. Applications need not be
specifically designed to use IPsec. The use of TLS/SSL, on the other hand, must typically
be incorporated into the design of applications.
IPsec is a successor of the ISO standard Network Layer Security Protocol (NLSP). NLSP
was based on the SP3 protocol that was published by NIST, but designed by the Secure
Data Network System project of the National Security Agency (NSA).
IPsec is officially specified by the Internet Engineering Task Force (IETF) in a series of
Request for Comments addressing various components and extensions, including the
official capitalization style of the term.
Security architecture
The IPsec suite is a framework of open standards. IPsec uses the following protocols to
perform various functions: [2][3]
• Internet key exchange (IKE and IKEv2) to set up a security association (SA) by
handling negotiation of protocols and algorithms and to generate the encryption
and authentication keys to be used by IPsec. [4][5]
• Authentication Header (AH) to provide connectionless integrity and data origin
authentication for IP datagrams and to provide protection against replay attacks. [6]
[7]
• Encapsulating Security Payload (ESP) to provide confidentiality, data origin

authentication, connectionless integrity, an anti-replay service (a form of partial
sequence integrity), and limited traffic flow confidentiality. [1]
[edit] Authentication Header
Authentication Header (AH) is a member of the IPsec protocol suite. AH guarantees
connectionless integrity and data origin authentication of IP packets. Further, it can
optionally protect against replay attacks by using the sliding window technique and
discarding old packets. AH protects the IP payload and all header fields of an IP
datagram except for mutable fields (i.e. those that might be altered in transit). [6]
• In IPv4, mutable (and therefore unauthenticated) IP header fields include
DSCP/TOS, Flags, Fragment Offset, TTL and Header Checksum.
AH operates directly on top of IP, using IP protocol number 51.[8]
- 23 -
The following AH packet diagram shows how an AH packet is constructed and

interpreted:
0 - 7 bit 8 - 15 bit 16 - 23 bit 24 - 31 bit
Next header Payload length RESERVED
Security parameters index (SPI)
Sequence number
Authentication data (variable)
Field meanings:
Next header
The Next Header is an 8-bit field that identifies the type of the next payload after
the Authentication Header. The value of this field is chosen from the set of IP
Protocol Numbers defined in the most recent "Assigned Numbers" RFC from the
Internet Assigned Numbers Authority. See List of IP protocol numbers.
Payload length
Size of AH packet.
RESERVED
Reserved for future use (all zero until then).
Security parameters index (SPI)
Identifies the security parameters, which, in combination with the IP address, then
identify the security association implemented with this packet.
Sequence number
A monotonically increasing number, used to prevent replay attacks.
Authentication data
Contains the integrity check value (ICV) necessary to authenticate the packet; it
may contain padding.

- 24 -

Mt-23 C: E-Commerce, M-Commerce & Security

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Mt-23 C: E-Commerce, M-Commerce & Security

Caricato da

Copyright:

Formati disponibili

MT-23 C: E-COMMERCE, M-COMMERCE & SECURITY

Q.1 What is the need of Securing?

Q.2 What are the threats and vulnerabilities?

Q.3 What are the firewall Components?

Q.4 Explain VPN?

Q.5 Explain varicis methods of attacks?

Q.6 State the anti virus technologies?

Q.7 What is IP address sporting?

Q.8 Describe digital Signature?

Q.9 Explain the process of Risk Management?

Q.10 Explain IP Security and security structure?