SECURITY AND THREATS IN E-COMMERCE Meaning of E-Commerce Security E-Commerce security is a set o} digital security, sigifcan ee _ ensures safe transactions through the internet. In Eaicaile iGas picasa ae ne E-commerce security is i ‘ coplied to the Cana a ot lean Security of the framework and is specifically Seal affect e-commerce, which include Computer Security, Data ae ims of the Information Security framework. E-commerce security has Pi ars nuances and is one of highest visible security components that affect the end user through their daily payment interactions with their business. Privacy and security are a major concer for the electronic technologies. M-Commerce shares security concems with other technologies in the field. Privacy concerns have been found, to revealing a lack of trust in a variety of contexts, including commerce, electronic health records, the E-Recruitment technology and social networking, has directly influenced users. Security is one of the principal and continuing concerns that restrict customers and organisation engaging with e-payment. SECURITY is one principal and continuing concerns that restrict customers and organisation engaging with commerce. Web c-commerce applications that handle payments like online banking, electronic transactions or using debit cards, credit cards, PayPal or ‘other tokens have more compliance issues, and are at increased risk from being targeted than other websites. The e-commerce industry is slowly ir internal networks. addressing security issues 09 thei systems and networks available for the e-commerce systems idelines for securing ee .d and implement. ‘Educating the consumer on security issues is still in the infancy reat i 4 ee well prove to be the most critical element of the e-commerce security architecture. The World ‘Wide Web (www) is a heart of e-commerce. It consists of — 1. Clients ers ec tion Paths (Networks) ee of web scuriy 10 med He Szuiy expectations of users and providers. To that one Pp secutly is concerned with — e 1. Client - side Security 2. Server — Side Security1 4 E-COMMERCE 1, Client-Side Security: It is concerned with the techniques and practices that protect a User's Privacy and the integrity of the user's computing system. The purpose is to prevent maliciog, destruction of a user's computer system and to prevent unauthorised use of a user’s Private information, such as use of a user’s credit card number for fraudulent purposes. 2. Server-Side Security: It is concemed with the techniques and practices that protect the web server software. The purpose is to prevent modification of a website's contents, prevent use Of the server's hardware, software or database for malicious purposes and to ensure reasonable access tg website's services. DID YOU in the ranks, more malware is being launched than ever before: 230,000 new malware samples/day, Although more resources are being deployed to counter cyber attacks, the nature of the | industry still has a long way to go before we can, as a whole, catch up with these threats, It’s important for us to define what the current information security and cyber security industry | looks like with these cyber security facts and stats: 1. There is a hacker attack every 39 seconds, affecting one in three Americans each year. 2.° 95% of breached records came from three industries in 2016: Government, retail, and technology. 3. 43% of cyber-attacks target small business. 64% of companies have experienced web- based attacks. 62% experienced phishing and social engineering attacks. 59% of companies experienced malicious code and botnets and 51% experienced denial of service attacks. 4. The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure is connected. 5. Since 2013 there are 3,809,448 records stolen from breaches every day, 158,727 per hour, 2,645 per minute and 44 every second of every day. 6. Over 75% of health care industry has been infected with malware over last year. 7. Large-scale DDoS attacks up 140 percent in 2016's fourth quarter. 8. Approximately $1 trillion is expected to be spent globally on cybersecurity from 2017 to 2021. 3 9. Unfilled cybersecurity jobs worldwide will reach 3.5 million by 2021. More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74% over the past five year. By 2020, there will be roughly 200 billion connected devices. The risk is real with IoT and its growing. According to figures compiled within a recent Symantec Internet Security Threat Report, there are 25 connected devices per 100 inhabitants in the US. Only 38 percent of global organisations claim they are prepared to handle a sophisticated cyber attack 2 Total cost for cybercrime committed globally has added up to 100 billion dollars. Don’t think that all that money comes from hackers targeting corporations, banks or wealthy celebrities. Individual users like you and me are also targets. As long as you are connected to the Internet, you can become a victim of: ‘cyber-attacks. 10. 11. 2.LE RB SECURITY AND THREATS IN E-COMMERCE Dimensions and Scope of E-Commerce Security ‘The dimensions and scope of E-Commerce security are: qf 1. Integrity: Integrity can ensure that an unauthorised party has not altered information on the 4 internet in any way. It maintains the consistency, accuracy, and trustworthiness of the information over its entire life cycle, Example: The most common threat will be “would any unauthorised person will intercept and redirect payment into a different account” since e-commerce sites prefer online transfer mostly. Let us consider a subscription model, where you will give credit card details for a bill payment to the merchant. If someone added extra cost on your credit card bill without both your and merchant’s knowledge, then you need to pay extra money for something you have not purchased. 2. _ Non-repudiation: Good business depends on both buyers and sellers. They must not deny any facts or rules once they accept that there should not be any repudiation. Non- repudiation confirms whether the information sent between the two parties was received or not. It ensures that the person who completed the transaction cannot deny the purchase. In ‘other words, it is an assurance that anyone cannot deny the validity of transaction. Mostly non-repudiation uses a digital signature for online transactions because no one can deny the authenticity of their signature on a document. ‘Example: When a merchant does not have enough proof of customers who have ordered with them during a credit card payment transaction, it will not be processed further to the merchant. Sometimes customers claim that they have not ordered the product from a particular merchant if they disliked the product later. 3. Authenticity: In e-payment, since both the customer and seller needto trust cach other, they must remain as who they are in real. Both the seller and buyer must provide proof of their original identity so that the e-payment transaction can happen securely - between them. Every e-commerce site uses authenticity as a tool to ensure the identity of the person over the internet. In e-commerce, fraudulent identity and authentication are also possible, which makes identity a difficult process. Some common ways to ensure a person's identity are customer login using a password. Some users can use a fake email address to access any of the e-commerce ei ask of Example: Confidentiality: Confidentiality refers to protecting information from being accessed by an unauthorised aaa on the internet. In other words, only the people who are authorised can or use the sensitive data of any customer or merchants. One in access to view, modify, m confidentiality breach will be sniffing. A program steals all the important files of the company, individual identity or email message or personal report of the internet user. sommerce uses a user name and password to login to their account. Let us password, where an e-commerce site sends a one-time Example: E-c 1 or phone number if someone else reads it. consider this case for resetting the pass password to his or her customer in emai ———————— Se !8 ECOWIERee ln 5. Privacy: Where confidentiality is a concem about the information Present « communication, privacy is concemed with personal details. In general, the customers t they have given to the merchant use privacy to control the usage of information. Priy oy a major threat to any online transaction or internet user since personal information has ben revealed and there is no way back to disclose them. Example: Ifa hacker breaks into the e-commerce site, they can gain access to the custo, credit card details or any other customer information. This also violates inform; confidentiality and Personal privacy. 6. Availability: Continuous availability of the data is the key to provide a better Custom. GxPerience in e-commerce. The continuous availability of the e-commerce webs increases online vi ity, search engine rankings, and site traffic. Data, which is Present cx the website, must be secured and available 24x7x365 for the customer Withory downtime. If it is not, it will be difficult to gain a competitive edge and survive jn he digital world. Example: An e-commerce website can be flooded with useless traffic that causes to x1. down your site, making impossible for the uscr to access the site, E-Commerce Security Environment Security is an essential Part of any transaction that takes place over the internet. Customers i lose histher faith in e-business if its security is compromised. Following are the essen) Tequirements for safe ¢-payments/transactions. ‘and Procedures Laws and industry Standards For most law-abiding citizens, the intemet holds the promise of a global marketplace, Providing access to people and businessmen worldwide. For criminals, the internet created entirely new and lucrative ways to steal. Dimensions of e-commerce Security There are six dimensions to e-commerce Security - integrity, Nonrepudiation, authenticity, confidentiality, privacy, and availability, Integrity refers to the ability to ensure t! information being displayed on a website, or transmitted or received over the internet, b* not been altered in any way by an unauthorised Party or an unauthorised person.ear ‘AND THREATS IN E-COMMERCE 87 Non-repudiation refers to the ability to ensure eee ji . that ici } nei online actions. For instance, free email ate oa rages ee mments OT send a message and c it easy for a person to post wility £0 identify the ident perhaps later deny doing so. Authenticity refers to the ore Hoaidacsithe ae of a person of entity with whom you are dealing on the i mer know that the web site operator is who it claims to be? Confidentiality refers to the ability t e those who are ‘authorised to aaa ek that the message and data are available only to niet el or hee abil to control the use of information a customer, provides apeure that an ¢-cOmmerce fa commerce merchant. Availability refers to the ability to E-Payment Environment: eee functions as — scons fae in ae a i ology tive, there are three key points 0} vulnerability when dealing with e-commerce: lie clit the server and the arniication pipeline. The seven most damaging forms of security threats to e-commerce sites: (1) Malicious Code, (2) Hacking and Cyber vandalism, (3) Credit Card - ThefvFroud, (4) Spoofing and (5) Sniffing. Malicious Code (Sometimes referred to as “malware”) includes a variety of threats such as viruses, worms, Trojan Horses, and “bad applets”. Hacking and Cyber vandalism: A hacker js an individual who intends to gain unauthorised access to a computer system. Hackers in unauthorised access by finding weaknesses in the security. Cyber vandalism means intentionally disrupting, defacing, or even destroying the site. The “good hackers” became known as white hats because of their role in helping organisations locate and fix security flaws. In contrast, black hats are hackers who engage in the same kind of activities without pay or any buy-in from the targeted organisations, ‘and with the intention of causing harm. Somewhere in the middle are grey hats hacker who believe they are pursuing some greater good by breaking in and revealing system flaws. Grey hats discover weaknesses in the +5 security and then publish the weakness ‘without disrupting the site or attempting to profit from their finds. Credit Card Fraud: What is one of the most-feared occurrences on the internet. Theft of credit card data. Fear that their credit card information will be stolen frequently prevents users from making online purchases. In e-payment the greatest threat to the consumer is that the merchant’s server with which the consumer is transacting will “Jose” the credit information or permit it to be delivered for a criminal purpose. 5. Spoofing Hackers attempt to hide their true identity often spoof, or misrepresent themselves by using fake email addresses or masquerading as someone else. Sniffing: A sniffer is a type of eavesdropping program that monitors information travelling over a network. ‘When used legitimately, sniffer can help identify potent ial network trouble-spots, but when used for criminal purposes, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on 2 network, including email messages, company files, and confidential reports. Threats in Computer Systems The security teats in e-commerce arise from both client / server side as well as from wunication channel over the network.ECOMNER. C * a kd it | Server thre ae Client threat Commucteation on Web Server Theater ) vis : eT Commerce Server Threats i — sctiity Theat | Database Threats ie * | Spoofing, Aves ity Common Gateway Interface Tyo~ Sniffing Password Threats s Denial Of Service — =——| Phishing —] Malware : Pharming SQL Injection ross Site Scripting Key Loggers Man-in-the-Browser Attack Cookies Web Bugs mes | Active Content A. Client threats 1. Virus: A virus is a computer program that replicates itself, spreads to other files, ang renders them inoperative or malfunctioning. It leads to complete breakdown of operations. They are known as macro viruses. Virus Type - WORM: It is special type of computer program that acts as a carrier of virus and carries virus from one machine to another through intemct. Virus Type - TROJAN HORSE: A program allows virus programs to enter into a computer system, steal password, email id from the hard disk, and send to another person. They are capable of sending bogus email. A computer virus is a program which can harm our device and files and infect them for no further use. When a virus program is executed, it replicates itself by modifying other computer Programs and instead enters its own coding. This code infects a file or Program and if it spreads massively, it may ultimately result in crashing of the device. The different types of Computer Virus are: 1. Boot Sector Virus: It is a type of virus that infects the boot sector of floppy disks or the Master Boot Record (MBR) of hard disks. The boot Sector comprises all the files which are required to start the operating system of the computer. The virus either overwrites the existing program or copies itself to another part of the disk. 2. Direct Action Virus: When a virus attaches itself directly to a .exe or com file and enters the device while its execution is called a Direct-Action Virus. If it Sets installed in the memory, it keeps itself hidden. It is also known as Non-Resident Virus. 3. Resident Virus: A virus which saves itself in the memory of the computer and then infects other files and programs when its originating program is no longer working. This virus cangecURITY. AND THREATS IN E-COMMERCE 89 easily infect other files because it use it is hi i the system. is hidden in the memory and is hard to be removed from 4, Multipartite Virus: A virus whi eee whi Me ady infeed compute scaled 2 ml the boot sector and the exeouabic Tt your system, you are at risk of cyber ry multipartite virus. If a multipartite virus attacks 5. Overwrite Virus: The — 7 replace it with the Eee = can completely remove the existing program and ree programming code with the oy ee Gradually it can completely replace the Polymorphic Virus: i ¥ 6 fel a aaa a Spread through spam and infected websites, the polymorphic virus are morphed version aaee complex and are tough to detect. ‘They create 2 modified or an ale existing program and infect the system and retain the original code. 1 le i teal Virus: It first infects a single file and then later spreads itself to other executable files and programs. The main source o! es and wo! sors. f this virus are gamé 8, Space Filler Virus: It is a rare type of virus which fills in the empty spaces ofa file with the size of the file nor can be viruscs. It is known as cavity virus. It will neither affect detected easily. 9, Macro Virus: A virus written in the same macro language 2S used in the software program and infects the computer if a word processor file is opened. Mainly the source of such viruses is via emails. 2. Hacking: A hacker is an indi system with criminal intent. They gain access to comp' sulting to total shutde weaknesses in the security systems res ». Hackers causing harm to also referred to as ‘cyber ‘vandalism’. vidual who intends to gain unauthorised access t0 computer ter systems or websites by exploiting jown of business transactions. This act is reputation of any organisation are known as ‘Black Hats’. 3, Spoofing: It is the proces® to hide te identity of oneself PY using fake email - id. Spoofing ink to another fake address different from the original link, where the user i the reputation of ‘of the business process and harms can also redirect 2 web lil ceived, thus stealing the was intended to B0- It causes business. The customers are taken to fake w orders from the original company: Real Website ebsite where the orders are re‘ cient « CI aaa —_—_—— coe DNs spoofing. E-COMMERCE = =e Spoofed Website ‘URL * " Cl Sign in Email (phone tor mobite accounts) Forgot your p 4. Sniffing: It is a special type of computer program that monitors and acquires information travelling across the network. Initially the program was used to identify potential network Problem spot but was later maliciously used by hackers to steal proprietary information. It included e-mail messages, corporate information and confidential business reports. They make Confidential reports public, thereby affecting the privacy and confidentiality of the company. 5. _ Denial of Service (DoS): It is an incident in which a user organisation is denied of the service they would normally expect to have. Hackers use this method to send a large number of automated requests to an ¢-commerce website. For the sever it seems to originate from genuine visitor. This does not result in theft or other security loss, but loss of service due to network connectivity problems. It can also destroy programs and files in affected computer systems 6. Phishing: It is a fraudulent Practice to acquire confidential information and sometimes indirectly money by concealing as trustworthy. They exist in different form such as misleading emails, man-in-middle, URL obfuscation, malware, key loggers, screen grabbers, hijackers, web Trojans, IP address manipulation, system reconfiguration attacks etc., 7. Malware: Itis typically any code or software program designed to infect damage or disrupt your system for malicious purposes. It is an unwanted software installed on computer of internet user without its knowledge or consent and resulting in theft of sensitive Personal and financial information. 8. Pharming: It is a fraudulent Practice similar to install code or software Program on server or personal computer. It tries to steal sensitive financial information. They install or activate themselves on personal Computer or other computer in a network while opening cither an email or an email attachment. 9. SQL Injection: It is one of web attack mecl organisation. It takes advantage of improper coding of Phishing and malware, Here the attackerssecur ‘AND THREATS IN E-COMMERCE 1 Key loggers: It is one ofthe maj 1¢ major threat to user privacy. It is used to steal user's sensitive 11. 1. tion's. Tt captu info! ition’. iptures or recs ; i gicious user to collect your Beale the user's keystrokes, working on computer, enabling information such password or pin. It canbe Tater used for quick cash withdrawal and fraudulent money transactions. Key loggers Types «Software Key loggers: Unwanted software infect compute t of internet useT without its ‘while opening cither an email or User picks this virus unknowingly, in theft or sensitive personal and knowledge or consent. 1d malicious websites and it results an email attachment an financial information. « Hardware Key loggers: ‘These are small hardware devices that can be connected between keyboard and a computer. ftware. It is a method to capture the keystroke logging and resul nancial information. 12. Man-in-the-Browser Attack (MitB): It is a growing concer for financial service industry. It infects the browser and manipulate bank ‘account transactions automatically. It attacks intercepts, decrypts the communication between the web browser ‘and the destination web server, and modifies the messages for fraudulent purpose. It is an undetectable sof It in theft of sensitive personal and fi red on client computer and contain sensitive 43. Cookies: They are small pieces of text stot information that is not encrypted. Anyone can read and interpret cookie data. They do not harm |d still cause damage. It is placed by the web server site, in which they are call ‘website and called as ‘third-party costies". A third party website originales On? * eb site other than the site being visited. The third party website generally provide advertisements OT other contents which are ‘keen on tracking responses to their ads by visitors who have already seen ads on other sites. 14, Web Bugs: A third-party web site places a tiny graphic on another site's web page. When a. site visitor loads the web page, the web bug is delivered by the third-party site, which can then but potentially coul ies’ or by different client machine directly, ed ‘first-party cookies: ECOMMERG: Place a cookie on the visitor's computer. Its purpose is to ewes way for a third-party Webring to place cookies from that third-party site on the visitor's computer. aiShily tio thy echetive Content: It refers to programs that are embedded transparently in ee x.eause action to occur. The best-known active content forms are cookies, ecu ee te X Controls, Java Script and VBScript that are programs that interpt IStUCtion, embedded in downloaded objects from a web / commerce server B. Communication Threats The internet serves as the electronic chain linking a consumer (client) aaa aia Tesourg, (commerce server). Messages on the internet travel a random ‘Path from Node to 4 destination node. The message passes through a number of intermediate computers on thy network before reaching the final destination. It is impossible to guarantee that every computer gp the internet through which messages pass is safe, secure and non-hostile. : 1, Confidential Threats: Breaching confidentiality on the internet isnot difficult. A company May choose to collect web demographics and log the URL from which the user just came. py doing this, the company has breached confidentiality by recording the secret information the User has just entered. 2. __ Integrity Threats: It exists when an unauthorised party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Using security hole in a domain name server, perpetrators can substitute the address of their website in place of the real one to spoof website visitors. It can alter vital financial, medical or military information, Cyber Vandalism is an example of an integrity violation. 3. —_ Availability Threats: It is also known as “delay threat’ or ‘denial threat’. The intention of this threat is to disrupt normal computer processing or to deny processing entirely C. Server Threats The server is the third link in the client — internet — server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information, 1. Web-Server Threats: It is designed to deliver web pages by responding to HTTP requests. Web server software is not inherently high-risk, but the more complex software is, the higher the probability that it contains coding errors (bugs) and Security holes — security weaknesses that provide openings through which evildoers can enter. 2, Commerce Server Threats: The commerce server, along with the ‘web-server, responds to requests from the web browser through the HTTP protocol and CGI scripts. Several pieces of software compromise the commerce server software suit, including an FTP server, a mail server, a remote login server and operating systems on host machines, Each of this software can have security holes and bugs. 3. Database Threats: E-commerce systems ‘Store user data and retrieve product information92 EOWMERGE mice 2 cookie on the visitor's computer. Its purpose is to provide a way fora thitd-party wep {9 Place cookies from that third-party site on the visitor's computer. vit 1S. Active Content: It refers to programs that are embedded re oekies, ee apne {Bat Cause action to occur, The best-known active content forms are cookies, java PICS, Actyg X Controls, Java Seript and VBScript that are programs that interpret or execute instretong embedded in downloaded objects from a web / commerce server B. Communication Threats The internet serves as the electronic chain linking a consumer (client) to an E-commerce reso (commerce server), Messages on the intemet travel a random Path from a source node toa destination node. The Message passes through a number of intermediate computers on, the Retwork before reaching the final destination. It is impossible to guarantee that every computer o, the intemet through which messages pass is safe, secure and non-hostile, 1. "Confidential Threats: Breaching confidentiality on the internet is not difficult. A com may choose to collect web demographics and log the URL from which the user just came, By doing this, the company has breached confidentiality by recording the secret information the user has just entered. 2, Integrity Threats: It exists when an unauthorised party can alter a Message stream of information. Unprotected banking transactions are subject to integrity violations. Using a security hole in a domain name server, perpetrators can substitute the addrese of their website in place of the real one to spoof website visitors. It can alter vital financial, medical or military information, Cyber Vandalism is an example of an integrity violation. 3. Availability Threats: It is also known as ‘delay threat’ or ‘denial threat’, The intention of this threat is to disrupt normal computer processing or to deny Processing cntirely C. Server Threats ‘The server is the third link in the client — internet — server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabil that can be exploited by anyone determined to cause destruction or to illegally acquire information. 1. Web-Server Threats: It is designed to deliver web pages by Tesponding to HTTP requests. Web server software is not inherently high-risk, but the more Complex software is, the higher the Probability that it contains coding errors (bugs) and security holes — Security weaknesses that Provide openings through which evildoers can enter. 2. Commerce Server Threats: The commerce server, alon;secur ‘AND THREATS IN E-COMMERCE 93 ‘Common Gatews 4 ay Interface Th ‘ web set to another program, such as Es the transfer of information from a ransfer data provide active content to program. CGI and the programs to which they password Hacking: The si web pages. CGI present a security threat if misused. 7d. oa aoa attack against a password-based system is to guess Prthentcation function be obtained. I ¢ complement, the complementation function and iced, then the attacker can use the ae a these has changed by the time the password is (0 access the system. cyber Vandalism ‘A Cyber-attack without any obvi i o Jefacement of 2 Lire ederim elie ideologies! seed Cyber Vandalism, and its aT display the hacker's prowess. ‘Vandalism in digital crime is the crime of cyber vandal re Le , like real-world vandalism, is to be destructive. Investigate ae baracteristics. 4 learn about some of the different types of cyber vandalism and per vandalism is damage or destruction that takes place in cyber vandals may deface a website (such as J files or elements that interrupt its normal utilisation, or remove & motive, usually digital form. Instead of keying someone's car» © Wikipedia), create malware that damages electronie disk drive t0 disable a computer system. Unlike digital espionage, where the purpose is to steal and misuse data, digital vandalism only seeks to damage, destroy, or disable data, computers, or networks. Cyber ‘vandalism can impact ices as well as businesses drastically, including the ability of your customers to access Scrvil dor reputation. In the next section, We ‘will highlight some financial loss or impact to your bran common forms of ‘vandalism that cyber criminals may undertake. Example: A criminal committing cyber vandalism involves damaging computer hardware, such as when a disk drive is remo ystem. This could happen wed in an attempt to disable a computer S; internally by @ disgruntled empl m a thief attempting to steal company data or intellectual property. loyee Or externally fro Cyber Crime Cybercrime, which i ‘as computer crime means the use of a computer as an te ick instrument to meet illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, oF violating privacy- Cybercri \der State subjects as per the Seventh Schedule of the Constitution of India. cyterarimes ar taken a leap ith the growth of technology and according to the National Crime Records Bureau (NCRB), the registered cases rose from 12,317 in 2016 to 50,035 cases in .d to 52975 in 2021. .s alternatively known that are controlled extemally by 2020 which further increase from com| mised computers : Botner oe rE ses then send spam oF attack other computers through these botnets. : bercrime which involves online harassment where the user 1S use social media, : erstalking is a kind of cY 0 sbjeced to ol ‘ora of online messages and emails. Cyberstalks websites, and search engines to intimidate a user and instil fear. eee TT TTPen nietor (IAQ): This center coordinates effors yt Ree eg Rrmrerss Indian Cyber Crime Coordination Centre tackle all types of cyber-crimes across the country. seks. * National Cyber Forensic Laboratory: It provides St tee ad cui | to Investigating Officers of all State/UT Police through both online an es, * - CyTrain Portal: A Massive Open Online Courses (MOOC) Blationn for Capacity | building of police officers, judicial officers, and prosecutors through online courses gn critical aspects. of cyber-crime investigation, forensics, and prosecution. , | * National Cyber Crime Reporting Portal: A platform where the public can repo incidents of eyber-crimes, with a special focus on crimes against women and children, | * Citizen Financial Cyber Fraud Reporting and Management System: It is a system for immediate reporting of financial frauds and assistance in lodging online cyber Complaints through a toll-free helpline. * Cybercrime Prevention against Women and Children (CCPWC) Scheme: Financia | assistance provided to States/UTs for developing capabilities of Law Enforcement Agencies in investigating cyber-crimes. Joint Cyber Coordination Teams: Constituted to enhance coordination among law) Enforcement Agencies of States/UTs, particularly in areas with multi-jurisdictional | issues related to cyber-crimes. Central Assistance for Modernization of Police: Providing financial support to States/UTs for acquiring modem weaponry, advanced communication’ forensic | equipment, and cyber policing equipment. Legal Provisions in Cyber Crime A. Information Technology Act, 2000 The IT Act came into force on 17th October 2000. Offences under the IT Act are as follows: Section 65 — Tampering with computer source documents: If a person knowingly of intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force. Penalty — Imprisonment up to three years, or/and with a fine up to Rs, 200,000. Section 66 — Hacking with computer system: If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or dees or alters any information residing in a computer resource or diminishes its value or uty o affects it injuriously by any means, commits hack. Penalty — Imprisonment up to three years, or/and with a fine up to % 500,000.ecuniTy AND THREATS IN E-COMMERCE 95 n receives OF 668 — Receivi ice: A perso! 7 ing stolen computer or communication device: the person sect ai Sefins a computer resource or communication device Whi reason. 10 believe that itis stolen. junication device which is known to be stolen or penalty — Imprisonment up to three 3 1 Sc - Using pasvord ae or/and with a fine up to Rs.100,000. aigial signature oF other unique ideuifiection beste eee fraudulently uses the password, penalty ca seat up to three years, or/and with a fine up to © 100,000. section 66D ~ Cheating using computer resoure: If person cheats it pesource or communication. . cheats someone ua penalty pean up to three years, or/and witha fine up to & 100,000. jon 66E — ishing private images of othe persor i i 7 aD 2 ers: Ifa yn captures, transmits OF publishes jmages of a person's private pats without his/her consent or eee ty — Imprisonment up to three years, or/and with a fine up to % 200,000. 66F — Act of cyber terrorism: If a person denies access to authorised personnel to 2 computer Tesource, accesses & protected system or introduces ‘contaminant into a system, with the intention of threatening the unity, integrity, sovereignty oF security of India, then he commits cyber terrorism. Penalty — Imprisonment up to life. section 67 ~ Publishing information whie transmits or causes to be published in the electronic for appeals to the prurient interest or if its effect is such as to ten who are likely, having regard to all relevant circumstances, contained or embodied in it, 1g a computer Penal Section fn is obscene in e-form: If a person publishes or 1m, any material which is lascivious oF d to deprave and corrupt persons to read, sce or hear the matter orfand with a fine up to & 1,000,000. Penalty — Imprisonment up to five years, Section 67A — Publishing images containing sexual acts: If a person publishes or transmits ‘ually explicit act oF conduct. images containing a sex Penalty — Imprisonment up to seven years, or/and with a fine up 0 1,000,000. Section 67B — Publishing child porn or predating children online: If a person captures, publishes or transmits images ofachildina sexually explicit act or conduct. Ifa person induces child into a sexual act. A child is defined as anyone who is under 18 years of age. Penalty — Imprisonment up {0 five years, or/and with a fine up to & 1,000,000 on first conviction. Imprisonment up to seven YeatS or/and with fine up 0% 1,000,000 on second conviction. yrds: Persons deemed as intermediary (such as an ISP) Section 67C — Failure to maintain re" ns dee must maintain required records for stipulated time. Failure is an offence. Penalty — Imprisonment up t© three years, or/and with fine. Section 68 — Failure/refusal to comply with orders: The Controller may, by order, direct a of such Authority t0 take such measures or cease carrying, Certifying Authority or any employee of suc c ‘ on such activities as specified in the ‘order if those are necessary 10 censure compliance with theEC 96 OMMERCE provisions ofthis Act, rule or any regulations made there under. Any person Who fails t0 con, with any such order shall be guilty of an offence. Penalty — Imprisonment up to three years, or/and with a fine up to z 200,000. 7 Section 69 — Failure/refusal to decrypt data: If the Controller is ae that it is necessary a expedient so to do in the interest of the sovereignty or integrity of India, the apes of the State, friendly relations with foreign States or public order or for Preventing inc a 0 the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct an, agency of the Government to intercept any information transmitted through any compute, resource. The subscriber or any person in charge of the computer resource shall, when calle upon by any agency which has been directed, extend all facilities and technical assistance t, decrypt the information. The subscriber or any person who fails to assist the agency referred jg deemed to have committed a crime. Penalty — Imprisonment up to seven years and possible fine. Section 70 — Securing access to a protected system: The appropriate Government may, by Rotification in the Official Gazette, declare any computer, computer system, or computer network to be a protected system. The appropriate Government may, by order in writing, authorise persons who are permitted to access protected systems. If a person secures access or attempts to secure access to a protected system, then they are committing an offense. Penalty — Imprisonment up to ten years, or/and with fine. Section 71 — Misrepresentation: If anyone makes any mistepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate. Penalty — Imprisonment up to three years, or/and with fine up to 100,000. Section 66A of the aforesaid act was held unconstitutional by the Apex Court in the case Shreya Singhal v. UOI (2015). This section provided punishment for sending offensive messages through communication service, etc. Indian Penal Code, 1860 The Indian Penal Code aids in punishing offenders of cybercrimes along with the IT Act, 2000, The major provisions that deal with cyber frauds are as follows: > — Section 463 — Forgery: Whoever makes any false document or false electronic record or part of a document or electronic record, with intent to cause damage or injury, to the public or to any person, or to support any claim or title, or to cause any person to part with Property, of to enter into any express or implied contract, or with intent to commit fraud or that fraud may be committed, commits forgery. > — Section 465 - Punishment for forgery: Whoever commits forgery shall be punished with imprisonment of cither description for a term which may extend to two years, or with fine, or with both. > Section 468 - Forgery for purpose of cheating: Whoever commits forgery, intending that the document or electronic record forged shall be used for the purpose of cheating, shall be_couRtT AND THREATS IN E-COMMERCE 97 punished with imprisonment of eith ‘ti Pears and shall also be ible o Poca od oon etree extend to seven Network Security: Encryption ° Iti . sam a iran cy beng asi et ced riercn dsp he aig ee ra diferet sere saan Ge ae Bee aes on sent over wireless networks and the Internet. Many websites and ane eins wil eer ta transmissions using SSL (Secure Socket Layers). Any website tat gen the wed Bead agence ie HTT protocol, which encrypts all data sent onion of FIP, encrypts all data meee . P (Secure File Transfer Protocol) is a secure There are many different types of encryption algorithms, but some of the most common ones include: AES (Advanced Encryption Standard) * DES (Data Encryption Standard) + Blowfish RSA (Rivest-Shamir-Adleman) 4 DSA (Digital Signature Algorithm) ‘ABS (Advanced Encryption Standard) is the modem algorithm with 256 - bit. YOUR DATA IPVANISH ENCRYPTION WHAT THIRD PARTIES SEE WHAT YOU SEE © Tt isthe process of converting data toan “unrecognizable” or “Encrypted form”. © Ttisused to protect sensitive information so that only authorised parties can view it. «This includes files and storage devices, as well as data transferred over wireless networks and the Internet. Eneryption Algor iain is the function, usually with some mathematical foundations, which performs the task of encrypting and decrypting the data. : Keys are used by the encryption algorithm to determine how data is encrypted. word. When a piece of information is encrypted, it needs to Ss: a rt ‘are similar to pass98 E-COMMER¢: specify the correct key to access it again. Instead, an encryption program uses your jay transform the cipher text back into plain text. ee : As ii i have a predetermined length. BCE keyg Key Length: As in case of password, encryption keys are more dificult for an attacker to guess than shorter ones beeause there are more of them tg yy ina brute. Plain Text: The information which is wish to encrypt. Cipher Text: The information after it is encrypted Encryption - Types Most computer encryption systems belong in one of two categories. Broadly speaking, there are two types of encryption methods: 1. Secret — key encryption / Private Key / Symmetric Encryption 2. Public —_key encryption / Asymmetric Encryption Encryption - Secret Key Encryption Same tay ms uted to encivot and decrypt *. Also known as Private Key / Symmetric Encryption, . Secret key encryption uses one key, the secret key, to both encrypt and decrypt messages. This is called “symmetric encryption”. . Secret key encryption uses same key, the secret key, to both encrypt and decrypt Messages Components in Symmetric Encryption Key Plain Text: This is the original message or data that is fed to the algorithm as input. Encryption Algorithm: The encryption algorithm Performs various substitutions and permutations on the plain text. Cipher Text: This is scrambled message Produced as output, It dey 3 ds A key. It is an apparently random stream of. data, as it stands, and is waimelionn plaintext and the__cuRtT AND THREATS INE-COMMERCE 99 yption Algorithm: This is essential ly the encryption algori : avantages of Secret Key Encryption mn algorithm run in reverse. symmetric key encryption can be extremely secure , Encrypting and decrypting s i “ good reading and writing pera key data is relatively easy to do and it gives very : symmetric key encryption i “Mitional hard ‘ives. internally to store data and they are still faster than unent tri ‘A symmetric cryptosystem uses password authentication to prove the receiver's id ‘A system only which possesses the seeret key can decrypt a message. Disadvantages of Secret Key Encryption It cannot provide digital signatures that cannot be repudiat ‘The biggest problem withthe symmetric key encryption is the key to the party with whom data is to be shared. ‘ jerypted lentity. ted. that it requires having 2 Way to locks of get rds. They are essentially bl Encryption keys are not simple strings of text like passwo! codes. ‘The secret key is to be transmitted tothe receiving system before the actual messa be transmitted. ‘The only secure way of exchanging keys would be exchanging them personally. ~ Public Key Encryption own as Private Key / Asymmetric Encryption. one to encrypt the message and a different key to ge is to Encryption + Also kn Public key encryption uses two key, decrypt the message. R. R.E. 100 COMMERCE History of a Firewall ' : = Firewall security has been around since the 1980s. Originally, it only pee of packet filter and existed within networks designed to examine the packets of data sent an | received, between computers. Firewalls have evolved in response to the growing variety of — : * — Generation 1 firewalls antivirus protection: These consisted of antivirus protection, designed to stem the proliferation of viruses invading PCs in the 1980s. . Generation 2 firewalls network protection: In the mid-1990s, physical firewalls had to be created to protect networks, ° Generation 3 firewalls applications: In the early 2000s, firewalls were developed to address vulnerabilities in applications. © Generation 4 firewalls payload: These firewalls, developed around 2010, were designeq to address evasive and polymorphic attacks. * Generation 5 firewalls large-scale protection: Around 2017, large-scale attacks using new and more complex methods necessitated advanced threat detection and prevention solutions. Firewall A firewall is a network security device that prevents unauthorised access to a network. It inspects incoming and outgoing traffic using a set of security rules to identify and block threats. A firewall can be physical hardware, digital software, software as a service (SaaS) or a virtual private cloud, Firewalls serve as the first line of defense against external threats, such as hackers and malware attacks. Firewalls combined with an Intrusion Prevention System (IPS) are crucial in preventing malware and certain application layer attacks. A firewall acts as a border between your computer and the connected network (like LAN or internet). It inspects all the incoming and outgoing packets of the network. It inspects on the basis of programmed rules which are created by humans. These rules may depend on the demand, necessity and security policies defined by the organisation. These rules will tell whether a packet will be allowed by the network barrier or not. If any packet is identified as a danger or threat according to the defined rules then it will not be allowed through the network. Though there are many rules and policies, the firewall also defines some default policies. It consists of three actions. 1. Accept: Allows traffic to pass through. 2. Drop: The network packages are dropped directly. 3. Reject Itrejects or blocks the trafic. Additionally, it wil reply with an eror message101 Lyf tat My 7 (] Say “) Organisation Server Types of Firewall A firewall in a computer network provides security at the perimeter by monitoring incoming and jomalies. Jcets in network traffic for malware and an‘ outgoing data pac all are as follows: The different types of Firewi 1. Host-based Firewalls: controls each incoming applications, comes as a part of because network firewalls cannot provide protection insid tects each host from attacks and unauthorised access. network level. In other words, 2. Network-based Firewalls: Network firewall function on these firewalls filter all incoming and outgoing traffic across the network. It protects the internal network ies defined on the firewall. A Network ‘based firewall by filtering the traffic using firewall might have two or mol .ce cards (NICs). A network- re network interfa is usually a dedicated system with proprictary software installed. Differences between 2 Network Firewalls and Host-based Firewalls ‘one compute Network firewall protection a ess ae, devices and trafic Host-based firewall is installed on each network node which ‘and outgoing packet. It is a software application or suite of f the operating system. Host-based firewalls are needed fe a trusted network. Host firewall Host protects just & A Network firewalls | protect all Bo OfC| ooe 102 = SOueRe jitecture. Whi 3. Packet-Filtering Firewalls: This is the oldest type of fev Se eactination aaa Passes through this firewall then it would check its source a ear aed dress, Port number, and protocols without opening the packet. 1Fthe packet is not acc tare the tules then the packet is dropped. These firewalls are of low cost Lo me re for small networks. However, these firewalls work only on the network layer and they gu. vulnerable to spoofing. rT ave eet at eta 192.168.21.0 - - - deny es eI - 23 deny = 192.168.21.3 | - - deny ~ — [ag2te210] - >1023 | Allow Sample Packet Filter Firewall Rule * Incoming packets from network 192.168.21.0 are blocked. * Incoming packets destined for the internal TELNET server (port 23) are blocked. * Incoming packets destined for host 192.168.21.3 are blocked. * All well-known services to the network 192.168.21.0 are allowed. 4, Circuit-Level Gateway Firewalls: It works on the Session layer of the OSI model. I checks that the TCP 3-way handshakes are legitimate (according to the rules) or not. While they are extremely efficient but the firewall doesn’t check the packet itself. So, if any Packet contains the malware and passes the TCP handshake checks then it would pas through the firewall and the system would be at risk. 5. Stateful Inspection Firewalls: They are also called dynamic packet filtering firewalls. They maintain a track of all the open connections of the network. If any new packet arrives then the firewall checks if the new Packet is of one the open connections thea it simply allows the packet to pass. But, if the new packet is not of one of those ‘open connections then it checks the packets according to the rules set for new connections. + Application Firewall: It is also called a proxy-based firewall: This firewall operates at the application layer and filters the incoming traffic. When there is a proxy firewall then both the client and the server connect through an intermediary i.e. proxy servers, So, noW when any external client wants to connect to any internal server or vice versa, then the client will have to open a connection with proxy instead. The proxy firewall first establishes 4 connection to the source of the traffic and then it inspects the incoming data packet. These firewalls may check the actual content of the packet so that if the packet containsgommmonmemsuecomme 103 1 any malware it can be rej sjected. Th for the attacker to dis re advanta; r to discover a network air of using a proxy server is that it makes hard Nest-Generatce Firewall: Most of the s and hence provides security. generation architecture, So we newly released firewall i ee ek ce amet ea ae Daa Pst from HTTPS prone attacks), IPS ae the data), SSLISSH Inspection (this seeure= stop the attack against your Sait Prevention System ~ this works 0 ‘automatically Firewall so one should check th |. There is no proper definition of the Next-generation coreare Fireval The sof e capabilities of the firewall before buying one. |: The sot : installed on the local ae firewall may include any type of the above firewall that is instead rather than a separate piece of hardware. It provides security as each individual network endpoint is isolated from others. Example: Windows Firewall is a software program that comes included in Microsoft Windows. Hardware Fi 3 i a rare Fe ae Firewalls are the hardware devices which are found mostly on ide net ee 7 Firewall provides security from the malicious traffic from the orks as they are intercepted and blocked before they reach the internal network. Example: Cisco ASA 5540 series firewall EXAMPLES Great Firewall of China, internet ‘censorship Since around 2000, China has had internal firewall frameworks in place to create its carefully ‘monitored intranet. By nature, firewalls allow for the creation of a customized version of the global internet within a nation. They accomplish this by preventing select services and informati within this national intranet. National surveillance and censorship allow for the ongoing suppression of free speech while maintaining its government's image. ermore, China’s firewall allows its government to limit internet services to local companies. This makes control over things like search engines and email services much easier to regulate in favour of the government's goals. China bas seen a0 ongoing internal protest against this censorship. private networks and proxies t0 get past the national firewall has allow their dissatisfaction- Covid-19 U-S. federal agen" compromised due treme! just one of many securi ‘on from being used oF 2cc The use of virtual ed many to voice e work weaknesses ‘ity weaknesses that led to In 2020, a misconfigured F an anonymous United States federal agency 's breach. oe ee ration-state acto exploited a series of vulnerabilities in the uS. tis believed that Pied issues with tir SECU, the firewall in jc. Alongside being ‘ e many cited ! ty. Among were int] priately open t0 traffi es with remote work.E-COMMERCE through any other open pathways to other infiltrated agency at risk ofa security breac! 5 i loite U.S. power grid operator’s unpatched firewall exp ' i In 2019, a United States power grid operations provider ves psa a 2 Dealalot Service (DoS) vulnerability that hackers exploited. Firewalls on the per ork were stuck in a reboot exploit loop for roughly ten hours. fi It was later deemed to be the result of a known-but-unpatched firm the firewalls. A standard operating procedure for checking Laie before implementation had not yet been implemented causing delays a updates a an inevitable security issue, Fortunately, the security issue did not lead to any significant agencies. This type of effort puts not only the fh but many’others as well. | mware vulnerability in network penetration. ‘ | These events underline the importance of regular software updates. Without them, firewalls are yet another network security system that can be exploited. Advantages of Firewall The advantages of Firewall are as follows: 1. Protection from unauthorised access: Firewalls can be set up to restrict incoming traffic from particular IP addresses or networks, preventing hackers or other malicious actors from easily accessing a network or system. Protection from unwanted access. 2. Prevention of malware and other threats: Firewalls can be set up to block traffic linked to known malware or other security concerns, assisting in the defense against these kinds of attacks. 3. Control of network access: By limiting access to specified individuals or groups for particular servers or applications, firewalls can be used to restrict access to particular network resources or services. 4. Monitoring of network activity: Firewalls can be set up to record and keep track of all network activity. This information is essential for identifying and looking into security problems and other kinds of shady behaviour. 5. Regulation compliance: Many industries are bound by rules that demand the usage of firewalls or other security measures. Organisations can comply with these rules and prevent any fines or penalties by using a firewall. 6. Network segmentation: By using firewalls to split up a bigger network into smaller subnets, the attack surface is reduced and the security level is raised. Disadvantages of Firewall The disadvantages of Firewall are as follows: 1, Complexity: Setting up and keeping up a firewall can be time-consuming and difficult especially for bigger networks or companies with a wide variety of users and devices.gguRtTY AND THREATS IN E-COMMERCE 105 risks that operate Limited Visibility: Fi 'y: Firewalls may not be able to identify or stop security nly observe and 2 at other levels, such as the applic appl A at nage trafic atthe ana a or endpoint level, because they can 0 3, False sense of security: Some busi their firewall and disregard other crcial se place an excessiv intrusion detection systems. security measures like end} 4, Limited adaptability: Becat Limspond o fresh security a, senall are frequently rule-based, th performance ii tS impact: Network performance can be significantly impacted by firewalls, ,¢ amount of reliance on point security oF ey might not be able 5 ae if they are set up to analyse or manage a lot of traffic : ited scalability: " eal a firewalls are only able to secure one network, businesses that ive leploy many firewalls, which can be ‘expensive. 7, Limi i e nf support: Some firewalls might not allow complex VPN features like split tunneling, which could restrict the experience of a remote worker. g, Cost: Purchasing many devices or add-on features for a firewall i ccpecially fi businesses. for a firewall system can be expensive, Real-Time Applications of Firewall 1. Corporate networks: Many businesses employ firewalls to guard against unwanted access and other security risks on their corporate networks. These firewalls can be set UP to only rmit authorised users to access particular resources or services and to prevent traffic from particular IP addresses oF networks. nisations: Government 0 isations frequently employ firewalls to Tike HIPAA or PCI-DSS. They might make 2, Government org# safeguard sensitive data and to adhere to rules use of ‘cutting-edge firewalls like Next-generation firewalls stop intrusions as ‘well as manage access to particular data and apps. 3, Service providers: Firewalls are used by service providers t safeguard their networks and 1s, including ISPS, cloud service providers, and hosting firms. They olumes of traffic and the data of their lien! mmodate enormous V' might make use of fire js that accor ¢ tures such aS ‘VPN and load balancing. te their intemal networks, (NGFW), which can detect and advanced feat one Si es: Small firms may use Is to separate | eats ener epecife resources Of applications, ‘and defend their networks from ex! threats. ee against unwanted access and other security risks, many home have built in can be set up to block Netwe t home: TO rd letworks at hol ud that many TOES users employ firewalls: *- oan incoming traffic and restrict access tHe 1 4 to safeguard industrial control 6 CS): Firewalls are used to sale} 2 3 Industrial Control Systems ie yer i AY ° al infrastructures, including tems against illegal et, aa ee treatment facilities, 2"ia E-COMMERCE 6 Protecting Web server with a Firewall i a 1. Identify your security objectives: It's crucial to first identify bea aot policy show’ objectives before venturing into firewall policy design. This is hearers organisation’s. genen’ not just speak to your unique security needs but also comply wi eral security policy. Identifying your organisational security objectives should factor in the types. ree ae = to be allowed or blocked, compliance requirements, resource allocation, an he overall business objective. — 2, Define your firewall architecture: Firewall architecture refers to the en layout of a firewall system responsible for controlling and monitoring network traffic. - ne Pg Arewall architecture will involve deciding on the type of firewall to be used, the location of te | firewall within the network, and the number of firewalls required to achieve the desired level of security in the organisation. Web site Ld : 2. Seve Home Requesta) Firewall the page. Computer | Web page. = =. = delivered. Different types of firewalls are available, such as packet-filtering firewalls, stateful firewalls, and next-generation firewalls. Each type has its strengths and weaknesses, so choosing the right one will depend on your organisation’s specific security requirements, 3. Create your firewall rules: Firewall tules are the specific instructions that determine which traffic is allowed or blocked based on criteria Such as source and destination IP addresses, Ports, protocols, and application types. When creating firewall rules, itis vital to be as specific as Possible to minimize the risk of false Positives. Rules should be written in plain language so they are easy to understand and maintain, 4. Monitor your firewall: Monitoring your firewall is essential to ensuring that it's working effectively. This includes regularly reviewing logs and alerts, analysing network traffic, and testing your firewall for vulnerabilities. Besides monitoring logs and analysing network traffic, Monitoring your firewall also involves ensuring that people within the organisation follow and implement the firewall security rules ineon AND THREATS IN E-COMMERCE 407 cy. In addition, re ' poly: 3 egular monitoring wil a Fal network security threats talon wl bly you oll ‘identify and respond © ey can cause significant damage to the organisation. | and Security Policy rirewall policy refers to a set it of security requirements, controls, and cob sat eseablishe yy an organisation to ensure its informati . jon security, defi formation security. It establish nf oe eae S i management structure of information security, as well as PUS var gually exists in Se ee Oe ea vgunsaion. This kind of SeCuny locuments and belongs to the scope of ‘enterprise governance fo oly ; * Wren it ee a security policy specifies rules used t0 protect networks. It is configured PY aan stator in the firewall system to determine which traffic can pass through firewall and W ich traffic should be blocked. Security policies are @ basic concept and core firewalls. Firewalls use security polices to provide service janction O' to ensure network security. capabilities composition of a Security Policy a security policy defines a set of rules that contain After seceiving a packet, the firewall matches the packet attributes against conditions of the security policy. If all conditions are matched, the packet successfully matches the security policy, and the firewall processes the packet and subsequent bidirectional traffic according to the action defined in the security policy. Therefore, of a security policy are matching conditions and actions. Matching Conditions The matching conditions of a security policy describe traffic meets the conditions. A security policy includes the following matchin} User who sends the traffic. In the Agile Controller SSO scenario, terminal type can also be specified as matching conditions. Source and destination of traffic, including the source and destination security Zones, source and destination IP addresses, SOUrce and destination regions, and source and destination VLANs. A region is a geographic region mapped by an IP address. + Services, applications, ies of URLs to be: accessed. « Time range. Actions A security pol through. + If the action is permit, you can perform further matches the policy. The content se RL ete et ae antivirus, intrusi revention system ‘ltering, file blocking, ering, pare fense, and DNS filtering. Each content application behavior control, mail filtering, APT de process requirements Pes the overall goal of ns and actions. ching conditio inst the matching specific mat the core elements characteristics to filter the traffic that ig conditions: the user access mode and or categori tions: permit and deny, that is, allow or forbid traffic to pass content security check on the traffic that functions of Huawei firewalls include licy has two basic a108 ECOMMERCE | | Security check has its own application scenarios and actions. The result of all conten, security checks determines how the firewall processes traffic. * If the action is denied, you can choose to send feedback packets to a server or client 4, quickly terminate sessions and reduce system resource consumption. Matching conditions such as users, terminals, time ranges, addresses, regions, service, applications, and URL categories, and various profiles required for content security check exist ag objects on the firewall. You can create an object and reference it in multiple security policies, Policy Identifiers To facilitate management, the following security policy identifiers are provided: * Name: Uniquely identifies a security policy. Specifying a name, for example, a name indicating the purpose, for each security policy can improve maintenance efficiency. * Description: Records information about a security policy. For example, you can record the number of the application process that triggers the security policy in this field. In this way, you can quickly understand the background of the security policy during routine audit, for example, when the security policy is introduced, who submits the application, and validity period of the security policy. * Policy group: Multiple security policies with the same purpose can be added to a policy group to simplify management. You can move, enable, or disable a policy group. * Label: You can add multiple labels to a security policy to filter policies with the same characteristics. For example, you can add labels such as high-risk application and company application based on the type of applications to which a security policy applies. You are advised to set labels with a fixed prefix. For example: SP_, and use different colors to differentiate actions. This makes labels easy to understand. Security policy configuration example 192.168.1.0/24 192168.2.0/24 Trust Untrust Network Firewall and Application Firewall Network firewalls are security devices used to stop or mitigate unauthorised access to private networks connected to the Internet, especially intranets. The only traffic allowed on the network is defined via firewall policies - any other traffic attempting to access the network is blocked. Network firewalls sit at the front line of a network, acting as a communications liaison betwee internal and external devices.ait AND THREATS IN E-COMMERCE 109 ion firewall is : a senor pian security system that monitors and controls the incom id 60 ion from various eae security rules. It is designed to ay webs xf SPP njetion. Application pace ee eee injection, erosssite svt, and are typically implemented at the application layer of the eal a | , which is a structure 08 ona er akc =frhow dent vies comment ‘na network. This allows we fic specific to the application rather than just at the network vel. is wed ApPIi { Y ed to protect web applications from a few types of attac lication layer denial of service (DoS). They are Ming web apps from intemal and exteral eae Was are often used 05 22 additional layer of security i i used a i ty in cot other security sues ‘such as intrusion detection systems and intrusion prevention systems. can be an iective Way 1 protect a website or web application from a wide range of threats, including targeted specifically t web-based applications. cation Firewall ic : (VAR) is specitcally designe for HTTP applications. WATS ke including injection attacks and Meployed infront of wed Seve: junction with pose thal ae WEB APPLICATION FIREWALL vs NETWORK FIREWALL ficicaipnimnmad | Bktbr wa = OES mS Traffic NETWORK (ALL FIREWALL =] Parameter ‘Web Application Firewall Network Firewall Philosophy | A Web ‘Application Firewall (WAF) | Network Firewall is a device which is @ network ity firewall | controls access tO secured LAN solution that protects ‘web | network to protect it from applications from HTTP/S and web unauthorised access. Firewall acts as | application security | 2 filter which blocks incoming non- iitic legitimate ic from entering the valet Tre network and cause tacks. OStLayer | Layer7 Layer3-4 Coverage Modes of Active Inspection ‘and Passive mode Transparent mode and Routed mode Operation DDOS ‘Applicat Layer Basic level only at ‘Network Layer 7ECON. 110 Protection Target Protects HTTP/ITTPs based servers | Protection of user and oreaninoay Objects and Applications placed in Internet IT ae including aPnlcain Protection facing Zones of Network Firewall __| Servers and management, ing|On Perimeter of yy, Placement in | Close to Web/Intemet Facing | O® eo Network Applications (Commonly Internet) Web ‘All-encompassing, including | Minimal Application complete coverage of application | Protection layer ee Access Not possible Possible Control ‘Algorithms | Signature based, Anomaly detection, | Packet filtering, Stateful/staten, Heuristics inspection, Proxy Related SQL injection attacks, Cross-site | Attack from less secured zomg) Attacks scripting (XSS) attacks and DDoS | Unauthorised users accessing prisa Protection attacks. networks Proxy Server A proxy server acts as an intermediary between a user’s device (such as a computer ¢ smartphone) and the internet. It serves several purposes, including enhancing security, privay, and performance. It intercepts your web requests and forwards them to the destination websix, then sends the response back to you. The key aspects of a proxy server: 1. Anonymity and Privacy: © Hide IP Addresses: When you connect to the internet through a proxy server, it hiss your IP address from the websites you visit. This provides a degree of anonymity, websites only see the IP address of the proxy server. + Enhanced Privacy: Proxy servers can help users maintain privacy by masking te? online activities from websites, advertisers, and even internet service providers. 2. Content Filtering and Access Control: Access Control: Proxy servers can be used to restrict access to certain websites © content based on policies set by network administrators. * Content Filtering: They can filter web content, blocking access to specific websits™ types of content deemed inappropriate or against company policies.cunt AND THREATS IN E-COMMERCE Improved Performance: i Caching: Proxy serv allows_ subsequent ice ine eel and files. This bandwidth usage ad tpg Vda ee to be served faster, reducing Load Balancing: : a ne ee ce, pony seven used for load balancing, distributing prevent server overload. tiple servers to ensure optimal performance and 4, Security: See a ice oa mak ei ws woe . Content Inspection: Some proxy servers can inspect and filter content for malware, viruses, and other threats before allowing it to reach the end user. 5, Bypassing Geo-restrictions: «+ Geo-blocking: Users can use proxy servers 10 BYP geographic restrictions imposed by certain websites or streaming services, accessing content that may be restricted in their region. 6. Types of Proxy Servers: «© HTTP Proxy: Primarily used for web browsing and can handle HTTP traffic. e HTTPS Proxy: Similar to HTTP proxies but specifically designed to handle secure, encrypted HTTPS connections. « Transparent Proxy: Operates without user knowl! or responses. Often used for content filtering. Anonymous Proxy: Provides anonymity by hiding the user’s IP address. Socks Proxy: Supports multiple protocols and is often used for tasks like torrenting or online gaming Case Study A. Fortune Five-hundred Failure: E-Bay, millions of passwords stolen, damages in the ‘SM’s. : 7 i in the beginning of March 2014, the C2C giant had noticed an unsolicited database eae in sever, ean hie Fest was later officially announced that a5 120+ million users hhas been compromised for credentials and personal undisclosed slice of the information. How did they get there? well, eBay themselves acknowledged that one of their own has succumbed 108 yjoral engineering trick known as Phishing, where the attacker would ask someone who knows it, cither pretending to ‘be the original site or another, evant, site but relying on the fact that most of us use the same password ledge and does not modify requests the . mpletely irrelt cor everywhere. . ‘The pos! of the perpetrators was to obtain eBay staff credentials and with that, to access their