1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.
SET stands for Secure Electronic Transaction and is a standard (based on RSA) which ensure secure credit card transactions take place over Internet. SET is endorsed by major by all the major players in the e-commerce area, such as Microsoft, Visa and MasterCard. SET is based on digital signatures to verify the buyers are who they claim to be and moreover ensure the merchant has not about to see the number as the credit card number is over transfer between cardholders and card issuers (e-commerce-guide, 2010).
RSA (Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. It is suitable for signing as well as encryption and therefore it widely used in e-commerce protocols. (Wikipedia, 2010) RSA 128-bit encryption means that it is using a 128 bit key length key to encrypt the data and the longer the key implies the higher security the data is.
2. What can you find out about network and host-based intrusion detection systems?
Both network and host-based intrusion detection systems (IDS) are looking for attack signatures (specific patterns that usually indicate malicious or suspicious intent) to recognize and deflect attacks. The network-based IDS look for those patterns in network traffic but the host-based IDS looks for those patterns in log files. Either method will has its own strength and weakness, (such as network-based - low cost, difficult to remove evidence, OS independence; host-based: well-suited for encrypted and switched environment, no additional hardware) therefore a truly effective IDS should employ both technologies (Internet Security Systems, 1998).
3. What is 'phishing'?
Phishing refers to a method that the identity theft setup a fake website which seems to represent a legitimate company, then they will send fake emails (looks from the legitimate company) out to the victims and provide a hyperlink to them to access the fake website. Once the victim provides personal information such as username and password to the fake website, the identity theft will use them for their own purposes or sell them to other criminal parties (dictionary.com, 2010).
4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?
Please refer to question 1 for SET definition.
Secure Sockets Layer (SSL) is a standard for encrypted client/server communication (public key) between network devices. It runs on top of TCP/IP and is invented by Netscape. SSL is built into all major browsers and web servers and its capabilities can be turned on by an installation of a digital certificate.
The main difference between SET and SSL is that under SET transaction, the merchant will not receive any credit card information from the buyer, therefore the credit card information is more secure. Nowadays, SSL is the most common use method as the setup and running cost is cheap when compare with SET (Chen, 2010)
5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?
A cookies is a text string (user preference, information) send by a web server to a web browser (stored) and then send back to the same server when the user access it next time. It can be used for authentication, session tracking, storing site preferences, shopping cart contents, identifier for a server-based session, etc.
The use of cookies can be a security risk as they do not always accurately identify users, they can be used for security attacks (spyware) and the content is easy to extract (Wikipedia, 2010)
6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?
A firewall is a device which control access between the Intranet and Internet. It determines whether a data packet or a connection request should be passing through or denied. It can quarantine an organization Intranet is free from any unauthorized traffic if the organization places a firewall at each external connection (Eustace, 2010).
There are a lot of firewall vendors, such as Checkpoint, Cisco, IBM, ZoneAlarm, etc. Most of the business firewall solution is hardware and the personal firewall solution is software. Some of the vendors are doing both HW and SW firewall products. (Checkpoint)
7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
The measures that e-commerce should provide to create trust among their potential customers are maintain logs audit, encrypt email messages, secure client/Server security, secure data transport security, secure operating system security, use security transport protocols (SSL, SET, HTTPS), use firewalls and secure browsers with security and scrambling features.
The measures that the customer can be verified should be the encrypt email messages, security transport protocols and audit logs (Eustace, 2010).
8. Get the latest PGP information from
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
The others are PGP tools, HASP key and security dongles (use by bank). Such tools are exist both HW and SW format.
SET stands for Secure Electronic Transaction and is a standard (based on RSA) which ensure secure credit card transactions take place over Internet. SET is endorsed by major by all the major players in the e-commerce area, such as Microsoft, Visa and MasterCard. SET is based on digital signatures to verify the buyers are who they claim to be and moreover ensure the merchant has not about to see the number as the credit card number is over transfer between cardholders and card issuers (e-commerce-guide, 2010).
RSA (Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. It is suitable for signing as well as encryption and therefore it widely used in e-commerce protocols. (Wikipedia, 2010) RSA 128-bit encryption means that it is using a 128 bit key length key to encrypt the data and the longer the key implies the higher security the data is.
2. What can you find out about network and host-based intrusion detection systems?
Both network and host-based intrusion detection systems (IDS) are looking for attack signatures (specific patterns that usually indicate malicious or suspicious intent) to recognize and deflect attacks. The network-based IDS look for those patterns in network traffic but the host-based IDS looks for those patterns in log files. Either method will has its own strength and weakness, (such as network-based - low cost, difficult to remove evidence, OS independence; host-based: well-suited for encrypted and switched environment, no additional hardware) therefore a truly effective IDS should employ both technologies (Internet Security Systems, 1998).
3. What is 'phishing'?
Phishing refers to a method that the identity theft setup a fake website which seems to represent a legitimate company, then they will send fake emails (looks from the legitimate company) out to the victims and provide a hyperlink to them to access the fake website. Once the victim provides personal information such as username and password to the fake website, the identity theft will use them for their own purposes or sell them to other criminal parties (dictionary.com, 2010).
4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?
Please refer to question 1 for SET definition.
Secure Sockets Layer (SSL) is a standard for encrypted client/server communication (public key) between network devices. It runs on top of TCP/IP and is invented by Netscape. SSL is built into all major browsers and web servers and its capabilities can be turned on by an installation of a digital certificate.
The main difference between SET and SSL is that under SET transaction, the merchant will not receive any credit card information from the buyer, therefore the credit card information is more secure. Nowadays, SSL is the most common use method as the setup and running cost is cheap when compare with SET (Chen, 2010)
5. What are cookies and how are they used to improve security? Can the use of cookies be a security risk?
A cookies is a text string (user preference, information) send by a web server to a web browser (stored) and then send back to the same server when the user access it next time. It can be used for authentication, session tracking, storing site preferences, shopping cart contents, identifier for a server-based session, etc.
The use of cookies can be a security risk as they do not always accurately identify users, they can be used for security attacks (spyware) and the content is easy to extract (Wikipedia, 2010)
6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?
A firewall is a device which control access between the Intranet and Internet. It determines whether a data packet or a connection request should be passing through or denied. It can quarantine an organization Intranet is free from any unauthorized traffic if the organization places a firewall at each external connection (Eustace, 2010).
There are a lot of firewall vendors, such as Checkpoint, Cisco, IBM, ZoneAlarm, etc. Most of the business firewall solution is hardware and the personal firewall solution is software. Some of the vendors are doing both HW and SW firewall products. (Checkpoint)
7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?
The measures that e-commerce should provide to create trust among their potential customers are maintain logs audit, encrypt email messages, secure client/Server security, secure data transport security, secure operating system security, use security transport protocols (SSL, SET, HTTPS), use firewalls and secure browsers with security and scrambling features.
The measures that the customer can be verified should be the encrypt email messages, security transport protocols and audit logs (Eustace, 2010).
8. Get the latest PGP information from
http://en.wikipedia.org/wiki/Pretty_Good_Privacy
The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?
The others are PGP tools, HASP key and security dongles (use by bank). Such tools are exist both HW and SW format.
Highly productive post. After reading the complete information I was able to understand all these concepts in more clear way. You have given an absolute detail to solve each problem statement. Thanks for sharing.
ReplyDeletedigital signature certificate