Specifications
E-commerce and Security
P
ART III
282
This chapter discusses the role of security in e-commerce. We will discuss who might be inter-
ested in your information and how they might try to obtain it, the principles involved in creat-
ing a policy to avoid these kinds of problems, and some of the technologies available for
safeguarding the security of a Web site including encryption, authentication, and tracking.
Topics include
• How important is your information?
• Security threats
• Creating a security policy
• Balancing usability, performance, cost, and security
• Authentication principles
• Using authentication
• Encryption basics
• Private Key encryption
• Public Key encryption
• Digital signatures
• Digital certificates
• Secure Web servers
• Auditing and logging
• Firewalls
• Backing up data
• Physical security
How Important Is Your Information?
When considering security, the first thing you need to evaluate is the importance of what you
are protecting. You need to consider its importance both to you and to potential crackers.
It might be tempting to believe that the highest possible level of security is required for all sites
at all times, but protection comes at a cost. Before deciding how much effort or expense your
security warrants, you need to decide how much your information is worth.
The value of the information stored on the computer of a hobby user, a business, a bank, and a
military organization obviously varies. The lengths to which an attacker would be likely to go
in order to obtain access to that information vary similarly. How attractive would the contents
of your machines be to a malicious visitor?
17 7842 CH13 3/6/01 3:36 PM Page 282