Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

301

302

303

304

305

306

307

308

309

310

E-commerce Security Issues

HAPTER 13

E-COMMERCE

SECURITY ISSUES

283

Hobby users will probably have limited time to learn about or work towards securing their sys-

tems. Given that information stored on their machines is likely to be of limited value to anyone

other than its owner, attacks are likely to be infrequent and involve limited effort. However, all

network computer users should take sensible precautions. Even the computer with the least

interesting data still has significant appeal as an anonymous launching pad for attacks on other

systems.

Military computers are an obvious target for both individuals and foreign governments. As

attacking governments might have extensive resources, it would be wise to invest personnel

and other resources to ensure that all practical precautions are taken in this domain.

If you are responsible for an e-commerce site, its attractiveness to crackers presumably falls

somewhere between these two extremes.

Security Threats

What is at risk on your site? What threats are out there?

We discussed some of the threats to an e-commerce business in Chapter 12, “Running an

E-commerce Site.” Many of these relate to security.

Depending on your Web site, security threats might include

• Exposure of confidential data

• Loss or destruction of data

• Modification of data

• Denial of service

• Errors in software

• Repudiation

Let’s run through each of these threats.

Exposure of Confidential Data

Data stored on your computers, or being transmitted to or from your computers, might be con-

fidential. It might be information that only certain people are intended to see such as wholesale

price lists. It might be confidential information provided by a customer, such as his password,

contact details, and credit card number.

Hopefully you are not storing information on your Web server that you do not intend anyone to

see. A Web server is the wrong place for secret information. If you were storing your payroll

records or your plan for world domination on a computer, you would be wise to use a com-

puter other than your Web server. The Web server is inherently a publicly accessible machine,

17 7842 CH13 3/6/01 3:36 PM Page 283