We'll email you at these times to remind you to study
You can set up to 7 reminders per week
We'll email you at these times to remind you to study
No questions haha
coding,, i don know..
i'm sorry sir, i dont understand
Security is an eternal concern for organizations as they face the dual problem of protecting stored data and transported messages. Organizations have always had sensitive data to which they want to limit access to a few authorized people. Historically, such data have been stored in restricted areas or encoded. These methods of restricting access and encoding are still appropriate. Electronic commerce poses additional security problems.
First, the intent of the Internet is to give people remote access to information. The system is inherently open, and traditional approaches of restricting access by the use of physical barriers are less viable, though organizations still need to restrict physical access to their servers. Second, because electronic commerce is based on computers and networks, these same technologies can be used to attack security systems.
Hackers can use computers to intercept network traffic and scan it for confidential information. They can use computers to run repeated attacks on a system to breach its security.
Data access control, the major method of controlling access to stored data, often begins with some form of visitor authentication, though this is not always the case with the Web because many organizations are more interested in attracting rather than restricting visitors to their Web site.
A variety of authentication mechanisms may be used. The common techniques for the Internet are account number, password, and IP address.
A system may often use multiple authentication methods to control data access, particularly because hackers are often persistent and ingenious in their efforts to gain unauthorized access. A second layer of defence can be a firewall, a device placed between an organization's network and the Internet.
This barrier monitors and controls all traffic between the Internet and the intranet. Its purpose is to restrict the access of outsiders to the intranet. A firewall is usually located at the point where an intranet connects to the Internet, but it is also feasible to have firewalls within an intranet to further restrict the access of those within the barrier. There are several approaches to operating a firewall. The simplest method is to restrict traffic to packets with designated IP addresses.
Another screening rule is to restrict access to certain applications. More elaborate screening rules can be implemented to decrease the ability of unauthorized people to access an intranet. Implementing and managing a firewall involves a tradeoff between the cost of maintaining the firewall and the loss caused by unauthorized access. An organization that simply wants to publicize its products and services may operate a simple firewall with limited screening rules.
Alternatively, a firm that wants to share sensitive data with selected customers may install a more complex firewall to offer a high degree of protection.
Coding or encryption techniques, as old as writing, have been used for thousands of years to maintain confidentiality. Although encryption is primarily used for protecting the integrity of messages, it can also be used to complement data access controls. There is always some chance that people will circumvent authentication controls and gain unauthorized access.
To counteract this possibility, encryption can be used to obscure the meaning of data. The intruder cannot read the data without knowing the method of encryption and the key. Societies have always needed secure methods of transmitting highly sensitive information and confirming the identity of the sender. In an earlier time, messages were sealed with the sender's personal signet ring–a simple, but easily forged, method of authentication. We still rely on personal signatures for checks and legal contracts, but how do you sign an e-mail message?
In the information age, we need electronic encryption and signing for the orderly conduct of business, government, and personal correspondence. Internet messages can pass through many computers on their way from sender to receiver, and there is always the danger that a sniffer program on an intermediate computer briefly intercepts and reads a message. In most cases, this will not cause you great concern, but what happens if your message contains your name, credit card number, and expiration date?
The sniffer program, looking for a typical credit card number format of four blocks of four digits, copies your message before letting it continue its normal progress. Now, the owner of the rogue program can use your credit card details to purchase products in your name and charge them to your account. Without a secure means of transmitting payment information, customers and merchants will be very reluctant to place and receive orders, respectively.
When the customer places an order, the Web browser should automatically encrypt the order prior to transmission – this is not the customer's task. Credit card numbers are not the only sensitive information transmitted on the Internet. Because it is a general transport system for electronic information, the Internet can carry a wide range of confidential information. If senders and receivers cannot be sure that their communication is strictly private, they will not use the Internet. Secure transmission of information is necessary for electronic commerce to thrive.
Encryption is the process of transforming messages or data to protect their meaning. Encryption scrambles a message so that it is meaningful only to the person knowing the method of encryption and the key for deciphering it. To everybody else, it is gobbledygook. The reverse process, decryption, converts a seemingly senseless character string into the original message.
A popular form of encryption, readily available to Internet users, goes by the name of Pretty Good Privacy (PGP) and is distributed on the Web. PGP is a public domain implementation of public-key encryption. Traditional encryption, which uses the same key to encode and decode a message, has a very significant problem. How do you securely distribute the key? It can't be sent with the message because if the message is intercepted, the key can be used to decipher it.
You must find another secure medium for transmitting the key. So, do you fax the key or phone it? Either method is not completely secure and is time-consuming whenever the key is changed. Also, how do you know that the key's receiver will protect its secrecy? A public-key encryption system has two keys: one private and the other public. A public key can be freely distributed because it is quite separate from its corresponding private key. To send and receive messages, communicators first need to create separate pairs of private and public keys and then exchange their public keys.
The sender encrypts a message with the intended receiver's public key, and upon receiving the message, the receiver applies her private key. The receiver's private key, the only one that can decrypt the message, must be kept secret to permit secure message exchange. The elegance of the public-key system is that it totally avoids the problem of secure transmission of keys. Public keys can be freely exchanged. Indeed, there can be a public database containing each person's or organization's public key.
For instance, if you want to e-mail a confidential message, you can simply obtain the sender's public key and encrypt your entire message prior to transmission.
In addition, a public-key encryption system can be used to authenticate messages. In cases where the content of the message is not confidential, the receiver may still wish to verify the sender's identity. A signed message has additional encrypted text containing the sender's signature.
When the purported sender's public key is applied to this message, the identity of the sender can be verified. Imagine you pay USD 1,000 per year for an investment information service. The provider might want to verify that any e-mail requests it receives are from subscribers. Thus, as part of the subscription sign-up, subscribers have to supply their public key, and when using the service, sign all electronic messages with their private key. Naturally, any messages between the service and the client should be encrypted to ensure that others do not gain from the information.
Log in to save your progress and obtain a certificate in Alison’s free Introduction to E-Commerce online course
Sign up to save your progress and obtain a certificate in Alison’s free Introduction to E-Commerce online course
Please enter you email address and we will mail you a link to reset your password.