E-business SecurityE-business Security

Dana VasiloaicaDana Vasiloaica

Institute of Technology, SligoInstitute of Technology, Sligo

21 April 2006

TodayToday

Is E-business worth protecting?Is E-business worth protecting? What is e-business?What is e-business? What are its advantages?What are its advantages?

Security issues overviewSecurity issues overviewMalware and preventing malwareMalware and preventing malware VirusesViruses WormsWorms Trojan horsesTrojan horses

ConclusionsConclusions

Is E-business worth Is E-business worth protecting?protecting?

E-business overview and benefitsE-business overview and benefits

What is e-business?What is e-business?

E-business (electronic business) is the E-business (electronic business) is the conducting of business on the Internet, not conducting of business on the Internet, not only buying and selling but also servicing only buying and selling but also servicing customers and collaborating with business customers and collaborating with business partners.partners.

www.powernet.co.uk/client/general/glossary.shtmlwww.powernet.co.uk/client/general/glossary.shtml

E-business overviewE-business overview

CustomerCustomer Business supplieror partner

Business supplieror partnerBusinessBusiness

Consumer to consumerConsumer to consumer

Intranet

Business to consumerBusiness to consumer Business to businessBusiness to business

Extranet

BankBank

IntranetIntranetFrom hardware prospective, an intranet is a private network From hardware prospective, an intranet is a private network that is contained within an enterprise. that is contained within an enterprise.

It may consist of a Local Area Network (LAN). A LAN is a collection It may consist of a Local Area Network (LAN). A LAN is a collection of interconnected devices (computers, printers, etc.) within the of interconnected devices (computers, printers, etc.) within the physical walls of a building physical walls of a building

It may consist of many interlinked LANsIt may consist of many interlinked LANs It may use leased lines in the Wide Area Network (WAN). An It may use leased lines in the Wide Area Network (WAN). An

example of a WAN is the Internetexample of a WAN is the Internet Etc.Etc.

An intranet is a private, secure Website that enables users An intranet is a private, secure Website that enables users to share documents, calendars, and other information within to share documents, calendars, and other information within a business. An intranet is often hosted and maintained on a business. An intranet is often hosted and maintained on company servers and can only be accessed by internal company servers and can only be accessed by internal employees. employees. The main purpose of an intranet is to share company The main purpose of an intranet is to share company information and computing resources among employees. information and computing resources among employees. An intranet can also be used to facilitate working in groups An intranet can also be used to facilitate working in groups and for teleconferences.and for teleconferences.http://www.trafficjumper.com/glossary_i.phphttp://www.trafficjumper.com/glossary_i.php

Intranet benefitsIntranet benefits

Improved CommunicationsImproved Communications Keeps every employee informed and up to dateKeeps every employee informed and up to date Gives everyone (if they have permission) access to projects status, team Gives everyone (if they have permission) access to projects status, team

discussions, project collaboration tools, video conferencing, etc.discussions, project collaboration tools, video conferencing, etc.

Document AccessDocument Access Provides easy access to documents employees need to perform their Provides easy access to documents employees need to perform their

jobs. jobs.

Employee Training and RetentionEmployee Training and Retention Provides employees easy access to online training material, skill Provides employees easy access to online training material, skill

assessments, and other human resources content. This improves job assessments, and other human resources content. This improves job satisfaction and employee retention.satisfaction and employee retention.

Knowledge RetentionKnowledge Retention Prevents knowledge loss which could occur as a result of employees Prevents knowledge loss which could occur as a result of employees

being unavailable for a while or leaving the company. New employees being unavailable for a while or leaving the company. New employees can get up to speed much easier.can get up to speed much easier.

http://www.starphire.com/docs/applications-intranethttp://www.starphire.com/docs/applications-intranet

ExtranetExtranet

An extranet is an intranet that is partially accessible to An extranet is an intranet that is partially accessible to authorized outsiders. An extranet provides various levels of authorized outsiders. An extranet provides various levels of accessibility to outsiders. People can access an extranet only if accessibility to outsiders. People can access an extranet only if they have a valid username and password, and this identity they have a valid username and password, and this identity determines which parts of the extranet they can view.determines which parts of the extranet they can view.

www.channelstorm.com/Manual/Data/GL00/GL00.htmwww.channelstorm.com/Manual/Data/GL00/GL00.htm An extranet is a collaborative network that uses Internet An extranet is a collaborative network that uses Internet technology to link businesses with their suppliers, customers, or technology to link businesses with their suppliers, customers, or other businesses that share common goals. other businesses that share common goals.

www.gtscompanies.com/glosscomp.htmlwww.gtscompanies.com/glosscomp.html The key to the success of an Extranet are the dual concepts of The key to the success of an Extranet are the dual concepts of security and easy access to some corporate data. Of course, security and easy access to some corporate data. Of course, only a portion of corporate information is made available to only a portion of corporate information is made available to outsiders in this manner. outsiders in this manner.

http://www.starphire.com/docs/applications-extranethttp://www.starphire.com/docs/applications-extranet

Extranet benefitsExtranet benefitsSales Support MaterialSales Support Material

Provides business partners and customers online access to the latest Provides business partners and customers online access to the latest sales support material from product manuals and data sheets to price sales support material from product manuals and data sheets to price lists and comparison charts. lists and comparison charts.

Order Status InformationOrder Status Information Provides customers direct yet controlled access to the status of their Provides customers direct yet controlled access to the status of their

orders, freeing up the customer service staff to work on other issues. orders, freeing up the customer service staff to work on other issues. Employee DirectoriesEmployee Directories

Keeps partners informed as to the current staff assignments and contact Keeps partners informed as to the current staff assignments and contact information.information.

Inventory StatusInventory Status Gives business partners direct access to check inventory levels, back Gives business partners direct access to check inventory levels, back

order status, and shipping information. order status, and shipping information. Knowledge Base InformationKnowledge Base Information

Provides easy access to frequently asked questions and customer Provides easy access to frequently asked questions and customer support material. The information stored in this dynamic, knowledge support material. The information stored in this dynamic, knowledge base application could be made available to all partners/customers.base application could be made available to all partners/customers.

http://www.starphire.com/docs/applications-extranethttp://www.starphire.com/docs/applications-extranet

Consumer to Consumer e-businessConsumer to Consumer e-business

A company acts as an intermediary between A company acts as an intermediary between consumers – it sets up an electronic market consumers – it sets up an electronic market place to facilitate consumers selling to other place to facilitate consumers selling to other consumersconsumers

Example of C2C e-businessExample of C2C e-business E-bay (E-bay (www.ebay.comwww.ebay.com))

How does the company make money?How does the company make money? AdvertisingAdvertising Commission on the sales Commission on the sales Commission on subscriptions to the site, etc.Commission on subscriptions to the site, etc.

Brainstorming sessionBrainstorming session

What are the benefits of C2C e-business?What are the benefits of C2C e-business?

Business to Consumer e-businessBusiness to Consumer e-business

A company sells its products / services on-lineA company sells its products / services on-lineE-business aspects exploited by companies E-business aspects exploited by companies include:include: Advertising products or servicesAdvertising products or services Providing on-line purchasing facilityProviding on-line purchasing facility Providing after-sales serviceProviding after-sales service Marketing dataMarketing data Advertising business partnershipsAdvertising business partnerships Improving brand image and public relationsImproving brand image and public relations Providing information to investorsProviding information to investors

Can you give examples of businesses which Can you give examples of businesses which moved their sales on-line?moved their sales on-line?

Brainstorming sessionBrainstorming session

What are the benefits of B2C e-business?What are the benefits of B2C e-business?

Business to Business e-businessBusiness to Business e-business

Links companies for purchasing and Links companies for purchasing and selling products and servicesselling products and services

Applications used in B2BApplications used in B2B Extranet applications which link a company Extranet applications which link a company

with its suppliers and business customerswith its suppliers and business customers C-commerce applications (collaborative C-commerce applications (collaborative

commerce) which allow for on-line commerce) which allow for on-line collaboration between business partnerscollaboration between business partners

E-marketplaces which allow a company to E-marketplaces which allow a company to deal with the cheapest supplierdeal with the cheapest supplier

Brainstorming sessionBrainstorming session

What are the benefits of B2B e-business?What are the benefits of B2B e-business?

Overall e-business benefitsOverall e-business benefits

Improved profitability; Improved profitability;

Expanded markets; Expanded markets;

Accelerated time to market;Accelerated time to market;

Location independence;Location independence;

Cheap communication costs;Cheap communication costs;

24/7 availability; 24/7 availability;

Keeping customers, business partners, and Keeping customers, business partners, and employees happy;employees happy;

Etc. etc. etc.Etc. etc. etc.

Too good to be true?Too good to be true?

The headache…The headache…

SECURITYSECURITY

PROBLEMSPROBLEMS

Security problems ariseSecurity problems arise

Bad news…Bad news…Merchant losses from online payment Merchant losses from online payment fraud amounted to $2.6 billion in 2004. fraud amounted to $2.6 billion in 2004. While that is only 1.8% of total sales, the While that is only 1.8% of total sales, the threat of online crime has consumers threat of online crime has consumers frightened—and some are taking their frightened—and some are taking their business elsewhere. business elsewhere.

http://www.shop.org/learn/stats_ebizz_security.asphttp://www.shop.org/learn/stats_ebizz_security.asp

Solution?Solution?

INCREASEDINCREASED

SECURITYSECURITY

MEASURESMEASURES

SecuritySecuritydefinition and goalsdefinition and goals

Security is the process by which digital Security is the process by which digital information assets are protectedinformation assets are protected

Security goals include:Security goals include: Protect confidentialityProtect confidentiality Maintain integrityMaintain integrity Assure availabilityAssure availability

Security issuesSecurity issues

What security threats are What security threats are out there?out there?

Accidental data lossAccidental data loss MalwareMalware IntrudersIntruders

Security issuesSecurity issues

Accidental data lossAccidental data loss Acts of god (fires, flood, Acts of god (fires, flood,

earthquake)earthquake) War, terrorism War, terrorism Hardware or software Hardware or software

errors (unreadable disk or errors (unreadable disk or tape, network errors, tape, network errors, program bugs, etc.)program bugs, etc.)

Human errors (incorrect Human errors (incorrect data entries, lost disks or data entries, lost disks or tapes, damaged disks or tapes, damaged disks or tapes, accidental delete of tapes, accidental delete of data, etc.)data, etc.)

How to deal with How to deal with accidental data lossaccidental data loss Maintain adequate Maintain adequate

backups, preferably far backups, preferably far from the original datafrom the original data

More security issuesMore security issues

MalwareMalware VirusesViruses WormsWorms Trojan horsesTrojan horses

How to deal with malwareHow to deal with malware Antivirus softwareAntivirus software Ask users not to open suspect Ask users not to open suspect

e-mail attachmentse-mail attachments Use only authorised softwareUse only authorised software Etc.Etc.

More security issuesMore security issues

IntrudersIntruders Casual prying (read other Casual prying (read other

peoples e-mail, peoples e-mail, documents, etc.)documents, etc.)

Snooping by insidersSnooping by insiders Determined attempt to Determined attempt to

make moneymake money Commercial or military Commercial or military

espionageespionage Simply for fun or to prove Simply for fun or to prove

it can be doneit can be done

How to deal with intrudersHow to deal with intruders Identify every userIdentify every user Advise users to log off Advise users to log off

when they leave their when they leave their deskdesk

Limit the privileges of Limit the privileges of usersusers

Log files to monitor Log files to monitor users activityusers activity

EncryptionEncryption Etc.Etc.

MalwareMalware

Viruses – what are they? Viruses – what are they?

Virus Virus = = unauthorized software unauthorized software which can invade a computer which can invade a computer system by attaching itself to system by attaching itself to legitimate programs or legitimate programs or documents.documents.

Viruses are self-replicating /self Viruses are self-replicating /self reproducing pieces of code that reproducing pieces of code that infect computers attached to files.infect computers attached to files.

Viruses can not directly damage Viruses can not directly damage hardware, but only softwarehardware, but only software

Viruses are deliberately written to invade files and could Viruses are deliberately written to invade files and could cause damage.cause damage.

Viruses perform unauthorized functions. Their presence is Viruses perform unauthorized functions. Their presence is not immediately obvious.not immediately obvious.

Viruses can do: Viruses can do: • serious damage, such as erasing certain files or the serious damage, such as erasing certain files or the

whole diskwhole disk• silly/annoying things like popping up windowssilly/annoying things like popping up windows• ““good things” like trying to improve the performance good things” like trying to improve the performance of of applications or delete other viruses. Is this ok applications or delete other viruses. Is this ok though? though?

Viruses - What do they do?Viruses - What do they do?

Examples of virus damagesExamples of virus damages

Erase everything on a diskErase everything on a diskErase specific executable programsErase specific executable programsAlter data in data files Alter data in data files Make extra copies of programs or filesMake extra copies of programs or filesDecrease free space available on the diskDecrease free space available on the diskDisplay some messages Display some messages Format the disk (all the files will be deleted in the process)Format the disk (all the files will be deleted in the process)Hang the system Hang the system

System will not respond to a keyboard entrySystem will not respond to a keyboard entry System will require a cold reboot System will require a cold reboot

Cause programs to crash when an item is selected from Cause programs to crash when an item is selected from the menu the menu Etc.Etc.

Why do people write viruses?Why do people write viruses?

Viruses are deliberately created by programmers Viruses are deliberately created by programmers or by people using virus creation softwareor by people using virus creation softwareViruses have been written Viruses have been written As research projectsAs research projects For vandalismFor vandalism To attack products of a specific companyTo attack products of a specific company To distribute political messagesTo distribute political messages To distribute advertisement materialTo distribute advertisement material For financial gainFor financial gain As a hobbyAs a hobby With good intentionsWith good intentions

Hosts for virusesHosts for viruses

A host is the program or document the A host is the program or document the virus can attach itself tovirus can attach itself to

The most common host areThe most common host are Executable filesExecutable files

ApplicationsApplications

Part of the operating systemPart of the operating system Executable boot sectors Executable boot sectors Documents that contain macro scripts (Word Documents that contain macro scripts (Word

documents, Excel spreadsheets)documents, Excel spreadsheets)

Operating systems targeted by virusesOperating systems targeted by viruses

All of them Windows, UNIX, OS2, AmigaOS, All of them Windows, UNIX, OS2, AmigaOS, Mac OS, etc.Mac OS, etc.The majority of viruses affect WindowsThe majority of viruses affect Windows Windows gained market dominanceWindows gained market dominance Windows has programming “bugs” or holes exploited Windows has programming “bugs” or holes exploited

by virusesby viruses Microsoft networking software like Outlook and Microsoft networking software like Outlook and

Internet Explorer are especially vulnerable to the Internet Explorer are especially vulnerable to the spread of virusesspread of viruses

Windows allows normal users to have access and Windows allows normal users to have access and make changes to the operating systems environmentmake changes to the operating systems environment

Windows allows scripting languages like Visual Basic Windows allows scripting languages like Visual Basic Script to access the file system and other resourcesScript to access the file system and other resources

How do viruses spread?How do viruses spread?Viruses propagate by creating copies of Viruses propagate by creating copies of themselves which get attached to other hosts.themselves which get attached to other hosts.True viruses cannot spread to a new computer True viruses cannot spread to a new computer without human assistance.without human assistance.Someone HAS to run the infected application or Someone HAS to run the infected application or run the infected macro.run the infected macro.Viruses could reach uninfected computers:Viruses could reach uninfected computers: Someone could send the infected host via the network, Someone could send the infected host via the network,

including e-mail attachments.including e-mail attachments. Someone could take the infecting host on removable Someone could take the infecting host on removable

medium like floppy disks, CDs, etc.medium like floppy disks, CDs, etc. Viruses could spread to other computers by infecting Viruses could spread to other computers by infecting

files on a network file system.files on a network file system. Viruses can have the ability to send infected e-mails.Viruses can have the ability to send infected e-mails.

Phases in virus executionPhases in virus execution

Infection PhaseInfection Phase When the virus executes it will infect other When the virus executes it will infect other

programs programs

Attack PhaseAttack Phase It could have a trigger – see It could have a trigger – see bombsbombs on the on the

next slidenext slide Attack phase is optional Attack phase is optional

BombsBombs

Some viruses have a delayed payload Some viruses have a delayed payload referred to as bombsreferred to as bombsThe virus stays dormant unless some event The virus stays dormant unless some event happenshappensA A time bombtime bomb occurs during a specific date or occurs during a specific date or timetimeA A logic bomblogic bomb triggers the virus triggers the virus After a number of hosts have been infectedAfter a number of hosts have been infected Based on a random numberBased on a random number Based on user actionsBased on user actions

WormsWorms

A worm is a variation of the virus. A worm is a variation of the virus. It does not attach itself to a file. Instead it is an It does not attach itself to a file. Instead it is an independent process which spawns copies of independent process which spawns copies of itself - like a virus, a worm propagates itself. itself - like a virus, a worm propagates itself. Worms clog up the system.Worms clog up the system.Worms can perform destructive activity exactly Worms can perform destructive activity exactly like a virus.like a virus.Unlike a virus, a worm can spread itself Unlike a virus, a worm can spread itself automatically over the network from one automatically over the network from one computer to the next. Worms take advantage computer to the next. Worms take advantage of automatic file sending and receiving features of automatic file sending and receiving features found on many computers.found on many computers.

Trojan HorsesTrojan Horses

The The Trojan horseTrojan horse is named after the Trojan horse which is named after the Trojan horse which delivered soldiers into the city of Troy. delivered soldiers into the city of Troy. A Trojan horse A Trojan horse could be could be defined as defined as

a a malicious, security-breaking program that is disguised as malicious, security-breaking program that is disguised as something benign such as a screen saver or a gamesomething benign such as a screen saver or a game

In another words, Trojan horse refers to programs that In another words, Trojan horse refers to programs that appear desirable, but actually contain something appear desirable, but actually contain something harmful. For example, you may download what looks harmful. For example, you may download what looks like a free game, but when you run it, it erases every file like a free game, but when you run it, it erases every file in that directory. in that directory. The trojan's contents could also be a virus or a worm, The trojan's contents could also be a virus or a worm, which then spread the damage.which then spread the damage.

Trojan HorsesTrojan Horses

The presence of the Trojan horse or its The presence of the Trojan horse or its activity could pass totally unseen by the activity could pass totally unseen by the system users.system users.Many Trojan horses can allow crackers Many Trojan horses can allow crackers (aka "hackers") to take over computer(aka "hackers") to take over computerss and "remote control" themand "remote control" them shutting down PCshutting down PCss use use PCs PCs to perform denial of service attacks to perform denial of service attacks

like those that disrupted web sites of Yahoo like those that disrupted web sites of Yahoo and Amazon.and Amazon.

How to prevent infection?How to prevent infection?

Inform employees ofInform employees ofCauses of virusesCauses of virusesConsequences of viruses Consequences of viruses

Use Antiviral tools and UPDATE them regularlyUse Antiviral tools and UPDATE them regularlyInstall all available security patches recommended Install all available security patches recommended by software vendors like Microsoftby software vendors like MicrosoftUse ONLY commercial or in-house softwareUse ONLY commercial or in-house softwareAsk employees not to downloaded programs from Ask employees not to downloaded programs from the Internetthe InternetAsk employees to take care when open e-mail Ask employees to take care when open e-mail attachmentsattachmentsDo not use bootable disks for data storageDo not use bootable disks for data storage

These can have a boot sector virusThese can have a boot sector virus

1. Monitors the activities of executing programs- Warns user when virus attempts to write to an executable file - Data decompression programs & Terminate-and-stay-resident (TSR)

programs can cause false alarms- Used as a screening procedure when installing new software

2. Monitors program files on disk- Checks for and reports on modifications to files - Used to discover the virus

3. Identifies infection by specific viruses

- Detects if a program has been infected by a virus- Identifies which virus has caused the infection- Provides clues about the type of damage - Can remove the virus - clean up the damage - Can be run on programs before they are installed - Disadvantage is that it can only detect viruses known when the antiviral program was developed or last updated

Antivirus programAntivirus program

ConclusionConclusion

E-business offers lots of advantages to companiesE-business offers lots of advantages to companiesThe biggest concern – SECURITY The biggest concern – SECURITY Security Security issuesissues overview overview Accidental daAccidental data lossta loss MalwareMalware IntrudersIntruders

Malware includes viruses, worms and trojan horses Malware includes viruses, worms and trojan horses Antivirus software, corporate good practices and Antivirus software, corporate good practices and user good practices can prevent malwareuser good practices can prevent malware’s’s damaging actions damaging actions