Security of transactions is critical in building the confidence of customers in a specified e-commerce site. This security depends heavily on an organization’s ability to ensure authenticity, availability, privacy, integrity and disruption of unwanted intrusions. Malicious program known as sniffer programs often disrupt the privacy transactions especially when one uses unauthorized networks. They are found at network connection end points. When transactions are carried out, confidentiality is necessary thus it requires removing of any data showing transaction paths. This has become a common problem in the e-commerce sites.
Another particularly common problem facing e-commerce and social network applications is the trojan horse. Back Orifice, Netbus and BO2K are the most common types. They are hacker tools that enable a remote hacker to control, examine and monitor the user’s information. These Trojans are dangerous since they can provide the hacker a platform for sending information and make it appear as if the real owner of the computer has done so. This can be a significant risk since cyber terrorism can be easily carried out.
E-laundering has become an extremely common issue in the IT world. South Africa, for example, experienced laundering for the period March 1999 to September 2000 where they lost a total of R165.7 million. This is not the only case. A recent scam was rampant, where a Nigerian wrote a letter posing as a lawyer to a deceased rich man. This is another case where it would be easy for an unsuspecting victim to lose money.
Hackers have developed a way in which they can use mobile phones to hack into personal information of the user. This is known as phone phreaking. They often pose as a legitimate voice mail checker and guess an extension’s password. They then forward inbound calls placed to that extension to another location. When the phreaker calls in again, he or she makes calls to any place in the world without the owner’s knowledge. The owner will pay for the bill. This has become a common scenario and clients may opt to give false numbers to avoid cyber bullying.
File transfer protocol is a network protocol that exchanges data and files between a host and a client over a TCP/IP network. Companies often use FTP to share information with other companies. Everyday users also use this feature to download programs and files they use. It is easy for users to share files on this network. However, it is not particularly secure. It does not have sufficient encryption services thus could easily be hacked.
Motivation for potential attacks
Lack of face-to-face interaction means it is much easier to say things that would cause damage to reputation. Most of the time the statements made are usually blown out of proportion. In many occasions, they do not reflect the picture on the ground. Such vicious acts lead to the image of a company deteriorating and thus e-commerce would be slow.
Lack of anti-snipping tools on the computers of users is also a motivator for potential attacks. When one tends to disable the firewall of their computer, it leaves the computer vulnerable to hackers who make take advantage and install Trojans in your computer such that it is easy for them to relay any information they desire.
Some users do not install antivirus programs. If they do, they use the weak type. This is dangerous since the common hacker has come up with ways to hack into the system and override the basic settings of the said antivirus. It should be made clear to all using the internet frequently that they should install strong antiviruses such as Kaspersky to maximize the security level of computer.
Many clients who use online accounts tend to use extremely straightforward passwords for their accounts. In many cases, they have a password similar to the username of their account. This allows hackers to access their information, which is quite dangerous. Advise clients to change their passwords frequently to make it hard for hackers to gain access to their accounts.
Roles such as system administrator, developer, security engineer, and quality assurance analyst for each classification
The following are the roles of individuals in the IT department:
The system administrator will monitor performance of systems and provide security measures such as troubleshooting and maintenance. He will also help users to diagnose and solve their problems. He will be involved in adding, deleting or modifying user account information and resetting passwords. He will design and put into place systems, network configurations and network architecture.
The system developer will analyze requirements for all users in the company including clients. He will research, design and write new programs for the company. The developer will also test new programs and find their weaknesses. He will be responsible for evaluating software and systems running in computers. He will also develop existing programs through analysis and identify modification areas
The security engineer will install and manage an organization’s security systems across its network. He will also monitor and react to their output.
The quality assurance analyst should be knowledgeable in SQL, HTML, and XML and internet browsers since they will be in charge of ensuring security in the browsing programs used. He should be proficient in web-based and database applications since he will be the one in charge of tracking information of clients. He should be knowledgeable in IT process improvement and various IT quality assurance standards.
The business impacts of a successful exploit on a Web application’s weakness
E-commerce provides a chance of new models for organizing production and transacting in business models. It provides a platform where business can come up with new ways of payments; making of orders and such activities as the company carries out.
The Internet opens up business relationships, extends friendly relations among various economic sectors, allows the electronic market to be accessed to smaller businesses and allows them to target international markets. The strategies and competitive advantages companies and firms in domestic and international markets applied also change. Transactions can be done from anywhere due to the portability nature of gadgets used. Firms are open to global competition, which meaning a better and a wider range of products and services.
Importance of identifying weaknesses and motivation for attacks early in the development or implementation process
Identifying weaknesses and motivation will be necessary to ensure necessary corrective measures are put in place and systems have adequate security. This will ensure no attacks are experienced.
It will also be necessary so as to ensure the customers are provided with the best services possible. Companies which value their consumers will ensure that privacy while conducting e-commerce is top notch and that no fraud will take place.