by Godfried B.Williams University of East London UK
 |
| Online Business Security Systems |
Godfried B. Williams
School of Computing & Technology
University of East London
Docklands Campus
4-6 University way
London
E16 2RD
e mail.g.williams@uel.ac.uk
Foreword
Without question the topic of security is one of the most important subjects
in today’s information technology environment, if not the most important.
As we have a foot in both the business and academic environments, we
believe that it is imperative that advances in security be propagated from
the realm of lofty ideas in our academic institutions into the real world.
Security has always been an obvious concern in government environments,
but is also a major concern to the business community. Defense from
multiple threats is required to provide for the security of business assets
both in the form of financial and information resources. Additionally these
threats can come in the form of both internal and external attacks. All of the
doors must be guarded.
As of the end of 2006 new regulations have been set in place within the
United States that require a higher standard of electronic record keeping
from all entities, both public and private. Similar standards are either in
place or being considered world wide. These higher standards call for a higher
level of security, both on internal company, governmental and educational
networks as well as externally in the online world of the Internet. This
online requirement applies to the Internet as a whole, and also to extranets
and intranets, running over the world IP pipeline.
Dr. Williams has previously addressed some of these issues in his prior
work, “Synchronizing E-Security,” (2004). He has pointed out the major
problem in security expenditures between advanced and developing
economies that has resulted in a security gap that should be of concern to us
all. Besides the obvious concern in today’s dangerous world of overt terrorism
that can be spread to electronic means, is the additional concern of
fraud and theft that must be guarded against in all types and levels of institutions.
Dr. Williams’s new book is a valuable addition towards the solution to
these issues and problems to bring increased awareness of the issues,
problems and potential solutions to create a safer environment in Online
Business Security Systems. This work is a piece of that solution and hopefully
more insights such as this one will follow, both from Dr. Williams
and his peers in security research and development.
Don Anderson
President, Quantum International Corporation
Founding Member, Intellas Group, LLC
Adel Elmaghraby, Ph.D.
Chair
Department of Computer Engineering and Computer Science
University of Louisville, USA
Preface
According to empirical studies by Williams (2004), the paradox in security
expenditure between advanced and developing economies has resulted in a
security gap. The irony is that while investments in security amongst IT
companies in advanced economies are not that high in budget, the methods
employed for assessing possible risks in the application of technologies are
normally high in cost. This meant that investments in risk assessment were
far higher than risk mitigation. On the contrary, investments in risk mitigation
were higher than risk assessment amongst companies in developing economies.
The studies provided an insight into technologies that supported electronic
transactions in international banking. Security bottlenecks experienced by
end users were also assessed. Human ware was crucial to securing any
system. It was found that authentication methods formed the nucleus of
any security system. Authentication methods assured customers of key security
goals such as confidentiality, integrity and availability. The studies
showed that these security goals could be breached if authentication was
compromised, unless identification and verification processes within authentication
were improved and resolved with appropriate security measures
and standards. In the financial sector, the absence of such measures makes
information regarding a particular transaction available to attackers and
intruders. This could result in a breach of confidentiality which is a key goal of security.
This book presents an overview and critique of online business security
systems with emphasis on common electronic commerce activities and payment
systems. It discusses legal, compliance and ethical issues that affect
management and administration of online business systems. The book introduces
the reader to concepts underlying online business systems, as well as
technologies that drive online business processes. There is critical evaluation
of infrastructure and technologies that support these systems. The role
of stakeholders and third parties such as banks, consumers, service providers,
traders and regulatory bodies are discussed. Vulnerabilities associated with
critical online business infrastructure are highlighted. There is a description
of common attacks against online systems and a review of existing security
and risk models for securing these systems. Finally this book presents a
model and simulation of an integrated approach to security and risk
management known as the (SSTM) Service Server Transmission Model for
securing Online Business Systems.
expenditure between advanced and developing economies has resulted in a
security gap. The irony is that while investments in security amongst IT
companies in advanced economies are not that high in budget, the methods
employed for assessing possible risks in the application of technologies are
normally high in cost. This meant that investments in risk assessment were
far higher than risk mitigation. On the contrary, investments in risk mitigation
were higher than risk assessment amongst companies in developing economies.
The studies provided an insight into technologies that supported electronic
transactions in international banking. Security bottlenecks experienced by
end users were also assessed. Human ware was crucial to securing any
system. It was found that authentication methods formed the nucleus of
any security system. Authentication methods assured customers of key security
goals such as confidentiality, integrity and availability. The studies
showed that these security goals could be breached if authentication was
compromised, unless identification and verification processes within authentication
were improved and resolved with appropriate security measures
and standards. In the financial sector, the absence of such measures makes
information regarding a particular transaction available to attackers and
intruders. This could result in a breach of confidentiality which is a key goal of security.
This book presents an overview and critique of online business security
systems with emphasis on common electronic commerce activities and payment
systems. It discusses legal, compliance and ethical issues that affect
management and administration of online business systems. The book introduces
the reader to concepts underlying online business systems, as well as
technologies that drive online business processes. There is critical evaluation
of infrastructure and technologies that support these systems. The role
of stakeholders and third parties such as banks, consumers, service providers,
traders and regulatory bodies are discussed. Vulnerabilities associated with
critical online business infrastructure are highlighted. There is a description
of common attacks against online systems and a review of existing security
and risk models for securing these systems. Finally this book presents a
model and simulation of an integrated approach to security and risk
management known as the (SSTM) Service Server Transmission Model for
securing Online Business Systems.
Table of Contents
Dedications ............................ v
List of Figures..........................ix
List of Tables .............................xi
Foreward..................................xiii
Preface ............................... xv
Acknowledgements.......................xvii
Chapter 1 Overview of Commercial Activities and Processes
in Online Business ........................... 1
Chapter 2 Legal and Socio-Ethical Issues in Online Business...... 15
Chapter 3 Online Business Systems.......... 37
Chapter 4 Online Business Security Technologies ..................... 55
Chapter 5 Risk Access Spots (RAS) Common to Communication
Networks........... 87
Chapter 6 Methods of Attacks on Risk Access Spots:
Online Information Warfare ........ 115
Chapter 7 Security Risk Modelling ........... 131
Chapter 8 Theoretical, Conceptual and Empirical Foundations
of SSTM ........... 143
Chapter 9 Simulating SSTM Using Monte Carlo ............... 169
Chapter 10 Discussions .............................. 205
Index ................. 217
List of Figures
Figure 1 – Internet based activities ............... 2
Figure 2 – Automatic Teller Machine (ATM) Process
and Data Flow Diagram ....................... 3
Figure 3 – Electronic Point of Sale (EPOS) Cash Register Activities ........ 4
Figure 4 – Telephone banking activities ........... 5
Figure 5 – BBC webpage showing new online security measure
introduced by Lloyds TSB to protect Consumers ................... 12
Figure 6 – Operation of Voice over IP................. 45
Figure 7 – IP terminal to phone............. 46
Figure 8 – Architectural overview of H.323 protocol........... 48
Figure 9 – VPN server in front of firewall............ 65
Figure 10 – Router Table from a University of East London host.......... 93
Figure 11 – MAC Address modification.............. 98
Figure 12 – Flowchart showing the process of interaction
of SYN flooding....... 117
of ACK Flooding .......... 119
Figure 15 – Finger command .......... 123
Figure 16 – Screen dump of ipconfig configuration ............................... 124
Figure 17 – Human actors using network access .................................... 132
Figure 18 – Human actors using physical access .................................... 133
Figure 19 – System Problems..................................................................... 134
Figure 20 – Conceptual diagram of CRAMM......................................... 136
Figure 21 – Framework of SSTM model ................................................. 145
Figure 22 – Level 1 of SSTM..................................................................... 152
Figure 23 – Level 2 of SSTM..................................................................... 153
Figure 24 – Level 3 of SSTM - Risk Identification Grid ........................ 154
Figure 25 – Level 4 of SSTM..................................................................... 155
Figure 26 – Level 5 of SSTM..................................................................... 156
Figure 27 – Level 6 of SSTM - Risk Identification
and Solution Grid............... 157
Figure 14 – Nslookup....................... 122
Figure 13 – Flowchart showing the process of interaction
List of Tables
Table 1 – 11 domain areas of ISO17799-2005 ............... 59
Table 2 – Categories of authentication methods applied
in Online Business ..................... 71
Table 3 – Light waves in Electromagnetic Spectrum........ 89
Table 4 – Attributes of Address Resolution Protocol
of a life UNIX System .................. 92
Table 5 – Trojans and Port Number........................ 95
Table 6 – Default, Assigned and Registered Port Number............. 96
Table 7 – Properties of threat in OCTAVE .............. 134
Screenshot
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
Pages
| 231 p |
File Size
|
1,986 KB |
File Type
|
PDF format |
ISBN
e-ISBN | 978-0-387-35771-3 978-0-387-68850-3 |
Copyright
| 2007 Springer Science+ Business Media, LLC |
●▬▬▬▬▬❂❂❂▬▬▬▬▬●
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
