Wednesday, 30 January 2008

Updated Version of Written Up Security Report

Report on Security of Data for Attitude

E-Commerce is transactions involving goods or services using technology often using transactional web sites.

E-Commerce is more susceptible to threats than normal commerce for a number of different reasons. Firstly, the information that the customer enters has to be sent through a broadband connection and it goes through various different computers before it gets to the intended destination. Also, the customer gives much more personal information than in normal commerce, if a customer buys an item in an ordinary shop, they do not have to give any personal details, they do not even have to enter a pin number for their credit card if they choose to pay by cash. However in eCommerce the customer is required to give the company a lot more information about themselves, for examples their name, address, credit card details and contact number. If the company know more about the customer it means that more people have access to their information than if they did not give them the information and therefore there are bigger threats to the security of customer data in eCommerce than in ordinary commerce.

Attitude, like all other transactional web sites faces many threats to the security of customer data. One of the main threats the customers’ data security is viruses. Computer viruses are pieces of software that can ‘infect’ a computer without the permission or even the knowledge of the user.
Different viruses do different things, and new ones are being created all of the time. For example, some viruses might damage or delete files or maybe reformat the hard disk, others just sit there and replicate themselves and make their presence known through methods such as audio or video messages or simply presenting text. Whatever a virus does – they always damage the computer whether it be by taking up storage space or by causing system crashes. Viruses are a threat to the security of customer data at Attitude because if a virus was to infect their computer(s) there could be severe consequences, for example if the virus deleted or changed the data it could result products being sent to the wrong addresses if sent at all. More seriously than this, it could be possible for the virus to open files and send back the customer’s details to the host, therefore giving them access to the details of the customer.

Spyware is also a major problem for transactional web sites like Attitude. Spyware is an executable program that is often added into freeware or shareware that the user has downloaded – it is put onto the users’ computer secretly so that the originator is able to spy on the user and see their activities. Trojan horses are a form of Spyware pretending to be something else, for example some sites offer what appear to be useful extensions to your web browser, such as extra buttons on the tool bar or a search bar, however they also add a monitoring system in the background. The Spyware is then able to transmit the user’s activities over the internet to the originator.

Sometimes, companies use Spyware on remote computers to collect marketing information. Some programs use information about your habits on the Internet to create pop-up adverts that relate to what you are doing. Spyware is also able to do the following:
· Monitor the web sites that the user has visited
· Monitor files used
· Collect keystrokes meaning they are able to retrieve passwords and credit card numbers
· Scan hard disks
· View chat sessions
· Change the default page of web browsers
· Hijack search engine activity to return certain web sites not wanted by the user

All of the above are very serious; any one of them could cause serious problems for the company. Most people are not aware of just how common spyware is, in fact at the end of 2006 the UK had the most pieces of spyware per PC with 30.5 on average, this does not just include ordinary consumers (although consumers make up 89%), it can include enterprises as well. Although much of this is likely to be relatively harmless, there could be some spyware that causes serious problems for the company.

Another danger to Attitude is hackers. Hackers are people who specialize in working with the security mechanisms of computers and network systems. It is common for people to attempt to ‘hack’ into the databases belonging to transactional web sites like Attitude so that they can get customers details and steal their identities – if a hacker got hold of a customer’s personal details they would be able to commit fraud, for example by using their details to buy products online and get them sent to somewhere they are able to pick them up from instead of the cardholders address. This is a serious problem because if something like this happened it would give Attitude a very bad reputation and they would consequently loose customers.

Employees can also put customers’ data in danger. This could be because of human error or through dishonesty. Firstly, human error can affect data security because, for example if somebody did not apply the correct security settings they would make it much easier for others to get hold of the customer details. Also it is possible for an employer to forget to make sure they have not left any ‘back doors’ when an employee leaves, this means ways in which they are still able to access the system and then

Need to add more into this bit from other notes

However there are preventative methods that can be taken by Attitude to prevent their system from being infected by viruses, the most obvious one is to install anti-virus software. It is extremely important that the software is always up-to-date because new viruses are being created all the time, therefore it is also important the software updates itself regularly in order to give the highest possible protection against viruses, for example McAfee security software updates itself automatically to ensure the computer it is installed on is always protected against new viruses as well as older ones. Although anti-virus software is generally successful in preventing computers from being infected, this is not always the case as occasionally viruses are able to ‘slip through’. The following are preventative measures are given to individual users on zyra.org.uk, these are easy to do but could save a lot of problems:
· If using Windows, select ‘Do Not Hide File Extensions’
· Be wary of files ending with .doc.com or .something.somethingelse as well as ones ending with exe , .bat , .scr , .com , .pif as these are all executable.
· Do not set the computer to automatically run CDs when they are inserted into the computer
· Never run attachments on emails if you do not know who has sent them or if they are executable (unless you know the sender and know that they intended for them to be executable)
· Have yourself in your address book, this way if a virus tries to send itself to your other contacts you will get an unexpected email form yourself and will therefore be able to tell that there is something wrong so you can deal with the virus quickly
· Do not allow ActiveX cookies to run automatically without a safeguard and never let them run if they are in an email as this is almost always a virus.
· Do not accept or run free screen savers that are sent from strangers
· Install anti-virus software (for example McAfee – make sure it is suitable – e.g. no point having software that is made for businesses with lots of data to protect if you only need it for a home computer with not much data to protect)
· Beware of free anti virus software as it can often contain the virus itself, e.g. the Klez-E Immunity scam.

No comments: