Search
Related Links

 

 

Informative Articles

Are You Prepared For A Hard Drive Crash?
Its just a matter of time before you experience a hard drive problem. Are you prepared to loose your data? If your hard drive crashed right now do you have an action plan to follow? Most people only think of backing up their data after they...

Business Continuity and Disaster Recovery - Business Impact Analysis
Business impact analysis is a critical part of the business continuity planning process. This step quantifies data and gets into the real world issue of potential losses that can negatively impact your business. It is used to understand the most...

Compensating for Disruptions in the Oil and Gas Industry
Compensating for Disruptions in the Oil and Gas Industry Hurricane Damage, Shut-Ins and High Energy Demands Put Pressure on Oil and Gas Supplies By Ann-Marie Fleming, www.NaturalGasStocks.com, www.OilandGasStockNews.com October 2005...

Flash USB drive: backup easily, conveniently and securely
Tired of switching CD/DVD discs while backing up? Flash USB drives to the rescue! If you already backup often, you are doing the most you can to secure your files against accidental file deletion and recovery, file damage and what...

How to Backup a PC
Everyone thinks, ‘it won’t happen to me’. But what if it does? All your files, pictures and documents gone, in an instant. Sure, you can reach for the disks that came with your computer to reinstall the applications but what about the most...

 
ESecurity



ESecurity

Current Situation

Up until recently, security was very much like teenage sex in that it was typified by lots of talk but no action. Companies declared their sites as secure simply because the credit card payment page was protected by SSL (Secure Socket Layer). Even now, there is an overwhelming sense of complacency across the industry.

However, Etailers, are reportedly still finding that web shoppers are still very concerned about security. It is becoming increasingly essential that Etailers gain the trust and confidence of their customers in order to gain competitive advantage over their competition, but also, simply to stay in business.

With the increasing use of Ebusiness for enabling business processes and operations across the internet, it is critical for organizations to recognize information as a valuable business asset and implement controls to secure it, to ensure the privacy of their customer’s data, the integrity of that data and to ensure that they do not lose it!

General Security Issues

The aim of a good security strategy for an Ebusiness organization should be to combine maximum flexibility, performance, and scalability with the highest availability and security. The goal of a security strategy is to protect information assets through:

•Authentication – identifying the parties involved in communications and transactions
•Access – provide access to appropriate levels of information (with as little inconvenience as possible) to those who should have access, but prevent access to anyone who should not have access, and prevent access beyond the level of information that is appropriate to the user’s ‘class’
•Confidentiality – ensuring that information is not accessed by unauthorized parties
•Non-Repudiation – ensuring that transactions, once committed, are legally valid and irrevocable
•Availability – ensuring that transactions or communications can be executed reliably upon demand.

Top management needs to understand that security is a hygiene factor: when it is there, and is effective and efficient, people hardly notice it at all; however, when it is not there it can mean the end of business overnight. It is essential to get it right, particularly for transactions placed over the Internet.

Further, management needs to understand that security is a never-ending process. Security policies and measures should be under constant review, network support teams should monitor newsgroups etc for information about the latest threats to security (e.g. the latest virus attacks, hackers , security loopholes in software products, etc), security audits must take place to ensure procedures are working, logs of unauthorized access should be reviewed, and disaster recovery plans should be tested out regularly.

Many companies have now either been bitten by the problems inherent in having no real built in security policies, or have seen media reports about others who have been bitten.

MSNBC reported cases in which large numbers of credit card numbers and associated information had been stolen from sites in March 2000. Visa had earlier announced that around half its disputes concern internet based credit card transactions, despite these only making up 2% of its total revenue . The Melissa virus caused an estimated $80 million damage, and the Love Bug similarly wreaked havoc across the world. Denial of Service attacks have hit big names like Amazon.com, Ebay and Yahoo, causing loss in terms of revenue and public image.

There is much evidence to suggest that reported cases are simply the tip of a very large iceberg as many security breaches go unreported due to the embarrassment caused by admitting to them and the risks to future business of doing so.

For the consumer, there is not only the worry that personal information such as credit card data could be stolen, but there is also the worry that anyone they appear to be dealing with on the internet could be untrustworthy – and even when dealing with a company known and trusted there is the risk that in reality the consumer is dealing with an imposter. Thus, it is up to those with integrity who are running websites to find ways to reassure the consumer that it is safe to use their websites – for example, by providing Digital Certificates verified by a trusted third party such as Verisign .

It is very difficult for Governments and the Legislation systems to protect the consumer from internet fraudsters and conmen because national boundaries are very difficult to establish or enforce on the internet as content is accessible from everywhere. The US and UK, among others, are investigating the possibility of policing the internet using national ‘cybercrime units’. Financial regulators such as the SEC in the US and the FSA in the UK are looking at measures to help them in controlling websites within their own jurisdictions. International bodies like the OECD and the European Union are working on standards for Ecommerce to be implemented and enforced at a national level by governments, but progress is very slow because industry opposes the idea of government intervention, preferring to rely on self-regulation.

Procedures

At last, many large organizations are now taking security fairly seriously. However there is still a great deal of misunderstanding about what security really means for an organization that uses Internet technologies to trade.

Organizations deploying internet technologies tend to focus on the technologies rather than the procedures behind the technologies. Having solid security procedures in place is often much more important than the technology which is used to implement security. The benefits of using SSL to gather credit card information from a consumer over the web could be nullified if it is common practice within the organization to subsequently email them from one department to another. Putting virus scanning technology into place in an organization is only useful if the virus scanner is updated regularly as new viruses are found. Procedures are required to ensure that the technologies are being used effectively to meet the organizational security goals.

Such procedures should include clear divisions of responsibility for the different areas of security: backup procedures, disaster recovery procedures, physical security (security card control, building security, etc), password procedures, system access levels and authorization procedures, virus control procedures, firewall policies, and all other traditional areas of security which an organization should have under control.

Procedures should ensure that whenever not in use, server consoles should be locked using passwords, that all access attempts to all systems are logged and audited and that passwords are not easily guessed and are changed regularly.


They should ensure that all network systems and web servers are kept in secure locations, and that redundancy systems exist for all key hardware – not only the network systems themselves (including servers, firewalls, hubs and routers) but also air conditioning and power systems.

In addition, it is key that proper testing procedures, source code/change control and defect tracking procedures are in place.

It should go without saying that internet applications which carry out transactions should be thoroughly tested and yet it is incredible how many ‘holes’ are created on Ecommerce web sites due to shoddy programming and testing. Preferably web applications should be tried out by ‘professional hackers’ who can look for loopholes in programs written on the web. Silicon.com reported in October that Marks and Spencer’s website (marksandspencer.com) had an error on it caused by a broken link, that when activated caused an error message which contained confidential material such as passwords, credit card dummies and other log-in information.

Testing of internet applications should be supported by systems which enable changes to code to be made easily and effectively, so that unauthorized/untested changes do not slip through into the production system and that changes made to source code are not later ‘undone’ accidentally due to poor source code control.

Internet Specific Issues

While security should be a concern for any IT organization, there are some aspects of security which are specific to internet-based activities.

Authentication, non repudiation, encryption, privacy, and integrity of data are all issues made more important by the use of web technologies, inherently an open and anonymous form of communication.

The internet provides added security issues, because there is no centralised infrastructure, it operates 24 x 7, over a huge global scale and therefore has millions of potential users, of whom any one could at any time attempt to access non-public information. Some will do so by accident, some just out of curiosity and some using malicious intent will relentlessly test out every aspect of your system until they find a security hole through which they can create havoc.

Security is also a moving target, as new methods become available to hackers all the time, with technology increasing rapidly. By its very nature, the internet was developed to allow openness and this makes it all the more complex to implement security over the top of the internet without making it difficult for authorized parties to access data you wish them to be able to access. Severe damage is often detected too late.

Technologies

Access controls and cryptography can help to prevent unauthorized access to information, but they are only part of the picture.

Organizations are now employing complete PKI and CA infrastructures, such as Onsite Managed Trust Services provided by Verisign, in order to provide them with the flexibility and control they need throughout the enterprise, allowing them to issue their own digital certificates, secure access to extranets/intranets, secure transactions, encrypt email and to carry out authentication.

Access Controls

Hidden URLs –one easy way to restrict access to information and services is to put the information at unpublished URLs and provide the URL only to those who should have access to the information at that address. Clearly this is not a high security option and is unacceptable for most purposes. There are various tools open to serious hackers that enable them to ‘find’ hidden URLs (spiders etc.), and of course it is possible that the locations of the URLs are passed on to others by those who are authorized to access the URLs.

Host-based Restrictions – it is possible to restrict access to a web address (or to a web server, if using a firewall) by IP address or DNS hostname. This method can enforce that only web users operating from within a particular domain or network can access the web page. This is useful if an external web site contains some pages which should only be accessed by employees of the company, as it can be used to deny access to anyone not operating from within the company’s network. This method is not totally foolproof as it cannot deal with unauthorized access due to ‘spoofing’ (whereby a user ‘pretends’ to come from an authorized network address).

Identity-based Controls
The most common method of access control on websites is via usernames and passwords. However, passwords are so easily shared/forgotten, often users select easily-guessed passwords and there are a number of tools available to serious hackers to enable them to easily guess most passwords. Thus, alternative identity-based controls have been developed. Many companies now implement a VPN (Virtual Public Network) to enable employees to connect to internal networks from outside of the company, though these can be costly and troublesome to implement. Smart cards, or software, containing an encrypted public key, to identify valid users are one of the many other options in this area.

Authentication
Single Sign-on – this technology allows the same user to sign on to multiple Ebusiness applications without having to type in their userid/password for each site. There are a number of offerings of this kind of technology. The most common names in this field are Netegrity SiteMinder and X at the top end, and Gator Ewallet and RoboForms at the lower end of the market.

Integrated Authentication – The best known offering in this area is Nt/Windows 2000/3 authentication. This, in effect, provides single sign-on to Microsoft applications that support it – such as SQL Server and any of the Windows operating systems.

Cryptography

Cryptography can be implemented through the encryption of data sent to and from a website and through digital signatures and certificates which ‘prove’ that the sender and recipient are who they claim to be.

Non-repudiation – cryptographic receipts are created so that the author of a message cannot falsely deny sending the message.

Code Signing – a digital certificate can be enclosed within a Jar file (for java code) or a Cab file (for activex controls) to indicate that the code was created by a trusted party and has not been tampered with since being created.

Confidentiality- encryption can scramble information sent over the internet so that eavesdroppers cannot access the data’s content.

Integrity – digitally signed message digest codes can be used to verify that a message has not been modified while in transit.

To read this complete article go to http://mishj.brinkster.net/intranet/esecurity.doc

About the Author

Michelle Johnston is an Ebusiness expert. She is currently Ebusiness Director of Apogee Interactive Inc. in Atlanta USA.

 

Data Recovery Software and Undelete from R-TT
Disk management software including utilities for data recovery, drive imaging, disk wiping and access control.
www.r-tt.com
 
Data Recovery | Email Data Recovery by Ontrack
Data recovery services, data recovery software, file repair software, and diagnostic software from Ontrack. Software for email recovery, file recovery and ...
www.ontrack.com
 
Data Recovery by DriveSavers | Hard Drive Data Recovery
Worldwide data recovery service for all operating systems and storage media. Authorized by all drive manufacturers.
www.drivesavers.com
 
Hard Drive Data Recovery Software Tools, Disk Recovery Utilities ...
Offers data recovery software,data recovery services for hard drive recovery and data safety software services for your computer. Buy award winning data ...
www.stellarinfo.com
 
Data Recovery by FADV – Hard Drive, RAID, Tape, Database and more ...
Offers data recovery services for all hard drive models. RAID, MS SQL, Exchange, Tapes, Camera and USB media, CD and DVD. Service available 24/7.
www.datarecovery.net
 
Data Recovery Software - File System Utilities
Data recovery software for all Windows file systems. Recover deleted files, corrupted hard drives, and partitions.
www.runtime.org
 
Professional Data Recovery Software from Bitmart. File Recovery ...
Data Recovery Software Restorer2000. Undelete & File Recovery utility for FAT and NTFS file systems. Data Recovery from damaged disks and partitions.
www.bitmart.net
 
Data Recovery Services - ActionFront - Critical Server Data Recovery
ISO certified data recovery services with labs in Atlanta, Santa Clara, Dallas, Chicago, Toronto (also Buffalo and Tokyo Japan)
www.actionfront.com
 
Hard Drive Data Recovery Software: Recover Deleted Files- Recover ...
Data recovery software for recovering files that have been deleted or lost due to the hard drive format, virus infection, unexpected system shutdown or ...
www.recovermyfiles.com
 
Data Recovery Group - Hard Drive Data Recovery Services
Data Recovery is Our Only Business! Data Recovery Group's a complete data recovery service that specializes in recovering data from hard disk drives.
www.datarecoverygroup.com
 
Data Recovery by CBL: Hard Drive Recovery Services
Worldwide Data Recovery Services at CBL. Specializing in data recovery, hard drive recovery, hard disk drive recovery and RAID data recovery.
www.cbltech.com
 
Data Recovery Software, File Repair Utilities, Hard Disk Recovery ...
Hard drive data recovery software to perform data recovery & recover deleted files from Novell, Linux, Unix, Mac, Windows & data recovery services for hard ...
www.nucleustechnologies.com
 
AT&DR: Data Recovery and Liabillity
Associated Technologies offers complete data recovery solutions with services for any type of data storage device, including the following: hard drives, ...
www.datarecovery.com
 
Ontrack UK - Data recovery services & recovery software - hard ...
Ontrack offers data recovery services & software for: hard drive recovery, file recovery, server recovery, email recovery, tape recovery, RAID recovery.
www.ontrack.co.uk
 
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com.
www.pcstats.com
 
File Recovery and Data Recovery Software. Hard Drive recovery utility
Data recovery software for FAT, NTFS, Ext2FS file systems. File recovery after FDISK, MBR destruction, FAT damaged, virus infection. Dynamic disk support.
www.data-recovery-software.net
 
Data recovery - Wikipedia, the free encyclopedia
Data recovery is the process of salvaging data from damaged, failed, ... Although there is some confusion as to the term, data recovery can also be the ...
en.wikipedia.org
 
Active@ UNDELETE Data Recovery. Recover Deleted Files. Windows XP ...
Active@ UNDELETE - Data Recovery Software for all Windows File Systems. Recover deleted files from lost, damaged, formatted or reformatted partitions.
www.active-undelete.com
 
New Zealand Data Recovery & Computer Forensics Experts
New Zealand data recovery specialists & computer forensics investigation experts. Recovering lost data for businesses or legal evidence is all we do.
www.datarecovery.co.nz
 
Canada Data Recovery Services: Hard Disk Drive Recovery, Raid Data ...
Provides data recovery solutions for companies experiencing data loss from failed hard drives, raid arrays, and server systems.
www.datarecovery.ca
 
 

 

Content Menu
  • 10 easy steps to speed up your computer without upgrading

  • 10 proven tips to survive a computer crash

  • 7 critical steps to protect your data

  • add value by documenting your business

  • an introduction to tape backup

  • an outsourcers passage to india how to do it part i

  • are you prepared for a hard drive crash

  • asset searching for recovery actions the decision makers critical tool part 2

  • asset searching for recovery actions the decision makers most critical tool part 1

  • a beginner guide to web hosting

  • a customer complaint management system

  • a fresh start for family finances in 2005

  • background of password cracking

  • backing up your stuff part 2 a solution

  • before you take the plunge essential information on data recovery

  • booting problem in pc

  • business continuity and disaster recovery a business not a technology issue

  • business continuity and disaster recovery business impact analysis

  • business continuity and disaster recovery reducing your risk profile

  • business continuity and disaster recovery risk analysis and control

  • business continuity and disaster recovery selecting a business continuity strategy

  • business continuity and disaster recovery the business continuity and disaster recovery plan

  • business continuity testing starts with the risks

  • business needs vs network performance critical challenges facing network managers

  • can raid systems fail

  • career paths for a comptia a certified technician

  • career paths for comptia a certified technician

  • choosing a data recovery company

  • choosing data recovery company

  • common problems why hard disks crash

  • comparing data recovery software

  • compensating for disruptions in the oil and gas industry

  • computer data recovery options

  • computer disposal throwing away your computer money and idenity

  • computer viruses the basics

  • coping with a serious data loss from your computer hard drive

  • corporate information security is our information more secure since september 11th

  • datarecoverynet com enters medical industry

  • data backups are the biggest security threats

  • data backups are the biggest security threats surprised

  • data backups one key to business survival

  • data recovery

  • data recovery 1 on 1

  • data recovery and data loss a costly proposition

  • data recovery and data safety tips

  • data recovery beginners tips

  • data recovery for less

  • data recovery from laptops

  • data recovery made easy

  • data recovery software at your rescue

  • data recovery software comparison

  • data recovery the best method is prevention

  • data recovery the easy way

  • data recovery what not to do

  • data recovery what you need

  • data recovery you can get it back

  • data security are your assets secure

  • dealing with your pending pc disaster a guide for small business

  • did you ever want to completely erase everything on your computer

  • dirty little computer viruses and how to protect yourself

  • disaster planning ­v how important is it to you

  • disaster preparedness in a post 9 11 world

  • disaster recovery more than meets the eye

  • disc and data recovery

  • document management features for 2003

  • does it worth to backup emails from clients like outlook express

  • do it yourself data recovery freezer method

  • do i really need to backup

  • drive solutions inc expands data recovery service

  • easy file recovery basic backup guidelines

  • easy guide to raid recovery

  • eliminating the risk of delivering network ready applications

  • email recovery good software can fix your lost mail trouble

  • esecurity

  • exchange disaster recovery with sanrad v switch planning guide

  • e commerce a no nonsense perspective for new business

  • flash usb drive backup easily conveniently and securely

  • focusstor launches a new data backup recovery software

  • getting more bang for the storage buck

  • get down with ocp evaluating dba job applicants in an ocp world

  • got virus

  • got virus your data is not lost forever

  • great plains accounting support overview for it specialist

  • great plains dos support notes for consultant

  • great site ranking in google the secrets out

  • hackers given access to irs computers

  • hard disk data recovery expert choosing yours

  • hard dive failure what is a head crash

  • hard drive crash avoid making a bad situation worse

  • hard drive crash the essential data recovery report

  • health and medical advice on the internet use it wisely to overcome illness and find more happiness in your life

  • highlights of irs list of 2005 tax scam

  • highlights of irs list of 2005 tax scams

  • how multiple server hosting impacts your websites uptime

  • how multiple server hosting impacts your website s uptime

  • how multiple server hosting impacts your web sites uptime

  • how safe is your success part 5 of 8

  • how safe is your success part 6 of 8

  • how secure are online data backups

  • how to avoid everyday sales mistakes

  • how to backup a pc

  • how to backup windows xp home edition

  • how to backup your computer files

  • how to backup your hard drive

  • how to check the status of your tax refund online

  • how to fight cyberterrorism

  • how to prevent computer security risk and how to keep your small business safe

  • how why gps offers affordable fleet tracking

  • how you can avoid my data recovery nightmare

  • hr managers use computer forensics to investigate employee allegations

  • hurricanes wilma katrina and rita force businesses to rethink computer

  • identity theft and credit reports

  • identity theft recovery the road back

  • identity theft safeguarding cant hurt

  • identity theft the road back

  • improving sql performance

  • index

  • information security for smes

  • insure your information backup software

  • internet network security policies need a radical rethink

  • intranet

  • iscsi vs fc for meeting mission critical requirements

  • its all in the planning disaster recovery

  • it department skills to support microsoft great plains and microsoft crm

  • it in house support microsoft great plains and crm

  • keep a diary of your computer

  • learn how to safely backup your hard drive

  • lightning season how to avoid data loss

  • linux or windows which is it

  • loans for bad debtors discarding debt disorganization to recover financial growth

  • local vs remote data backup the pros and cons

  • mcse 70 290 certification primer

  • microsoft great plains customization recovery upgrade for large corporation

  • microsoft great plains customization upgrade recovery visual studio vb 6 0

  • microsoft r exchange server utilities eseutil isinteg

  • microsoft sql 2000 disaster recovery with sanrad v switch planning guide

  • mr

  • need a copy of your tax return information

  • new generation of financial information systems makes crunching numbers faster and easier

  • new iomega tera series desktop hard drive with 1tb capacity

  • nucleus kernel for fat and ntfs

  • nucleus kernel for fat data recovery software

  • nucleus kernel for fat ntfs data recovery software

  • nucleus kernel for ntfs data recovery softwares

  • online investing and trading discussions at www streetplayer com

  • openly sharing your rfp objectives and information with vendors

  • options for computer data recovery

  • outsourcing it asset retirement

  • outsourcing multiplying it services

  • paragon drive copy 8 0

  • planning for 2002 business recovery use public relations firepower

  • protecting your identity on the internet

  • protect yourself before your hard drive crashes

  • quick system restore with asr backups

  • raid disk recovery

  • ready for a business recovery

  • recognizing a pc with malware

  • recover deleted data easily

  • reduce tco the java database way

  • reinstall windows xp on your computer

  • rotator

  • scalability testing 7 steps towards success

  • scalability testing 7 tips for improvement

  • secure offsite backup services and software online file backup and storage remote online backup

  • secure your data windows data backup computer software

  • small business computer security the basics

  • small business network security 101

  • software that takes care of other software

  • sql administrator skills required to support microsoft great plains

  • syi save your identity

  • teosoft cleanspace 9 software

  • the best data recovery choice for you

  • the day my laptop was stolen almost killed my business

  • the devastation of data loss and what you can do about it

  • the essential data recovery report

  • the google patent reveals the secret to great site ranking

  • the importance of engaging a qualified data recovery expert

  • the importance of proper security for your pc

  • the mystery of the unknown

  • the seven deadly habits of a dba and how to cure them

  • the seven golden rules of data backups

  • the worst case scenario how to protect your data

  • think you have a dead hard drive

  • top 10 ways to protect yourself from computer viruses

  • top 10 ways to protect yourself from online identity theft

  • top 5 backup tools you can pick up for pennies

  • top 7 reasons you should back up your data online

  • top computer problems leading to data recovery

  • trouble shooting hard drive problems part 2

  • using sanrad v switch as the vss hardware provider for windows backups

  • using system restore to save yourself from formatting your hard drive

  • webfarms ii balancing the load

  • welcome to the world of knoppix

  • what could macedonia learn from a tiger the asian tigers and the phenomenon of uninterrupted economic growth

  • what is data recovery

  • what is data recovery a brief introduction

  • why usability is important to you

  • will you recover

  • working from home for yourself or someone else

  • your hard disk failed dont panic

  • your hard disk failed don t panic

  • your hard drive is going to explode why a ups is essential

  • your privacy exposed computer forensics international uncovers secrets about recycled hard drives

  • you can recover deleted data

  • you lost your data dont panic

  • you need to backup