II.7.2.6 Overview of the security of the communication
channel
Data packets flowing to the internet are not using the same
path to reach the server. Information sent over the net can be intercepted,
altered or deleted before it can reach the receiver.
E-commerce will face integrity, confidentiality and
availability threat inherent to the nature of the Internet as communication
channel.
Confidentiality threat
The main concern of confidentiality is to make sure that
information is protected against unauthorized disclosure, while the privacy is
concerned by the legal instrument and policy to ensure the protection of
private information.
The theft of sensitive information or personal data such as
credit card number, names, and addresses is one of the most important threats
for e-commerce. Therefore, e-commerce infrastructure must address this threat
with highest priority.
One of the technology solutions used to ensure data
confidentiality is the encryption tools and solutions.
What is the encryption?
In this study, the definition given by G. Schneider (2011,
p465) is considered: «Encryption is the coding of information by using a
mathematically based program and a secret key to produce a string of characters
that is unintelligible».
Encrypted information can travel around the internet to ensure
that it can't be disclosed easily.
Page | 24
Integrity threats
An integrity threat appears when information or data can be
object of unauthorized modification, alteration, creation or deletion.
Cyber vandalism is one of the examples of integrity violation
because it destroys or modifies information on existing web sites.
Integrity prevention can be achieved by intrusion
detection systems which monitor suspicious activity on the network or
computer to prevent unauthorized access to information stored on the system or
transmitted on the network.
Availability threats
Turban et al. (2006, p517) defines availability as
«assurance that access to data, website, or other electronic commerce data
service is timely, available, reliable, and restricted to authorized
users».
The availability threat consists of all events which cause
delay or deny access to data. The most known is the Denial-of-Service (DOS)
attack which trouble normal operation of a computer or server and can conduct
on abnormal slowness of the server, network or electronic systems such as
Automated Teller Machine (ATM).
E-payment systems must be protected by IDS or Firewall able to
stop these kinds of attacks.
Authentication, authorization and non repudiation
To conclude on the communication channels, it is clearly
described in the previous sections that e-commerce relies on the
confidentiality, integrity and availability (CIA) of information and the
business web site (Turban et al., 2008, p. 517).
These functions depend on the authentication which is a
process to «assure the real identity of an entity which can be a user
computer, program, website or any Information resource (Turban et al. 2008, p
517).
Authorization is the process of ensuring that the
authenticated entity has been granted rights to access resource and which
operations it'll perform on it.
The non repudiation will ensure that authenticated entity
cannot falsely deny action it conducts online.
For e-commerce perspective non repudiation will be the
«assurance that online customers or trading partners cannot falsely deny
(repudiate) their purchases or transactions». (Turban et al, 2008,
p518).
Page | 25
Threats to physical security of the internet
communication channels The packet-switching infrastructure permits
to have many links to the internet.
In case of physical attack to one of the link; data packets
will be routed to another link to the internet.
For e-commerce business the countermeasure to this threat
will be to use redundant links to different Internet Service Providers
(ISPs) which in their turn have many different links to
internet.
Threat to Wireless network
Wireless access points (WAP) provide network connectivity to
computer (mostly laptops) and other mobile devices within a short range of
hundred meters to access to a shared resource, in the case of this study, the
internet.
If the wireless access point is not protected, anyone can
connect to the network and gain access to the resources on the network.
The security on wireless is implemented via a wireless
encryption protocol (WEP) which permits to encrypt and decrypt data over
wireless transmission.
Threat to server computer
There is no system which can be hundred percent secured, even
if strong security policies and measures are implemented, web servers will have
vulnerabilities which can be exploited to compromise them.
The confidentiality can be compromised by the web server
itself if it allows automatic display of directory listings and the folder
names are revealed to the web browser. (G. Schneider, 2011, p.474).
Web servers are connected to back-end storage server (database
servers) where valuable information about products and customers are stored; in
case of unauthorized access, that information can be disclosed.
Modern database management systems (DBMS) have security
features to authenticate users. This login information can be stolen by hidden
malicious programs installed by hackers in the servers.
Also, some organization will keep default DBMS credentials
which are provided by the editor; this will keep a security hole to the
database which can be exploiting by the hackers.
Page | 26
| 
