Securing Electronic Retailing Sites and Transactions

SECURING ELECTRONIC RETAILING SITES AND TRANSACTIONS

Attacks earlier in the year on major e-commerce sites, including E*Trade; Amazon.com, the leading e-tailer; eBay, the online auction house; CNN, the news service; Yahoo!; Buy.com; and Zdnet, a technology news and information web site, have heightened the awareness of securing e-commerce sites (“E-Commerce Sites,” 2000, p.106). This is just the first example of a rampant problem that has cost e-tailing companies millions of dollars in losses.

THE PROBLEM

Hackers, using a denial of service (DoS) technique, caused the aforementioned e-tailers to temporarily shut down. By repeatedly loading hundreds of web pages to the companies’ servers from computers on the Internet, the hackers flooded the servers of the e-tailers. These attacks ultimately crashed the company’s server or denied access to normal users (“E-Commerce Sites,” 2000, p.106). These flood attacks are relatively easy to carry out with software such as Stacheldaht or Tribal Flood, which are publicly made available on the Internet (“E-Commerce Sites,” 2000, p.106). Once a hacker has one of these programs in his possession, he simply installs the software on several computers connected to the Internet and triggers the flooding from a central computer. Since the flooding comes from a variety of different sources, it is nearly impossible to identify the origin of the attack (“E-Commerce Sites,” 2000, p.106).

THE DAMAGE

A joint survey, conducted in 1999 by the computer Security Institute and the FBI, of major US companies, revealed that tampering with company’s online operations is becoming a mundane occurrence (Courtney, 2000, p.84). The survey polled 640 corporations, banks, and government organizations on the conditions of their computer systems (Courtney, 2000, p.84).

• Of the responding companies, 90% had detected security breaches (Courtney, 2000, p.84).

• 70% of the companies reported serious security breaches (Blotzer, 2000, p99). These included theft of proprietary information, financial fraud, system penetration by outsiders, data or network sabotage, and denial of service attacks (Courtney, 2000, p.84).

• Quantifiable losses totaled $265 million, 115% higher than in 1999 (Courtney, 2000, p.84).

• The most serious breach resulted in a loss of $66 million, 55% higher than the most serious loss of 1999 (Courtney, 2000, p.84).

• 59% of the companies cited their Internet connection as a frequent point of attack (Courtney, 2000, p.84).

• The total cost to these companies was $266 million (Blotzer, 2000, p99).

This survey illustrates the seriousness of attacks and the importance of proper security to defend against those attacks.

THE SOLUTION

For every company doing business on the Internet, security should be a top priority. Gibson Research Corporation has a website where computers can be checked for vulnerability against hackers. The site is http://www.grc.com/default.htm (Blotzer, 2000, p99). There are also certain programs designed to safeguard servers from attack or malicious activity. Without these programs, companies become vulnerable to attack and millions of dollars in losses.

Anti-Virus Software

At the bare minimum every company should have anti-virus software. Anti-virus software protects against viruses, worms, and trojan horses. These are “computer programs designed to enter a computer without knowledge or permission of the user” (Blotzer, 2000, p99). They perform “undesired, useless, or malicious functions”, which can take up memory thus slowing down the computer or destroying its files (Blotzer, 2000, p99). Popular anti-virus