1. Introduction:
This report is a complete briefing of security in web based information systems and ways to dealt with those security issues such as hacking, viruses and identity theft. The effects of these issues can put serious effects on the organisation. Information is the complied or processed form of data, which is used and managed by information systems and software. The main and foremost purpose of information processing is to use data for meaningful information such as customer order processing system.
A massive amount of information systems is working over the global world of internet technology, which are joining millions of computers over this global world to access and share sources between each other. These resources consist on images, videos, texts, emails, audio etc. Information technology is making easy to share stuff between heterogeneous to vast up their business. At the same time, there are multiple issues, which are coming because of security issues. There are number of issues which are creating problems with users security and their personal information, while sharity of information.
This report is a short glimpse of those issues and it would also talk about the ways to deal with those issues. The first part of the report is about different kinds of security problems that might influence an online web based application,. The second part is about competitive advantages between the firms and we will also discuss about product differentiation, cost leadership, niche marketing and marketing leadership in the sense of business. As today, most of the business has been transformed into web services, so, in order to compete with the growing competition, it is very essential to be aware of the problems in the market, and how to get away from them by staying in first row of champions.
Part 1:
1.1. Security in Web based Application:
Security is most important issue in any web based application. Web application is a kind of application which is providing services over internet or intranet , where all the computers in the network or internet are capable of accessing it. Security is most important issue with is discussed in any web application or desktop application. First of all, what is security? It is very essential to understand the meaning of security before deploying an online web based application.
Security is a set of rules and measure which are taken by an organisation to keep its data free and safe from illegal and unauthorized access. This illegal access could be an attack from hacker, malicious malware or viruses which are evolved by hackers over network and internet.
1.2. Problem with web based application:
There are innumerable problems with web based applications which might create security issues and problems for the organisation. A proper security measures against those threats can resolve these issues and can save the organisation from difficulties and problems. Firstly, we will talk about those problems and try to explore the ways to resolve the problem.
Risks:
Hacking:
Hackers can easily get in to your computer or web based application when an application is resided over internet or a network. They might take your users details, credit cards information, and can destroy or flood your database with junk data with the use of viruses and spams. The main reason of hacking is that hacker access your computer via ports.
How to resolve?
The best way to solve the problem of hacking is to use firewall which will block the ports and help to safeguard against illegal access to the network. Secondly, if the application is uploaded over internet, then you should select a server with well updated firewall.
Viruses:
A virus is like a bug which might come to the network or computer in many ways. It can spread itself via email and by coping itself in to computer it could easily manipulate itself. A virus over internet can hang your web application by making it slower for other users of the application. It can spread by using flash media such as USB , memory card. Likewise, worm is also one common of computer viruses which are working in computer networks and security flaws and creating copies of itself over the network. These copies of worms start routing over the network in order to find security flaws on different computers linked with the network. Worms are basically more complex than Trojan horses, and a computer worm does not need a host program to be able to infect.
You can do your best to try and protect yourself against worm viruses by keeping up-to-date with regards to installing patches which are provided by operating systems and application vendors.
Email viruses are different types of viruses, which uses email messages to transport, and can automatically send itself to hundreds, and thousands of people depending on whose email address they victimize. There are certain basic rules that you can follow which will help you to avoid email viruses.
Some of them include never open any attachment unless you know the sender and you were expecting it. If you happen to receive a particular email message with an attachment from someone you don't know you should delete it immediately and never open it. Always use antivirus software and remember to constantly check f or updates.Always let someone know when you will be sending them an attachment in an email so that they can be expecting it; and always use spam filters to block unwanted and unrecognizable mail.
How to resolve?
The best way to deal with the problem of virus is to use a well updated antivirus such as Norton, Mcafee, AVG, Kaspersky etc. secondly, it is very important to scan USB flash media with some good antivirus.
Identity theft:
Identity theft is also one of the major security issues in computing and web based applications. It occurs when a hacker get in to the computer and steals the credit cards details to use it for illegal use. There are several malwares and malicious viruses which are designed and spread by the hackers over the internet to steal users credit/debit card’s details and email it back to hacker.
How to resolve?
In order to address this issue, the web based application should be very much secure and powerful against these attackers. The access to users accounts and their credit card’s detail should be enabled after proper authentication.
How to resolve security issues?
Using Firewalls:
Firewalls are programs that monitor data traffic which is incoming or outgoing on the network when a user is online. Effectively, installing a firewall can slow down the computer depending on what it does, and where it came from. The software needs to be configured to permit or deny communication with websites, as chosen by the user. In general, once configured, there is no real impact on the performance of websites, but it can take time to set up the relevant permissions between the site and the user’s computer.
So, by using efficient firewall on the computer can keep a strong eye on data traffic coming from clients. Likewise, in the same way there should be check and balance in firewall. For example, if a PC-client on the networking is sending excessive amount of data into database of a web application, then the firewall should be efficient enough to block that PC to keep illegal and dangerous access from the system.
SSL (Secure Socket Layer):
A popular implementation of public-key encryption is the Secure Sockets Layer (SSL). Originally developed by Netscape, SSL is an Internet security protocol used by Internet browsers and Web servers to transmit sensitive information. SSL has become part of an overall security protocol known as Transport Layer Security (TLS).
HTTP:
Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks.
RSA Certificates:
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that the user knows who created the document and you know that it has not been altered in any way since that person created it. Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.
Strong Passwords:
Passwords need to be on the website to prevent hacker from maliciously attempting to break into the website. Strong passwords use both letters, numbers, lower case and upper case so it is more difficult for someone to guess it.
Alternative Authentication Methods:
Other authentication methods include biometrics such as: Retinal scanners, fingerprint scanners, voice patterns, these can be used in addition to traditional password combinations to ensure extra security and authentication. The hardware for this is not yet available to the general public. Introduction This report will explain security measures that threaten an E-commerce web-site, such as hacking, viruses, and identity theft. The effects of these can have a serious impact on the organisation.
No comments:
Post a Comment