The 21st century is characterized by an enhanced technological development and more so in the field of Information technology. This advancement has promoted the business arena greatly by facilitating the establishment of electronic businesses. E- Business, often referred as e-commerce, is any business activity that involves sharing of information over the internet (Beynon-Davies, 2004).
Models of E-Business
E-business uses the following three models for its operation: B2B, B2C or C2C (Timmers, (2000). The first involves any business trading that involves two business entities. The second one is when a consumer buys goods or services from a businessman/woman for consumption. Lastly, we have C2C that occurs when various consumers are brought together to buy; for instance in an E-bay (Timmers, 2000).
E-commerce has boosted businesses significantly by enabling many companies extend their operations from national levels to trade globally, thereby enhancing their performances in a great manner in terms of the profits they realize.
Applications of E-Business
E-business has enhanced the efficiency of current business transactions. In some cases, buying of goods and services involves just the click of the mouse. Most of the e-businesses prefer the use of electronic payments as their mode of payment. Some of options they have as their payment preferences include; wire transfer, PayPal, Credit Card ,E gold and others (Beynon-Davies, 2004).
E-business has also led to the computerization of almost all the processes in these organizations. For example, the human resource departments of these companies are computerized so that they can comply with the high demand that accompanies such businesses. The human resource departments of these companies conduct their recruitments online.
They generally store the testimonials of their preferred applicant in a common database from where they make their choices when they require hiring some personnel (Beynon-Davies, 2004). Their task becomes very easy since they only have to sort the testimonials of their preferred candidates electronically from these databases. The human resource department can also conduct their training online for both the newly recruited and the other employees that need to upgrade their skills. Similarly, the accounting, marketing and procurement departments employ the same concept, while conducting their day-to-day activities (Beynon-Davies, 2004). The e-commerce is very sensitive and is commonly venerable to both internal and external security threats such as hackers or malicious damage of companies files by some employees (Beynon-Davies, 2004).
Network Security Issues in E-Business
Internal and external network security threats occurs in three forms which include reconnaissance attach, access attack and lastly the denial of service attack. The first attack entails the hacker’s effort to determine the nature of one’s network. It involves identifying the hardware and software used as well as the topology adapted.
This basic information is very important as it gives the hacker the direction on how to proceed. Reconnaissance attack occurs in various types such as scanning or Eavesdropping. Scanning attacks are executed to assist the attacker determine whether the computers in the network have IP addresses (Westfall, 2010).
An access attack is an attempt to access the files’ passwords using password cracking programs. Hackers achieve this by cracking the passwords through eavesdropping whereby they are able to establish the passwords from the packets that have clear-text passwords. Similarly, a hacker can access the network by capitalizing on the weaknesses of the operating system used. Once inside the network, the hacker maximizes this opportunity to break into other networks, erase files or change the coding of some programs (Fickes, 2000). The internal attacks are executed by those that have authorized access. Most of these are some employees that may have some hidden agenda that they are willing to accomplish. Their missions may include illegally accessing the human resource files to order their testimonials when they are planning to acquire unaccredited promotions or increase in their salaries. Similarly, it may include accessing the records in the accounting department and altering their content maybe to reflect higher pay.
This can easily happen to those networks that are not well secured. It happens when a network that hosts various departments does not have good restrictions on the files that should be accessed by all the users and those that should be accessed by only a few (Fickes, 2000).
Effecting Security in the Network
To avoid such an attack, the network administrator should share only those files that are not sensitive to the operations of the company. Such files include the company policies, training manuals and such documents. The sharing of such files can be realized by the network administrator establishing a common folder in the server that is sharing it with all the workstations in the computer network and not those files which are very sensitive to the daily operations of the company. Files that highlight the company’s strategies and accounting performances should not be shared, but their access should be restricted to a few personnel. Their security can be enhanced by reinforcing their security further through encryption and assigning them a password (Fickes, 2000).
Encryption will ensure that their contents are not hacked when these files are being relayed from one point to the other. For instance, when the accounting department is sending the accounting performances to the head office, no one can be able to intercept these files through eavesdropping. This is because encryption encodes these files such that if unauthorized person comes across such files they cannot be able to use them unless they contain the required decoding program (Fickes, 2000).
The use of password prevents any unauthorized user who may accidentally access the server not be in a position to access the contents of such files unless that person posses the required password (Fickes, 2000). The network administrator should advice the employees to use very strong passwords to secure their sensitive information or secure their machines so that to minimize malicious attacks within the company. They should strengthen their passwords by avoiding passwords such as their names, name of palaces. Instead they should use password that contains more than 6 characters and those that are not easy to guess. The network administrator should also assign every employee his/her own workstation which should always be secured with their password whenever not in use and that password should not be disclosed to anybody. The external attacks occur when unauthorized access or tries to access a given network. This may be an individual with a hidden agenda or a business rival that is employing unethical techniques to compete.
Some of the common external attack that exists includes denial of service attack; this is a security threat whereby attackers delay or deny legal traffic or user access a specific resource. The attacker can achieve this by overpower such a resource with a lot of ICMP packets (Westfall, 2010). This type of attack is mostly associated with the corporate world. Some companies interfere with the performances of other organizations through this type of attack to reduce the quality of their services so that to enable them gain a competitive advantage over them (Westfall, 2010).
The attack can only affect a specific program or can make all the machines fail. To avoid such an attack, the network administrator should ensure that the network is installed with filtering solutions such as firewall like Cisco IOS routers or IPEX. Intrusion-Detection System is another strategy that can be used to avoid external attacks.
The IDS detects the reconnaissance attacks and alert the users of any looming attack. Cisco has various tools that the administrator can adapt in the network to detect such attacks so that to act accordingly in good time (Westfall, 2010). Virus, worms and Trojan attacks; these are the most common external attack that exhibits any given network. A virus is considered as any program that is installed and runs in a computer without one’s knowledge (Fickes, 2000). Most often these viruses replicate and distribute their damages to other places within the network.
Worms replicated within a network with an intension of using all the systems resource or crashing it altogether. A Trojan horse is a software that is loaded in a computer within a network and awaits the user to activate it so that to initiate its damage (Fickes, 2000). They disguise themselves as antivirus, but instead of removing them they increase them.
They can be avoided through user training, proper use of antivirus programs and use of application-verification program. The human resource department can play a pivotal role in helping to control both the internal and external attacks in any given network. The human resource department should liaise with the network administrator and come up with policies that will guide the employees when running their day-to-day activities so that to uphold the security of the network. The human resource department while training the newly recruited workforce should educate them on safe use of information system. They should advice them not to install any program in their computers and to consult the system administrator when confronted with any technical issue. They should also be educated on how to select the password they should use to secure their systems. They should ensure that they use passwords that have both letters and numbers and avoid writing them on their desks.
The human resource department and the system administrator should advice the concerned individuals to ensure that they encrypt their sensitive information such as credit cards information, passwords and sometimes even the usernames, company trade secrets and sensitive information and individual personal details such as address, telephone number, social security numbers and so on (Fickes, 2000). This will help the network to avoid security attacks and especially due to eavesdropping. The employees should be informed not to disclose any information that can compromise the security of the network maybe as a response to a telephone call. This will help to avoid an attack as a result of social engineering.
If the highlighted issues are taken into consideration, both the internal and external network attacks will be a resolved issue.
The company will be able to better protect its strategic business information, property rights as well as trade secrets.
Beynon-Davies, P. (2004). E-Business. Basingstoke: Palgrave. Fickes, M.
(2010). B2B security: Access control & security systems integration 43(10). Retrieved From http://www.finance.
reachinformation.com/Electronic_business.aspx Timmers, P. (2000). Electronic commerce: Strategies & models for business-to- business trading.
New Jersey: John Wiley & Sons, Ltd Westfall, J. (2010). Privacy: Electronic information and the individual. Santa Clara University. Markkula Center for Applied Ethics, 2010.
Retrieved from http://www.scu.edu/ethics/publications/submitted/westfall/privacy.html