Assignment question 1 explain the process that should be followed in building an e-commerce website. 2.

explain in detail the security issues and measures needed to be taken in an ecommerce website 2.0 Introduction of website security Security of e-commerce that is about customers information whether can keep in confidence or private .such information definitely include credit card number and related information, and may, depending on the type of business, include customer's name, address, and the list of products that the customer is buying. It should also include the customer's password and order ID. Every user is requesting a secure website to access without hacker and virus. In a secure of E-commerce website , it should have a technology system , software ,organization policies and procedure to protects customer information and companys private confidence to achieve a highest degree security , but it is not completely safe in system and it exist other factor like system security it often breaks at weakest link . Contain a technology and software it is purpose for not easily to people who are phishing ,sniffing , spread virus and hack,. For example :

2.0 Security dimensions 2.1 Integrity Integrity it is security ensure between the sender and receiver ,whether contain the private communication and the communication process is without

disturb ,fake ,cheat . The usually user are using e-mail to process their communication and every e-mail has their password . so for the example : Integrity facing issue spoofing E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than yourself is illegal in some jurisdictions. Solution of facing spoofing In this type of attack, the cracker resides on the same subnet as his intended target, so by sniffing the wire for existing transmissions, he can understand an entire sequence/acknowledge cycle between his target and other hosts .Once the sequence is known, the attacker can hijack sessions that have already been built by disguising himself as another machine, bypassing any sort of authentication that was previously conducted on that connection.

Conclusion Integrity it may facing the privacy information leak out from people who theft , and integrity is focus on the between the sender and receiver it means customers and merchants whether avail in communication . 1.3 Authenticity Authenticity it is represent of proof and identity and the message, transaction, or other exchange of information from the source to ensure that it is claim to be from. The certification process usually involves more than the identity of the evidence. That some users are aware, such as a password. Alternatively, the user may prove their identity with their stuff, like a key card. Modern systems can also provide user-based things to prove. Biometric authentication methods, such as fingerprint scanning, palm-shaped scan or retina scan things. 1.3.1 The authenticity issue facing Some kind of people who are setting a scam or fraud to swindle information from internet
user who contain mail .They will use a high technique it is Phishing

to be success their

purpose. Phishing means is sending an e-mail falsely claim to be a particular enterprise and ask a lot sensitive about finance information from user . It is a normally peoples who thinks is genuine e-mail and give information to the phisher in network , actually this is a scam for user .Phishing case who more like to uses send email to user ,because an e-mail is most convenient from of communicate .This kind of case majority happened on bank of user and other those relevant with the money.

1.3.2 measure of the authenticity security issues E-mail it is very popular scamming in online and also not only a few people be cheated .So the email false or true want to confirm it that is not difficult but that is need time to verify. When received any uncertain email please dont reply to sender and dont click any things . Instead, you can type the site's address directly in the address bar of your browser to verify the request .When created account by company which are seldom ask even never ask password ,email, phone number ,credit card information in email. Conclusion Authenticity thats about the true and reliant . Customer arent prospective

dealing with deceptive and the merchant worry about the same problem isnt the customer using the real identity . The success business should not contain deceptive and should authenticity

2.0 confidentially Confidentially is private information wont give other people to see . Now a day company between company they are mutual want to know mutual confidentially ,so some of company they are construct a system to protect their private information dont to other theft the information , but some of company they are never construct system and simply manage their information , that are good opportunity to sniffer who theft the information and to know about the all confidential information.

2.1 what is sniffing Sniffing it self can be contain software programming and hardware device with appropriate software or firmware programming .sniffing it means is sniffer sneaky go through the network traffic without alert ,detect ,discover to acts probe ,snoop and copy data without allowed .This is are high technique to theft data from company and it also one of business contest . For year ago ,sniffing is only for network engineering of expert person contain but, now a day already have become popular on internet with hacker and merely curious

2.1.1 how can secure and prevent data theft Use encryption it can prevent and secure , like a door locked to protect network data and it is a best way to against sniffer. But while encryption doesn't prevent a sniffer from functioning. It just ensure that what sniffer read in nonsense . Anti-sniffer software .This software can able detect if computer is in promiscuous mode. Virtual Private Networking (VPN) Basically, it creates an encrypted virtual network connection from computer to the server. Pretend that connect to VPN from the public network. All the information access the Internet is encrypted, because it was first sent to home network. There, the server decrypts the data, and then sent over the Internet. Therefore, no one can see what you are doing, because it is all encrypted in the public network. VPN works a bit like a seamless proxy server. Conclusion Confidential it is very important of each one ,if confidential loss thats very danger .everyone should be protect about own information and privacy properly.

3.0 Availability Availability means is ensure the system ability continues to function and intended . Availability is, unsurprisingly, the availability of information resources. Does not provide, when you need it almost as long as there is no bad, all of the information system. This may be even worse, how to rely on the organization has become a functioning computer and communications infrastructure. But the security problem will make the system down like a viruses . 3.0 virus In computer, virus is a program or programming code , it will exist with copied by the copy or start to copy it to another program, computer boot sector or file. Virus can be everywhere and also can be transmit as attach to a e-mail note ,download file , or present in CD , pendrive or hardisk . Direct source of the e-mail, downloaded file, or pendrive received usually do not know, it contains a virus, it sometime can't detected and do not realize through by the software detection. Virus can specific to descript it is a disadvantage to computer user , and it might be ability spread the virus as soon as fast to become user working slow or even affect computer network down . In the network some of people are nonsense spread virus in social network to some of user as a prank ,fun ,entertainment ,or else . Virus once you click ,it were already spread in your account or computer .

3.1 how to prevent virus. Anti-virus program installed on each computer. These development plans, identify and suppress or get rid of the virus from your computer. They analyze your computer system and any existing viruses, it is disinfected. Anti-virus program, you can also prevent malicious code copies itself to your hard drive and access the data on your computer. Many anti-virus program available in the market, commercial and free two kinds. These brands include Kaspersky, Avira, and McPhee. But the most popular is Avira ,because it functionally can achieve to kill about 90% viruses and scan about virus when discover or detect. Use a firewall to protect your Internet connection. A firewall is a software or hardware device developed to prevent unauthorized access to your computer viruses. Without an active firewall, your computer will be easy to get infected with malicious programs, are often connected to the Internet minutes. Conclusion of availability Availability this is Emphasis on function and efficient . consider this is part of responsibility ,its requisition on the efficient and the system .

Nonrepudiation Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. Issue of nonrepudiation this issue about a person who do not deny about what he/she had send or promised . If the consumer ordered something in marketing network can user found the proof Solution of nonrepudiation email tracking Email tracking it is a software ,it can be whatever the sender send or receiver receive message .It can open and read it . When you use them to read each message you send is invisible track to remind the recipient. However, when they read your message, you will immediately receive the following information: Conclusion Sometime people like to reject what did he/she promised but now a day ,has email tracking they are no reason to refuse the promise ,

Privacy Internet privacy related to personal privacy rights or authorization via the Internet storage, re-use, available to third parties, and display information about themselves. Privacy can be involved in the site personally identifiable information, such as the behavior of site visitors, or non-personally identifiable information. Privacy issue hacker Hacker can mean to a clever programmer especially on those popular media someone tries to break into user computer system. Under normal circumstances, the hacker will be a skilled programmer or engineer to have sufficient technical knowledge to understand the weak points in security systems. Solution prevent hacker User should be always changes password in some of time or make a strong password that mean is longer passwords. Conclusion Privacy if theft by hacker it may very serious problem of the user . Hope every must keep or secure well in information of every one

Final Conclusion If a merchant achieved about above six dimension it may a good merchant and trading will be successful . Above the six dimension contain a important particular for operating an e-commerce on internet , if lack one of the dimension it will look like not complete or not perfect.

Bibliography and Reference

http://www.scribd.com/doc/32659294/Dimensions-of-E-commerce-Security-Integrity http://www.computerworld.com/s/article/9001021/The_top_five_ways_to_prevent_IP_spo ofing http://www.istl.org/02-fall/internet.html Appendix