Directory services
Directory services are integral components of all network operating systems. Network operating systems directories store information about:
· Registered users and their permissions to access directory objects
· Shared hardware resources such as printers
· Shared files, databases and programs
· Computer systems and specialised hardware devices such as network storage appliances.
The formal Internet standard for directories is the Lightweight Directory Access Protocol (LDAP). An LDAP stores information about LDAP objects. Each object is an instance of an object class, which defines the attributes common to all member objects. LDAP objects are organised into a hierarchical directory structure. Objects can be grouped into container objects that can be grouped into other container objects. Strict adherence to the LDAP standard guarantees interoperability among all LDAP clients and servers.
The UDDI registry
Universal Description Discovery Integration (UDDI) http://uddi.xml.org/ can be thought of as a phonebook register for e-commerce, where a small businesses can describe themselves, discover other businesses and look at integration of services using Web Services Description Language WSDL to mark-up, advertise and automate Web services for client businesses. UDDI enables:
'single click e-commerce transactions and lowers the entry barriers for SME’s to do e-business.'
ebXML (Electronic business XML) is the next step in the process to actually link this Web service A to that Web service B, to this contract C; and so a legal contractual framework needs to be added at some stage for effective B2B e‑business relationships through Web services. UDDI stores WSDL files that contain information, and assists in automation for Web services. Hence UDDI acts as a registry and repository for storing business information and the way the web service can be used; it can be 'looked-up' by clients using SOAP to locate web services to talk more SOAP.
Network security and growth of e-commerce
E-commerce seems to have taken off, however not with everyone. Lots of businesses are still reluctant, as they are worried of the security issues involved with the Internet. They want network security which can authenticate and allow privacy from unauthorised users, and maintain data privacy. A system needs to be constructed that can prove the identity of the consumer, secure data when travelling across the internet (that is not tampered with), provide a secure way of paying, and finally, ensure and prove that the message was received by the specified person (and also sent by the specified person - and was not modified at all on its journey).
Crackers are a problem as some can interpret, decipher and even modify data.
How can we prevent unauthorised users tampering with our e‑commerce sites?
One reason why companies have been slow to enter e-commerce technology is due to security issues. Organisations are putting themselves at risk when they are not fully securing their site. There is potential of loss of assets and privacy and this can damage the reputation of the firm. You need to take into account all areas of security before and after an occurrence; all measures need to be taken to ensure that your site is not vulnerable to interference to those crackers whose thrill is to embarrass others by cracking through defences.
What measures can be taken?
· Maintain an audit of all logs
· Encrypt email messages
· Secure client security
· Secure server security
· Secure data transport security
· Secure operating system security
· Use secure transport protocols e.g. SSL (Secure sockets layer) of HTTPS (Secure HTTP)
· Use firewalls properly
· Secure browsers with security and scrambling features.
Web defacing or vandalism has been recently received coverage in the news. Some attacks of http://www.yahoo.com, http://www.amazon.com and the Gallup organisation http://www.gallup.com occurred just before the presidential primary elections. This form of vandalism usually involves defacing another person's/organisation's web site illegally, to convey messages, obscene pictures, criticism, etc.
You cannot presume that the Internet is secure. Messages travel through numerous routers before the message reaches its intended destination. These in‑between sites have the ability to copy, modify and delete these so-called secure messages. Encryption needs to be used whenever data is private.
Customer's biggest fears with e-commerce is supplying their credit card details, which can be used unlawfully. You need to ensure that customers can securely make a payment to your business.
Another problem arises with criminals setting up fake web sites appearing as legitimate businesses. (Luring customers to give their credit card or banking details to find that they have paid for the product or service which they may never receive. In turn their credit card details may be used somewhere else.) This has been happening in my e-mail as I write, with false e-mail sent as if a real message from an Australian bank. There has been numerous credit card frauds where thousands of details have been released on a website. Do you want your customers to be affected like this?
E-commerce sites need to provide assurance that they can protect assets, and customers' data and reputations. Customers put a lot of trust into e-commerce sites; that they have directed their business appropriately.
Firewalls
A firewall provides controlled access between a private network and the Internet. The firewall determines whether a data packet or a connection request should be permitted to pass through the firewall, or be discarded. An organisation places a firewall at each external connection to guarantee that the organisation's internal network remain free from unauthorised traffic.
Security is a part of an organisation's ethical response to risk management, at both the server side and client side (cookies – plugin MIME types). The SME needs to develop a sound security strategy involving firewalls, security levels and a security matrix, e.g. like that used at CSU for its entire server environment. Encryption ideas using SET, SSL, Public/private key need to be understood.
Secure shell protection
According to the online FAQ about Secure Shell, the system protects against:
· IP spoofing, where a remote host sends out packets, pretending to come from another, trusted host. Ssh even protects against a spoofer on the local network, who can pretend that he or she is your router to the outside.
· IP source routing, where a host can pretend that an IP packet comes from another, trusted host.
· DNS spoofing, where an attacker forges name server records.
· Interception of clear text passwords and other data by intermediate hosts.
· Manipulation of data by people in control of intermediate hosts.
In other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, and cannot decrypt or play back the traffic, or hijack the connection.
Security across the Internet
Security across the Internet is a big concern for an online business and is one of the reasons why Internet trading has been confined mostly to advertising. In the case of the corporate intranet, security is provided by techniques such as:
· the client/server architecture of the underlying network;
· the creation of a virtual private network (VPN) using tunnelling protocols on the public Internet;
· software residing on servers (firewalls) and routers;
· secure sockets layer (SSL) from Netscape;
· ActiveX and JavaBeans with encoded digital certification.
SSL uses a two-layer system that allows the server and client to authenticate each other, and provides message privacy by encryption, integrity by authentication codes and mutual authentication by X.509 certificates. MasterCard and VISA base their security standards for commercial banking over the Internet on the X.509 standard, with IBM, Microsoft and Netscape.
Cookies
A cookie is a data file that is stored by the Web server onto the computer of a Web page visitor. Each cookie stores a pair of variable names and associated values as a name/value pair, separated from the next name/value pair by a semicolon (;). Cookies can store a user ID and password entered in the login form, which is useful for order tracking in shopping cart applications. Such login information would be stored with two name/value pairs:
userid=aardvark;password=athol;
Posts
0 comments:
Post a Comment