Internet one of the fastest growing fields in the world, making life simple when exchanging communication and information, it has become a way of life for most of us, by saving time and money and still growing.
However there are still many hesitant users who are afraid to shop online because of the threat they believe in, this is an immense concern for online businesses as they can be achieving higher targets of sales than they are without the non-online/minimal shoppers.
An online-business can be devastated by impact of Internet security as most of their transactions are carried out online, e-businesses are highly venerable from internet security because they can be impacted by different means such as:
- Internet hackers
- Viruses spreading via online means
- Professional criminal gangs.
Professional criminals gangs are a new concerns for online retailers these criminals are carrying out denial-of-service (Ddos) attacks. These criminals are able to blackmail e-businesses such as worldpay a well-known card transaction handler company on behalf of other business, theses gangs will use Ddos on companies such as worldpay to obtain cash transferred into the criminals account. However if the company refuses to pay the amount they website will attacked with Ddos and customers will not be able to carry out any transactions. The Ddos attack will flood the website computer generated requests and will halt the system to crash/stop.
The objective of this study is to examine the current security issues for online shoppers, and how this impacts online retailers. The execution of the impact may vary depending on who the target is, however is the technology ahead of the attackers so there is always a block to their way. The question is to find out about the future of Internet security, it’s about the future of online-retailing, its about how Internet have evolved and where it leads to.
As internet is a fast growing field it brings with it fast growing attacks and attackers, form small scale to devastating immense scale meaning security measures must be stepped up. The speed of new technology growing so rapidly it’s hard to stay with the flow and can be quite expensive.
Nevertheless the speed of Internet security is also growing with immense rate, according to a study at (www.bccresearch.com/press) the number of e-software developed have increased by almost 400% in 5 years
Worldwide E-security Revenue, through 2006
($ Millions)
2001
2006
AAGR %
2001-2006
3,525
11,458
26.6
Hardware532
1,100
15.6
Services785
2,122
22.0
Total4,842
14,680
24.8
Source: BCC, Inc.
Abstract
Internet and the security issue concerns not just individual’s enthusiast of online shoppers but the whole Internet users worldwide including browsers, online retailers.
The evolution of the Internet and the Impact
of internet security on E-business and the future
Computers, and the Internet by extension, are powerful tools of communication and information. Some have abused these gizmos, while others seek to impose control in one-way or another.
In the beginning, there was no Internet. There were no networks. There was no e-mail, and people relied on postal mail or the telephone to communicate. The very busy sent telegrams. Few people used ugly names to refer to others whom they had never met. Of course, the Internet has changed all this. The Internet, which started as a small, almost closed, community. It was a place, to borrow a line from the theme to Cheers, "where everybody knows your name, and they're always glad you came." 1
However, before divulging into the concept of Internet Security and E-commerce, let’s shed some light on how it came to be. By definition, Internet is the idea of a computer network intended to allow general communication between users of various computers has developed through a large number of stages. The melting pot of developments brought together the network of networks.2
If we trace back the steps, it all started with the launch of Sputnik by USSR, the first artificial earth satellite, in 1957. US formed the Advanced Research Projects Agency (ARPA) in response, within the Department of Defence in the following year, to establish US lead in science and technology applicable to the military. 3a
A fundamental pioneer in the call for a global network, J.C.R. Licklider, grasped the need for a global network in his January 1960 paper, “Man-Computer Symbiosis” said:
"A network of such [computers], connected to one another by wide-band communication lines" which provided "the functions of present-day libraries together with anticipated advances in information storage and retrieval and [other] symbiotic functions." 4
In October 1962, Licklider was appointed head of DARPA (new name for APRA) information processing office, and started to form an informal group within the United States Department of Defense's DARPA to further computer research. As part of the information processing offices role, three network terminals had been installed. One for System Development Corporation in Santa Monica, one for Project Genie at the University of California, Berkeley and one for the Multics project at the Massachusetts Institute of Technology. Licklider's need for inter-networking would be made evident by the problems this caused.
Robert W. Taylor, co-writer with Licklider of "The Computer as a Communications Device", in an interview with the New York Times said:
"For each of these three terminals, I had three different sets of user commands. So if I was talking online with someone at S.D.C. and I wanted to talk to someone I knew at Berkeley or M.I.T. about this, I had to get up from the S.D.C. terminal, go over and log into the other terminal and get in touch with them.
I said, oh, man, it's obvious what to do: If you have these three terminals, there ought to be one terminal that goes anywhere you want to go where you have interactive computing. That idea is the ARPAnet." 5
Promoted to the head of the information processing office at ARPA, Robert Taylor followed Licklider's ideas for an interconnected networking system. Bringing in Larry Roberts from M.I.T, he initiated a project to start such a network. The first ARPANET link was established on 21 November 1969, between the University of California, Los Angeles and The Stanford Research Institute. 6
One of the original goals of the project was to create a network that would continue to function even if major sections of the network failed or were attacked. The ARPANET was designed to reroute network traffic automatically around problems in connecting systems or in passing along the necessary information to keep the network functioning. Thus, from the beginning, the Internet was designed to be robust against denial-of-service attacks, which are described in a section below on denial of service.
The ARPANET protocols (the rules of syntax that enable computers to communicate on a network) were originally designed for openness and flexibility, not for security. The ARPA researchers needed to share information easily, so everyone needed to be an unrestricted "insider" on the network. Although the approach was appropriate at the time, it is not one that lends itself to today's commercial and government use. As more locations with computers (known as sites in Internet parlance) joined the ARPANET, the usefulness of the network grew. The ARPANET consisted primarily of university and government computers, and the applications supported on this network were simple: electronic mail (E-mail), electronic news groups, and remote connection to other computers. By 1971, the Internet linked about two dozen research and government sites, and researchers had begun to use it to exchange information not directly related to the ARPANET itself. The network was becoming an important tool for collaborative research. 7
During these years, researchers also played "practical jokes" on each other using the ARPANET. These jokes usually involved joke messages, annoying messages, and other minor security violations. Some of these are described in Steven Levy's Hackers: Heroes of the Computer Revolution. 8 It was rare that a connection from a remote system was considered an attack, however, because ARPANET users comprised a small group of people who generally knew and trusted each other.
In 1986, the first well-publicised international security incident was identified by Cliff Stoll, then of Lawrence Berkeley National Laboratory in northern California. A simple accounting error in the computer records of systems connected to the ARPANET led Stoll to uncover an international effort, using the network, to connect to computers in the United States and copy information from them. These U.S. computers were not only at universities, but also at military and government sites all over the country. When Stoll published his experience in a 1989 book, The Cuckoo's Egg, 9 he raised awareness that the ARPANET could be used for destructive purposes.
In 1988, the ARPANET had its first automated network security incident, usually referred to as "the Morris worm." 10 A student at Cornell University (Ithaca, NY), Robert T. Morris, wrote a program that would connect to another computer, find and use one of several vulnerabilities to copy itself to that second computer, and begin to run the copy of itself at the new location. Both the original code and the copy would then repeat these actions in an infinite loop to other computers on the ARPANET. This "self-replicating automated network attack tool" caused a geometric explosion of copies to be started at computers all around the ARPANET. The worm used so many system resources that the attacked computers could no longer function. As a result, 10% of the U.S. computers connected to the ARPANET effectively stopped at about the same time.
By that time, the ARPANET had grown to more than 88,000 computers and was the primary means of communication among network security experts. With the ARPANET effectively down, it was difficult to coordinate a response to the worm. Many sites removed themselves from the ARPANET altogether, further hampering communication and the transmission of the solution that would stop the worm.
The Morris worm prompted the Defense Advanced Research Projects Agency to fund a computer emergency response team, now the CERT® Coordination Center, to give experts a central point for coordinating responses to network emergencies. Other teams quickly sprang up to address computer security incidents in specific organizations or geographic regions. Within a year of their formation, these incident response teams created an informal organization now known as the Forum of Incident Response and Security Teams (FIRST). These teams and the FIRST organization exist to coordinate responses to computer security incidents, assist sites in handling attacks, and educate network users about computer security threats and preventive practices.
In 1989, the ARPANET officially became the Internet and moved from a government research project to an operational network; by then it had grown to more than 100,000 computers. Security problems continued, with both aggressive and defensive technologies becoming more sophisticated. Among the major security incidents 11 were the 1989 WANK/OILZ worm, an automated attack on VMS systems attached to the Internet, and exploitation of vulnerabilities in widely distributed programs such as the sendmail program, a complicated program commonly found on UNIX-based systems for sending and receiving electronic mail. In 1994, intruder tools were created to "sniff" packets from the network easily, resulting in the widespread disclosure of user names and password information. In 1995, the method that Internet computers use to name and authenticate each other was exploited by a new set of attack tools that allowed widespread Internet attacks on computers that have trust relationships with any other computer, even one in the same room.
Although the Internet was originally conceived of and designed as a research and education network, usage patterns radically changed with time. It slowly became a home for private and commercial communication, and at this writing it is still expanding into important areas of commerce, medicine, and public service. Increased dependence on the Internet is expected over the next five years, along with increased attention to its security.
The rise of commercial Internet services and applications helped to fuel a rapid commercialisation of the Internet. This phenomenon was the result of several other factors as well. One important factor was the introduction of the personal computer and the workstation in the early 1980s—a development that in turn was fuelled by unprecedented progress in integrated circuit technology and an attendant rapid decline in computer prices. Another factor, which took on increasing importance, was the emergence of Ethernet and other “local area networks” to link personal computers. But other forces were at work too. Following the restructuring of AT&T in 1984, NSF took advantage of various new options for national-level digital backbone services for the NSFNET. In 1988 the Corporation for National Research Initiatives received approval to conduct an experiment linking a commercial e-mail service (MCI Mail) to the Internet. This application was the first Internet connection to a commercial provider that was not also part of the research community. Approval quickly followed to allow other e-mail providers access, and the Internet began its first explosion in traffic. 12
In 1993 federal legislation allowed NSF to open the NSFNET backbone to commercial users. Prior to that time, use of the backbone was subject to an “acceptable use” policy, established and administered by NSF, under which commercial use was limited to those applications which served the research community. NSF recognized that commercially supplied network services, now that they were available, would ultimately be far less expensive than continued funding of special-purpose network services.
Also in 1993 the University of Illinois made widely available Mosaic, a new type of computer program, known as a browser that ran on most types of computers and, through its “point-and-click” interface, simplified access, retrieval, and display of files through the Internet. Mosaic incorporated a set of access protocols and display standards originally developed at the European Organization for Nuclear Research (CERN) by Tim Berners-Lee for a new Internet application called the World Wide Web (WWW). In 1994 Netscape Communications Corporation (originally called Mosaic Communications Corporation) was formed to further develop the Mosaic browser and server software for commercial use. Shortly thereafter the software giant Microsoft Corporation became interested in supporting Internet applications on personal computers (PCs) and developed its Internet Explorer Web browser (based initially on Mosaic) and other programs. These new commercial capabilities accelerated the growth of the Internet, which as early as 1988 had already been growing at the rate of 100 percent per year. 13
By the late 1990s there were approximately 10,000 Internet service providers (ISPs) around the world, more than half located in the United States. However, most of these ISPs provided only local service and relied on access to regional and national ISPs for wider connectivity. Consolidation began at the end of the decade with many small to medium-size providers merging or being acquired by larger ISPs. Among these larger providers were groups such as America Online, Inc. (AOL), which started as a dial-up information service with no Internet connectivity but made a transition in the late 1990s to become the leading provider of Internet services in the world—with more than 25 million subscribers by 2000 and with branches in Australia, Europe, South America, and Asia. Widely used Internet “portals” such as AOL, Yahoo!, Excite, and others were able to command advertising fees owing to the number of “eyeballs” that visited their sites. Indeed, during the late 1990s advertising revenue became the main quest of many Internet sites, some of which began to speculate by offering free or low-cost services of various kinds that were visually augmented with advertisements. By 2001 this speculative bubble had burst. 14
This era is very precisely summarized by Nicholas Allard, Latham & Watkins in "Frontier Justice":The relatively unfettered frontier of cyberspace is showing the strains of a commercial gold rush. It often resembles Wild West boomtowns, populated with earnest PC pioneers and homestead users, Internet preachers, copyright rustlers, perverts, scam artists, and plain old crooks.
During the last decade, our society has become based on the sole ability to move large amounts of information across great distances quickly. Computerization has influenced everyone's life in numerous ways. The natural evolution of computer technology and this need for ultra-fast communications has caused a global network of interconnected computers to develop, which has escalated into a boom of e-commerce.15
Electronic commerce, e-commerce or ecommerce consists primarily of the distributing, buying, selling, marketing, and servicing of products or services over electronic systems such as the Internet and other computer networks. The meaning of the term "electronic commerce" has changed over time. Originally, "electronic commerce" meant the facilitation of commercial transactions electronically, usually using technology like Electronic Data Interchange (EDI, introduced in the late 1970s) to send commercial documents like purchase orders or invoices electronically.
Later it came to include activities more precisely termed "Web commerce," the purchase of goods and services over the World Wide Web via secure servers (note HTTPS, a special server protocol which encrypts confidential ordering data for customer protection) with e-shopping carts and with electronic pay services, like credit card payment authorizations.
When the Web first became well-known among the general public in 1994, many journalists and pundits forecast that e-commerce would soon become a major economic sector. However, it took about four years for security protocols (like HTTPS) to become sufficiently developed and widely deployed (during the browser wars of this period). Subsequently, between 1998 and 2000, a substantial number of businesses in the United States and Western Europe developed rudimentary Web sites.
Although a large number of "pure e-commerce" companies disappeared during the dot-com collapse in 2000 and 2001, many "brick-and-mortar" retailers recognised that such companies had identified valuable niche markets and began to add e-commerce capabilities to their Web sites. For example, after the collapse of online grocer Webvan, two traditional supermarket chains, Albertsons US based and Safeway’s (UK), both started e-commerce subsidiaries through which consumers could order groceries online.
As of 2005, e-commerce has become well-established in major cities across much of North America, Western Europe, and certain East Asian countries like South Korea. However, e-commerce is still emerging slowly in some industrialized countries, and is practically nonexistent in many Third World countries. Electronic commerce has unlimited potential for both developed and developing nations, offering lucrative profits in a highly unregulated environment. 16
3b
From the above figure, it’s quite evident that the World Wide Web growth is at its all time high. It has on-line "shops", even electronic "shopping malls". Customers, browsing at their computers, can view products, read descriptions, and sometimes even try samples. What they lack is the means to buy from their keyboard, on impulse. They could pay by credit card, transmitting the necessary data by modem; but intercepting messages on the Internet is trivially easy for a smart hacker, so sending a credit-card number in an unscrambled message is inviting trouble. It would be relatively safe to send a credit card number encrypted with a hard-to-break code. That would require either a general adoption across the internet of standard encoding protocols, or the making of prior arrangements between buyers and sellers. Both consumers and merchants could see a windfall if these problems are solved. For merchants, a secure and easily divisible supply of electronic money will motivate more Internet surfers to become on-line shoppers. Electronic money will also make it easier for smaller businesses to achieve a level of automation already enjoyed by many large corporations whose Electronic Data Interchange heritage means streams of electronic bits now flow instead of cash in back-end financial processes. 17
Where next?
As the size of internet gets greater the more vulnerable it will be from the attackers trying to seek information form machines across the network, small information at time could build up to enough information for the attackers to achieve their objectives.
It is clear that communications connectivity will be an important function of a future Internet as more machines and devices are interconnected, giving rise to the online buying and more convenience for the consumers using the Internet. In 1998, after four years of study, the Internet Engineering Task Force published a new 128-bit IP address standard intended to replace the conventional 32-bit standard. By allowing a vast increase in the number of available addresses (2128, as opposed to 232), this standard will make it possible to assign unique addresses to almost every electronic device imaginable. Thus the expressions “wired” office, home, and car may all take on new meanings, even if the access is really wireless.
Backbone data rates of 10 billion bits (10 gigabits) per second are readily available today, but data rates of 1 trillion bits (1 terabit) per second or higher will eventually become commercially feasible. If the development of computer hardware, software, applications, and local access keeps pace, it may be possible for users to access networks at speeds of 100 gigabits per second. Now, we can quite truly say that everything is on our fingertips.
Research Methodology
Reference List
1. Barry M. Leiner, Vinton G. Cerf, David D. Clark, Robert E. Kahn, Leonard Kleinrock, Daniel C. Lynch, Jon Postel, Larry G. Roberts, Stephen Wolff, 2003, A Brief History of the Internet. [Internet] Vviewed 1st December 2005. <http://www.isoc.org/internet/history/brief.shtml>
2. Hauben, Ronda, 2004, The Internet: On its International Origins and Collaborative Vision. [Internet] Vviewed 10 December 2005. <http://www.ais.org/~jrh/acn/ACn12-2.a03.txt>
3. Zakon, Robert H. 1993-2005. Hobbes' Internet Timeline v8.1. [Internet] Vviewed 1 January 2006. <http://www.zakon.org/robert/internet/timeline/>
4. Licklider, J. C. R. (1960). Man-Computer Symbiosis. [Internet] Vviewed 4 January 2006. <http://groups.csail.mit.edu/medg/people/psz/Licklider.html>
5. An Internet Pioneer Ponders the Next Revolution. An Internet Pioneer Ponders the Next Revolution. [Internet] Viewed 15 Janurary2006. http://partners.nytimes.com/library/tech/99/12/biztech/articles/122099outlook-bobb.html?Partner=Snap
6. Hauben, Ronda. (2001). From the ARPANET to the Internet. [Internet] Viewed 19 January 2006. http://www.columbia.edu/~rh120/other/tcpdigest_paper.txt
7. The First Network Email. The First Network Email. [Internet] Viewed 1 February 2006. http://openmap.bbn.com/~tomlinso/ray/firstemailframe.html
8. Levy, S., (1984) Hackers: Heroes of the Computer Revolution, Anchor Press/Doubleday, Garden City, NY.
9. Stoll, C., (1989) The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Doubleday, New York.
10. Denning, P. J., (1990) Computers Under Attack: Intruders, Worms, and Viruses, ACM Press, Addison-Wesley, New York.
11. CERT Coordination Center, CERT* advisories and other security information. [Internet] Viewed 1 February 2006. <http://www.cert.org/>
12. The History of Electronic Mail. The History of Electronic Mail. [Internet] Viewed 4 February 2006. <http://www.multicians.org/thvv/mail-history.html>
13. Amor, Daniel, (2002) The E-Business (R)Evolution. 2nd Edition, Prentice Hall, New York.
14. Chaudhury, Abijit & Jean-Pierre Kuilboer (2002), e-Business and e-Commerce Infrastructure, McGraw-Hill.
15. Government Intervention on the Internet. Academic Library. [Internet] Viewed 8 February 2006. <http://www.academiclibrary.com/view/Technology/746.HTM>
16. Electronic Commerce. Academic Library. [Internet] Viewed 13 February 2006. <http://www.academiclibrary.com/view/Technology/736.HTM>
17. Electronic Commerce. Wikipedia Online Encyclopedia. [Internet] Viewed 17 February 2006. <http://en.wikipedia.org/wiki/Electronic_commerce>
Credit:ivythesis.typepad.com
0 comments:
Post a Comment