VI SEM B.

COM NEP (REGULAR) E-COMMERCE

MODULE IV – SECURITY AND THREATS IN E-COMMERCE

Virus

A computer virus is an ill-natured software application or authored code that can attach itself
to other programs, self-replicate, and spread itself onto other devices. When executed, a virus
modifies other computer programs by inserting its code into them. If the virus’s replication is
successful, the affected device is considered “infected” with a computer virus.

The malicious activity carried out by the virus’s code can damage the local file system, steal
data, interrupt services, download additional malware, or any other actions the malware author
coded into the program. Many viruses pretend to be legitimate programs to trick users into
executing them on their devices, delivering the computer virus payload.

Cybercrime

Cybercrime is a crime that involves a network and computer, and it is also known as a
computer crime. Even though rapid digitalization has helped us immensely, at the same time,
it opens the gate to a wide range of threats and makes it easier to perform Cybercrime. These
threats can result in financial loss or reputation damage. Ever-changing operations coupled
with emerging technologies have increased the frequency of Cybercrime activities on an
industrial level.

Types of Cybercrime

There are various forms of Cybercrime, namely- phishing, malware, cyberbullying, crypto-
jacking, Cyber espionage, etc, and we have discussed these below in brief.

• Phishing– Phishing attacks take place when spam or fraudulent emails or other forms
of communication are sent to people through a source that seems reputable.
• Malware– It is a type of Cyber Attack where malicious software, programs, or codes
are used to corrupt data and damage or disables computers or other devices such as
mobiles, tablets, networks, etc.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

• Cyberbullying– It is also a Cybercrime where computers, tablets, or mobile phones are

used to send, post, or share private, negative, or false information about someone
without their consent to cause embarrassment or humiliation.
• Cryptojacking– Here, the attacker breaks into a person’s computing device to extract
money from the target in the form of cryptocurrency without their consent or
knowledge.
• Cyber Espionage– Cyber espionage occurs when an attacker illicitly steals or gains
access to a company’s or government’s classified, sensitive data or intellectual property
to gain an advantage over the entity.

Network Security

Network security is any activity designed to protect the usability and integrity of your network
and data.

• It includes both hardware and software technologies

• It targets a variety of threats

• It stops them from entering or spreading on your network

• Effective network security manages access to the network

How does network security work?

Network security combines multiple layers of defenses at the edge and in the network. Each
network security layer implements policies and controls. Authorized users gain access to
network resources, but malicious actors are blocked from carrying out exploits and threats.
Types of network security
Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted outside
networks, such as the Internet. They use a set of defined rules to allow or block traffic. A
firewall can be hardware, software, or both. Cisco offers unified threat management (UTM)
devices and threat-focused next-generation firewalls.
Email security

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

Email gateways are the number one threat vector for a security breach. Attackers use personal
information and social engineering tactics to build sophisticated phishing campaigns to deceive
recipients and send them to sites serving up malware. An email security application blocks
incoming attacks and controls outbound messages to prevent the loss of sensitive data.

Anti-virus and anti-malware software

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and
spyware. Sometimes malware will infect a network but lie dormant for days or even weeks.
The best antimalware programs not only scan for malware upon entry, but also continuously
track files afterward to find anomalies, remove malware, and fix damage.
Network segmentation
Software-defined segmentation puts network traffic into different classifications and
makes enforcing security policies easier. Ideally, the classifications are based on endpoint
identity, not mere IP addresses. You can assign access rights based on role, location, and more
so that the right level of access is given to the right people and suspicious devices are contained
and remediated.
Access control
Not every user should have access to your network. To keep out potential attackers, you need
to recognize each user and each device. Then you can enforce your security policies. You can
block noncompliant endpoint devices or give them only limited access. This process is network
access control (NAC).

Application security
Any software you use to run your business needs to be protected, whether your IT staff builds
it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities,
that attackers can use to infiltrate your network. Application security encompasses the
hardware, software, and processes you use to close those holes.

Behavioral analytics
To detect abnormal network behavior, you must know what normal behavior looks like.
Behavioral analytics tools automatically discern activities that deviate from the norm. Your
security team can then better identify indicators of compromise that pose a potential problem
and quickly remediate threats.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

Data loss prevention

Organizations must make sure that their staff does not send sensitive information outside the
network. Data loss prevention, or DLP, technologies can stop people from uploading,
forwarding, or even printing critical information in an unsafe manner.

Intrusion prevention systems

An intrusion prevention system (IPS) scans network traffic to actively block attacks.
Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of
global threat intelligence to not only block malicious activity but also track the progression of
suspect files and malware across the network to prevent the spread of outbreaks and reinfection.
Mobile device security
Cybercriminals are increasingly targeting mobile devices and apps. Within the next 3 years, 90
percent of IT organizations may support corporate applications on personal mobile devices. Of
course, you need to control which devices can access your network. You will also need to
configure their connections to keep network traffic private.

VPN
A virtual private network encrypts the connection from an endpoint to a network, often over
the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to
authenticate the communication between device and network.

Wireless security
Wireless networks are not as secure as wired ones. Without stringent security measures,
installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking
lot. To prevent an exploit from taking hold, you need products specifically designed to protect
a wireless network.

Encryption

Encryption is a way of scrambling data so that only authorized parties can understand the
information. In technical terms, it is the process of converting human-readable plaintext to
incomprehensible text, also known as ciphertext. In simpler terms, encryption takes readable
data and alters it so that it appears random. Encryption requires the use of a cryptographic key:

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

a set of mathematical values that both the sender and the recipient of an encrypted message
agree on.

Why is encryption important?

Privacy: Encryption ensures that no one can read communications or data at rest except the
intended recipient or the rightful data owner. This prevents attackers, ad networks, Internet
service providers, and in some cases governments from intercepting and reading sensitive data,
protecting user privacy.

Security: Encryption helps prevent data breaches, whether the data is in transit or at rest. If a
corporate device is lost or stolen and its hard drive is properly encrypted, the data on that device
will still be secure. Similarly, encrypted communications enable the communicating parties to
exchange sensitive data without leaking the data.

Data integrity: Encryption also helps prevent malicious behavior such as on-path attacks.
When data is transmitted across the Internet, encryption ensures that what the recipient receives
has not been viewed or tampered with on the way.

Regulations: For all these reasons, many industry and government regulations require
companies that handle user data to keep that data encrypted. Examples of regulatory and
compliance standards that require encryption include HIPAA, PCI-DSS, and the GDPR.

Firewall

A firewall is a computer network security system that restricts internet traffic in to, out of, or
within a private network. This software or dedicated hardware-software unit functions by
selectively blocking or allowing data packets. It is typically intended to help prevent malicious
activity and to prevent anyone—inside or outside a private network—from engaging in
unauthorized web activities.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
 VI SEM B.COM NEP (REGULAR) E-COMMERCE

How do firewalls work?

A firewall decides which network traffic is allowed to pass through and which traffic is deemed
dangerous. Essentially, it works by filtering out the good from the bad, or the trusted from the
untrusted. However, before we go into detail, it helps to understand the structure of web-based
networks.

Firewalls are intended to secure private networks and the endpoint devices within them, known
as network hosts. Network hosts are devices that ‘talk’ with other hosts on the network. They
send and receive between internal networks, as well as outbound and inbound between external
networks.

1. External public networks typically refer to the public/global internet or various extranets.
2. Internal private network defines a home network, corporate intranets, and other ‘closed’
networks.
3. Perimeter networks detail border networks made of bastion hosts — computer hosts
dedicated with hardened security that are ready to endure an external attack. As a secured buffer
between internal and external networks, these can also be used to house any external-facing
services provided by the internal network (i.e., servers for web, mail, FTP, VoIP, etc.). These
are more secure than external networks but less secure than internal. These are not always
present in simpler networks like home networks but may often be used in organizational or
national intranets.
Screening routers are specialized gateway computers placed on a network to segment it. They
are known as house firewalls on the network-level. The two most common segment models are
the screened host firewall and the screened subnet firewall:
• Screened host firewalls use a single screening router between the external and internal
networks. These networks are the two subnets of this model.
• Screened subnet firewalls use two screening routers— one known as an access
router between the external and perimeter network, and another known as the choke
router between the perimeter and internal network. This creates three subnets, respectively.

Both the network perimeter and host machines themselves can house a firewall. To do this, it
is placed between a single computer and its connection to a private network.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
 VI SEM B.COM NEP (REGULAR) E-COMMERCE

• Network firewalls involve the application of one or more firewalls between external
networks and internal private networks. These regulate inbound and outbound network traffic,
separating external public networks—like the global internet—from internal networks like
home Wi-Fi networks, enterprise intranets, or national intranets. Network firewalls may come
in the form of any of the following appliance types: dedicated hardware, software, and virtual.
• Host firewalls or 'software firewalls' involve the use of firewalls on individual user devices
and other private network endpoints as a barrier between devices within the network. These
devices, or hosts, receive customized regulation of traffic to and from specific computer
applications. Host firewalls may run on local devices as an operating system service or an
endpoint security application. Host firewalls can also dive deeper into web traffic, filtering
based on HTTP and other networking protocols, allowing the management of what content
arrives at your machine, rather than just where it comes from.

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S
traffic traveling to the web application, and prevents any unauthorized data from leaving the
app. It does this by adhering to a set of policies that help determine what traffic is malicious
and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of
a client, a WAF operates in similar fashion but in the reverse—called a reverse proxy—acting
as an intermediary that protects the web app server from a potentially malicious client.

Firewall Policies
A firewall policy serves as the strategic blueprint for your network’s security. It encompasses
high-level guidelines and principles that dictate how your firewall should operate. Think of it
as the overarching strategy that provides direction to your network’s security measures.

Key Characteristics of Firewall Policies:

1. Holistic Approach: Firewall policies adopt a holistic approach to network security.
They establish the overarching goals and principles to safeguard your network, making
them strategic documents.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

2. Long-term Perspective: These policies tend to remain stable over time and are
typically only modified when significant shifts in network requirements or security
threats occur.
3. Alignment with Business Goals: Firewall policies are designed to align with your
organization’s broader business goals. They ensure that network security supports and
enhances the overall mission.
4. Regulatory Compliance: Firewall policies play a pivotal role in ensuring that your
organization complies with relevant regulations. They specify how sensitive data
should be protected and accessed.
5. Risk Management: These policies contribute significantly to risk management by
outlining rules and procedures for protecting your network against potential threats.
Protecting your network from potential threats firewalls have a crucial role. Two essential
components of firewall management are firewall policies and firewall rules. These elements
work together to ensure the security of your network, but they serve different purposes. In this
post, we will delve into the distinctions between firewall policy and rule and understand how
they collectively contribute to network security.

A Network Firewall acts as a boundary providing protection between internal and external
network traffic. It has preset rules that define the traffic allowed on the network. It then looks
at source and destination IP addresses and the ports to determine if the incoming and outgoing
data packets are authorized or not.

A Web Application Firewall (WAF) specializes in protecting website applications and APIs.
A WAF protects HTTP(s) traffic and applications in the network’s internet-facing zones. The
WAF and Network Firewall serve different purposes and protect different network layers.

Proxy Server

A proxy server is a system or router that provides a gateway between users and the internet.
Therefore, it helps prevent cyber attackers from entering a private network. It is a server,
referred to as an “intermediary” because it goes between end-users and the web pages they visit
online. When a computer connects to the internet, it uses an IP address. This is similar to your
SHYLAJA M, Assistant Professor
MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

home’s street address, telling incoming data where to go and marking outgoing data with a
return address for other devices to authenticate. A proxy server is essentially a computer on the
internet that has an IP address of its own.

How a Proxy Works

Because a proxy server has its own IP address, it acts as a go-between for a computer and the
internet. Your computer knows this address, and when you send a request on the internet, it is
routed to the proxy, which then gets the response from the web server and forwards the data
from the page to your computer’s browser, like Chrome, Safari, Firefox, or Microsoft Edge

Types of Proxy Servers

Forward Proxy

A forward proxy sits in front of clients and is used to get data to groups of users within an
internal network. When a request is sent, the proxy server examines it to decide whether it
should proceed with making a connection.

A forward proxy is best suited for internal networks that need a single point of entry. It provides
IP address security for those in the network and allows for straightforward administrative
control. However, a forward proxy may limit an organization’s ability to cater to the needs of
individual end-users.

Transparent Proxy

A transparent proxy can give users an experience identical to what they would have if they
were using their home computer. In that way, it is “transparent.” They can also be “forced” on
users, meaning they are connected without knowing it.

Transparent proxies are well-suited for companies that want to make use of a proxy without
making employees aware they are using one. It carries the advantage of providing a seamless
user experience. On the other hand, transparent proxies are more susceptible to certain security
threats, such as SYN-flood denial-of-service attacks.

Anonymous Proxy

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

An anonymous proxy focuses on making internet activity untraceable. It works by accessing

the internet on behalf of the user while hiding their identity and computer information.

A anonymous proxy is best suited for users who want to have full anonymity while accessing
the internet. While anonymous proxies provide some of the best identity protection possible,
they are not without drawbacks. Many view the use of anonymous proxies as underhanded,
and users sometimes face pushback or discrimination as a result.

High Anonymity Proxy

A high anonymity proxy is an anonymous proxy that takes anonymity one step further. It works
by erasing your information before the proxy attempts to connect to the target site.

The server is best suited for users for whom anonymity is an absolute necessity, such as
employees who do not want their activity traced back to the organization. On the downside,
some of them, particularly the free ones, are decoys set up to trap users in order to access their
personal information or data.

Distorting Proxy

A distorting proxy identifies itself as a proxy to a website but hides its own identity. It does
this by changing its IP address to an incorrect one.

Distorting proxies are a good choice for people who want to hide their location while accessing
the internet. This type of proxy can make it look like you are browsing from a specific country
and give you the advantage of hiding not just your identity but that of the proxy, too. This
means even if you are associated with the proxy, your identity is still secure. However, some
websites automatically block distorting proxies, which could keep an end-user from accessing
sites they need.

Data Center Proxy

Data center proxies are not affiliated with an internet service provider (ISP) but are provided
by another corporation through a data center. The proxy server exists in a physical data center,
and the user’s requests are routed through that server.

Data center proxies are a good choice for people who need quick response times and an
inexpensive solution. They are therefore a good choice for people who need to gather

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru
VI SEM B.COM NEP (REGULAR) E-COMMERCE

intelligence on a person or organization very quickly. They carry the benefit of giving users
the power to swiftly and inexpensively harvest data. On the other hand, they do not offer the
highest level of anonymity, which may put users’ information or identity at risk.

Benefits of a Proxy Server

Proxies come with several benefits that can give your business an advantage:

• Enhanced security: Can act like a firewall between your systems and the internet.
Without them, hackers have easy access to your IP address, which they can use to
infiltrate your computer or network.
• Private browsing, watching, listening, and shopping: Use different proxies to help
you avoid getting inundated with unwanted ads or the collection of IP-specific data.
With a proxy, site browsing is well-protected and impossible to track.
• Access to location-specific content: You can designate a proxy server with an address
associated with another country. You can, in effect, make it look like you are in that
country and gain full access to all the content computers in that country are allowed to
interact with. For example, the technology can allow you to open location-restricted
websites by using local IP addresses of the location you want to appear to be in.
• sYou can use it to block access to websites that run contrary to your organization’s
principles. Also, you can block sites that typically end up distracting employees from
important tasks. Some organizations block social media sites like Facebook and others
to remove time-wasting temptations.

SHYLAJA M, Assistant Professor

MUKUND G, Assistant Professor
Department of Commerce and Management
Seshadripuram First Grade College, Bengaluru