In this report, the author endeavours to present the how the security issues generally presented on the B2C web sites can assured by technical controls and educating customers. The report presents levels of end-to-end security components that include: physical system security, operating system security and network security. With advent of web applications that are now being used extensively for deploying e-commerce applications, author also presented the web security threat profile of web services that is currently an active research topic. All of the discussed components are attached with advice that can be provided to customers that may not apparent to them, but can help reduce security issues.
Keywords: B2C websites Security Issues, Technical Controls, Customer Education
Table of Contents
Table of Contents 3
1 Introduction 4
2 Levels of End-to-End Security Components 4
2.1 Physical System Security 4
2.1.1 Server Side Aspects 4
2.1.2 Client Side Aspects 5
2.2 Operating System Security 5
2.3 Network Security 6
2.4 Web Application/Service Security 8
3 Conclusions 10
4 References and Bibliography 11
How the security of B2C web-sites can be assured through technical controls and customer education
The primary goal of Business to Consumer (B2C) websites is to attract traffic / consumers such that the virtual store front is available to the potential consumer 24 hrs a day and all year around. More traffic to B2C websites means increased revenues and a pull-type membership model for consumer whereby they “pulled” kept engaged with different type of activity on the web sites (Sarner, 2009). With advent of these virtual shop fronts and increased audience the security model used to protect the assets become all the more important. With changing methods to deploy e-commerce websites sometimes certain technological vulnerabilities may be overlooked and such mistakes can be extremely expensive, if discovered by abusive user.
In this report, the author attempts to present two aspects for reinforcing and assuring security viz. through customer education on client end and through technical controls on server end. Web Services are making the deployment of B2C websites easier and inexpensive. The author studies the vulnerabilities and the threats that are associated and inherent to web services and endeavours to present solutions.
2 Levels of End-to-End Security Components
2.1 Physical System Security
It is highly essential to have controlled access to hardware and proactive monitoring in place in order to assure physical system security (Ganci et al., 2001). Following presents the physical system security aspects of the end-to-end security.
2.1.1 Server Side Aspects
Most of the B2C web sites are hosted by organisation using a web hosting company. Handling the control over to a third party is always a high risk, as the organisation is no longer, in control of their intellectual property and data. It...