Memorandum by Cap Gemini Ernst & Young
1. THE AIM
The aim of this short paper is to present the reader
a picture of the relationship between e-business solutions, the
threats to secure e-business and the security measures required
to support them. It addresses the need for measures to counter
common threats and describes the electronic, physical and procedural
security techniques that are required.
2. SECURE E-BUSINESS
The digital economy is expanding exponentially
requiring enterprises to adopt paperless business processes. The
information content of such business processes may be created
using popular applications or customised systems. This content
may pass through a pre-defined hierarchy, undergoing modifications
at almost every step. Conducting business in this scenario requires
highly reliable security solutions. Assuring the information flow
of such content goes beyond mere signing of the document.
3. THE THREAT
There a number of threats to e-business:
HackingAttempts to break into
your service via: the telephone network, the Internet or an internal
Unauthorised leakage of sensitive
informatione-mail and attachments, website abuse, unprotected
servers or networks;
Denial of Service (DOS) attacksdesigned
to shut you down, no hacking, high profile loss of revenue (Yahoo,
Importing of malicious code and viruses
from the Internetviruses in file attachments (I Love You!),
Trojan Horses, Bad Cookies;
Misuse of the Net and resources by
your staffillegal material, offensive material, unofficial
use of bandwidth (large music downloads); and
Website abuseattacks on websites
(RBS, CIA, FBI).
4. SECURITY MEASURES
There are five key measures to ensure secure
Access Control/System Design;
Data Privacy and Confidentiality;
5. ACCESS CONTROL/SYSTEM
Establishing a link between an organisation
internal network and the Internet can create a number of additional
access points into the internal operating system. Furthermore,
because the Internet is global, unauthorised access attempts might
be initiated from anywhere in the world. These factors present
a heightened risk to systems and data, necessitating strong security
measures to control access. Because the security of any network
is only as strong as its weakest link, the functionality of all
related systems must be protected from attack and unauthorised
access. Specific risks include the destruction, altering, or theft
of data or funds; compromised data confidentiality; denial of
service (system failures); a damaged public image; and any resulting
legal implications. Perpetrators may include hackers, unscrupulous
vendors, former or disgruntled employees, or even agents of espionage.
Essential in electronic commerce is the need
to verify that a particular communication, transaction, or access
request is legitimate. To illustrate, computer systems on the
Internet are identified by an Internet protocol (IP) address,
similar to a telephone that is identified by a phone number. Through
a variety of techniques, generally known as "IP spoofing"
(ie impersonating), one computer can actually claim to be another.
Likewise, user identity can be misrepresented as well. In fact,
it is relatively simple to send an e-mail message that appears
to have come from someone else, or even send it anonymously. Therefore,
authentication controls are necessary to establish the identities
of all parties to a communication.
7. DATA INTEGRITY
Potentially, the open architecture of the Internet
and modern networks can allow those with specific knowledge and
tools to alter or modify data during a transmission. Data integrity
could also be compromised within the data storage system itself,
both intentionally and unintentionally, if proper access controls
are not maintained. Steps must be taken to ensure that all data
is maintained in its original or intended form.
The Security Measures supporting Confidentiality
may also support Integrity. For instance, access controls may
be able to set independent Read, Modify and Write permissions.
Important Security Measures include the use of:
anti-virus software to prevent the
import of malicious code;
an inherently non-alterable mediumsuch
as CD-ROMto store the backups of Trading Records;
a "master copy" of all
records for comparison;
a mathematical checksum of Trading
Records and Messages to ensure data has not been modified.
8. DATA PRIVACY
Unless otherwise protected, all data transfers,
including electronic mail, travel openly over the Internet and
can be monitored or read by others. Given the volume of transmissions
and the numerous paths available for data travel, it is unlikely
that a particular transmission would be monitored at random. However,
programs, such as "sniffer" programs, can be set up
at opportune locations on a network, like Web servers (ie computers
that provide services to other computers on the Internet), to
simply look for and collect certain types of data. Data collected
from such programs can include account numbers (eg credit cards,
deposits, loans) or passwords.
Due to the design of the Internet, data privacy
and confidentiality issues extend beyond data transfer and include
any connected data storage systems, including network drives.
Any data stored on a Web server may be susceptible to compromise
if proper security precautions are not taken.
Non-repudiation involves creating proof of the
origin or delivery of data to protect the sender against false
denial by the recipient that the data has been received or to
protect the recipient against false denial by the sender that
the data has been sent. To ensure that a transaction is enforceable,
steps must be taken to prohibit parties from disputing the validity
of, or refusing to acknowledge, legitimate communications or transactions.
10. MOBILE DEVICES
With the burgeoning use of mobile or hand-held
devices we thought it appropriate to include a few lines of the
possibilities surrounding these.
The first thing to note is that it has led to
the above and other security measure issues being re-considered.
It can be assumed that the growth in mobile
computingwhich will eventually include WAP (Wireless Application
Protocol) enabled mobile telephones (those with built in Web browsers),
mobile Web access to PCs, enhancements to PDA (Personal Digital
Assistant, eg Palm Pilots) facilities, and other deviceswill
result in more (opportunities for) viruses, the dissemination
of malicious software code, and increased attempts to hack and
cause Denial of Service.
Another very simple security concern is that
more people are now leaving their mobile 'phones behind on the
London Underground more often than umbrellas. Recent high profile
media attention has shown the potential for secure information
going astray due to portable PCs being "lost" on public
As the facilities to store or access confidential
information on mobile devices increase, together with the inherent
difficulties around inventory management of such devices as they
proliferate throughout a company's IT infrastructure, there will
be a real risk of third parties obtaining such devices and gaining
access to information. The problem will continue to grow and get
worse and even standard procedures such as updating anti-virus
software (on the mobile device) will be critical.
The five key measures described above will become
even more crucial in this "new world" of mobile computing
and, as Richard Barber of security company Integralis says, ".
. . Information Security will become the catchword, not network
security . . . ".
Projects are known to be in progress to develop
centrally-managed anti-virus facilities for WAP-enabled mobiles.
It is also expected that the use of additional authentication
techniques will be actively deployed for corporate mobile computing
users over and above standard PIN (personal identification numbers),
for example, biometrics, smart cards, tokens. This will vary depending
on the use to which the devices are put (eg information access
v conducting financial transactions).
To date we are not aware of any significant
virus attacks on hand held devices.
Stephen Cobb, Director of Special Projects for
the National Computer Security Association, summarised these same
components in the following quote from the paper Security Issues
in Internet Commerce:
The challenge is to transmit and receive information
over the Internet while insuring that it is inaccessible to anyone
but sender and receiver (privacy), it has not been changed during
transmission (integrity), the receiver can be sure it came from
the sender (authenticity), the sender can be sure the receiver
is genuine (non-fabrication), and the sender cannot deny he or
she sent it (non-repudiation).
30 May 2000