ISBN: 1-56607-057-0
Pages: 253
Published: August 1998

See order form for price!

Svenska

E-commerce Security

E-commerce is proceeding at a furious pace and continued growth is expected. Where is E-commerce being implemented? On the Internet - a network that was designed for openness, not security. E-commerce, an application that demands high security, is occurring on a network with no inherent security.

Despite these security risks, few organizations are taking sufficient measures to protect their networks and applications. CTR's E-commerce Security Strategies: Protecting the Enterprise report identifies the security vulnerabilities that E-commerce sites face and examines technologies and procedures that can systematically address those vulnerabilities.

Security Technologies

Security issues have not intersected the bottom line as significantly as it does E-commerce. Fortunately, the threats - both internal and external - can be addressed through a powerful combination of security technologies, including encryption, authentication, firewalls, and intrusion detection systems. CTR's report examines the effectiveness of these technologies and discusses the products available for implementing virtual private networks (VPNs) and secure E-mail.

Extranets: A New Security Challenge

One of the major movements changing the nature of E-commerce is extranets, in which corporations open their networks to provide access for business partners, distributors, and customers. Unfortunately, an extranet that opens the corporate network can also create critical security vulnerabilities if it is not carefully implemented.

E-commerce Security Strategies: Protecting the Enterprise explores effective security architectures for extranets and details extranet information systems design and the risks of competitive intelligence.

Conclusions

Security is an essential part of E-commerce development. By including security in E-commerce planning from the onset of the project, organizations can safely reap the many benefits E-commerce has to offer.

This new report from CTR will help information technology (IT) professionals:

• Identify the security risks of E-commerce sites
• Develop an effective enterprise security policy
• Implement E-commerce security technologies
• Minimize the damage if security breaches occur

Executive Summary

• The Enterprise Security Dilemma
• The Current State of Internet Security
• Protecting the Enterprise: What Are the Threats?
• External Threats
• Internal Threats
• Corporate Spending on Security
• The Cost of Computer Crime
• Implementation of Security Technology
• Internet Service Provider (ISP) Security
• Information Design: Another Consideration
• Developing an Enterprise Security Policy
• Will Security Become Easier?

Encryption: Foundational E-commerce Technology

• Single Versus Public Key Encryption
• Digital Signatures and E-commerce
• Are Digital Signatures Legally Binding?
• What Constitutes Effective Encryption?
• The Disadvantages of Encryption
• Encryption Algorithms and Vendors
• Applying Encryption
• Encryption and International Business
• International Laws Regarding Encryption
• International Encryption Restrictions: What Are the Alternatives?
• Strengthening Secure Sockets Layer(SSL) for International Use

Enterprise Authentication, Authorization, and Single Sign-on

• Authentication and the Security Trade-off
• Available Authentication Methods
• Reusable Passwords
• Token-based Authentication
• Authentication Through Digital Certificates
• Authentication Becomes Personal: Biometrics
• Authentication Negotiation: Simple Authentication and Security Layer (SASL)
• Access Control: Regulating Access to Enterprise Resources
• Kerberos
• Secure European Systems Applications in a Multivendor Environment (SESAME)
• Authentication and Authorization Products
• Web Authentication

Shielding the Enterprise: Firewalls and Intrusion Detection

• Strategy: Defense in Depth
• Firewalls: The First Line of Defense for Enterprise E-commerce
• What Are Firewalls?
• Types of Firewalls
• Trends in the Firewall Market
• The Role of Proxy Servers
• Freeware and Commercial Firewalls
• Firewall Devices
• Firewall Certification
• Managed Firewall Services
• Executable Content and Firewalls
• Intrusion Detection Systems and Security Scanners
• Security Scanners: Reducing Vulnerability
• Intrusion Detection: The Firewall's Companion
• What Constitutes an Intrusion?
• The Functions of Intrusion Detection Systems
• Scanning and Interactive Digital Solutions (IDS) Services
• Enterprise Antivirus Software

The Role of Virtual Private Networks

• What Are VPNs?
• The Advantages and Disadvantages of VPNs
• The VPN Market
• Connecting Remote Offices
• Connecting Remote Users
• Multicompany Connections: Extranets
• VPN Standards: Still Solidifying
• Evaluating VPN Offerings
• A Sampling of VPN Products
• VPN Services
• VPNs and International Encryption Laws
• Security Considerations

Secure E-mail for the Enterprise

• Open Communications in Plain Sight
• Securing E-mail
• Proprietary Mail Systems and Encryption
• Secure E-mail Products and Standards
• Secure Multipurpose Internet Mail Extension (S/MIME)
• Secure Document Delivery Services
• The Legal Implications of E-mail Archives

E-commerce Security Strategies and Standards

• Securing the E-commerce Web Server
• Securing Transactions in Transit: SSL
• Reducing the Risk of Fraud: Online Credit Card Verification
• Secure Transaction Technologies
• Secure Electronic Transaction (SET)
• Electronic Checks
• E-cash
• E-commerce Standards
• Secure Electronic Marketplace for Europe

Extranet Security Architectures

• Extranets on the Rise
• Planning an Extranet: The Risk of Competitive Intelligence; Extranet Information Design; Maintenance
• Designing an Extranet: Authentication and Access Control

Strategic Directions in E-commerce Security

• How Much Security Is Enough?
• Getting Help
• Certifying the E-commerce Site
• Disaster Recovery Planning: Protecting Against Physical Disasters; Handling Brief Interruptions in Service; Quality Assurance for E-commerce Web Sites; Disaster Recovery Services and Software
• Strategies for Minimizing Risk
• A New Approach: E-commerce Insurance
• Reporting Security Incidents
• The Importance of Policy
• Security Market Consolidation: Easier Times to Come?
• The Impact of Emerging Technologies
• Conclusions