Database Reference
In-Depth Information
lay physical wires between these nodes to create a private network at a great cost. Thus, the
VPN between an enterprise and its partners is set up via the Internet with hardware devices
at each node on the VPN network; adding another trading partner merely entails adding
another security device at their end and configuring the VPN network to include it.
3. The stored user data are discussed in the Section 14.6.3 “Integrity.” The protection of access
to stored information is dealt in the next subsection.
14.6.2 Intrusion
Intrusion is similar to intruders breaking into a building and likewise is countered by the analog
concept of an electronic firewall. The firewall generally sits between the enterprise and the Internet
and monitors all traffic coming in (or going out) from your business primarily at two levels,
na mely,
1. Network level where it does the following:
a. Restricts access for all, some, or specific users to all, some, or specific applications
b. Scans e-mails for deleting suspect attachments
c. Strips ActiveX controls and Java applets from Web pages
d. Screens access to URLs to prevent nonbusiness and illegal Internet surfing
e. Scans network activity for irregular activities
2. Application level
Evidently, a faulty firewall may not only not achieve its objective but is more damaging in
that it engenders a false sense of security.
14.6 . 3 Integrity
This relates to the reliability of the transactions not having been altered without being detected
unfailingly.
The common approaches adopted to ensure integrity are as follows:
1.
Secure Socket Layer
(
SSL
) is the most commonly used security schemes on the Internet for
the exchange of information between the browser/client and the remote server.
2. VPN is suitable for a community or ecosystem of partners.
3.
Secure Electronic Transactions
(
SET
) is a specialized security protocol for dealing with credit
card transactions primarily as a part of the financial transactions.
4.
Electronic signatures
are akin to the total at the end of a column of numbers that is unrelated
to the individual numbers but can be used to ascertain the authenticity of the full message.
If this number signature is encrypted with a private key, anyone can read the message using
the public key for decryption; but if the message has been modified in any way, the signa-
ture would no longer match the text. Thus, electronic signatures are direct indicators of the
authenticity of the messages.
5. For any encryption, the requisite public key is reliably obtained from a
trusted
third party
called the
certification authority
(CA) that provides this information in the form of a
certifi-
cate
consisting of
a. The public key and verification of who the key belongs to
b. An expiry date indicating period of validity
