Get help from the best in academic writing.

Ethical Hacking And Attacking Computer Science Essay

It is debatable, if hacking can be ethical or not, the term “Hacking” over time has been associated with destructive activity. These are some of the terms used in the context of hacking which provides better clarity, Hacker is somebody who enjoys learning hacking for a defensive purpose; an ethical hacker is the security professional who exercises his skills for a defensive purpose. The term Cracker refers to a person who uses his hacking skills for destructive purpose. The ethical question here is in regard to the physical activity of hacking which is sometimes hard to differentiate from cracking. The main difference being, Ethical hacker just identifies vulnerabilities and does not exploit them unlike a cracker. Ethical hacking is the process adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. With the growth of internet, computer security has become a major concern for business. Organizations need ethical hackers who can think like a cracker to simulate a real life hacking scenario; they make use of same tools and techniques of that of crackers without damaging / compromising the sensitive information thereby maintaining the integrity and confidentiality of the organization. Ethical hacker should have excellent programming and networking skills. They evaluate the security of target and update the organization regarding the discovered vulnerabilities along with recommendations to mitigate them. Anatomy of a Hack Initially, “Hacking” meant having extraordinary skills to break into the system. However today there are lots of automated freeware tools available on internet making it possible for anybody having the desire to hack succeed in breaking into the system. These are the 5 phases every hacker must know. Figure 1: Anatomy of an Attack Reconnaissance Reconnaissance is the preparatory phase where an attacker gathers information about the target system prior to launching the attack. This phase might also involve network scanning either internal or external without any authorization. One of the ways for gathering information during this phase may involve “Social engineering”. A social engineer is a person who smooth-talks and persuades people to reveal personal / sensitive information such as passwords, security policies etc. Social engineering is one of the easiest ways to hack as it requires no technical skills and one of the hardest forms of attack to defend against as humans are the weakest link in the security chain. All security measures taken care by the organization goes in vain when the employees get “social engineered”. Detecting social engineering attacks are difficult, as there is no tool to detect such attempts, in most of the cases victim themselves are not aware having revealed sensitive information. “Rebecca” and “Jessica” are the common terms used, which refer to people who are easy target for social engineering attacks such as a receptionist or a support executive. “Dumpster diving” is another way of gathering information. It is the process of looking for discarded sensitive information in an organization thrash. It is one of the effective ways of gathering information as it may provide attackers with even more sensitive information such as username, password, ATM slip, social security number, Bank statements. It is important that an organization has appropriate policies in place to protect their assets and also provide proper guidance to employees on the same. Reconnaissance technique can be classified into active and passive reconnaissance. In passive reconnaissance, the attacker does not interact with the system directly but uses social engineering or dumpster diving as a mean to gather information. Where as in a active reconnaissance, the attacker makes use of tools for port scanning, network scanning to get the details of the application, operating system etc. Often reconnaissance phase overlaps with the scanning phase. Scanning Scanning precedes the actual attack and is one of the important phase of information gathering where in the attacker gathers information about the targets IP address , operating system , system architecture , services running in the system in order to find various ways to intrude into targets system. The strategy to launch the attack is based on the gathered information. The risk of an organization is considered high in the scanning phase as it enables access to the network. Different types of scanning are Port Scanning: Procedure for identifying the open ports and the services running on the target system. Network Scanning -Procedure for identifying IP addresses, active hosts on a network either to attack them or as a network security assessment. Vulnerability Scanning -Automates method to identify the known vulnerabilities present in the system and the network. Some of the important tools used during this phase are Nmap which is used for port scanning; it also offers a variety of advanced features such as remote OS detection. Nessus is a vulnerability scanner which detects the local flaws, uninstalled patches and weakness in network hosts. Nessus has a security vulnerability database which is updated on a daily basis. It carries out development of security checks for recent security holes. CEH scanning methodology The diagram below shows the sequence of steps followed in order to scan any network although scanning method may differ based on the objective of the attack. The Attacker starts with checking for the live systems in the network. Once he finds the live system, looks for any open port present in the system to identify the services running on it. The next phase is OS fingerprinting which is nothing but gathering operating system information about the target system. Post which the attacker scans for vulnerabilities present in the target operating system and exploit it. The attacker may also choose to probe the network by making use of proxies. Figure 2: CEH Scanning Methodology Gaining Access This is one of the most important phases for an attack as this is where the actual attack is planted. Therefore the business risk is highest in this phase. Although not a mandatory phase as an attacker need not always gain access to cause damage like in denial of service attacks. The main aim in this phase is to obtain elevated privileges such as system privilege to execute commands to access sensitive information. Maintaining Access Once the attacker gains access into the system or the network, he tries to retain his “ownership” on the compromised system and periodically attack it. Typically in this phase the attacker tries to install Key loggers to capture the keyboard strokes, sniffers to capture network traffic, rootkits at the kernel level to gain super user access and Trojan horse to gain repeated backdoor access, also download the password files to access the system at a later time. Once the Trojans are in place, the attacker can assume to have gained total control of the system. During this phase the attackers might even harden the system against other attackers by fixing the vulnerability which allowed them to access the system or the network. Clearing Tracks This is where the attacker tries to cover the evidence of his activities for various reasons like maintaining access or legal actions. During this phase the attacker deletes the system logs preventing the system administrator from monitoring the unusual activity, Rootkits are installed as they are effective in covering tracks and also because in some cases they disable logging. Other techniques like Steganography which is used to hide the data in a image or a file, are made used by the attacker in order to cover tracks Typical Hacking Techniques There are several ways an attacker can gain access into the system such as Operating system attacks Application Level attacks Shrink wrap code error Misconfiguration attacks Google Hacking Google Hacking is the art of creating complex search queries in order to gather information of the target system. Google is the primary tool used for Google hacking. Advanced Google operators are used to filter information. Google hacking database identifies files containing password, sensitive directories, vulnerable web pages, error messages containing sensitive information, pages containing firewall logs etc Figure 3: Google advanced search option Basics of Google Hacking Below are some of the basic ways Google is used for hacking Directory Listing Attack: Webpage often accidentally displays files and directories that exist on the web server when top level index file is missing or invalid as directory listing is not taken care of. Most of the times they do not prevent users from downloading files or accessing sensitive information without authorization. Locating directory listing in Google is very straight forward. A query of Intitle: Index.of is the universal search for directory listing Figure 4: Google hacking for Directory Listing An attacker can make use of this information to access sensitive information of the application. Information Disclosure Error messages can disclose a lot of sensitive information about the target like the operating system, network architecture, user information etc. A query of intitle: error fetched 4,070,000 results Figure 5: Google hacking for Information Disclosure Below is the error message displayed by an application. Figure 6: Error message displayed from Google hacking query The error message reveals sensitive information about the target system such as the application is built in, IIS 4.0, MYSQL database. An attacker can now launch attacks that are vulnerable to these technologies. Sensitive Information: Here are some of the Google search syntax’s to crawl for Sensitive information such as passwords filetype: xls inurl: “password.xls” -Looks for username and password in ms excel format. intitle: “Index of” master.passwd -index the master password page index of / backup- Looks for the index backup file on server) intitle: index.of passwd.bak – Looks for the index backup password files. intitle: “Index of” pwd.db- Looks for database password files inurl: “user.xls” intext: “password”- Looks for url that save username and passwords in spread sheet files Site Digger, which explores Google’s cache to look for susceptibilities ,errors, security loopholes on website and Gooscan which automates queries against Google search engine are some of the other tools used for Google hacking. Certified Ethical Hacker Certification Course (CEH) CEH is the professional certification provided by the international council E-Commerce consultants (EC-Council). Figure 6: CEH Process Apart from EC council, there are other certified hacking course taken by some well known Hackers like Ankit Fadia Certified Ethical Hacker (AFCEH) and also some other vendors like karROX Certified Ethical Hacker Course. Ethical Hacking Services As part of ethical hacking services, Penetration testing which is nothing but creating a real life hacking scenario and trying to break into the system is offered by various vendors. Different tools, technique and methodologies are used to gain entry into that application. The service offered could be either a black box testing (where only the application URL is given) or a grey box testing (where a dummy user account with least privilege is created for the pen testers).Penetration testing will be carried over by a team of dedicated ethical hackers. Some of the key benefits of penetration testing are Find security loopholes which cannot be found through functional testing. Identify business logic flaws which cannot be detected by Code Review. Real world simulation of hacking thereby revealing soft targets for possible attacks. Meet Regulatory Compliance like PCI, HIPAA, GLBA and ISO regulatory compliance. Reduction in web application development security flaws. Development of effective mitigation strategies based on your specific environment The Pen test report provides recommended remediation’s for the identified attack. Follows the industry standards for security such as OWASP TOP 10 and SANS 25. Commercial tools like Cenzic, Acunetix, and IBM Rational Appscan are some of the widely used tools for Pen Test. Social Engineering Testing is offered as complementary service by some vendors which tests the organizations “human firewall” by gaining access to an organization and its assets by tricking key personnel over communications medium such as telephone, email, chat, bulletin boards, etc. Acknowledgement Vikram 😛 Related Knowledge Briefs or References Have to check. Summary In recent times Web applications are the target of various forms of attacks. According to a Gartner report 70% of the security attacks are targeted on the web application. Competition is so high that enterprises can’t ignore the risk associated with their vulnerable application. Loss incurred could vary from monetary losses to loss of credibility. In certain cases it could mean end of business. You cannot stop an attacker from hacking, the only thing you can do is make it harder to get in. Ethical hackers are the security professionals who use their hacking skills for defensive purpose. The process of ethical hacking would depend on, what is that organization is trying to protect, against whom and how much or resources the organization is ready to spend. The hacking tools are meant for research and educational purpose only and should not be used for destructive purpose. Your Name then enter a short two or three line biography, including your BU/practice and location. Was the information contained in this Knowledge Brief useful? We strive to improve our content by continuously refining it. You can discuss the document, or download the most recent version, from the details page of this Knowledge Brief. Your feedback is appreciated!
A Reflection Paper about presidency and the judiciary 2 pages only. I’m stuck on a Political Science question and need an explanation.

reflection paper about the the presidency and the judiciary 2 pages only

1)Select a relevant topic: the first reflection paper may discuss the presidency and/or the judiciary.

2)Engage course material: you must make it clear that you have read and thought about the relevant readings. This means employing, explaining, and perhaps even challenging relevant terms and concepts.
3)Consider a current event: you must discuss some current event in light of the topics and concepts covered in class.
4)Make an argument: you should articulate what you will be arguing at the outset of your paper and develop this argument in the following two pages. Arguments need to be clear and coherent and must use relevant evidence to substantiate their claims.

A Reflection Paper about presidency and the judiciary 2 pages only

Middle Tennessee State University Voting for People with Disability Paper

Middle Tennessee State University Voting for People with Disability Paper.

ARTICLE YOU’LL BE USING IS ATTACHED : Disability, Voter Turnout, and Polling Place Accessibility 2 VIEWPOINT ESSAYS ARE ATTACHED A. Introduction (1 page, 10 points)Respond to the questions below and use the underlined concepts in your responses.What is the title of the scholarly research article which you will be analyzing in section B? ( THAT IS THE ARTICLE) Disability, Voter Turnout, and Polling Place Accessibility. How can you be sure that it is a scientific research article and not a personal opinion or viewpoint? Give evidence that shows it to be a scholarly research article.What is the social issue that you researched to this report? Why did you choose this issue?Write statements which describe the main point of each viewpoint essay that you located in your research. You should have at least 2 different statements. Be sure to include the authors’ name or title of the essay in your statements.Write statements which describe the 2 other items which you located. What information or perspectives do the other items contribute to your understanding of the issue?B. Analyze the scholarly research article that you chose from the list. Answer these questions to analyze it. (1-2 pages, 30 points)Read the questions completely and analyze the scholarly research article with all of the questions. Include the underlined concepts in your responses. Each response to a question is worth 1-4 points.What is the hypothesis or research question the author is studying? Quote a sentence that discusses the hypothesis or research question.What are the variables in the hypothesis or research question? Be specific and identify the independent and dependent variables.What methods of data collection did the author use to gather empirical evidence? Quote a statement from the article that identifies these methods. Choose one or two from the list below.participant observationinterviewssurveyshistorical methodscontent analysisexperimentationWhich type of data did the researcher use more: quantitative or qualitative, or both? Quote a statement from the article that discusses the data.What are the findings or results of the study? Does the evidence support the hypothesis? Explain how.What is the sample population size? How many individuals participated in the study? Or, how many groups did the researcher observe? Was the research conducted on the micro or macro level of society? Give details from the study which demonstrate the level.Are the results of the research article generalizable to a population beyond the study? Remember that typically a microlevel study is not large enough or random enough be generalizable.C. Conclusion (1 page, 20 points)Discuss how the scholarly article is different from the viewpoint essays that you read for this report. Refer to Chapter 2 of the textbook and use 2 or more of the concepts below in your writing.research ethicsverstehenpositivist researchempirical evidenceobjective analysisWhat additional ideas or data would be helpful for you to understand this issue more fully? Use your imagination and consider these things:What information do you need about the ways in which this issue affects people differently according to their gender, class, race, etc.?What information do you need about the micro or macro levels of this issue?What information do you need about the causes of the issue?What information do you need about ways to deal with the issue?
Middle Tennessee State University Voting for People with Disability Paper

Tracks Covering in Penetration Testing

essay order Er. Ramesh Narwal Er. Gaurav Gupta Abstract After completing attack, covering tracks is the next step in penetration testing. In tracks covering after completing attack we will return to each exploited system to erase tracks and clean up all footprints we left behind. Tracks covering is important because it gives clue to forensics analyst or Intrusion Detection System (IDS). Sometimes it’s difficult to hide all tracks but an attacker can manipulate the system to confuse the examiner and make it almost impossible to identify the extent of the attacker. In this research paper we describe all of the methods used in tracks covering and their future scope. Keywords: Exploit, Payload, Vulnerability Assessment, Penetration Testing, Track Covering Introduction Penetration testing is nowadays an important organisation security testing method. Penetration testing is also known as Pentesting. Main objective of penetration testing is to identify the security threats in networks, systems, servers and applications. Penetration testing consists of various phases which we discuss in overview of penetration testing. After gaining administrative access on a system or server, attacker first task is to cover their tracks to prevent detection of his current and past presence in the system. An attacker or intruder may also try to remove evidence of their identity or activities on the system to prevent tracing of their identity or location by authorities. To prevent himself an attacker usually erases all error messages, alerts or security events that have been logged. Overview of Penetration Testing Penetration Testing used for validation and effectiveness of security protections and controls of an organisation. It reduce an organisation’s expenditure on IT security by identifying an remediating vulnerabilities or loopholes. It provides preventive steps that can prevent upcoming exploitation. Penetration testing phases Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Covering Tracks Reporting Pre-engagement Interactions Planning is the first step in pre-engagement. During this phase scope, goal and terms of the penetration test is finalised with the client. Target and methods of planned attacks are also finalised in this phase. Intelligence Gathering This is most important phase if we miss something here we might miss an entire opportunity of attack. All information regarding target is gathered by using social media networks, google hacking and other methods. Our primary goal during this phase to gain accurate information about target without revealing our presence, to learn how organisation operates and to determine the best entry point. Threat Modeling The information acquired in intelligence gathering phase used in this phase to identify existing vulnerabilities on the target system. In threat modelling, we determine the most effective attack methods, the information type we need and how attack can be implemented at an organisation. Vulnerability Analysis Vulnerability is loophole or weakness in the system, network or product by using which can compromise it. After identification of most effective attack method, we consider how we can access the target. During this phase we combine information acquired in previous phases and use that information to find out most effective attack. Port and Vulnerability scans are performe in this phase and all data is also gathered from previous phases. Exploitation Exploit is a code which allows an attacker to take advantage of the flaw or vulnerability within system, application or service. We must perform exploit only when we are sure that the particular exploit will be successful. May be unforeseen protective measures might be on the target that inhibit a particular exploit. Before trigger a vulnerability we must sure that the system is vulnerable. Our exploit must do proper clean-up after execution at compromised system and must not cause the compromised system to grow into unstable state. Given below figure shows some system shutdown prompt at compromised windows machine due to without proper clean-up of exploit after execution. After successful exploitation the compromised system is under the control of an attacker. Many times attacker or penetration tester need to alter the compromised or breached systems to attain privilege escalation. Post Exploitation Payload is actual code which executed on the compromised system after exploitation. Post Exploitation phase begins after compromised one or more systems. In this phase penetration tester identifies critical infrastructure, targets specific systems, targets information and data that values most and that must be attempted to secure. In Post Exploitation while attacking systems we should take time to understand what the system do and their different user roles. Every tester and attacker generally spend time in compromised system to understand the information he have and how he can take benefit from that information. After gaining access of one system an attacker can access other systems in that network by using compromised as a staging point. This method is known as pivoting. Sometimes attackers creates backdoor into the compromised system to regain access of the system in the future Covering Tracks In the previous phases penetration tester or attacker often made significant changes to the compromised systems to exploit the sytems or to gain administrative rights. This is the final stage in penetration test in which an attack clears all the changes made by himself in the compromised systems and returns the system and all compromised hosts to the precise configurations as they are before conducting penetration test. Reporting All of the information like vulnerability reports, diagrams and exploitation results generated during penetration testing must be deleted after handover to the client. If any information is not deleted it should be in the knowledge of client and mentioned in the technical report which is generated after penetration testing. Reporting is the last phase in penetration test in which penetration tester organise available data and related result sets into report and present that report to the client. This report is highly confidential which have all the results of penetration tests like vulnerabilities list in the organisation systems, networks or products and recommendations to solve these problems related to the security of the organisation assets, which helps organisation in stopping future attacks. How to cover tracks To compromise system successfully an attacker need to be stealthy and avoid detection by various security systems like firewalls, Intrusion detection systems (IDS). System administrators and other security personals uses similar techniques to identify malicious activities, so it’s very important for attacker to be remains undetected. A system administrator can examine processes and log files to check malicious activities. There are various challenges which are faced by a penetration tester after successfully compromise of target system. Now we describe various problem faced by a penetration tester in covering tracks Manipulating Log Files Data To manipulate log files data an attacker must have nice knowledge of commonly used operating systems. An attacker must aware of two types of log files system generated and application generated. Penetraion tester or attacker have two options when manipulating log data first one is to delete entire log and second one is to modify the content of the log file. After deleting entire log an attacker there is surety of undetectability. But there is drawback of deletion of entire log is detection. Second option an attacker have to manipulation of log files data within the log files so that system administrator is not able to notice attacker presence in the system. But sometimes if attacker removal of so much information make gap between logs files makes it noticeable. Log Files Management in Various System Main purpose of log files in various operating systems is to check health and state of operating system, to detect malicious activity, to analysis system if something bad happens(system troubleshooting). Here we show locations of log files in commonly used operating systems Windows, Linux/Unix, Mac. Windows In windows log files or stored in event viewer, which is easy to find simply search event viewer and run it. Event viewer is simply look like the figure as given below, where we can see all log files of the system and applications. Figure : Log Files Managements in Windows Linux/Unix In mainly all linux and unix operating systems log files are stored in the /var/log directory. Mainly system log files are hidden in linux and unix operating systems to see complete list of log files from shell simply type ls –l /var/log/ command in shell. In the below figure we show log files in BackTrack linux operating system Figure : Log Files Management in Linux/Unix Mac To get or access log files in MAC operating system simply open finder and select “Go to Folder” in the Go menu. Type in /Library/Logs and hit Enter here you get the screen like as given in figure which contains all log files. Figure : Log Files Management in Mac OS X To manipulation of log files data an attacker must have root privileges. Challenges in Manipulation of Log Files If the system administrator configures its system to transfer all log files on the remote server time to time, in that case an attacker or penetration tester can only stop log files transfer process except it they have no other way. Hiding Files Various Tools for Covering Tracks There are so many to compromise a system but after compromising the system the attack must need to cover their tracks because each and every activity that attacker can do is stored or recorded by the system. Every system have different way to record the activity that occurs in the system. Every attacker must covers their tracks that are recorded by the system so that no one can identify him.

Security Issues Concerned With E Commerce Information Technology Essay

Rapid advancements in technology is allowing everyone to send and receive information from anywhere in the world. Initially people used to share information but slowly this technology started emerging to business areas such as marketing, buying and selling, is called E-commerce. In which all the business transactions are made online. E-commerce is providing many comforts to everyone at the same time there is a chance of misusing the technology. In this essay, E-commerce is discussed in detail about the security issues associated with that. Familiarity with securities increases the benefits of E-commerce to a maximum extent. INTRODUCTION E-commerce is a type of business model for a small or larger business that enables a firm or individual to conduct business using electronic media such as internet. It can be divided into four major areas based on type of business and the parties involved in business. They are business to business, business to consumer, consumer to consumer and consumer to business. This essay explains about E-commerce, importance of E-commerce, latest applications, advantages and draw backs. This is also explains in detail about current security issues, E-commerce threats, risks and privacy issues related to various areas of e commerce. IMPORTANCE OF E-COMMERCE: In e-commerce, time plays a vital role in both the businesses and consumers. From the business point of view, with less time spent during each transaction, more transaction can be attained on the same day. As for the consumer, they will save up more time during their transaction. Because of this, Ecommerce steps in and replaced the traditional commerce method where a single transaction can cost both parties a lot of valuable time. For example, a banking transaction can be completed through the Internet within a few minutes compared to the traditional banking method which may take up to hours. This fact clearly proves that Ecommerce is beneficial to both business and consumer wise as payment and documentations can be completed with greater efficiency. APPLICATIONS OF E-COMMERCE: Now a day’s development of E-commerce applications is taking place rapidly. This is mainly due to the increased number of internet users and awareness of technology in people. Many people using internet to shop online, make bills payment and money transfers etc. ADVANTAGES OF E-COMMERCE APPLICATIONS: People paying more attention to do electronic transaction using internet because, they can do these from any place in the world at any time they wish. This is saving lot of time and effort and providing comfort. The other important advantage of e commerce is the cheapest means of doing business. From the buyer’s perspective also ecommerce offers a lot of real advantages. Reduction in buyer’s sorting out time. Better buyer decisions Less time is spent in resolving invoice and order discrepancies. Increased opportunities for buying alternative products. DIS ADVANTAGES OF E-COMMERCE: However there are several benefits of E-commerce applications, there are few limitations and risks involved in using those applications. The main disadvantage of E-commerce is the lack of a business model, lack of trust and key public infrastructure, slow navigation on the Internet, the high risk of buying unsatisfactory products, and most of all lack of security. It has a great impact on traditional business system. For example, telephone bill payment in traditional method was expensive and time consuming than the recent online payment. Of course, the recent online payment system is cost effective but, can’t provide employment in the transportation system like traditional payment method. So the major disadvantage of E-commerce applications is, it perpetuates unemployment. In some way it can provide employment to few people like data base administrator, internet security providers etc. where as privacy, security, payment, identity, contract comes under drawbacks of the e- commerce. SECURITY ISSUES CONCERNED WITH E-COMMERCE: In spite of its advantages and limitations E-commerce has got some security issues in practical. E-commerce security is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction. Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day. There are two types of important cryptography we follow for secured E-commerce transactions. Symmetric (private-key) cryptography: This is an encryption system in which sender and receiver possess the same key. The key used to encrypt a message is also used to decrypt the encrypted message from the sender. Asymmetric (public-key) cryptography: In this method the actual message is encoded and decoded using two different mathematically related keys, one of them is called public key and the other is called private key. To provide the maximum security using cryptography we target the following five areas: 1. Integrity 2. Non-repudiation 3. Authenticity 4. Confidentiality 5. Privacy INTEGRITY: Integrity is nothing but message must not be altered or tampered with. There are several chances for damage of data integrity in the E-commerce area. Errors could take place when entering data manually. Errors may occur when data is being transmitted from one computer to another. Data could be modified or theft because of software bugs or viruses. Data could be lost due to the unexpected hardware damages like server or disk crashes. There is possibility of data loss due to the natural disasters like fire accidents. There are many ways to minimize these threats to data integrity. We can maintain the Back up of our data efficiently by updating regularly. Modern technology provides us various security mechanisms to controlling access to data. We can improve the data integrity through designing user interfaces that prevent the input of invalid data, for example menu driven applications which allow user to choose particular they are looking for. We can use the error detection and correction software when transmitting data to develop integrity. NONREPUDIATION: Prevention against any one party from reneging on an agreement after the fact. For E-commerce and other electronic transactions, including ATMs (cash machines), all parties to a transaction must be confident that the transaction is secure; that the parties are who they say they are (authentication), and that the transaction is verified as final. Systems must ensure that a party cannot subsequently repudiate (reject) a transaction. To protect and ensure digital trust, the parties to such systems may employ Digital Signatures, which will not only validate the sender, but will also ‘time stamp’ the transaction, so it cannot be claimed subsequently that the transaction was not authorized or not valid etc. AUTHENTICATION: In E-commerce, authentication is a process through seller validates the information provided by the buyer like credit card information. In this process verification of both the cardholder’s identity and the payment card’s details are checked. In E-commerce transactions sellers must be very careful and responsible to provide good payment authentication services. A well developed and implemented transaction authentication process will decrease the number of customer disputes and charged-back transactions. If the E-commerce website do not have the good authentication system could lead a great loss of both data and money. CONFIDENTIALITY: Confidentiality is protecting our data from unauthorized users. That means whatever the data or information shared by the merchant and the customers should be accessed by those two parties only. No other should be able to access such data. To maximize the confidentiality we must follow good encryption and decryption methods, proper authentication and authorization procedures. We must use good antivirus or software error detections system. PRIVACY: Privacy is a major concern in E-commerce area which tells the E-commerce user how long his or her personal information is going to be stored in web site owner’s database, how safely they delete such personal information and what are the legal actions will be taken if the ecommerce website is misused. In online transactions, the website owner or service provider will have the ability to keep a record of all the purchases made by a consumer. Each E-commerce website has its own privacy policy, as per the needs of the organization. So the customers must go through the privacy policy before they utilize E-commerce website for online shopping. Otherwise the customers have to phase big problem as the seller has the legal rights to take an action on customer for misusing their website. To get rid of this problem now a days we are able to use many tools like filtering website with low privacy ratings In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. I will explain each and every concept with detail explanation. Digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender’s identity and that the message arrived intact. Digital certificate is an electronic “credit card” that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users’ public keys. In Security socket layer, Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission Control Protocol / Internet Protocol). The information is broken into packets, numbered sequentially, and an error control attached. SSL uses PKI and digital certificates to ensure privacy and authentication. The procedure is something like this: the client sends a message to the server, which replies with a digital certificate. Using PKI, server and client agree to create session keys, which are symmetrical secret keys specially created for that particular transmission. Once the session keys are agreed, communication continues with these session keys and the digital certificates. Some of the protecting networks are fire wall and proxy servers. Fire wall is to protect a server, a network and an individual PC from attack by viruses and hackers. Equally important is protection from malice or carelessness within the system, and many companies use the Kerberos protocol, which uses symmetric secret key cryptography to restrict access to authorized employees where as proxy servers (proxies) is a server (a computer system or an application program) that acts as a go-between for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. E-COMMERCE SECURITY THREATS: However we follow security measures, there are is a chance of threats in several ways. We can classify such threats in to four types. 1. Intellectual property threats: Some browsers use the information personally from a website without permission of the website owner. For example, music downloads, software pirating etc. To get rid of this problem website owners have to use secured authentication system 2. Client computer threats: Sometimes client computers may impose for electronic threats like Trojan horse, viruses. Which enters the client computer without user’s knowledge, steal the data and destroy or crash the client computer. To avoid these types of threats we need to use good antivirus system which should be updated regularly. The website owners should implement a strong privacy policy. 3. Communication channel threats: As internet allows anyone to send and receive information through many networks. Data may be stolen, modified by unauthorized users of hackers. Hackers can develop software to steal the user Identification and pass words as well. Spoofing is another major threat while data is being transmitted electronically. Denial of service is also one of communication channel threat, where hackers’ sends unlimited number of requests to the target server, which big number of requests may not be handled by the server. Obviously the genuine user will find websites of that server are always busy. We can overcome the communication channel threats using public key encryption and private key encryption. We can also use proper protocols to get rid of communication channel threats. Digital signatures are another way we can follow to minimize these kinds of threats. Where the actual message which we need to send is decrypted and bound with sender’s private key and a signature is added to that will be send to the receiver. The receiver uses sender’s public key and signature for decryption to see the actual message. 4. Server threats: Denial of service is a major threat for the servers, where hackers generate a program which sends many requests from the client side that cannot be handled by the server. Spamming is another important threat for the servers. To protect our server from the above threats we can use authentication for web access, digital signatures and firewalls. Firewalls check the incoming requests packets and if anything which does not match with the server related data, they simply reject those requests. Some of the tools to achieve the security they are encryption, firewalls, security tools, access controls, proxy systems, authentication and intrusion detection. HOW TO DEVELOP AN E-COMMERCE SECURITY PLAN: Perform a risk assessment Develop a security policy Develop an implementation plan Create a security organization Perform a security audit Firstly, security plan starts with risk assessment which means an assessment of the risks and points of vulnerability. Secondly, security policy is a set of statements prioritizing the information risks, identifying acceptable risk targets and identifying the mechanisms for achieving these targets where as in the implementation plan it will take to achieve the security plan goals. Thirdly, security organization educates and train users, keeps management ware of security threats and breakdown, and maintains the tools chosen to implement security. Lastly, security audit involves the routine review of access logs. MANAGING RISK IN E-COMMERCE: To be able to manage the risk in E-commerce first step is identify the risk factor whether it is intellectual property threat, communication channel threat, client computer threat or server threat. Then we take a counter action against the relevant risk as explained above. If we don’t do this regularly, E-commerce may mislead the customer because of the data stealing of modification. Customers and the website owners may lose valuable account numbers; pass words and other personal information. As E-commerce is worldwide, it could lead for the global loss for both customers and sellers. CONCLUSION E-commerce is a type of business model for a small or larger business that enables a firm or individual to conduct business using electronic media such as internet. In e-commerce, time plays a vital role in both the businesses and consumers. E-commerce security is nothing but preventing loss and protecting the areas financially and informational from unauthorized access, use or destruction. Due the rapid developments in science and technology, risks involved in use of technology and the security measures to avoid the organizational and individual losses are changing day to day. In the e-commerce security, some of the issues to be considered in this issue they are digital signatures, certificates, secure socket layers, firewalls. To develop a security plan five major steps have to be considered they are risk assessment, developing security policy, implementation plan, create a security organization and performing a security audit. To reduce the risk from the Trojans, worms every one should implement the security plan.

Having Clear Goals Discussion

Having Clear Goals Discussion.

What motivates people to act is one of my favorite topics of
discussion. I always say, if I know what motivates you; I can predict
what behaviors you will exhibit. I have been taught a number of theories to include Maslow’s Theory,
and the concept of intrinsic, and extrinsic motivators. Another concept
that comes to mind is whether people are motivated more by achievement
(success) or pain (to avoid pain).Question(s) #1: In your opinion, are employees or organizations motivated more by
being successful [e.g. making a societal impression, difference in the
world, making profits] or avoiding pain [e.g. law suits, loss of
business, bad press]? How does each view or perspective impact that
behavior of a company?Question(s) #2:We know that goal setting is critically important in business, and in
our personal lives. But explain how does goal setting impact our
ability to achieve success in a business environment? Why is tracking,
and re-evaluating goals so important in the goal setting Process?Action Requested:Please answer one of the two question streams.150 WordsTwo Peer response 50-75 wordsI will screenshot that.
Having Clear Goals Discussion