E-COMMERCE - SECURITY SYSTEMS

UNIT III E-COMMERCE - SECURITY SYSTEMS (Detail)

Technology Solution

Encryption

Encryption is a way of scrambling (move quickly) data so that only authorized parties can understand the information. In technical terms, it is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext (encoded information). Encrypted to change electronic information or signals into a secret code (= system of letters, numbers, or symbols) that people cannot understand or use on normal equipment

Securing channels of communication

A protected communication link established between the cryptographic module and a sender or receiver (including another cryptographic module) to securely communicate and verify the validity of plaintext CSPs, keys, authentication data, and other sensitive data. Also called a secure channel.

Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it. The art of cryptography has been used to code messages for thousands of years and continues to be used in bank cards, computer passwords, and ecommerce.

What are the measures of securing channels of communication?

To consider digital communication secure, it must fulfill four essential principles: encryption, authentication, integrity, and non-repudiation. Encryption: Messages should be sent with end-to-end encryption to protect the content from unauthorized access.

Communication security means prevention of unwanted and unauthorized access to telecommunications. It includes four major disciplines:

Physical security

Emission security

Encryption security

Transmission security.

Organizations that want to secure their communication and protect their customer data must pay attention to all four areas.

What is communication security?

Also referred to as COMSEC, communication security is the prevention of unauthorized access to communications traffic. In essence, COMSEC as a discipline tries to protect any piece of information or data transferred over email, chat, phone, and other means.

Today, as communication means are developing and becoming more digital, the call for security is greater than ever.

8 communication security strategies for organizations

Secure communication translates to continuous availability, integrity, and confidentiality of the network. Here’s a list of the best secure communication strategies used for organizations wanting to safeguard their data:

1. Physical security

Physical security refers to the protection of building sites and equipment (and all information and software contained therein) from theft, vandalism, natural disaster, manmade catastrophes, and accidental damage (e.g., from electrical surges, extreme temperatures, and spilled coffee).

Although most of the communication today takes place over the internet, servers are key components of a communication system. Thus, the network operator is responsible for protecting them against any damage and ensuring smooth connectivity.

Ideally, servers should be located in a closed facility with limited access. Organizations concerned about communication security often choose on-premise deployment of any service to ensure maximum safety. In addition, having an efficient alarm system to notify authorities to respond swiftly and control the damage can aid secure communication.

As covered in our recent article about on-premise vs. cloud security,

When companies choose cloud providers, data security becomes a shared responsibility between the company and the cloud provider. With on-prem, they are fully in control of their data.

2. Network and architecture of the communication system

Two methods (communications network architecture) can be used to deliver data to the target. In the first method, a network architecture is designed in which the wireless sensor nodes can transfer data to the delivery center directly; this is also termed a flat network architecture.

The reliability of any communication network largely depends on a continuous and secure flow. To ensure this, the network must consist of autonomous units that can work independently to ensure smooth communication.

In addition, the hardware (including base stations and servers) should always have an uninterrupted power supply (UPS) to act as a backup. The density of these hardware units in the network ensures its ability to serve its users.

In extreme cases, networks can be air-gapped to prevent the slightest possibility of external access.

3. Preventing unauthorized access

To prevent unauthorized access, it's essential to implement strong security measures such as robust password policies, multi-factor authentication, regular software updates, employee training on security awareness, and effective physical security practices.

Strong access controls must be implemented within a communication system to ensure communication security and stay compliant with data sovereignty laws. Sensitive information, including the user’s name and personal details, should not be accessible even to employees below a certain security clearance level.

Multi-factor authentication is one way to enable secure communication between people without anyone eavesdropping, stealing data, or spreading misinformation. Sometimes unauthenticated users may need to join meetings for which a service that allows users to identify and accept or block their requests is required.

Get started with Rocket.Chat’s secure collaboration platform

Talk to sales

4. Data encryption in transit

To encrypt data in transit, you need to use a secure communication protocol that ensures the confidentiality, integrity, and authenticity of your data. The most common protocol for encrypting data in transit is SSL/TLS, which stands for Secure Sockets Layer/Transport Layer Security.

Data traveling through an untrusted network, like the internet, is most vulnerable during transit. Therefore, it is crucial to put a protective mechanism, like end-to-end (E2E) encryption, in place. It lets data travel safely between two parties, preventing any tampering from unauthorized third-party users. 

The cryptographic key decrypts the communication when it reaches the receiver. It is also important to secure the management of these cryptographic keys for communication security.

Find out what are the ten best encrypted messaging apps for business communication.

5. Admin controls

Administrative controls are changes in work procedures to reduce the duration, frequency, and severity of exposure to hazardous chemicals or situations. Administrative controls include work practice controls which are intended to reduce the likelihood of exposure by changing the way a task is performed.

Not every employee in your organization will need access to every piece of information. Admin controls play an important role in readily managing this aspect. When personnel join the company, change departments, or leave the organization, their login credentials and access limits are altered or removed by the admin.

Even so, a large organization requires periodic inspection of employee access and admit controls to avoid any data leaks or misinformation spreads. This helps prevent compliance mishaps with laws like General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).

6. Regular audits

Regular audit is performed periodically according to auditing programs set forth by Customs focusing on business system and routine operation and management situation. The Internal Control Framework of the Commission is used for this purpose.

When an insider performs regular audits, they may not produce accurate results if the auditor is biased or has ulterior motives. Besides, if an audit is used to spread malware, misuse information, or launch phishing attacks, it can result in an adverse outcome.

Outsourcing security audits to a reliable and compliant third party can be beneficial in ensuring communication security. The authorized auditor should launch a surprise audit if the security system picks up multiple failed-login attempts or any unusual activity in the communication.

7. Internal training

Internal training is another name for in-house training or onsite training. It relies on a company's own resources to train employees within the organization. It's unlike outsourced training that relies on an external training provider to manage all your training needs.

Safety protocols may not work if people don’t follow standard secure communication practices. Conducting regular training sessions for your staff on standard procedures while communicating can strengthen the communication network’s security. Internal training can help employees verify the information and avoid cyberattacks.

Internal training is especially important to bolster cybersecurity while working remotely.

8. Careful third-party use

Monitor the app's security and performance. Limit sensitive data and functions to authorised users with role-based access controls. Limit permissions granted to the app. Limit the amount of personal and professional data you share with third-party apps.

Communication services require metadata for every communication to operate properly. Details about the communication, including the who, when, where, and how, may be collected and stored. The service provider needs to share the purpose of each collected piece of information.

An open-source messaging solution is appropriate for your organization as it has essential transparency to ensure only the necessary metadata is collected and used.

Protecting network

Network Security involves access control, virus and antivirus software, application security, network analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN encryption and more.

Types of Network Security Protections

Firewall

Firewalls control incoming and outgoing traffic on networks, with predetermined security rules. Firewalls keep out unfriendly traffic and is a necessary part of daily computing. Network Security relies heavily on Firewalls, and especially Next Generation Firewalls, which focus on blocking malware and application-layer attacks.

Network Segmentation

Network segmentation defines boundaries between network segments where assets within the group have a common function, risk or role within an organization. For instance, the perimeter gateway segments a company network from the Internet. Potential threats outside the network are prevented, ensuring that an organization’s sensitive data remains inside. Organizations can go further by defining additional internal boundaries within their network, which can provide improved security and access control.

What is Access Control?

Access control defines the people or groups and the devices that have access to network applications and systems thereby denying unsanctioned access, and maybe threats. Integrations with Identity and Access Management (IAM) products can strongly identify the user and Role-based Access Control (RBAC) policies ensure the person and device are authorized access to the asset.

Zero Trust

Remote Access VPN

Remote access VPN provides remote and secure access to a company network to individual hosts or clients, such as telecommuters, mobile users, and extranet consumers. Each host typically has VPN client software loaded or uses a web-based client. Privacy and integrity of sensitive information is ensured through multi-factor authentication, endpoint compliance scanning, and encryption of all transmitted data.

Zero Trust Network Access (ZTNA)

The zero trust security model states that a user should only have the access and permissions that they require to fulfill their role. This is a very different approach from that provided by traditional security solutions, like VPNs, that grant a user full access to the target network. Zero trust network access (ZTNA) also known as software-defined perimeter (SDP) solutions permits granular access to an organization’s applications from users who require that access to perform their duties.

Email Security

Email security refers to any processes, products, and services designed to protect your email accounts and email content safe from external threats. Most email service providers have built-in email security features designed to keep you secure, but these may not be enough to stop cybercriminals from accessing your information.

Data Loss Prevention (DLP)

Data loss prevention (DLP) is a cybersecurity methodology that combines technology and best practices to prevent the exposure of sensitive information outside of an organization, especially regulated data such as personally identifiable information (PII) and compliance related data: HIPAA, SOX, PCI DSS, etc.

Intrusion Prevention Systems (IPS)

IPS technologies can detect or prevent network security attacks such as brute force attacks, Denial of Service (DoS) attacks and exploits of known vulnerabilities. A vulnerability is a weakness for instance in a software system and an exploit is an attack that leverages that vulnerability to gain control of that system. When an exploit is announced, there is often a window of opportunity for attackers to exploit that vulnerability before the security patch is applied. An Intrusion Prevention System can be used in these cases to quickly block these attacks.

Sandboxing

Sandboxing is a cybersecurity practice where you run code or open files in a safe, isolated environment on a host machine that mimics end-user operating environments. Sandboxing observes the files or code as they are opened and looks for malicious behavior to prevent threats from getting on the network. For example malware in files such as PDF, Microsoft Word, Excel and PowerPoint can be safely detected and blocked before the files reach an unsuspecting end user.

Hyperscale Network Security

Hyperscale is the ability of an architecture to scale appropriately, as increased demand is added to the system. This solution includes rapid deployment and scaling up or down to meet changes in network security demands. By tightly integrating networking and compute resources in a software-defined system, it is possible to fully utilize all hardware resources available in a clustering solution.

Cloud Network Security

Applications and workloads are no longer exclusively hosted on-premises in a local data center. Protecting the modern data center requires greater flexibility and innovation to keep pace with the migration of application workloads to the cloud. Software-defined Networking (SDN) and Software-defined Wide Area Network (SD-WAN) solutions enable network security solutions in private, public, hybrid and cloud-hosted Firewall-as-a-Service (FWaaS) deployments.

What are the benefits of network security?

Data protection

Prevents hacking

Antivirus software

Ensuring data availability

Access control

Closed environment protected from the internet

Network security solutions

Protects proprietary information

Security for hyperscale networks

Protecting servers and clients

Server security focuses on the protection of data and resources held on the servers. It comprises tools and techniques that help prevent intrusions, hacking and other malicious actions. Server security measures vary and are typically implemented in layers.

Client confidentiality is a fundamental rule among institutions and individuals stating that they must not share a client's information with a third party without the consent of the client or a legal reason. Normally, access to a client's data is only between the workplace and the customer or client.

1Update your systems regularly

One of the easiest and most effective ways to secure your Windows systems is to keep them updated with the latest patches and security fixes. Windows updates can fix vulnerabilities, improve performance, and add new features that can enhance your security. You can use Windows Update or Windows Server Update Services (WSUS) to manage and deploy updates to your servers and clients. You should also update your applications, drivers, and firmware to avoid any compatibility or security issues.

Systems update is highly important as well. We need to have our systems up to date with the patches. This would help us also from major risk.

Start by routinely patching vulnerabilities in the operating system and software. To increase login security, use multi-factor authentication (MFA). Detect dangers by using antivirus/anti-malware software and firewalls to filter network traffic. Inform users on the best practices for cybersecurity, such as how to spot phishing attacks. Apply the least privilege principle to access control. Utilize solutions like BitLocker and EFS to encrypt data both at rest and while it is being transmitted. Maintain logs and keep an eye out for strange activity on the systems. Backup vital data frequently to reduce the risk of data loss in the event of ransomware or security breaches. Sensitive systems are isolated through network segmentation.

2Configure your firewall and network settings

Another important step to secure your Windows systems is to configure your firewall and network settings properly. A firewall can block or allow incoming and outgoing traffic based on rules and policies. You can use Windows Firewall or a third-party firewall to control the network access of your servers and clients. You should also configure your network settings to use secure protocols, such as HTTPS, SSH, and VPN, and disable or limit the use of insecure protocols, such as Telnet, FTP, and SMB. You should also avoid using default ports, usernames, and passwords, and change them to something more complex and unique.

Make it a priority to always make config backups of any network device that will be affected by any planned or emergency changes. Too often I have witnessed a critical problem be fixed in a panic, not realising that a scheduled task running at midnight may fail because of changes done for other teams. This allows for pre-cgange configuration to be restored with minimal disruption to current tasks while the root cause can be investigated, while solution architects design a sustainable solution for the original disruption.

The best practice regarding the firewall will be to stop unnecessary traffic away from the destination, this approach reduces risk and overload on the targeted system, so windows firewall is the "last resort shield". In an advanced virtual environment it is common to use microsigmentation (distributed FWs) , where each communication between each source and destination are known and allowed explicitly, anything else will be blocked and/or monitored. (Two examples can be: VMware NSX or Guardicore )

3Use antivirus and antimalware software

Even if you update your systems and configure your firewall and network settings, you still need to use antivirus and antimalware software to protect your Windows systems from malware and hackers. Antivirus and antimalware software can scan, detect, and remove malicious files, programs, and activities from your systems. You can use Windows Defender or a third-party antivirus and antimalware software to protect your servers and clients. You should also enable real-time protection, schedule regular scans, and update your virus definitions frequently.

In my opinion antivirus and antimalware software is no longer effective. Those technologies works on a "deny-list" basis. Instead use an "allow-list" software, where only authorized software is allowed to run. Anything else will be stopped. This is a much more effective way of achieving this aspect of security.

If you want the real deal, I highly recommend CrowdStrike Falcon (AV) paired with Velociraptor (Advanced forensic analysis). As a Ransomware disaster recovery engineer, I can assure you that if you do not have a good AV installed with real-time protection enabled and not running an analysis tool, you are not secure. Also, I cannot say this any LOUDER, you should NOT have your backup servers on the domain! Isolate them! And it’s never a bad idea to keep an offsite backup. Athena7 is a fantastic company that will do an assessment in your environment to help you understand your security controls, backups, and infrastructure and how well you will withstand attacks by the latest threat actors.

4Enable encryption and backup

Another step to secure your Windows systems is to enable encryption and backup. Encryption can protect your data from unauthorized access, even if your systems are compromised or stolen. You can use Bit Locker or third-party encryption software to encrypt your hard drives, partitions, and removable devices. Backup can help you recover your data in case of data loss, corruption, or ransom ware attacks. You can use Windows Backup or third-party backup software to backup your data to a local or cloud storage.

Backup is important, but even more important is to test that you are able to restore the data and get your systems up and running again.

Encryption is like a secret code that keeps our important information safe. It's important to use encryption on our computer and any devices we plug into it, like a USB stick or external hard drive.

5Implement user and group policies

Another step to secure your Windows systems is to implement user and group policies. User and group policies can define the permissions, roles, and settings of your users and groups on your servers and clients. You can use Active Directory or a third-party user and group management software to create and manage your user and group policies. You should also follow the principle of least privilege, which means giving your users and groups only the minimum access they need to perform their tasks. You should also enforce strong password policies, such as length, complexity, and expiration, and use multi-factor authentication, such as SMS, email, or biometrics, to verify your user identities.

Password policies are rules that help us keep our passwords safe. One important rule is that we need to change our passwords regularly. Another rule is that we should not use the same password over and over again.

Make sure you disable or suspend a user account as soon as an employee leaves the company. Beleive it or not usees share passwords among other employees ans zombi accounts can be very dangerous.

6Monitor and audit your systems

The final step to secure your Windows systems is to monitor and audit your systems. Monitoring and auditing can help you track and analyze the performance, activity, and events of your servers and clients. You can use Windows Event Viewer or a third-party monitoring and auditing software to collect and review your system logs. You should also enable and configure Windows Security Auditing, which can record and report any security-related events, such as logon, file access, policy change, and account management. You should also review and update your security policies and practices regularly, and perform security audits and tests to identify and fix any gaps or weaknesses in your security.

In scenarios involving a large quantity of machines, it might be useful to send those logs to a SIEM software, which configured with the right business-logic rules it can help us to identify any security deviations.

Monitoring and auditing systems is essential for maintaining security and compliance. A SIEM system can help organizations to do this by collecting, aggregating, and analyzing security logs and events from across their IT infrastructure. This data can be used to identify and respond to security threats, investigate security incidents, and comply with security regulations.

Management policies

A policy in Management is a general statement which is formulated by an organization for the guidance of its personnel. The objectives are first formulated and then policies are planned to achieve them. Policies are a mode of thought and the principles underlying the activities of an organization or an institution.

Business procedures and public laws   

Contract law, manufacturing and sales legislation, recruiting procedures, and business ethics are all included in the definition of business law. It refers to and relates to the legal regulations that govern business and trade in both the public and private sectors.

Payment system

The 'payments system' refers to arrangements which allow consumers, businesses and other organisations to transfer funds usually held in an account at a financial institution to one another.