Cyber security over the internet is the protection of internet-connected systems, including hardware, software, and data. Computer security or information technology security is the protection of computer systems from theft or damage to hardware, software, or electronic data, or unauthorized access. Cyber security is the practice of protecting systems, networks, and programs from digital attacks. Cyber securities are one of the most curial things in electronic commerce. Cyber stores or E-commerce transactions face greater e-transaction security risks due to insufficient internet safety from cybercriminals, Not only is hacking a huge risk for all online merchants, but accepting a fraudulent payment also comes at the cost of having to refund the charges. However, using the right tools will minimize the threat of fraud and in still trust within the user cyber protocol base. The most prevalent cyber security threats include phishing attacks, hacking, and IP spoofing, sniffing, denial of service, credit card fraud, data errors, or unprotected online services. The security solution is an essential part of any transaction that takes place over the Internet. Major security solutions are Digital Signature, Digital certificates, Digital envelopes, and SSL certificates. This paper presents a study of cyber security issues of e-commerce and provides possible solutions for them. This paperwork also makes the Internet or cyber safer for everyone.
In today’s internet world, everyone benefits from advanced cyber defense programs. At an individual level, cyber-security attacks can result in everything from identity theft, to extortion attempts, to the loss of confidential data like family photos, etc. Securing these and other organizations is essential to keeping our society functioning. Cyber security refers to a set of techniques or protocols used to protect the integrity of cyber networks, programs, records, or data from attackers, make damage, or unauthorized access from hackers. Cyber security is providing the tools, and procedures of protecting systems, networks, and programs from cyber-attacks. It makes protection of various internet assets from unauthorized access. Cyber securities provide reveals new vulnerabilities, educate internet users on the importance of cyber security, and provide open-source tools and education. The increasing use of the Internet improving the deployment of technology to protect the cyber. The Extension of the basic technologies to defense multicast communications is possible and can be expected to be implemented as multicast becomes more widespread all over the world. Cyber-attacks are usually tasks of modifying, accessing, corrupting, interrupting, or destroying sensitive information. Implementing effective cyber security is a challenge today because there are more devices than users, so attackers are also becoming more innovative and advanced in Technology. Every user of the internet is essential to give training on the computer security tools embedded to protect from cyber-attacks. Cyber security is the process of protecting cyber assets from unauthorized retrieves, application, modification, or destruction.
There are six dimensions of cyber security that must be Implemented during internet using Applications
- Integrity: It provides prevention against unauthorized attackers to data modification.
- No repudiation: It prevention against any one group party or individual from denying an agreement after the fact deal.
- Authenticity: identify the authentication of data resource
- Confidentiality: protection against unauthorized data interpretation or disclosure
- Privacy: provision of data access control and discover
- Availability: prevention against data delays or removal
Today Internet user uses E-Commerce and E-Media for transaction purpose. It is a methodology of modern business, which addresses the need for business development, increasing quality, reducing cost, and increasing the speed of delivery. Today world makes global communication and refers to the paperless exchange of business information using the following the key areas
Electronic Data Interchange
- Electronic Mail
- Electronic Cash
- Electronic Fund Transfer (EFT)
- Some other Network-based technologies
- Credit Card system
Main Types of cyber security threats
Any security needs a set of protocols that safely guide cyber applications and transactions. Security requirements protect companies, business agencies, and organizations from threats like credit card fraud, or risk and customer cyber rules trust, due to the inability to guarantee safe credit card system processing.
1) Phishing attacks.
Phishing attacks target users such as login information like user name, password, account no, credentials, and credit card numbers. Using social engineering, an attacker will pose as an entity to deceive a victim into opening an email, text message, or instant message.
2) Social engineering
Phishing is one of the types of social engineering attacks often used to steal user information, including login credentials and credit card numbers. The recipient or user is then tracked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a malware attack, or the hacking of sensitive information.
3) Cyber threat
Threats are anyone with the capability, technology, opportunity, and intent to do any unwanted harm. Potential threats can be foreign or domestic, internal or external, state-sponsored or element. There are no various types of cyber threats. Some are accidental, some are purposeful, and some of them are due to human errors. The most security threats under social engineering are phishing attacks, money thefts, data misuse, hacking, credit card frauds, and unsafe services.
4) Malicious code threats-
These code threats typically involve viruses, malware, worms, and Trojan horses. Viruses are external threats and can corrupt the files on the website if they find their way into the internal network. Viruses can be very dangerous as they destroy computer systems completely and can damage the normal working of the computer and its application. A virus always needs a host or users as they cannot spread by themselves. Worms are different and more serious than viruses. It places itself directly through the internet. It can infect millions of computers in a matter of just a few hours or seconds.
5) IP Spoofing-:
IP spoofing refers to IP address connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking or hiding a computer's IP address so that it looks like it is authentic. During this masking or hiding process, the fake IP address or duplicate IP address sends a malicious code message with an IP address that appears to be authentic and trusted or valid. In IP spoofing, IP headers are masked or duplicated through a form of Transmission Control Protocol in which spoofing discover and then manipulate or modify or access vital information contained in the IP header such as IP address and source and destination content information in details. Spoofing is when a malicious code party or hackers impersonates another device or user on a network in order to launch attacks against network hosts, steal data, hack information, spread malware, or bypass access controls.
6) Sniffing Attack -:
A sniffing attacker in the context of the internet or cyber network security, corresponds to theft or interception or analysing detail of data by capturing the network traffic using a sniffer. This is an application aimed at only reading or capturing network data information or the status of traffic. When data is transmitted across networks and data packets are not encrypted or not secure over the transmission channel.
This is a process of monitoring and capturing or viewing all data packets passing through a given network channel. Sniffers are used by network system administrators to monitor or analyze and troubleshoot network traffic. Attackers use sniffers to capture or read data packets containing sensitive information such as passwords, user names, account information, etc. Sniffers can be any app, protocol, hardware, or software installed in the system. The network or server will not be able to find or detect the return address of the attacker when sending the authentication, causing the server to wait or be unavailable before closing the connection of the network. When the server closes the connection, the attacker sends more authentication messages or information with invalid return addresses. Hence, the process of authentication and server wait will begin again and again, keeping the network or server busy or the server not found. Denials of services attacks are designed to make a machine or network resource unavailable to its users.
7) Distributed Denial of Service-:
Denial attacks are the most common forms of cyber-attack, with the number of globally distributed denials of service attacks increasing to Cyber networking. Denial of service refers to a cyber-attack resulting in victims being unable to access systems or receive the information and network resources because of that disrupting internet services.
Measures to ensure Security issues solutions
Encryption under cyber Cryptography is the process of encrypting data into an unreadable format, known as cipher text. It uses to protect data, payment information or account information, or emails, only those who possess a secure key can decrypt the messages into plain text. Encryption is the practice of encoding data to ensure the data can be securely relayed over the internet. It acts as one of the most effective methods in mitigating e-commerce security risks to protect data integrity and confidentiality.
Digital signature with digital certificate is the most important role in security. Computer User needs a digital certificate to digitally sign a document with encryption. If the user creates and uses a self-signed digital certificate the recipients of user documents will not be able to verify the authenticity of the user's digital signature at all. They will have to manually trust the user's self-signed verified and validated certificate.
A digital certificate, also known as a public key or asymmetric certificate, is used to cryptographically link ownership of a public key with the entity that owns it.
For digital certificates, the host sends a request which includes the user's distinguished name, user certificated number, user public key, and user signature. A domain name is a unique identifier for a user or every host for which applying for a certificate. The CA (certificate authority) checks the user's valid signature using the user's public key and performs some level of verification of the user's identity. After verification, the CA sends the user a signed digital certificate that contains the user-distinguished name, user server name, user public key, and the signature of the certificate authority or verification. The user stores this signed certificate in the user key database as record storage.
Shell security certificates use data files to secure a cryptographic key protect to a company’s file. Shell SSL certificate is installed on a network server, it uses specific protocols and algorithms to facilitate a secure connection from the server to browsers’ certificates authenticate the identity of the user business, and secure or protect the data in transit after the checkout points. This keeps user organizations and user customers protected from having financial or important information compromised by hackers or attackers.
Internet service provider (ISP) provides internet over server using shell SSL which provides a secure channel over an unsecured network in a client-server architecture, connecting client applications with server protection. The protocol specification differentiated between two version types, referred to as SSH1 and SSH2. Shell is generally used to access various operating systems and networks.
This paper studies the issues and solutions of professional and security attackers and defense in cyber or internet systems. Current technology allows for security to be less than recovering data from a victim of an attack. There is a need of controlling, monitor, audit and take action to attain the highest level of security. The paper provides all possible solutions and needs to know security threats using multiple keys will help in increasing security. This paper also comes to know security threats, their countermeasures as well as awareness between users and websites. The risk of identity thefts or attackers, marketplace, and privacy issues will always exist. Cyber Security comes into the picture in many daily activities, although sometimes it can be difficult to distinguish between a security attack and an ordinary human or technological breakdown.