Many early network protocols, that now form part of the internet infrastructure, were designed without security in mind. A fundamentally insecure infrastructure and an extremely dynamic environment-in terms of both topology and emerging technology make network defense extremely difficult. Because of the inherent openness of internet and the original design of the protocols, internet attacks in general are quick, easy,inexpensive, and many a time hard to detect or trace.

Attacks can be launched readily from any remote corner of the world, with the location of the attacker being easily hidden. It is not always necessary to "break-in" to a site to compromise confidentiality, integrity, or availability of its information or services. In spite of this it is common for sites to be ignorant of the risks or unconcerned about the amount of trust they place in the internet.

They are blissfully unaware of what can happen to their information and systems, and are under the illusion that their sites will not be targeted, or that precautions they have taken are sufficient. Because technology is constantly changing and intruders are constantly developing new tools and techniques, solutions do not remain effective indefinitely.

Since much of the traffic on the internet is not encrypted, confidentiality and integrity are difficult to achieve. This situation undermines not only applications, but also more fundamental mechanisms such as authentication and non-repudiation. As a result, sites may be affected by a security compromise at another site, over which they have no control. Another factor that contributes to the vulnerability of the internet is the unplanned growth and use of the network, accompanied by rapid deployment of network services, and involving complex applications.

The swift emergence of new products, in the rush to capture a share of the lucrative market, has compromised the security, because these services are not designed, configured, or maintained securely.

Sources of Technical Vulnerabilities :-

1. Flaws in Software or Protocol Designs

2. Weaknesses in System and Network Configurations

3. Weaknesses in Implementation of Protocols and Software

Type of Incidents :-

Broadly speaking some of the common network security incidents are defined as follows:

1) Probe: A probe is characterized by unusual attempts to gain access to a system, or to discover information about the system.

2) Scan: A scan is simply a large number of probes, done by using an automated tool. Scans can sometimes be the result of mis-configurations or other errors, but they are often a prelude to a more directed attack on systems whose security can be breached. 

3) Account Compromise: An account compromise is the unauthorized use of a computer account by someone other than the account owner, without involving system ' level or root level privileges. It might expose the victim to serious data loss, data theft, or theft of services.

4) Root Compromise: A root compromise is similar to an account compromise , except that the account that has been compromised has special privileges on the system. Packet 5) Sniffer: A packet sniffer is a program that captures data from information packets, as they travel over the network. This data may include user names, passwords, and proprietary information that travels over the network in unencrypted format.

6) Denial of Service: The goal of the denial-of-service attack is to prevent legitimate users from using a service. A denial-of-service attack can come in many forms. Attackers may “flood" a network with large volumes of data, or deliberately consume a scarce or limited resource such as process control blocks or pending network connections.

7) Exploitation of Trust: Computers connected via networks enjoy privileges or trust relationships with one another. For example, the computer checks a set of files, that specify which other computers, on the network are permitted to use those commands before executing some commands. 8) Malicious Code: Malicious code is a generic term for programs that cause undesired results on a system when executed. Such programs are generally discovered after the damage is done. Malicious code includes Trojan horses, viruses, and worms.

9) Internet Infrastructure Attacks: These attacks involve the key components of the internet infrastructure rather than the specific systems on it. Such attacks are rare, but have serious implications on a large portion of the internet.

#ecommerce #ecom