SET is a protocol which is used for sending credit card information over the Internet. It consists of three major components as listed below:
- Electronic Wallet - stores the customer's credit card details in an encrypted file on the customer's computer. At the same time, the software associated with SET will produce a public and a private key for processing.
- SET Server - attaches the digitial signature to the encrypted credit card details received from customers and then, send them to the payment server located at the bank or credit card company.
- Payment Server - validates the credit card details received from the SET server located at the vendor and then, sends a receipt to both the vendor and the customer.
RSA is the most well-known public key cryptograpy system, which was developed by three professors: Ronald Rivest, Adi Shamir and Leonard Adelman at MIT. RSA128-bit encryption is an algorithm that uses a system of public and private keys to encrypt and decrypt messages over an insecure line (Ince 2004, p. 314). Normally, 128-bit is refering to a symmetric key size which is equivalent to a RSA 3072-bit asymmetric key size, in terms of the level of security (Kaliski 2003). Certainly, the longer the key size means the harder to be broken. Kirk (2007) claims that 'the strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributing-computing achievement'. Kaliski (2003) also points out that RSA1024-bit will be able to protect the security of data until 2010. By that time, the distributed computation capacity will be to break the encryption.
Both SET and RSA encryption can secure the data exchanged in the Internet, which is extremely important in e-commerce transactions.
What can you find out about network and host-based intrusion detection systems?
A network intrusion detection system (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by monitoring network traffic (Wikipedia 2009).
A host-based intrusion detection system (HIDS) consists of an agent on a host which identifies intrusions by analyzing system calls, application logs, file-system modifications (binaries, password files, capability/acl databases) and other host activities and state (Wikipedia 2009).
What is 'phishing'?
Webopedia (2009) gives the following definition of 'phishing'?
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.
- any typos on the address,
- whether the address is a masked address, and
- whethere extended validation SSL certificate is applied
References
Ince, D 2004, Developing distributed and e-commerce applications, 2nd edn, Harlow, Essex, UK: Addison – Wesley, pp 295-320.
Kaliski, B 2003, TWIRL and RSA Key Size, RSA Laboratories, 6 May, RSA Security, viewed 6 June 2009, <http://www.rsa.com/rsalabs/node.asp?id=2004>.
Kirk, J 2007, Researcher: RSA 1024-bit Encryption not Enough, PCWorld, 24 May, viewed 6 June 2009, <http://www.pcworld.com/article/132184/researcher_rsa_1024bit_encryption_not_enough.html>.
Wikipedia 2009, Intrusion Detection System, Wikipedia, The free encyclopedia, last modified 3 June 2009, Wikimedia Foundation, Inc., US, viewed 7 June 2009,
<http://en.wikipedia.org/wiki/Intrusion_detection_system>.
Webopedia 2009, phishing, last updated 1 May 2009, <http://www.webopedia.com/TERM/p/phishing.html>.
No comments:
Post a Comment