chapter_10_exercise_and_case_study.rtf_x

ovenforksqueeΑσφάλεια

3 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

785 εμφανίσεις

IMED 2409


Chapter
10



Electronic Commerce Security

Assignment:




Complete Exercise
E3

(
2
00 WORDS
)



Complete
Case Problem

C1
.
Bibliofind
, P
arts 1

(
3
00
WORDS
)

& 3

(
3
00
WORDS
)


Exercise
3

Third
-
party assurance providers such as
BBBOnline
, Inc.,

and
Truste

sell their services
to businesses
that want to encourage Web site visitors to

trust them with their personal
information. Review the
Web site of one or more of these
third
-
party assurance providers
and identify the security features
the provider con
siders

important in Web sites that it
approves. Select two of the security features you
identify a
nd write a
200
-
word
explanation
of why the assurance provider considers these featur
es to
be important elements for
preserving the privacy of site visitor inf
ormation.



C
ase 1
.
Bibliofind

Bibliofind was one of the first Web sites to specialize in hard
-
to
-
find
and collectible books. The site
featured a powerful search engine for used and rare books. T
he search engine’s database was
populated with the results of Bibliofind’s daily surveys of a
worldwide network of suppliers.
Registered
site visitors could specify the title for which they were search
ing, a price range, and
whether
they were seeking a first edition. The site also allowe
d visitors to build a wish list that would
tri
gger
an e
-
mail when a specific book on the list became available.

Bibliofind had developed a large customer list, an excellent
reputation, and a solid network
of rare
book dealers, all of which made the company

an attracti
ve acquisition for other online
bookstores. In
1999, Amazon.com bought Bibliofind, but Bibliofi
nd continued to operate its own
Web site and
conduct its business as

it had before the acquisition.

Several years after the Amazon.com acquisition, B
ibliofind’s Web site
was hacked. The cracker had

gained access to the company’s
Web server and replaced the company’s Web pages with defaced

versions. Bibliofind shut down
its Web site for several days and undertook a complete review o
f its
Web site’s secu
rity. When
the company’s IT staff examined the server logs carefully, they
found that
the Web page hacking
was only the tip of the iceberg. Entries in the logs showed that attack
ers had
been accessing
Bibliofind’s computers for more than four months. Even
worse
, some of the crackers
had been
able to go through the Web servers to gain access to the computer
s that held Bibliofind
customer
information, including names, addresses, and credit card num
bers. That information had
been
stored in plain text files on
Bibliofind’s transaction servers.

Bibliofind called in state and federal law enforcement offic
ials to investigate the hacking
incidents and
sent an e
-
mail notification to the 98,000 customers
whose private information might
have been
obtained by the cracke
rs. The investigation did not result in an
y arrests, nor did it determine
the
identity of the intruders. Many of Bibliofind’s cust
omers were very upset when they
learned what had
happened.

A month after the hacking incident, Amazon.com moved Bibliof
ind int
o its zShops online mall
(zShops
was the original name of Amazon Marketplace). As an

Amazon zShop, Bibliofind could
process its
transactions through Amazon’s system and no longer needed
to maintain private information
about
its customers on its computers
;
however, the company had seen its reputation seriously damaged and
eventually
was closed down. A successful
business
was ended in large part because
had

it failed to
mainta
in adequate security over the
customer information it had gathered.

Required:

1.

In about
300 words
, explain how Bibliofind might have used firewalls to prevent the intruders

from gaining access to its transaction servers. Be specific about where the firewalls should

have
been placed in the network and what kinds of rules they should h
ave used to filter

network traffic
at each point.


3.

California has a law that requires companies to inform customers whose private information

might have been exposed during a security breach like the one that Bibliofind experienced.

Before
California enac
ted this law, businesses argued that the law would encourage

nuisance lawsuits. In
about
300 words
, present arguments for and against this type of

legislation.