×

SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community

CHANNEL BY TOPICS


QUICK LINKS




 

highpriority.gif (1355 bytes)
September 1999


rich.gif (5262 bytes)

Put On A Hacker-Proof Vest

BY RICH TEHRANI,
GROUP PUBLISHER, TMC


For decades, parents the world over have been asking their children, "Don't you have anything better to do than watch TV?" You've no doubt heard (or made) references to the "boob tube" or "idiot box," condemning this much-maligned appliance for keeping children from using their brains and reading books.

Enter the late 1990s and the new world of cyberspace. Internet access on the personal computer is often a parent's dream as it is the gateway to mass amounts of information and educational topics for children around the globe. Children love the medium because they control the information they receive more than they can on TV. Parents like the idea that their kids are using the computer, which most perceive as a more productive way to spend time than watching "the box," as TV was referred to in my home as I grew up.

As a result, we now have millions of children watching less TV and spending their time surfing the Web instead. Most of these kids enjoy a challenge and understand computers better than their parents. However, the scenario is less idyllic than it sounds. Take, for example, a roguish, computer-savvy teenager and mix in eight hours of free time per day, sprinkle in a high-speed DSL or cable modem connection and add a dash of hacker newsgroup you have the perfect recipe for e-commerce heartburn. By the way, the heartburn I am referring to is yours that is, if your company has implemented or is about to implement an e-commerce solution. Your site is not safe from hackers. No site is. This is your wake up call. Please read the following column carefully and cc it to your colleagues. And please do take this column and e-commerce security very seriously. I would much rather write positive stories about e-commerce success than how your customer list was stolen off your Web site and sold to your competitors.

Lest you think I have anything against children, I don't. I simply think it's worthwhile to point out that if a child can break into your e-commerce site, anyone can. Take anyone literally, as in your competitor, your customer, your enemies or just some random, malicious person who found a hole in your system.

Since IBM has been making a huge e-business splash of late, I thought the company would be a great resource to tap into on the topic of e-commerce security. Recently I had a chance to ask IBM's program director of S/390 Security, Linda Distel, some questions about e-commerce security. The S/390 G6 Server is IBM's most powerful commercial enterprise server.

Here is the dialog that ensued:

Q: What is the first step in building a secure e-commerce site?

A: The first step to building a secure site is to know that the entire business system from the network level to the system level to the transaction level has to have security features and functions. Next, a business needs to develop a security policy and an action plan to implement the policy.

Q: What are all the possible holes that need to be plugged before attempting to set up such a site and protect it from hackers?

A:Unfortunately, there are many ways hackers can get into systems. They can get in through the outside, which is why firewall technology, which includes data encryption, packet filters, etc., can protect businesses from unwanted outsiders. Access to applications should be limited to those needed to conduct the transaction. For added security, businesses that often conduct transactions together over the Internet can also set up virtual private networks, which allow private communications over public networks.

Hacking can also occur within the company by its own employees. It is important to enforce strong password rules or other strong authentication methods such as using digital certificates in conjunction with a resource control manager.

Q: How do you ensure the privacy of your customer's confidential information, such as credit card numbers and unlisted phone numbers?

A: IBM and other technology companies, working in collaboration with VISA and MasterCard, helped establish the Secure Electronic Transaction (SET) standard for Internet bank card security, and developed the first merchant server based on SET. Using this standard, buyers and sellers authenticate their identities, helping to secure that those involved are who they claim they are, and that sensitive data remain confidential and are revealed only to the parties who need to know this information.

There is also the Secure Socket Layer (SSL), a de facto standard developed by Netscape. It provides a private channel between client and server, which helps ensure privacy of data, authentication of the session participants and message integrity. This technology is generally available as part of Web browsers and Web servers.

Q: What are some of the security standards that must be known inside and out by someone looking to build a secure e-commerce site?

A: Businesses building e-commerce Web sites should know about the Secure Socket Layer (SSL) that provides a private channel between client and server and helps ensure privacy of data, authentication of the session participants and message integrity.

They should also know about the Secure Electronic Transaction (SET) for conducting secure bank card payments over the Internet.

Q: What kind of security/encryption is provided for Web-based calls on an e-commerce site?

A: SSL, SET and Public Key Infra-structures use a set of standard encryption calls. They use RSA algorithms and DES and Triple DES. S/390 H/W crypto supports all of these algorithms. The set of standards that RSA supports includes the following:

(If some of these acronyms are foreign to you, I found a few references that may be helpful: www.rsa.com and www.whatis.com.)

  • Security Function Highlights
  • Data Privacy
  • Data Encryption Standard
    (DES) [56 bits]
  • (TDES) [168 bits]
  • Commercial Data Masking Facility
    (CDMF) [40 bits]
  • Data Integrity
  • Secure Hash functions (MDC, MD5, SHA-1)
  • Authentication
  • PIN Algorithms
  • Message Authentication
  • Code (Single Key MAC)
    (Double Key MAC)
  • Non-repudiation
  • Digital Signature (RSA/DSS)
  • Public Key Algorithms (RSA/DSS/ Diffie-Hellman)
  • Optional Trusted Key Entry (TKE)
    Uses public key cryptography and TDES to enforce multiple authority control and loading of Master Keys Security
  • FIPS 140-1 Level 4 (Certification)
  • LPAR
E-commerce is crucial to the future of all businesses and as more and more sensitive corporate information is connected to the Internet, it becomes vital that we take the necessary precautions to ensure our e-commerce solutions are secure from hackers and others. Please consider this brief interview and the article in this issue entitled “E-Commerce Security” by Kevin Grumball of Actinic Software as a starting point into the realm of securing your Web site. In the world of e-commerce security, as in life, there are few sure things. By taking the first steps in securing your site and continually keeping up-to-date with the latest security concepts, you will be assured at least a comfort level analogous to donning a hacker-proof vest.

Sincerely,

Rich Tehrani
Group Publisher
rtehrani@tmcnet.com 


CTI™ EXPO FALL 1999 Brings You 26 Unique Educational Opportunities

As we approach the new millennium, it is clear that the communications industry is growing at an incredible rate and it is impossible to keep up with all the new product announcements that straddle the edge of the once disparate space between telecom and datacom. The last decade has witnessed companies like Novell, Microsoft, Lucent, Cisco and others aid in opening the once proprietary world of telephony, enabling users of communications products and services the same levels of performance/price increases that the PC market takes for granted today. Beyond price and performance, the goal of the above companies and the communications industry as a whole has been to truly open communications so that developers can more easily produce products and services that are useful to a broad range of users.

Can you imagine how useful it would be to have every voice mail system open up and work together so you could transfer messages easily between each system? Don’t you find it ridiculous that we still can’t connect most voice mail systems? How much productivity is wasted because we can’t forward an important message from an office with brand X PBX to an office with brand Y PBX? In addition, how many times has the average user tried to conference or transfer an important phone call only to disconnect the line due to the truly arcane user interface provided by most every telephone executive or otherwise on the market?

There are dozens of products and services that allow voice mail to be sent as MAPI attachments or better yet, allow you to unify your e-mail, fax and voice mail into a single e-mail inbox. Moreover, GUI-based call control based on JAVA, HTML or the native OS has been around for years, empowering users to use their phone systems the way they were meant to, without the fear inherent in using the advanced features of today’s phone systems.

The communications market has seen so many product launches in recent history that it is almost impossible for us at TMC™ to keep up with it all, even though we have four publications devoted to covering the communications market. CTI, Internet Telephony, [email protected] Center Solutions™ and TMCnet.com are inundated with an aggregate of over a thousand new product announcements and feature updates from the vendor community per month! Mining the truly precious nuggets from the mountains of e-mail and paper releases consumes many of us who aim to provide you with the critical information that truly aids you in selecting the products you need to succeed.

Twice a year at CTI™ EXPO (our next event takes place December 7-9 in Las Vegas), we focus 100 percent on providing you the utmost environment that will aid you in the selection of the products you need to be aware of in the rapidly expanding field of call centers and voice/data convergence. As a former MIS director who had to select products for a living, I, too, had to make essential purchases for my organization that were vital to our future success. What I found in my career was that hands-on demonstrations of products and technologies in an environment that fostered true education, devoid of hype and sensationalism, was important in allowing me to weigh my options carefully and make truly successful product purchase decisions. We realize your time is limited and purchasing mistakes are intolerable even disastrous, so we at TMC consider ourselves your partner in making informed purchasing decisions.

Months of planning and organizing have gone into providing you with 26 unique events necessary to help you select the products you need. These educational events help a variety of attendee types because voice and data convergence affects a wide variety of organizations. The following list represents the basic profile of attendees who will benefit from attending CTI™ EXPO.

Call center management. Call center products have advanced more in the last few years than in the last decade! E-commerce, Web-based call control and multimedia call centers running on packet networks are just a few technologies you must be aware of to prepare your call center for the next millennium.

Enterprise users have dozens of product categories to explore that will dramatically increase their productivity and save many corporate dollars as well. Unified messaging, speech recognition, PC-PBXs and fax servers with Web-based administration are only a few of the products that no enterprise should be without. Internet telephony and Internet fax are saving many corporations millions of dollars per year on their phone bills!

Resellers. By now you’ve heard that products in the computer-telephony integration field are selling like crazy. The data VAR and Interconnect of yesterday are history. Only a converged reseller, able to handle the needs of its customers’ voice and data requirements, can compete effectively in this new, ultra-competitive converged network environment.

Developers. There are so many different platforms to consider. It used to be that board-level components were the only choice, but Lucent and Cisco and others now have open platforms to choose from as well. There are so many options and you should consider your choices carefully before producing your application.

The following 26 educational attractions are unique to CTI™ EXPO. Months of planning have gone into making this event the one you need to attend if you are considering any product purchases in the call center and voice/data convergence fields. Other than the conferences, every event listed below is available to exhibit hall attendees who can register for free if they do so before the September 27 deadline.

Six new objective and educational Learning Centers encompassing Linux Telephony, Wireless CTI, Next-Gen Call Center Technology, CT Media, Develop- ment/Testing and Public Network CTI.

Live, Multimedia Blended Call Center showing the power of connecting agents over IP and ATM.

Live CRM Demonstration: The products and technology that enable leading-edge customer relationship management (CRM). You’ll see field sales, support and back-office stations working in synergy.

Six on-target and objective Conference Tracks: Call Center Technology, Human Resources in the Call Center, Next-Gen Services, Internet Telephony, CTI Tech-nology and a Development Track.

Six dynamic Keynotes from industry leaders.

A Next-Gen Telco In A Booth allows you to see leading-edge services made possible through the use of IP telephony networks. Examples include converged billing and Internet fax.

Live Office Of The Future: Demon-strating a state-of-the-art, productivity-enabled office. Examples include unified messaging, GUI-based call control and video conferencing.

A Demo Theater showcasing about a dozen unique vendor presentations of the latest products on the market.

ConvergeNET: An interoperable IP telephony network that encourages multivendor standards compliance in a real-world setting. Before you make your next purchasing decision, come see if the vendors you are considering purchasing from are committed to interoperability.

Consultants’ Corner: Talk to an industry expert about your specific technology needs and get valuable recommendations.

Networked Home Pavilion: Affordable remote computing, call center and CTI products for the SOHO market.

At TMC we understand that there are many trade shows to choose from and that is why we endow each of our expos with leading-edge educational opportunities that are unique and critical to your career allowing you to make informed purchasing decisions that you won’t regret later. You come to shows to evaluate products, and by attending CTI™ EXPO, you will be sure to acquire all the information you need to make intelligent decisions in a fast-growing field. I urge you to register immediately at www.ctiexpo.com. Registering before September 27 will save you $25. We hope to see you there.







Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2023 Technology Marketing Corporation. All rights reserved | Privacy Policy