According to an article entitled "Three Vulnerability Assessment Tools Put to the Test"
Vulnerability assessment systems scan operating systems and applications for potential problems, such as the use of default passwords or configurations and open ports. This can give administrators a head start in fixing problems and will, hopefully, let IT organizations more effectively beat bad guys to the punch."
The above factors are only true when vulnerability systems find all the problems that may be present in an application.
Research has often demonstrated a gap between the best vulnerability assessment tools and the weaknesses in a test network. However IT employees who are responsible for securing IT assets will find the use of a vulnerability assessment tool beneficial even if all it does is eliminate some of the monotonous work they are confronted with.
When vulnerability assessment tools were first made available, scanning was the primary method utilized. However, today there are also tools such as intrusion-detection software (IDS); this software is different from scanning software in that it works by looking for patterns of illegitimate network traffic that might be consistent with a breach of the system. On the other hand, scanners work by identifying whether or not a computer's actual configuration is vulnerable to attack. In other words the IDS is reactive, whereas the scanning software is proactive.
EBay and Amazon
Now that we have discussed the general vulnerabilities that online businesses are confronted with, let us focus on and compare some of the vulnerabilities that specific companies have to deal with. As it relates to this aspect of the discussion we will focus on EBay and Amazon, two of the largest online businesses in the world.
EBay is the largest internet auction site in the world. The company has been able to generate billions of dollars a year by simply serving a host site fro people all around the world that want to offer products for sale. Although the company has been extremely successful, the very structure of the company makes it vulnerable to some very unique threats.
The first of which is auction fraud. Auction fraud is the most reported type of internet fraud and cost EBay and consumer millions of dollars each year. This type of fraud occurs in several different ways. The primary way that this type of fraud is committed involves sellers that advertise a product, the buyer or winning bidder pays for the product and the product is never received. An article entitled Online Auction Fraud: Are the Auction Houses Doing All They Should or Could to Stop Online Fraud?
Some online sellers have put items up for auction, taken the highest bidder's money, and never delivered the merchandise. In addition, consumers who paid by certified check or money order have little recourse when it comes to getting their money back.(21) With fraudulent online auction users recognizing the difficulty in retrieving a check or money order, it is not surprising that payment by check or money order accounts for ninety-three percent of fraudulent payments.
This type of fraud is problematic for EBay because if the seller never receives the product the buyer can then refuse to accept the charges and EBay will not get there commission from the sell.
To avoid this problem the company has attempted to implement several safeguards that include allowing the buyer to file a complaint with EBay. EBay then investigates such claims and attempts to rectify the situation. The company also allows buyers and sellers to leave rating for one another. On EBay an individuals ratings help others to determine whether or not the buyer or seller is trustworthy and whether doing business with the individual will end in a successful transaction. If potential buyers see negative ratings there are less likely to do business with that individual.
As it relates to more general threats such as identity theft EBay attempts to use safeguards such as password protection and usernames to safeguard the personal information of users. The company also recommends that users change their passwords frequently, as this decreases greatly the likelihood of their identities being compromised.
Although EBay has attempted to implement many safeguards, the company has experienced major problems with "Spoof Emails." According to Ebay's Security Center this is actually a form of Phishing. The company explains
Some thieves on the Internet, simply go fishing, or 'phishing', as the practice has come to be known, trolling the sea of online consumers in hopes of netting unsuspecting victims. One method of phishing is the sending of 'spoof' (fake) emails, which copy the appearance of popular Web sites or companies in an attempt to commit identity theft or other crimes."
These are emails that are sent to members supposedly from eBay. These emails assert that there is some type of problem with the member's account and their username and password is needed to address the problem. The individuals that send the emails then use this information to enter member accounts and in many cases charge the credit cards of members or place ads in their name. To combat this issue eBay warns members to always log into the official eBay site, because it provides a list of all the emails that have been sent to the member by eBay. If an email is not contained in the list, it is a fake email and should be discarded.
As it relates to Amazon, the company faces a great deal of threats simply because of the size of the company and the types of service that it offers. Amazon is unique in that it is a type of online mall that provides a central location for consumers to shop for the products of different vendors. For instance, the company sells products from Target, Guess and circuit city. All of these businesses also have their own websites but also offers products through Amazon.
Amazon allows customers to save their personal information such as credit cards and shipping addresses. Although this is convenient for the customer it creates certain vulnerabilities for the company. To keep this information safe, the company has assigned a username and password for each user. In addition, once customers confirm this information they are taken to secure sites and credit card numbers are never displayed on any screens.
Amazon also has experienced problems associated with spoof emails and confronts this issue in much the same way as EBay.
The purpose of this discussion was to examine the front-end and back-end threats associated with the online business industry. In addition the research will compare and contrast the strategies of EBay and Amazon in eliminating their losses and gaining market share in the U.S. The research found that these front-end and back end threats make businesses and their customers vulnerable. The research also found that analysis and assessment tools assist these businesses in eliminating or reducing these vulnerabilities.
Sumit Kundu, Nitish Singh. 2002. Explaining the Growth of E-Commerce Corporations (ECCs): An Extension and Application of the Eclectic Paradigm. Journal of International Business Studies. Volume: 33. Issue: 4. Publication Year: 2002. Page Number: 679+.
Wright Color Graphic Dictionary. http://www.wrightcolorgraphics.com/f.htm
Back End Systems. http://retailindustry.about.com/library/terms/b/bld_backend.htm
Mike Harris. What is E-commerce.
Jeff Sovern Stopping Identity Theft. Journal of Consumer Affairs. Volume: 38. Issue: 2. Publication Year: 2004. Page Number: 233+.
Amanda Andress. Surviving Security: How to Integrate People, Process, and Technology. Auerbach Publications; Boca Raton, FL. 2003.
Cameron Sturdevant. Three Vulnerability Assessment Tools Put to the Test http://www.eweek.com/article2/0,1759,1653587,00.asp.July 14, 2003.
Tiernan Ray. Think Like a Hacker: The Best Scanning Tools E-Commerce Times http://www.ecommercetimes.com/story/31356.html
James M. Snyder. Online Auction Fraud: Are the Auction Houses Doing All They Should or Could to Stop Online Fraud. Federal Communications Law Journal. Volume: 52. Issue: 2. 2000. Page Number: 453.
20 EBay Security and Resolution Center. http://pages.ebay.com/securitycenter/stop_spoof_websites.html08/16/03
Identifying Phishing or Spoofed E-mails. http://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=15835501