be intercepted and compromised. Resources Threats to Service Availability. Invasions of the computer system could interrupt use of computer systems or even make the network crash. Threats from Repudiation. Fraud may be committed in an online transaction or the party may deny a transaction took place. Reputation If vulnerabilities of a company’s computer system are demonstrated or become known the reputation of the company will be harmed (FRATO 59). Technical descriptions of how attacks on a company computer via the Internet occur are beyond the scope of this paper. However, an overview of a few types of attacks will help with the later discussion of secure Internet commerce. Password based attacks involved some use of a password to gain access through security layers to privileged data or systems. A recent study found that 30% of all attacks were password based (LOEW 50). A brute force attack consists of attempting to use randomly generated passwords until entry is gained to a password-protected system. IP spoofing occurs when an attacker makes his computer appear to another computer or host to be a trusted party and tricks that computer or host into releasing sensitive data allowing the attacker’s computer access to a privileged system. IP spoofing can be technically difficult, but computer analysis indicates it is a significant security threat (LOEW 43). Network Snooping/Packet Sniffing involves intercepting packets or messages on the Internet between the sender or source and the intended destination host. Snooping or Sniffing is something like “bugging” an old-fashioned voice communication such as a telephone line. Using this technique, an invader can capture company passwords and intercept sensitive messages. Snooping/Sniffing is one of the most difficult types of invasion to defend against, and in the last few years, hundreds of thousands of these types of attacks have occurred (LOEW 46). S...
