Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Commerce & Bank Security By: Mark Reed COSC 480.

Published byLinette Oliver Modified over 8 years ago

Similar presentations

Presentation on theme: "E-Commerce & Bank Security By: Mark Reed COSC 480."— Presentation transcript:

1 E-Commerce & Bank Security By: Mark Reed COSC 480

2 Outline Introduction Introduction Definition Definition Security Challenges Security Challenges Security Terms Security Terms Common Threats Common Threats Security Practices Security Practices Protecting Yourself Protecting Yourself

3 Introduction “Total eCommerce sales for 2006 were estimated at $108.7 billion. This represents an increase of 23.5% over 2005,” according to the U.S. Census Bureau’s E-Commerce Survey. “Total eCommerce sales for 2006 were estimated at $108.7 billion. This represents an increase of 23.5% over 2005,” according to the U.S. Census Bureau’s E-Commerce Survey.

4 What is Security? Dictionary Definition: Protection or defense against attack, interference, espionage, etc. Dictionary Definition: Protection or defense against attack, interference, espionage, etc. Computer Science Classification: Computer Science Classification: Confidentiality – protecting against unauthorized data disclosure Confidentiality – protecting against unauthorized data disclosure Integrity – preventing unauthorized modification Integrity – preventing unauthorized modification Availability – preventing data delays or denials Availability – preventing data delays or denials

5 Security Challenges

6 Security Terms Authentication – originator can be verified Authentication – originator can be verified Integrity – information has not been altered by an unauthorized person or process Integrity – information has not been altered by an unauthorized person or process Non-repudiation – proof of participation by the sender and/or receiver of a transmission Non-repudiation – proof of participation by the sender and/or receiver of a transmission Privacy – individual rights to nondisclosure Privacy – individual rights to nondisclosure

7 Threats Social Engineering – mislead the end user Social Engineering – mislead the end user Man-in-the-middle – listen between client/sever Man-in-the-middle – listen between client/sever Man-in-the-browser – redirect end-user to counterfeit sites to steal credentials Man-in-the-browser – redirect end-user to counterfeit sites to steal credentials

8 Threats Cont. Malware – poison hosts file and/or DNS to re- direct the user to counterfeit sites Malware – poison hosts file and/or DNS to re- direct the user to counterfeit sites Trojan Proxy – http redirector that re-directs all traffic to a Proxy and sends to the attacker Trojan Proxy – http redirector that re-directs all traffic to a Proxy and sends to the attacker

9 Malware/Phishing Attack Poisoning the hosts file to re-direct entries Poisoning the hosts file to re-direct entries

10 Spam “Spam accounts for 9 out of every 10 emails in the United States.” “Spam accounts for 9 out of every 10 emails in the United States.” MessageLabs, Inc. MessageLabs, Inc. Main source of phishing attacks Main source of phishing attacks Not a secure transmission method Not a secure transmission method

11 Ecommerce Architecture Support for peak access times Support for peak access times Replication and mirroring to avoid denial of service attacks Replication and mirroring to avoid denial of service attacks Security of web pages through certificates and network architecture to avoid spoofing attacks Security of web pages through certificates and network architecture to avoid spoofing attacks

12 Security Challenges Client side security Client side security Prevent unauthorized access to stored information Prevent unauthorized access to stored information Sever-side security Sever-side security Prevent unauthorized access while allowing authorized user to connect Prevent unauthorized access while allowing authorized user to connect Application and Database server security Application and Database server security Use security layers between the servers Use security layers between the servers

13 Client Side Security Protect information stored on the client system Protect information stored on the client system Use of digital signatures and encryption can reduce non-repudiation security attacks Use of digital signatures and encryption can reduce non-repudiation security attacks Communication security such as secure HTTP Communication security such as secure HTTP

14 Server-side Security Place application and database server behind a firewall in a demilitarized zone (DMZ) Place application and database server behind a firewall in a demilitarized zone (DMZ) Do not store sensitive information such as credit card numbers and SSN on web servers Do not store sensitive information such as credit card numbers and SSN on web servers Turn off all unnecessary services and block any unused ports Turn off all unnecessary services and block any unused ports

15 Application & Database Security Application server should shield that database server from direct contact with web servers Application server should shield that database server from direct contact with web servers Database servers should be completely isolated from the internet and any other unsecure server Database servers should be completely isolated from the internet and any other unsecure server User passwords when retrieving sensitive information from the database server User passwords when retrieving sensitive information from the database server

16 Company Security Precautions Defense-in-depth strategies that use multiple, overlapping and mutually supportive systems Defense-in-depth strategies that use multiple, overlapping and mutually supportive systems Antivirus, firewall, and intrusion detection/prevention Antivirus, firewall, and intrusion detection/prevention Update software patches on public systems Update software patches on public systems Block possible harmful email attachment exts. Block possible harmful email attachment exts.

17 Security Strengthening Multi-layer protection approaches Multi-layer protection approaches Secret image authentication Secret image authentication Using hardware authentication (serial number) Using hardware authentication (serial number)

18 Amazon PayPhrase

19 Avoid Security Threats Do not provide passwords, account numbers, or other personal information through email Do not provide passwords, account numbers, or other personal information through email Do not trust links in emails or on websites Do not trust links in emails or on websites Check for the lock icon in the address bar of your browser Check for the lock icon in the address bar of your browser

20 Secure Your PC Maintain up-to-date antivirus, spyware and firewall protection Maintain up-to-date antivirus, spyware and firewall protection Keep your operating system and applications up-to-date with security patches Keep your operating system and applications up-to-date with security patches Avoid transaction at wireless hotspots Avoid transaction at wireless hotspots

21 Conclusion Introduction Introduction Definition Definition Security Challenges Security Challenges Security Issues Security Issues Security Practices Security Practices Common Threats Common Threats Protecting Yourself Protecting Yourself

22 Sources Al-Slamy, Nada. "E-Commerce security." IJCSNS International Journal of Computer Science and Network Security 8.5 (2008): 5. Print. Al-Slamy, Nada. "E-Commerce security." IJCSNS International Journal of Computer Science and Network Security 8.5 (2008): 5. Print. Browning, Bob. "Electronic Commerce Tutorial Part 1 - Web Developer's Journal." Web Developer's Journal - Tips on Web Page Design, HTML, Graphics and Development Tools. N.p., n.d. Web. 26 Feb. 2010.. Browning, Bob. "Electronic Commerce Tutorial Part 1 - Web Developer's Journal." Web Developer's Journal - Tips on Web Page Design, HTML, Graphics and Development Tools. N.p., n.d. Web. 26 Feb. 2010.. Ghosh, Anup K.. "Journal of Internet Banking and Commerce." ARRAY Development. N.p., n.d. Web. 26 Feb. 2010.. Ghosh, Anup K.. "Journal of Internet Banking and Commerce." ARRAY Development. N.p., n.d. Web. 26 Feb. 2010.. "Computer Laboratory Security Group: Banking security." The Computer Laboratory. N.p., n.d. Web. 25 Feb. 2010..

Download ppt "E-Commerce & Bank Security By: Mark Reed COSC 480."

Similar presentations

1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Quiz Review.

Quiz Review.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
1 6 Chapter 6 Implementing Security for Electronic Commerce.

1 6 Chapter 6 Implementing Security for Electronic Commerce.
Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.

Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Similar presentations

Ads by Google