Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Similar presentations


Presentation on theme: "Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security."— Presentation transcript:

1 Chapter 9 E-Security

2 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection & Recovery E-Security: Objectives

3 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 3 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence E-Security: Security in Cyberspace

4 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 4 WHY INTERNET IS DIFFERENT? E-Security: Security in Cyberspace Paper-Based CommerceElectronic Commerce Signed Paper DocumentsDigital Signature Person-to-personElectronic Via Website Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilityDifficult Negotiability

5 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 5 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Non-repudiation Firewalls E-Security: Conceptualizing Security

6 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 6 INFORMATION SECURITY DRIVERS Global trading Availability of reliable security packages Changes in attitudes toward security E-Security: Conceptualizing Security

7 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 7 PRIVACY FACTOR E-Security: Conceptualizing Security

8 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 8 DESIGNING FOR SECURITY Adopt a reasonable security policy Consider web security needs Design the security environment Authorizing and monitoring the system E-Security: Designing for Security

9 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 9 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature & level of risks Procedure of failure recovery E-Security: Designing for Security

10 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 10 DESIGN THE SECURITY ENVIRONMENT E-Security: Designing for Security SECURITY CONSULTANT Edit payment system CERTIFIED WEBSITE DATABASE CUSTOMER SERVICE CERTIFIED STAFF Verify IT Staff Integrity Guidelines Password Assignment Authorized link Verified Site Test data Exhibit - Logical procedure flow

11 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 11 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices E-Security: Designing for Security

12 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 12 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful E-Security: Designing for Security

13 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 13 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required E-Security: How Much Risk Can You Afford?

14 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 14 KINDS OF THREATS / CRIMES Physically-related Order-related Electronically-related E-Security: How Much Risk Can You Afford?

15 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 15 CLIENT SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack E-Security: How Much Risk Can You Afford?

16 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 16 SERVER SECURIY THREATS Web server with an active port Windows NT server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed & indexed E-Security: How Much Risk Can You Afford?

17 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 17 HOW HACKERS ACTIVATE A DENIAL OF SERVICE Break into less-secured computers connected to a high-bandwidth network Installs stealth program which duplicates itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victims network is overwhelmed & users are denied access E-Security: How Much Risk Can You Afford?

18 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 18 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvents security capabilities & causes adverse operation Incorporates into computer networks, files & other executable objects E-Security: Virus – Computer Enemy #1

19 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 19 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive Macro Virus –Exploits macro commands in software application E-Security: Virus – Computer Enemy #1

20 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 20 VIRUS CHARACTERISTICS Fast –Easily invades and infects computer hard disk Slow –Less likely to detect & destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence E-Security: Virus – Computer Enemy #1

21 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 21 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the companys systems Update the latest anti-virus software periodically E-Security: Virus – Computer Enemy #1

22 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 22 BASIC INTERNET SECURITY PRACTICES Password –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchants network processing the order E-Security: Security Protection & Recovery

23 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 23 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

24 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 24 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track of what they did & notifies the system administrator E-Security: Firewall & Security

25 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 25 WHAT FIREWALLS CAN PROTECT services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

26 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 26 WHAT FIREWALLS CANT PROTECT Attacks without going through the firewall Weak security policy Traitors or disgruntled employees Viruses via floppy disks Data-driven attacks E-Security: Firewall & Security

27 Awad –Electronic Commerce 1/e © 2002 Prentice Hall 27 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

28 Chapter 9 E-Security


Download ppt "Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security."

Similar presentations


Ads by Google