Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS5038 The Electronic Society

Published byKaylee Sanchez Modified over 10 years ago

Similar presentations

Presentation on theme: "CS5038 The Electronic Society"— Presentation transcript:

1 CS5038 The Electronic Society
Lecture 12: Security and Crime Online Lecture Outline Types of Attacks Security Problems Major security issues in online systems Security Risk Management Security Technologies

2 Attack Sophistication Vs. Intruder Knowledge
Go to presentations, overview, see trend Source: Special permission to reproduce the CERT ©/CC graphic © 2000 by Carnegie Melon University, in Electronic Commerce 2002 in Allen et al. (2000).

3 Types of Attacks Non-technical – phone or employee posing as administrator Buffer overflow – hide code at the end of a long entry DNS spoofing – change DNS tables or router maps Sniffing – listen to all packets on network Malicious code: Viruses – propagate locally Worms - propagate between systems Macro viruses and macro worms Trojan horses – e.g. posing as a game

4 Security Problems Example: Denial of service (DOS) – purchases are not made, ads are not seen Security and ease of use are antithetical to one another E.g. passwords, electronic wallets/credit card Security takes a back seat to market pressures E.g. trying to hurry the time to market Security systems are only as strong as their weakest points Security of a site depends on the security of the whole Internet – DOS, Knowledge of vulnerabilities is increasing faster than it can be combated - Hackers share secrets and write tools Flaws in ubiquitous applications – Outlook, Word Underreporting: in %; in % of organisations had serious attacks reported to law enforcement Why might a company not report a crime?

5 Security Concerns Filling a form at a simple marketing site:
User’s perspective Is Web server owned and operated by legitimate company? Web page and form contain some malicious code content? Will Web server distribute user’s information to another party? (or allow to be stolen) Company’s perspective Will the user attempt to break into the Web server or alter the site? Will the user try to disrupt the server so it isn’t available to others? Both perspectives Is network connection free from eavesdropping? Has information sent back and forth between server and browser been altered?

6 Major security issues in online systems
Privacy or Confidentiality trade secrets, business plans, health records, credit card numbers, records of web activity Authentication – for Web page, Something known – password Something possessed – smartcard Something unique – signature, biometrics Integrity – protect data from being altered or destroyed Financial transaction Non-repudiation – not denying that you bought something PAIN – for payment systems

7 Security Risk Management
Definitions involved in risk management Assets—anything of value worth securing Threat—eventuality representing danger to an asset Vulnerability—weakness in a safeguard Risk Assessment Determine organizational objectives Cannot safeguard against everything – limit to satisfying objectives Example: if Web site is to service customer complaints then top priority is to ensure no disruption – rather than protect data Inventory assets – value and criticality of all assets on network Delineate threats – hackers, viruses, employees, system failure Identify vulnerabilities - Quantify the value of each risk e.g. Risk = Asset x Threat x Vulnerability (Symantec.com)

8 Security Technologies
Firewall: Like a bouncer, has rules to determine if data is allowed entry More in CS5401 (For eTech class) Virtual Private Network (VPN) Encryption—scramble communications Intrusion Detection Systems (IDS) Automatically review logs of file accesses and violations Analyse suspicious activity for known patterns of attack Quiz 13

9 Summary Attack Sophistication Vs. Intruder Knowledge
Types of Attacks – non-technical, buffer overflow, malicious code Security Problems - ease of use, market pressure, weak links Security Concerns – e.g. filling a form Major security issues in online systems - PAIN Security Risk Management – assessment, planning, implementation, monitoring Security Technologies – firewall, VPN, IDS Quiz 14

10 QUIZ 13 hint for q. 5: look at q
QUIZ 13 hint for q.5: look at q.7 question 7 - guess you can guess question 9 skip question 12 q.13 answer is stateful packet inspection skip question 15

Download ppt "CS5038 The Electronic Society"

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
1 CS5038 The Electronic Society Security 1: Security and Crime Online Well begin with a look at whats out there. In Security 2, well think about it all.

1 CS5038 The Electronic Society Security 1: Security and Crime Online Well begin with a look at whats out there. In Security 2, well think about it all.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Prentice Hall, 2002 1 Chapter 13 E-Commerce Security.

Prentice Hall, Chapter 13 E-Commerce Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Information Systems

Securing Information Systems
Chapter 10 E-Commerce Security.

Chapter 10 E-Commerce Security.

Similar presentations

Ads by Google