Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELC 200 Day 22 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy!

Published bySabrina Bishop Modified over 8 years ago

Similar presentations

Presentation on theme: "ELC 200 Day 22 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy!"— Presentation transcript:

1 ELC 200 Day 22 E-Security

2 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy! Assignment #7 corrected –13 A’s, 1 B, 1 C and 3 non-submits –Short discussion on results Quiz 4 (last) will be April 29 Chap 13, 14, & 15 Assignment 8 (next to last) is on next slide –One more, will count best 8 out of 9 Should be progressing on Framework Lecture/Discuss E-security

3 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 3 Assignment # 8 On Page 435 Answer Discussion Questions 1, 2 & 3 –Answers should be well reasoned and explained in under one page per question (1 page is not enough, more than 3 is too much) –Turn in a well formatted typed response sheet –Due Tuesday, April 19 at start of class

4 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 4 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection & Recovery E-Security: Objectives

5 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 5 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence E-Security: Security in Cyberspace

6 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 6 WHY INTERNET IS DIFFERENT? E-Security: Security in Cyberspace Paper-Based CommerceElectronic Commerce Signed paper DocumentsDigital Signature Person-to-personElectronic via Website Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilitySpecial Security Protocol

7 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 7 Digital Signature Act (Oct 1, 2000) A contract or agreement in interstate or foreign commerce will not be denied legal effect, validity, or enforceability if the contract or agreement is in electronic form and is signed by an electronic signature. Note that the act covers only foreign and interstate commerce. Therefore, where both parties to a contract are in the same state, the law would not seem to apply. However, most states have enacted their own digital signature laws, which cover intrastate transactions. The Act permits, but does not require the use of an electronic signature. A legal requirement to furnish a record to a consumer in writing can be satisfied by an electronic record, so long as the consumer consents. A legal record retention requirement can be satisfied with electronic records.

8 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 8 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Non-repudiation Firewalls E-Security: Conceptualizing Security

9 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 9 INFORMATION SECURITY DRIVERS Global trading –On-line, real time Availability of reliable security packages –Good products…expensive Changes in attitudes toward security –Strategic asset E-Security: Conceptualizing Security

10 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 10 PRIVACY FACTOR E-Security: Conceptualizing Security

11 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 11 DESIGNING FOR SECURITY Adopt a reasonable security policy –Cost effective –Proactive Consider web security needs –Data sensitivity Design the security environment Authorizing and monitoring the system –Accountability –Traceability E-Security: Designing for Security

12 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 12 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature & level of risks Procedure of failure recovery E-Security: Designing for Security

13 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 13 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices E-Security: Designing for Security

14 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 14 Security Design Process Adopt a Security Policy That Makes Sense Authorize and Monitor The Security System Police The Security Perimeter Design The Security Environment Consider Web Security Needs

15 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 15 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful E-Security: Designing for Security

16 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 16 Web Logs

17 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 17 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required E-Security: How Much Risk Can You Afford?

18 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 18 KINDS OF THREATS / CRIMES Physically-related –Create physical changes Order-related –Manipulation of existing orders Electronically-related –Sniffers –Spoofers –Script kiddies E-Security: How Much Risk Can You Afford?

19 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 19 Snoop and Sniff

20 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 20 Day 23 Agenda Quiz 4 (last) will be April 29 Chap 13, 14, & 15 Assignment 8 (next to last) is on next slide –Due Tuesday April 19 –One more, will count best 8 out of 9 Should be progressing on Framework Lecture/Discuss E-security

21 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 21 Assignment # 8 On Page 435 Answer Discussion Questions 1, 2 & 3 –Answers should be well reasoned and explained in under one page per question (1 page is not enough, more than 3 is too much) –Turn in a well formatted typed response sheet –Due Tuesday, April 19 at start of class

22 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 22 How Hackers Hack Many Techniques –Social Engineering Get someone to give you their password –Cracking Guessing passwords A six letter password (no caps) –> 300 million possibilities Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary. –http://www.m-w.com/help/faq/words_in.htm –Buffer Overflows Getting code to run on other PCs –Load a Trojan or BackDoor –Snoop and Sniff Steal data –Denial of Service (DOS) Crash or cripple a Computer from another computer –Distributed Denial of Service (DDOS) Crash or cripple a Computer from multiple distributed computers

23 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 23 Maine’s Anti-Hacker laws 432. Criminal invasion of computer privacy 1. A person is guilty of criminal invasion of computer privacy if the person intentionally accesses any computer resource knowing that the person is not authorized to do so. [1989, c. 620 (new).] 2. Criminal invasion of computer privacy is a Class D crime. [1989, c. 620 (new).] Up to $2000 Fine and one year in jail §433. Aggravated criminal invasion of computer privacy 1. A person is guilty of aggravated criminal invasion of computer privacy if the person: A. Intentionally makes an unauthorized copy of any computer program, computer software or computer information, knowing that the person is not authorized to do so; [1989, c. 620 (new).] B. Intentionally or knowingly damages any computer resource of another person, having no reasonable ground to believe that the person has the right to do so; or [1989, c. 620 (new).] C. Intentionally or knowingly introduces or allows the introduction of a computer virus into any computer resource, having no reasonable ground to believe that the person has the right to do so. [1989, c. 620 (new).][1989, c. 620 (new).] 2. Aggravated criminal invasion of computer privacy is a Class C crime. [1989, c. 620 (new).] Up to $5000 Fine and five years in jail

24 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 24 The Digital Millennium Copyright Act (DMCA, 1998) Highlights Generally: –Makes it a crime to circumvent anti-piracy measures built into most commercial software. –Outlaws the manufacture, sale, or distribution of code-cracking devices used to illegally copy software. –Does permit the cracking of copyright protection devices, however, to conduct encryption research, assess product interoperability, and test computer security systems. –Provides exemptions from anti-circumvention provisions for nonprofit libraries, archives, and educational institutions under certain circumstances. –In general, limits Internet service providers from copyright infringement liability for simply transmitting information over the Internet. –Service providers, however, are expected to remove material from users' web sites that appears to constitute copyright infringement. –Limits liability of nonprofit institutions of higher education -- when they serve as online service providers and under certain circumstances -- for copyright infringement by faculty members or graduate students. –Requires that "webcasters" pay licensing fees to record companies.

25 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 25 CLIENT COMPUTER SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack E-Security: How Much Risk Can You Afford?

26 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 26 SERVER SECURIY THREATS Web server with an active port Windows 2000 server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed & indexed E-Security: How Much Risk Can You Afford?

27 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 27 HOW HACKERS ACTIVATE A DISTRIBUTED DENIAL OF SERVICE ATTACK (DDoS) Break into less-secured computers connected to a high- bandwidth network Installs stealth program which duplicate itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victim’s network is overwhelmed & users are denied access More Info –http://staff.washington.edu/dittrich/misc/ddos/http://staff.washington.edu/dittrich/misc/ddos/ E-Security: How Much Risk Can You Afford?

28 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 28 Distributed Denial-of-Service Attacks Distributed DOS (DDoS) Attack: Messages Come from Many Sources Server DoS Attack Packets Computer with Zombie Computer with Zombie Attacker Attack Command Attack Command

29 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 29 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvent security capabilities & cause adverse operation Incorporate into computer networks, files & other executable objects E-Security: Virus – Computer Enemy #1

30 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 30 How Viruses Work

31 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 31 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive –Older and rarely seen “in the wild” Macro Virus –Exploits macro commands in software application –Big problem with Microsoft software E-Security: Virus – Computer Enemy #1

32 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 32 VIRUS CHARACTERISTICS Fast –Easily invade and infect computer hard disk Slow –Less likely to detect & destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence E-Security: Virus – Computer Enemy #1

33 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 33 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the company’s systems Update the latest anti-virus software periodically Stay Current on Threats –http://www.us-cert.gov/current/current_activity.htmlhttp://www.us-cert.gov/current/current_activity.html E-Security: Virus – Computer Enemy #1

34 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 34 BASIC INTERNET SECURITY PRACTICES Password –http://www.crackpassword.com/http://www.crackpassword.com/ –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names –Password tutorialPassword tutorial Encryption –Coding of messages in traffic between the customer placing an order and the merchant’s network processing the order Good Resource –http://www.schneier.com/http://www.schneier.com/ E-Security: Security Protection & Recovery

35 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 35 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

36 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 36 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track what they did & notifies the system administrator E-Security: Firewall & Security

37 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 37 How Firewalls Work Firewall check Packets in and out of Networks –Decide which packets go through and which don’t –Work in both directions –Only one part of Security

38 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 38 WHAT FIREWALL CAN PROTECT Email services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

39 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 39 WHAT FIREWALL CAN’T PROTECT Attacks without going through the firewall Weak security policy ‘Traitors’ or disgruntled employees Viruses via floppy disks Data-driven attack E-Security: Firewall & Security

40 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 40 Cyber Protect DOD Training Tool for security Scenario –Defend a LAN –4 Qtr budgets –Spend money wisely Real world attack profiles

41 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 41 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

42 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 42 Firewall log

Download ppt "ELC 200 Day 22 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy!"

Similar presentations

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.

Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &

ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senn’s Information Technology, 3 rd Edition Chapter 14 Issues in Information.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Similar presentations

Ads by Google