Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.

Published byAnnabelle Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues."— Presentation transcript:

1 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues

2 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall2 Learning Objectives List the major threats to networked information systems Suggest a security measure for each threat to networked information systems Explain encryption and how it supports electronic signatures and digital certificates

3 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall3 Learning Objectives Contrast the legitimate data-gathering needs of businesses and government with individual privacy concerns Discuss how the increased use of the Internet increases threats to privacy Explain the relationship between consumer profiling and privacy issues

4 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall4 No security? No privacy? No commerce! Online security From a corporate perspective - the ability to protect information sources from unauthorized access, modification, or destruction From a consumer perspective - the perceived guarantee that no unauthorized party will have access to the transaction information

5 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall5 Privacy concerns: Most people resent losing control of the collection and use of their personal information Controversial issue

6 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall The threats

7 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall7 Hacking Hacker Hacker - a person who accesses an information system resource without permission Almost always the first step towards criminal activity

8 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall8 Web site page defacement The malicious alteration of text, graphics, or audio content of pages May range from a cyber equivalent of graffiti to valid pages being replaced with offensive comments

9 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall9 Viruses Computer virus - a malicious program that spreads through the exchange of files on disks or through networks Viruses that spread on their own through networks are also called worms Viruses that have to be downloaded are called Trojan horses

10 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall10 Denial of service (DoS) Occurs when, due to hectic malicious activity, an organization cannot serve its clients Flooding the servers with logins Distributed denial of service zombies Distributed denial of service (DDoS) - the attackers “hijack” hundreds of systems (zombies) that simultaneously attack a site Impossible to stop

11 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall11 Spoofing Usually means deception with the purpose of gaining access, or making users thing that they are logged on a given site, when in reality they are logged on to another site Done by taking advantage of vulnerabilities of the DNS system A serious spoofing attack may result in massive fraud

12 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall The remedies

13 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall13 Authentication and confidentiality Authentication - the ability of the system to verify that the users are who they “say” they are Access codes “what you know”: “what you know”: userID and password “what you are”: “what you are”: biometrics Unique physical features used for authentication

14 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall14 Confidentiality = no one except the user and the system (or counterpart in an exchange) is able to know the content of an exchange Encryption Encryption methods Can also be used for authentication

15 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall15 Transparency Trade-off between security and convenience TRANSPARENCY TRANSPARENCY is achieved when security measures are in place but are not noticeable to the users

16 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall16 Firewalls Firewall - hardware and software whose purpose is to block access to certain resources Controls communication between a trusted network and the “untrusted” Internet

17 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall17 DeMilitarized Zone (DMZ) approach - the link between 2 servers, one of which is a proxy server proxy server A proxy server “represents” another server for all information requests Operated by an ISP Double firewall architecture: both the internal network server and the proxy server employ firewalls

18 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall18 Antispoofing measures The telecommunication companies that operate parts of the Internet must adopt spoof-proof software Encryption based DNS Security (DNSSEC) Ex.: DNS Security (DNSSEC) allows Web sites to verify their domain names and corresponding IP addresses using digital signatures and public key encryption

19 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall19 Backup Ideally, backup files should be updated in real time The backup fully reflects the original Backup files should be stored off-site Specialized companies

20 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Encryption and its applications

21 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall21 Encryption Encryption - the conversion of data into a secret code Decryption - the conversion of the secret code back into readable data key(s) Mathematical algorithms based on key(s) The algorithm is not secret, only the key is

22 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall22 The key is a binary number, 40 to 128 bits long The larger the key, the more difficult it is to decipher the secret code The key is used both in encrypting and in decrypting the data

23 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall23 Symmetric keys: Both sender and recipient use the same, agreed upon, key Difficult when the same person has to communicate with many people A different key is required for each recipient

24 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall24 Asymmetric keys: The sender uses one key to encrypt the message, while the receiver uses a different related key to decrypt it Most common: public key method Each person has both a private and a public key The private key is secret, while the public key is freely distributed

25 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall25 Electronic signatures Several forms: User signs with a stylus on a special pad Use a biometric of the signer

26 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall26 Digital signatures An encrypted digest of the text that is sent with a message Authenticates Authenticates the sender of the message message was not altered Guarantees that the message was not altered Involves two phases: hashing algorithm The encryption software uses a hashing algorithm to create a message digest message digest The message digest is encrypted using a private key

27 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall27 Digital certificates Files that serve as the equivalent of ID cards Must be used by both buyers and sellers to authenticate a digital signature Issued by certificate authorities Also issue private and public keys

28 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall28 A digital certificate contains: Its holder’s name A serial number Expiration date The holder’s public key The digital signature of the certificate authority

29 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall29 Secure Sockets Layer, SHTTP, and PGP Secure Sockets Layer (SSL): Uses public key encryption The most popular security standard on the Internet Secure HyperText Transport Protocol (SHTTP): An alternative to SSL that only works with HTTP

30 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall30 Pretty Good Privacy (PGP): Used for secure private communications Works in conjunction with the e-mail program Must register the public key with a PGP server

31 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall31 Business continuity plans Almost all businesses are dependent on the continuous availability of information systems Especially important for online businesses Downtime - the time during which systems are not functional

32 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall32 Companies must have a clear business continuity plan Also known as business recovery plan Encompass: Hardware Software People Tasks Must be periodically reexamined

33 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Privacy The ability of individuals to control information about themselves

34 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall34 not Generally, the law does not give people ownership of information about themselves Legal limits on the collection and dissemination of information exist implied Right to privacy is implied in the US Constitution

35 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall35 Threats to individual privacy: Government So far, the Internet has been used very little to collect information about citizens Business Always interested in information about their customers Especially true about retailers

36 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall36 Business needs Consumer information used primarily to provide better customer service, and more effective targeted marketing Individuals’ fears Consumer profiling Customer data as a saleable asset To self-regulate or not to self-regulate?

37 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall37 Monitoring at the work place E-mail privacy E-mail policies Web-browsing privacy Policies about surfing the net for nonbusiness purposes

38 Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues

Download ppt "Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.

Chapter 10 Security On The Internet. Agenda Security Cryptography Privacy on Internet Virus & Worm Client-based Security Server-based Security.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Implementing Electronic Commerce Security

Implementing Electronic Commerce Security
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Similar presentations

Ads by Google