E-business and Network Security Done by: Zeyana Saif Alkindi
e-Business vs e-Commerce Improving business performance through low cost and open connectivity: New technologies in the value chain Connecting value chains across businesses in order to : Improve service/reduce costs Open new channels Transform competitive landscapes E-Commerce: marketing selling buying of products and services on the Internet This is our definition. Yours may be just as valid. e-Commerce is largely what you see in the press: transactions using open networks. Often also concentrated on consumer commerce over the world wide web. e-Business is the use of information networks to gain competitive advantage Universal connectivity between enterprises and value chains Process enhancement Innovative business models e-Business is different than e-commerce - e-business is about blowing up your business model - much broader than selling books on the Internet e-Business is more than selling and marketing online!
Web Concepts for E-Business Client/Server Applications Communication Channels TCP/IP
Client/Server Applications Request Client Server Response
Communication Channels Internet Client Server Intranet Extranet
OSI Model Application Allows access to network resources Presentation Translates, encrypts and compresses data Session Establishes, manages and terminates sessions Transport Provides end-to-end message delivery & error recovery Network Moves packets from source to destination; Provides internetworking Data Link Organizes bits into frames; Provides node-to-node delivery Physical Transmits bits; Provides mechanical and electrical specifications
B2C Transaction ISP Katie’s Bank CD Store Merchant’s Bank Katie’s Katie sends Order Form Katie’s Bank CD Store Merchant’s Bank ISP Online CD Store CD Warehouse Web Server Internet Payment Network Katie’s order Order printed at CD warehouse CD arrives 2-3 days after order is received
Security Threats Security threats A to D can be handled by providing secure transmission - cryptographic methods Threat E and similar types managed by access control methods Other types of security threats Illegal access of server computing system (webjacking) Illegal access client computing system Unauthorized use of client information
Objectives of e-business security Privacy and Confidentiality Integrity Availability Legitimate use Auditing or Traceability Non-repudiation
Current Processes and Tools for Implementing E-Business Security
Three key security elements Network security System level security, and Transaction level security The idea is that this process will help ensure that an organization’s resources as well as customer's and business partners' privacy are protected when conducting e-business transactions
Network Level Security Network level security provides protection against attackers who attempt to deny service to legitimate users by gaining control of machines or resources within a private network. The most common way to protect private networks that are connected to the Internet from these kinds of attacks is with firewall technology
System Level Security System level security is the ability to utilize operating system functions and applications in combination with hardware architecture to help protect against corruption of service and control user access to system resources (files, programs, databases and so on) The biggest cause of security problems is bad management
Transaction Level Security The actual act of completing transactions on the internet depends on transaction level security. Transaction level security refers to the ability of two entities on the Internet to conduct a transaction privately and with authentication.
Secure Protocols How to communicate securely: SSL – “the web security protocols” IPSEC – “the IP layer security protocol” SMIME – “the email security protocol” SET – “credit card transaction security protocol”
Secure Sockets Layer Platform and Application Independent Operates between application and transport layers is a commonly-used protocol for managing the security of a message transmission on the Internet. Solution to authentication, privacy and integrity problems and avoiding classes of attacks
SSL Characteristics Operates at the TCP/IP transport layer Encrypts (decrypts) input from application (transport) layer Any program using TCP can be modified to use SSL connections SSL is flexible in choice of which symmetric encryption, message digest, and authentication algorithms can be used When SSL client makes contact with SSL server they try to pick strongest encryption methods they have in common. SSL provides built in data compression compress first then encrypt
SSL Characteristics When SSL connection established browser-to-server and server-to-browser communications are encrypted. This includes: URL of requested document Contents of the document Contents of browser forms Cookies sent from browser to server Cookies sent from server to browser Contents of HTTP header
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol. It provides encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems.
Secure Electronic Transaction 1. Customer browses and decides to purchase 2. SET sends order and payment information Customer Merchant 7. Merchant completes order 3. Merchant forwards payment information to bank 9. Issuer sends credit card bill to customer 8. Merchant captures transaction Bank Visa 6. Bank authorizes payment 4. Bank checks with issuer for payment authorization Bank 5. Issuer authorizes payment Customer’s bank “Issuer” Merchant’s bank
E-business Security Just as a physical business takes security precautions , such as locking the doors and using safe for money and important documents , so too does an e-business need to take security measure. Get Cyber Safe http://www.getcybersafe.gc.ca/index-eng.aspx Learn how this online resources can help you protect your business and safeguard private information Payment card industry Security Standards Council https://www.pcisecuritystandards.org/ The payment card industry (PCI) Data Security Standard should be followed by anyone that handles credit card information. If you do not follow this standards you could be find and unable to accept credit cards as payment
How to Protect Your e-Business Sign up for computer security firm ESET's website protection for your e-business. This service offers endpoint (computer) and web server solutions. It protects mail, files and the gateway between your website and other computers. Manage the security solution from one convenient console and identify potential issues or events. You can add multiple users who work on behalf of the e-business. The business edition of the software also allows you to meet certain compliance requirements, such as compatibility with Cisco Network Admission Control. http://www.eset.com/us/business/eset-for-business/
How to Protect Your e-Business To Protect your e-business with technology offered by ArcSight. This company, owned by Hewlett-Packard, offers high-level solutions to manage threats to online businesses, including the information technology infrastructure. The Enterprise Threat and Risk Management platform secures and manages the flow of information on your website. It protects against cyber theft, fraud, espionage and other potential threats to enterprising e-businesses. http://www.arcsight.com/
How to Protect Your e-Business Use VeriSign service to add a layer of protection to your e-business. VeriSign offers SSL (Secure Sockets Layer) technology to protect web transmissions and e-commerce protection. The service offers daily website malware scanning to thwart potential attacks. The VeriSign seal helps assure potential customers of your website's safety. http://www.verisign.com/
How to Protect Your Customers Amazon : HELP http://www.amazon.com/gp/help/customer/display.html?nodeId=468496 E: bay: Help http://pages.ebay.com/help/policies/buyer-protection.html#conditions PayPal https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/what-is-paypal-outside
Thank You