Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10: Electronic Commerce Security

Published byCarol Coleen Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 10: Electronic Commerce Security"— Presentation transcript:

1 Chapter 10: Electronic Commerce Security

2 Online Security Issues Overview
Computer security The protection of assets from unauthorized access, use, alteration, or destruction Physical security Includes tangible protection devices Logical security Protection of assets using nonphysical means Threat Any act or object that poses a danger to computer assets

3 Managing Risk Terms -- Countermeasure Eavesdropper Crackers or hackers
General name for a procedure that recognizes, reduces, or eliminates a threat Eavesdropper Person or device that can listen in on and copy Internet transmissions Crackers or hackers Write programs or manipulate technologies to obtain unauthorized access to computers and networks

4 Computer Security Classification
Secrecy/Confidentiality Protecting against unauthorized data disclosure Technical issues Privacy The ability to ensure the use of information about oneself Legal Issues Integrity Preventing unauthorized data modification by an unauthorized party Necessity Preventing data delays or denials (removal) Nonrepudiation Ensure that e-commerce participants do not deny (i.e., repudiate) their online actions Authenticity The ability to identify the identity of a person or entity with whom you are dealing on the Internet

5 Some solutions --

6 Exercise Visit the Copyright Web site:
Check out examples of copyright infringement: Audio arts Visual arts Digital arts Read comments Under “Info”

7 Security Threats in the E-commerce Environment
Three key points of vulnerability the client communications pipeline the server

8 Active Content Active content refers to programs embedded transparently in Web pages that cause an action to occur Scripting languages Provide scripts, or commands, that are executed Applet Small application program Java Active X Trojan horse Program hidden inside another program or Web page that masks its true purpose Zombie Program that secretly takes over another computer to launch attacks on other computers Attacks can be very difficult to trace to their creators

9 Viruses, Worms, and Antivirus Software
Software that attaches itself to another program Can cause damage when the host program is activated Macro virus Type of virus coded as a small program (macro) and is embedded in a file Antivirus software Detects viruses and worms

10 Digital Certificates A digital certificate is a program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be A certificate is signed code or messages that provide proof that the holder is the person identified by the certificate Certification authority (CA) issues digital certificates Main elements: Certificate owner’s identifying information Certificate owner’s public key Dates between which the certificate is valid Serial number of the certificate Name of the certificate issuer Digital signature of the certificate issuer

11 Communication Channel Security
Recall that -- Secrecy is the prevention of unauthorized information disclosure Privacy is the protection of individual rights to nondisclosure Sniffer programs Provide the means to record information passing through a computer or router that is handling Internet traffic Demonstration of working of a Java implementation of a Packet Sniffer

12 Other Threats Integrity Necessity Wireless Network Threats
Integrity threats exist when an unauthorized party can alter a message stream of information Cybervandalism Electronic defacing of an existing Web site’s page Masquerading or spoofing Pretending to be someone you are not Domain name servers (DNSs) Computers on the Internet that maintain directories that link domain names to IP addresses Necessity Purpose is to disrupt or deny normal computer processing DoS attacks Remove information altogether Delete information from a transmission or file Wireless Network Threats Wardrivers Attackers drive around using their wireless-equipped laptop computers to search for accessible networks Warchalking When wardrivers find an open network they sometimes place a chalk mark on the building Anonymizer A Web site that provides a measure of secrecy as long as it’s used as the portal to the Internet

13 Tools Available to Achieve Site Security

14 Encryption Transforms plain text or data into cipher text that cannot be read by anyone outside of the sender and the receiver. Purpose: to secure stored information to secure information transmission. Cipher text text that has been encrypted and thus cannot be read by anyone besides the sender and the receiver Symmetric Key Encryption DES standard most widely used

15 Group Exercise Julius Caesar supposedly used secret codes known today as Caesar Cyphers. The simplest replaces A with B, B with C etc. This is called a one-rotate code. The following is encrypted using a simple Caesar rotation cypher. See if you can decrypt it: Mjqqt hfjxfw. Mtb nx dtzw hnumjw? Xyfd fbfd kwtr ymj xjsfyj ytifd.

16 Encryption Public key cryptography
uses two mathematically related digital keys: a public key and a private key. The private key is kept secret by the owner, and the public key is widely disseminated. Both keys can be used to encrypt and decrypt a message. A key used to encrypt a message, cannot be used to unencrypt the message

17 Public Key Cryptography with Digital Signatures

18 Public Key Cryptography: Creating a Digital Envelope

19 Securing Channels of Communications
Secure Sockets Layer (SSL) is the most common form of securing channels Secure negotiated session client-server session where the requested document URL, contents, forms, and cookies are encrypted. Session key is a unique symmetric encryption key chosen for a single secure session

20 Firewalls Software or hardware and software combination installed on a network to control packet traffic Provides a defense between the network to be protected and the Internet, or other network that could pose a threat Characteristics All traffic from inside to outside and from outside to inside the network must pass through the firewall Only authorized traffic is allowed to pass Firewall itself is immune to penetration Trusted networks are inside the firewall Untrusted networks are outside the firewall Packet-filter firewalls Examine data flowing back and forth between a trusted network and the Internet Gateway servers Firewalls that filter traffic based on the application requested Proxy server firewalls Firewalls that communicate with the Internet on the private network’s behalf

21 Security Policy and Integrated Security
A security policy is a written statement describing: Which assets to protect and why they are being protected Who is responsible for that protection Which behaviors are acceptable and which are not First step in creating a security policy Determine which assets to protect from which threats Elements of a security policy address: Authentication Access control Secrecy Data integrity Audits                          Protection of Information Assets CISA 2006 Exam Preparation

22 Tension Between Security and Other Values
Ease of use Often security slows down processors and adds significantly to data storage demands. Too much security can harm profitability; not enough can mean going out of business. Public Safety & Criminal Use claims of individuals to act anonymously vs. needs of public officials to maintain public safety in light of criminals or terrorists.

23 Some questions Can internet security measures actually create opportunities for criminals to steal? How? Why are some online merchants hesitant to ship to international addresses? What are some steps a company can take to thwart cyber-criminals from within a business? Is a computer with anti-virus software protected from viruses? Why or why not? What are the differences between encryption and authentication? Discuss the role of administration in implementing a security policy?

24 Security for Server Computers
Web server Can compromise secrecy if it allows automatic directory listings Can compromise security by requiring users to enter a username and password Dictionary attack programs Cycle through an electronic dictionary, trying every word in the book as a password

25 Other Programming Threats
Buffer An area of memory set aside to hold data read from a file or database Buffer overrun Occurs because the program contains an error or bug that causes the overflow Mail bomb Occurs when hundreds or even thousands of people each send a message to a particular address

26 Organizations that Promote Computer Security
CERT Responds to thousands of security incidents each year Helps Internet users and companies become more knowledgeable about security risks Posts alerts to inform the Internet community about security events SANS Institute A cooperative research and educational organization SANS Internet Storm Center Web site that provides current information on the location and intensity of computer attacks Microsoft Security Research Group Privately sponsored site that offers free information about computer security issues

Download ppt "Chapter 10: Electronic Commerce Security"

Similar presentations

Threats and Protection Mechanisms

Threats and Protection Mechanisms
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Chapter 5 Security Threats to Electronic Commerce.

1 Chapter 5 Security Threats to Electronic Commerce.
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
Chapter 5 Security Threats to Electronic Commerce

Chapter 5 Security Threats to Electronic Commerce
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce

Similar presentations

Ads by Google