Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Published byKathlyn Cunningham Modified over 9 years ago

Similar presentations

Presentation on theme: "Electronic Commerce Security Presented by: Chris Brawley Chris Avery."— Presentation transcript:

1 Electronic Commerce Security Presented by: Chris Brawley Chris Avery

2 Online Security Issues Email – people worry about interception of private messages. Web Shopping – concerns about revealing credit card #’s is still prevalent. Doubts remain about companies willingness to keep private information secure.

3 Online Security Issues Computer Security – the protection of assets from unauthorized access, use, alteration, or destruction. - Physical Security - Logical Security - Threat

4 Online Security Issues Managing Risk  Counter measures  Eavesdropper  Hackers

5 Online Security Issues Computer Security Classifications 1. Secrecy: refers to protecting against unauthorized data disclosure and assuring authenticity of data sources. 2. Integrity: refers to preventing unauthorized data modification. 3. Necessity: refers to preventing data delays or denials.

6 Online Security Issues Security Policy and Integrated Security  Security policy: A written statement describing which assets to protect and why they are being protected, who is responsible for protection, and which behaviors are acceptable and which are not.

7 Online Security Issues Creating a security policy Step 1: Determine which assets to protect. Step 2: Determine who should have access. Step 3: Determine what resources are available to protect the assets. Step 4: Commit resources to building software, hardware, and physical barriers that implement the security policy.

8

9 Security for Client Computers Cookies: Small text files that Web servers place on Web client computers to identify returning visitors.  Helps to maintain open sessions.  Shopping cart and payment processing both need open sessions to work properly.

10 Security for Client Computers Two ways of classifying cookies: 1. By time duration  Session Cookies  Persistent Cookies 2. By source  First-party Cookies  Third-party Cookies

11 Security for Client Computers Active Content: Programs that run on the client computer.  Extends functionality of HTML  E.g. shopping carts that compute amounts, taxes, shipping, etc…  Best known forms: cookies, Java applets, JavaScript, VBScript, and ActiveX controls.  Trojan Horse  Zombies

12 Java Applets  Java is a programming language developed by Sun Microsystems that is used widely in web pages to provide active content.  Java adds functionality to business applications and can handle transactions and a wide variety of actions on the client computer. Security for Client Computers

13

14 JavaScript: A programming language developed by Netscape to enable Web page designers to build active content.  Can be used for attacks.  Can also record URLs of Web pages  The do not execute on their own. Security for Client Computers

15 ActiveX Controls: An object that contains programs and properties that Web designers place on Web pages to perform particular tasks.  Run only on computers with Windows  Security risk  ActiveX actions cannot be halted once they are executed.

16 Example of ActiveX Warning:

17 Viruses, Worms, and Antivirus Software  Virus: Software that attaches itself to another program and can cause damage when the host program is activated.  Worm: A type of virus that replicates itself on the computers that it infects.  Email attachments are common carriers. Security for Client Computers

18 Antivirus Software: detects viruses and worms and either deletes them or isolates them on the client computer so they cannot run. Are only effective if software is kept current.  Symantec  McAfee Security for Client Computers

19 Digital Certificates: An attachment to an e-mail message or a program embedded in a Web page that verifies that the sender or Web site is who or what it claims to be. - Signed Code Security for Client Computers

20 Digital Certificates - Do not attest to the quality of the software. - Simply is an assurance that the software was created by a specific company. - Digital Certificates are not easily forged. Security for Client Computers

21 Digital Certificates include six elements: Certificate owners ID Certificate owners public key Dates between which the certificate is valid Serial number of the certificate Name of the certificate issuer Digital signature of the certificate issuer Security for Client Computers

22

23 Steganography: describes the process of hiding information within another piece of information. Physical Security for Clients  Fingerprint readers  Biometric security devices Security for Client Computers

24 Communication Channel Security

25 Secrecy Threats Secrecy is the prevention of unauthorized information disclosure. Privacy is the protection of individual rights to nondisclosure. The Privacy Council created an extensive Web site surrounding privacy.

26 Anonymizer

27 Integrity Threats Also called active wiretapping. Cybervandalism Masquerading or spoofing Necessity Threats Denial of Service (DoS) attack

28 Threats to the Physical Security of Internet Communications Channels The Internet was designed from inception to withstand attacks on its physical links. However, an individual user’s Internet service can be interrupted by destruction of that user’s link. Few individuals have multiple connections to an ISP. Larger companies often have two or more links to the main backbone of the Internet.

29 Threats to Wireless Networks If not protected properly anyone within range can access any of the resources on the wireless network. Default SSID, username and password WEP WPA

30 Encryption Solutions Encryption Algorithms Hash Coding Asymmetric Encryption Symmetric Encryption (aka Private Key Encryption)

31 Secure Sockets Layer (SSL) Protocol Provides a security “handshake”. Encrypts web traffic for senstive information use as username/password, credit card information and other personal data. Session key

32 Secure Sockets Layer (SSL) Protocol

33

34 Secure HTTP (S-HTTP) Extension to HTTP that provides security features such as: Client and server authentication Spontaneous encryption Request/response nonrepudiation Developed by CommerceNet Symmetric encryption and public key encryption Defines from SSL in how it establishes a secure session

35 Ensuring Transaction Integrity with Hash Functions Integrity violation One-way functions Message digest

36 Ensuring Transaction Integrity with Digital Signatures Provides positive identification of the sender and assures the merchant that the message was not altered. Not the same as digital signatures used to sign documents electronically.

37

38 Guaranteeing Transaction Delivery Transmission Control Protocol is responsible for end-to-end control of packets. TCP ensures that packets aren’t missing. No special protocols or software required.

39 Security For Server Computers

40 Web Server Threats Automatic directory listings Requiring username and password multiple name Username and Password file Weak passwords  Dictionary attack programs

41 Database Threats Storage of username/password in unencrypted format Trojan horse programs

42 Other Programming Threats Buffer overrun or buffer overflow Mail bomb

43 Threats to the Physical Security of Web Servers Use a secure offsite provider Maintain backup servers and backups of web server Level 3, PSINet, and Verio Security Services

44 Access Control and Authentication Controls who has access to the web server Uses certificates, username and password Access Control List

45

46 Firewalls Provides a defense between a network and the Internet or between a network and any other network that could pose a threat  All traffic from outside to inside and from outside to inside the network must pass through it.  Only authorized traffic, as defined by the local security policy, is allowed to pass though it  The firewall itself is immune to penetration

47 Types of Firewalls Packet filter Gateway server Proxy server

48 Firewall Issues Perimeter expansion Intrusion detection systems

49 Organizations That Promote Computer Security CERT Microsoft Security Research SANS Institute BuqTraq CSO Online

50 US Government Agencies US Department of Justice’s Cybercrime US Department of Homeland Security’s National Infrastructure Protection Center

51 Computer Forensics and Ethnical Hacking Some corporations hire ethnical hackers to do penetration tests Ethnical Hacking is used to locate data that can be used in legal proceedings Computer forensics is used to collect, preserve and analysis of computer related evidence.

Download ppt "Electronic Commerce Security Presented by: Chris Brawley Chris Avery."

Similar presentations

Threats and Protection Mechanisms

Threats and Protection Mechanisms
Implementing Electronic Commerce Security Gary Schneider, 2003

Implementing Electronic Commerce Security Gary Schneider, 2003
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
5/4/00EMTM 5531 EMTM 553: E-commerce Systems Lecture 7: Implementing Security Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/00EMTM 5531 EMTM 553: E-commerce Systems Lecture 7: Implementing Security Insup Lee Department of Computer and Information Science University of Pennsylvania.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Chapter 5 Security Threats to Electronic Commerce.

1 Chapter 5 Security Threats to Electronic Commerce.
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Electronic Commerce COMP3210 Dr. Paul Walcott 08/11/04 The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave.

Electronic Commerce COMP3210 Dr. Paul Walcott 08/11/04 The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave.
Implementing Electronic Commerce Security

Implementing Electronic Commerce Security
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
Implementing Security for Electronic Commerce

Implementing Security for Electronic Commerce
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google