Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

Published byAugusta O’Neal’ Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from."— Presentation transcript:

1 1 Chapter 9 E- Security

2 Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from merchant’s server. (c) Merchant or customer is not who they claim to be.

3 Security requirements for e-commerce 3 Authentication – are parties to the transaction who they claim to be? Privacy and confidentiality – is transaction data protected? The consumer may want to make an anonymous purchase. Are all non- essential traces of a transaction removed from the public network and all intermediary records eliminated? Integrity – checks that the message sent is complete i.e. that it isn’t corrupted. Non-repudiability – ensures sender cannot deny sending message. Availability – how can threats to the continuity and performance of the system be eliminated?

4 Types of Threats and Attacks 4 Denial-of-service (DoS) attack: An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources Distributed denial-of-service (DDoS) attack: A denial-of- service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer

5 Types of Threats and Attacks (cont.) 5 Virus: A piece of software code that inserts itself into a host, including the operating systems, to propagate; it requires that its host program be run to activate it Worm: A software program that runs independently, consuming the resources of its host in order to maintain itself and is capable of propagating a complete working version of itself onto another machine Trojan horse: A program that appears to have a useful function but that contains a hidden function that presents a security risk

6 Managing EC Security 6 Security risk management: A systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks Phases of security risk management 1. Assessment Evaluate security risks by determining assets, vulnerabilities of their system, and potential threats to these vulnerabilities 2. Planning Goal of this phase is to arrive at a set of policies defining which threats are tolerable and which are not Policies also specify the general measures to be taken against those threats that are intolerable or high priority

7 Managing EC Security (cont.) 7 3. Implementation Particular technologies are chosen to counter high-priority threats First step is to select generic types of technology for each of the high priority threats 4. Monitoring Which measures are successful Which measures are unsuccessful and need modification Whether there are any new types of threats Whether there have been advances or changes in technology Whether there are any new business assets that need to be secured

8 Methods of securing EC 8 1. Authentication system: System that identifies the legitimate parties to a transaction, determines the actions they are allowed to perform, and limits their actions to only those that are necessary to initiate and complete the transaction 2. Access control mechanism: Mechanism that limits the actions that can be performed by an authenticated person or group 3. Passive tokens: Storage devices (e.g., magnetic strips) used in a two-factor authentication system that contain a secret code 4. Active tokens: Small, stand-alone electronic devices in a two factor authentication system that generate one-time passwords

9 Encryption Methods 9 Public key infrastructure (PKI): A scheme for securing e-payments using public key encryption and various technical components Private and public key encryption Encryption: The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it Plaintext: An unencrypted message in human-readable form Ciphertext: A plaintext message after it has been encrypted into a machine- readable form Encryption algorithm: The mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa

10 Encryption Methods (cont.) 10 Symmetric (private) key system Key: The secret code used to encrypt and decrypt a message Symmetric (private) key system: An encryption system that uses the same key to encrypt and decrypt the message Data Encryption Standard (DES): The standard symmetric encryption algorithm supported the NIST and used by U.S. government agencies until October 2, 2000 Rijndael: The new Advanced Encryption Standard used to secure U.S. government communications since October 2, 2000

11 Security Protocols 11 Secure Socket Layer (SSL): Protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality Secure Electronic Transaction (SET): A protocol designed to provide secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, and others

12 Securing EC Networks 12 Technologies for organizational networks Firewall: A network node consisting of both hardware and software that isolates a private network from a public network Packet-filtering routers: Firewalls that filter data and requests moving from the public Internet to a private network based on the network addresses of the computer sending or receiving the request Packet filters: Rules that can accept or reject incoming packets based on source and destination addresses and the other identifying information Application-level proxy: A firewall that permits requests for Web pages to move from the public Internet to the private network

13 Securing EC Networks (cont.) 13 Virtual private network (VPN): A network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network Protocol tunneling: Method used to ensure confidentiality and integrity of data transmitted over the Internet, by encrypting data packets, sending them in packets across the Internet, and decrypting them at the destination address

Download ppt "1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from."

Similar presentations

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 11 E-Commerce Security.

Chapter 11 E-Commerce Security.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Cryptography and Network Security

Cryptography and Network Security
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 11 E-Commerce Security

Chapter 11 E-Commerce Security
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 E-Commerce Security. © Prentice Hall 20042 Learning Objectives 1.Document the rapid rise in computer and network security attacks. 2.Describe.

Chapter 12 E-Commerce Security. © Prentice Hall Learning Objectives 1.Document the rapid rise in computer and network security attacks. 2.Describe.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.

Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © 2006 2 Learning Objectives 1.Document the trends in computer and network security attacks.

Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.
Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.
Chapter 8 Web Security.

Chapter 8 Web Security.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google