14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
TRANSCRIPT
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
1/20
Security Overview & Electronic
Commerce Threats
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
2/20
Electronic BusinessMS 114
It is not the strongest of the species that survive, nor the most
intelligent, but the one most responsive to change
Charles Darw in
If youre not changing faster than your environment, you are
falling behind
Jack Welsh , CEO of GE
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
3/20
Security in Cyberspace
The electronic system that supports e-commerce issusceptible to abuse and failure in many ways:
Fraud:
Resulting in direct financial loss. Funds might be transferred from one account to
another, or financial records might simply be
destroyed.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
4/20
Security in Cyberspace
Theft: Theft of confidential, proprietary, technological, or
marketing information belonging to the firm or to
the customer.
An intruder may disclose such information to a
third party, resulting in damage to a key customer,
a client, or the firm itself.
Disruption: Disruption of service resulting in major losses to
business or inconvenience to the customer.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
5/20
Security in Cyberspace
Loss:
Loss of customer confidence stemming from
illegal intrusion into customer files or company
business, dishonesty, human mistakes, or networkfailure.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
6/20
Security Issues
Security concerns generally include thefollowing issues:
Confidentiality:
Knowing who can read data. Ensuring that information in the network remains
private.
This is done via encryption. Identification and Authentication:
Making sure that message sender or principal are
authentic.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
7/20
Security Issues
Availability
System resources are safeguarded from tamperingand are available for authorized users at the timeand in the format needed
Integrity:
Making sure that information is not accidental ormaliciously altered or corrupted in transit.
Access Control: Restricting the use of resources to authorized
principals.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
8/20
Security Issues
Nonrepudiation: Ensuring that principal cannot deny that they sent the
message.
Privacy
Individual rights to nondisclosure
Firewalls:
A filter between corporate network and the Internet to
secure corporate information and files from intruders butallowing access to authorized principals.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
9/20
Security Threats in the E-commerce Environment
Three key points of vulnerability: Client
Server
Communications channel
Most common threats: Malicious code
Hacking and cybervandalism
Credit card fraud/theft
Zombied PC
Phishing Denial of service attacks
Sniffing
Spoofing
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
10/20
A Typical E-commerce Transaction
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
11/20
Vulnerable Points in an E-commerce Environment
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
12/20
Malicious Code Virus-
It is a software program which attach it self to otherprograms without the owner of program being aware of it.
when the main program is executed the virus is spreadcausing damage.
Worms
designed to spread from computer to computer It can spread without any human intervention.
It can propagate through network and can affect hand helddevices.
Trojan horse-
It is software that appears to perform a desirable functionfor the user prior to run or install.
Perhaps in addition to the expected function, stealsinformation or harms the system.
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
13/20
Malicious Code
Bad applets (malicious mobile code)-
malicious Java applets or ActiveX controls that may be
downloaded onto client and activated merely by surfing to
a Web site
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
14/20
Examples of Malicious Code
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
15/20
Hacking and Cybervandalism
Hacker: Individual who intends to gain unauthorizedaccess to a computer systems
Cracker: Used to denote hacker with criminal intent(two terms often used interchangeably)
Cybervandalism: Intentionally disrupting, defacing ordestroying a Web site
Types of hackers include: White hatsMembers of tiger teams used by corporate
security departments to test their own security measures Black hatsAct with the intention of causing harm
Grey hatsBelieve they are pursuing some greater goodby breaking in and revealing system flaws
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
16/20
Credit Card Fraud
Fear that credit card information will be stolendeters online purchases
Hackers target credit card files and other
customer information files on merchantservers; use stolen data to establish creditunder false identity
One solution: New identity verificationmechanisms
-
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
17/20
Kinds of Threats or Crimes Zombied PCs
-A zombie computer (often
shortened as zombie) is a computerconnected to the
Internetthat has been compromisedby a hacker,
computer virusor Trojan horse.
Generally, a compromised machine is only one of many ina botnet, and will be used to perform malicious tasks of
one sort or another under remote direction. Most owners
of zombie computers are unaware that their system is
being used in this way. Because the owner tends to be
unaware, these computers are metaphorically compared
to zombies.
http://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Hacker_%28computer_security%29http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Botnethttp://en.wikipedia.org/wiki/Zombiehttp://en.wikipedia.org/wiki/Zombiehttp://en.wikipedia.org/wiki/Botnethttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Hacker_%28computer_security%29http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer -
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
18/20
Kinds of Threats or Crimes Phishing- is the criminallyfraudulentprocess of
attempting to acquire sensitive information such as
usernames, passwordsand credit card details by
masquerading as a trustworthy entity in an electronic
communication. Phishing is typically carried out by e-mailor instant
messaging, and it often directs users to enter details at a
fake website whose look and feelare almost identical to
the legitimate one.
Phishing is an example of social engineeringtechniques
used to fool users, and exploits the poor usability of
current web security technologies.
http://en.wikipedia.org/wiki/Criminalhttp://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29http://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Criminal -
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
19/20
Kinds of Threats or Crimes DoS - A denial-of-service attack(DoS attack) or distributed
denial-of-service attack(DDoS attack) is an attempt to makea computer resource unavailable to its intended users. Although the meansto carry out, motivesfor, and targets of a DoS
attack may vary, it generally consists of the concerted efforts of aperson or people to prevent an Internetsiteor servicefromfunctioning efficiently or at all, temporarily or indefinitely.
Perpetratorsof DoS attacks typically target sites orservices hosted onhigh-profile web serverssuch as banks, credit cardpayment gateways,and even root name servers.
The term is generally used with regards to computer networks, but isnot limited to this field, for example, it is also used in reference to CPUresource management.
One common method of attack involves saturating the target machinewith external communications requests, such that it cannot respond tolegitimate traffic, or responds so slowly as to be rendered effectivelyunavailable.
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/CPUhttp://en.wikipedia.org/wiki/CPUhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Internet -
7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)
20/20
Kinds of Threats or Crimes
Sniffing:
type of eavesdropping program that monitors
information traveling over a network; enables
hackers to steal proprietary information fromanywhere on a network
Spoofing:
Misrepresenting oneself by using fake e-mailaddresses or masquerading as someone else