chapter 13 understanding e-security. 2 objectives what are security concerns (examples)? what are...
TRANSCRIPT
Chapter 13
Understanding E-Security
2
OBJECTIVES
• What are security concerns (examples)?
• What are two types of threats (client/server)
• Virus – Computer Enemy #1 threat• How to prevent and protect?
3
SECURITY CONCERNS: examples
• Uncover confidentiality (bank account)• Leak Authentication and Access
Control (user name, password of your Web, email)
• Conduct ID theft (over 50% is credit card fraud)
• Hack or Intrude Web sites
4
CLIENT SECURITY THREATS
Happens to client computers
examples– Deliberate Corruption of Files (e.g.,
rename files)– Delete Stored Information– Use Virus (bring down system)
5
SERVER SECURIY THREATS
• Web server with active ports (e.g., 80, 8080) can be misused (scalability or deny of service attack)
• Web server directories (folders) can be accessed and corrupted
6
Server Threats: DENIAL OF SERVICE
Hackers …• Break into less-secured computers • Installs stealth program which duplicates
itself (congest network traffic)• Target network from a remote location
(RPC) and activates the planted program• Victim’s network is overwhelmed and
other users are denied access to Web and Email
7
VIRUS – eCommerce Threat #1
• A malicious code replicating itself to cause disruption of the information infrastructure
• Attacks system integrity (cause inconsistent data)
• Target at computer networks, files and other executable objects
8
EXAMPLES OF VIRUSES
• Windows registry (regedit, cookies): e.g., spyware and adware (one type of spyware)
• Boot Virus– Attacks boot sectors of the hard drive
• “Trojan horses” –a botplanted in the systems being attacked, can be operated locally or remotely for malicious purposes
9
EXAMPLES OF VIRUSES (cont.): Trojan horse
10
VIRUS CHARACTERISTICS
• Fast to attack– Easily invade and infect computer hard disk
• Slow to defend– Less likely to detect and destroy
• Hard to find (Stealth)– Memory resident (registry)
– Able to manipulate its execution to disguise its presence
11
BASIC INTERNET SECURITY TIPS
• Use Password– Alphanumeric– Mix with upper and lower cases– Change frequently– No dictionary names
• Use Encryption– Coding of messages in traffic between
the customer placing an order and the merchant’s network processing the order
12
FIREWALL & SECURITY
• Firewall: frequently used for Internet security - prevent– Enforces an access control policy between two
networks– Detects intruders, blocks them from entry,
keeps track what they did and notifies the system administrator
13
Other security approach- repair, e.g. AntiSpyware to clean virus
14
Summary and Exercises
• Name a few security concerns
• What are the two types of threats? (client/server)
• Explain Trojan Horse Virus
• How to prevent and repair?