Chapter 13

Understanding E-Security

2

OBJECTIVES

• What are security concerns (examples)?

• What are two types of threats (client/server)

• Virus – Computer Enemy #1 threat• How to prevent and protect?

3

SECURITY CONCERNS: examples

• Uncover confidentiality (bank account)• Leak Authentication and Access

Control (user name, password of your Web, email)

• Conduct ID theft (over 50% is credit card fraud)

• Hack or Intrude Web sites

4

CLIENT SECURITY THREATS

Happens to client computers

examples– Deliberate Corruption of Files (e.g.,

rename files)– Delete Stored Information– Use Virus (bring down system)

5

SERVER SECURIY THREATS

• Web server with active ports (e.g., 80, 8080) can be misused (scalability or deny of service attack)

• Web server directories (folders) can be accessed and corrupted

6

Server Threats: DENIAL OF SERVICE

Hackers …• Break into less-secured computers • Installs stealth program which duplicates

itself (congest network traffic)• Target network from a remote location

(RPC) and activates the planted program• Victim’s network is overwhelmed and

other users are denied access to Web and Email

7

VIRUS – eCommerce Threat #1

• A malicious code replicating itself to cause disruption of the information infrastructure

• Attacks system integrity (cause inconsistent data)

• Target at computer networks, files and other executable objects

8

EXAMPLES OF VIRUSES

• Windows registry (regedit, cookies): e.g., spyware and adware (one type of spyware)

• Boot Virus– Attacks boot sectors of the hard drive

• “Trojan horses” –a botplanted in the systems being attacked, can be operated locally or remotely for malicious purposes

9

EXAMPLES OF VIRUSES (cont.): Trojan horse

10

VIRUS CHARACTERISTICS

• Fast to attack– Easily invade and infect computer hard disk

• Slow to defend– Less likely to detect and destroy

• Hard to find (Stealth)– Memory resident (registry)

– Able to manipulate its execution to disguise its presence

11

BASIC INTERNET SECURITY TIPS

• Use Password– Alphanumeric– Mix with upper and lower cases– Change frequently– No dictionary names

• Use Encryption– Coding of messages in traffic between

the customer placing an order and the merchant’s network processing the order

12

FIREWALL & SECURITY

• Firewall: frequently used for Internet security - prevent– Enforces an access control policy between two

networks– Detects intruders, blocks them from entry,

keeps track what they did and notifies the system administrator

13

Other security approach- repair, e.g. AntiSpyware to clean virus

14

Summary and Exercises

• Name a few security concerns

• What are the two types of threats? (client/server)

• Explain Trojan Horse Virus

• How to prevent and repair?