What Is Commerce• Commerce• CCommerce: Exchange of Goods / Services• SContracting parties: Buyer and Seller• CFundamental principles: Trust and Security• S
What is E Commerce• E-Commerce• EAutomation of commercial transactions using computer and communication technologies• t Facilitated by Internet and WWW• F Business-to-Business: EDI• BBusiness-to-Consumer: WWW retailing
Continued• CSome features:• –Easy, global access, 24 hour availability• –Customized products and services• –Back Office integration• –Additional revenue stream
E-Commerce risks• ECustomers risks• –Stolen credentials or password• –Dishonest merchant• –Disputes over transaction• –Inappropriate use of transaction details• - Merchant’s risk
Continued• Forged or copied instruments• –Disputed charges• –Insufficient funds in customer’s account• –Unauthorized redistribution of purchased items• i Main issue: Secure payment scheme
Overview• Levels of data security• Authorization in databases• Application Vulnerabilities• Summary and References
Levels of Data Security• Human level: Corrupt/careless User• Network/User Interface• Database application program• Database system• Operating System• Physical level
Database Threats• Disclosure of valuable and private information could irreparably damage a company• Security is often enforced through the use of privileges• Some databases are inherently insecure and rely on the Web server to enforce security measures
Continued• Threats to database result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. – Loss of integrity – Loss of availability – Loss of confidentially
Explanation Of Threats in Database• 1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally.• 3. Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS).• 4. Weak authentication: Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.
Different AuthorizationDifferent authorizationsfor different users Accounts clerk vs. Accounts manager vs. End users
Database/Application Security• Ensure that only authenticated users can access the system• And can access (read/update) only data/interfaces that they are authorized to access
How to protect database• To protect database against these types of 4 kinds of countermeasures can be implemented: – Access control – Inference control – Flow control – Encryption
Conclusion• Thank you my Honorable Teacher for giving me the privilege for this Presentation………• Any questions?????