SlideShare a Scribd company logo

Ecommerce_Ch4.pptx

Download as PPTX, PDF
A
AYNETUTEREFE1

Ecommerce

Business
1 of 24
ECOMMERCE SECURITY AND CRYPTOGRAPHY
E-commerce Security 1/7/2007 CS 483 2 Concerns about security Client security issues Server security issues Security policy, risk assessment
Ecommerce Security and Cryptography: • What is Security? • Dictionary Definition: protection or defense against attack, interference, espionage (spying), etc. ComputerSecurityClassification: • Confidentiality(or Secrecy) Protecting against unauthorized (illegal) data disclosure and ensuring the authenticity of the data’s source • Integrity Preventing unauthorized data modification • Availability(or Necessity) Preventing data delays or denials (removal) CRYPTOGRAPHY: is a method of protecting information and communication through the use of codes, so that only those for whom the information is intended can read and process it.
E-commercecrime andsecurityproblems(StoppingE-CommerceCrimes) • Information assurance (IA) • The protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats • Human firewalls : Methods that filter or limit people’s access to critical business documents
Security, Encryption, & Web Ethics • Whois affected? – In past it use to be only large companies with proprietary(branded, patented) issues – Today, stock exchange and other related commercial transactions can also be affected. – Bank accounts, medical records, credit history are a few arenas that must be concernedwithsecurity • Encryption is the process that transforms information into some secret form to prevent unauthorized individuals from using the data shouldtheyacquire it.
Security, Encryption, & Web Ethics • Object of IT Security – Confidentiality – Integrity • Confidentiality – strict controls implemented to ensure only certain person who need access to database will have access – protecting and using passwords
Security, Encryption, & Web Ethics • Integrity – loss of integrity can result from human error, intentional tampering, or even disastrous events – Efforts must be taken to ensure the accuracyand soundness of data at all time – Internet Fraud • onlinecredit cards • customer trusting the companytheydo business with • onlineauctions, sweepstakes (lotteries) & price offers • travel offers, scholarship scams etc.
Security, Encryption, & Web Ethics • Security Methods that are used whenever the Internet & Corporate Networks intersect: –Routers –Firewalls –Intrusion Detection Systems (IDSs)
Security, Encryption, & Web Ethics • Routers – are network traffic-managing devices that routes traffic intended for the servers or networks theyare attached • Firewalls – insulates a private network from a public network using carefully established controls on the types of request they will route through to the privatenetwork for processing andfulfillment
Security, Encryption, & Web Ethics • Intrusion Detection System(IDSs) –Attempts to detect an intruder breaking into your systemor legitimate user misusing systemresources. – Operates constantly, working in the background and only notifies you when it detects suspicious or illegal activity
INFORMATIONASSURANCE • CIA securitytriad (CIAtriad) Three security concepts important to information on the Internet: confidentiality, integrity, and availability Confidentiality • Assurance of data privacyand accuracy. • Keeping private or sensitive information from being revealed to unauthorized individuals, entities, or processes integrity Assurance that stored data has not been modified without authorization; anda message that was sent is the same message that was received availability • Assurance that access to data, the Web site, or other EC data service is timely, available, reliable,and restrictedto authorized users
Authentication • Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform no repudiation • Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchaseor transactiondigital signature or digital certificate • Validates the sender and time stamp of a transaction so it cannot be later claimedthatthetransactionwas unauthorizedor invalid.
Cont… • applicationfirewalls Specialized tools designed to increase the security of Web applications • common(security) vulnerabilities and exposures (CVE) • Publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations (cve.mitre.org)
Cont…. vulnerability (weakness) Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset (recall the CIA model). It can be directly used by a hacker to gain access to a system or network risk • The probability that a vulnerability will be known and used
Hacker and cracker • Hacker A programmer who breaks into computer systems in order to steal, changeor destroyinformation as a formof cyber-terrorism. • Cracker A programmer who cracks (gains unauthorized access to) computers, typicallyto do malicious things.
Threats and Attacks nontechnical attack • An attack that uses chicanery (nonsense) to trick (fake, false) people into revealing sensitive information or performing actions that compromise the security of a network social engineering • A type of nontechnical attack that uses some ruse to trick(fake) users into revealing information or performing an action that compromises a computer or network
Threats and Attacks technical attack • An attack perpetrated (done) using software and systems knowledge or expertise time-to-exploitation • The elapsed time between when a vulnerability (weakness) is discovered and the time it is exploited (misused) • Spyware Guide spyware:- Computer software that obtains information from a user's computer without the user's knowledge or consent
Threats and Attacks zero-day incidents • Attacks through previously unknown weaknesses in their computer networks • denial of service (DOS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
Threats and Attacks worm • A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine macro virus (macro worm) • A virus or worm that executes when the application object that contains the macro is opened or a particular procedure is executed Trojan horse • A program that appears to have a useful function but that contains a hidden function that presents a security risk
Securing E-Commerce Communications • access control Mechanism that determines who can legitimately use a network resource • passive token Storage device (e.g., magnetic strip) that contains a secret code used in a two-factor authentication system • active token Small, stand-alone electronic device that generates one-time passwords used in a two-factor authentication system
Cont… • biometric systems Authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris (eye) patterns, facial features, or voice • public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components
• encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it • plaintext An unencrypted message in human-readable form • cipher text A plaintext message after it has been encrypted into a machine- readable form
• encryption algorithm The mathematical formula used to encrypt the plaintext into the cipher text, and vice versa • Key (key value) The secret code used to encrypt and decrypt a message • key space The large number of possible key values (keys) created by the algorithm to use when transforming the message
• symmetric (private) key system An encryption system that uses the same key to encrypt and decrypt the message • Data Encryption Standard (DES) The standard symmetric encryption algorithm supported by the NIST and used by U.S. government agencies until October 2000 • Rijndael An advanced encryption standard (AES) used to secure U.S. government communications since October 2, 2000

Recommended

Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdfDhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 

Recommended

Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
CyberSecurity101.pdf
CyberSecurity101.pdfCyberSecurity101.pdf
CyberSecurity101.pdfDhananjaySingh23178
 
network security.pdf
network security.pdfnetwork security.pdf
network security.pdfKIYALIBAN1
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Јаѓќеѕн Јажѕшаф
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusinessWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptxSubhadipDutta36
 
Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoAYNETUTEREFE1
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter FiveAYNETUTEREFE1
 

More Related Content

Similar to Ecommerce_Ch4.pptx

Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxRoshni814224
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.Ankur Kumar
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionSachintha Gunasena
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 

Similar to Ecommerce_Ch4.pptx (20)

Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Security Requirements in eBusiness
Security Requirements in eBusinessSecurity Requirements in eBusiness
Security Requirements in eBusiness
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
Computer , Internet and physical security.
Computer , Internet and physical security.Computer , Internet and physical security.
Computer , Internet and physical security.
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & EncryptionEntrepreneurship & Commerce in IT - 11 - Security & Encryption
Entrepreneurship & Commerce in IT - 11 - Security & Encryption
 
Network Security
Network SecurityNetwork Security
Network Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 

More from AYNETUTEREFE1

Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoAYNETUTEREFE1
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter FiveAYNETUTEREFE1
 
Mathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTMathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTAYNETUTEREFE1
 
Introduction to Management.pptx
Introduction to Management.pptxIntroduction to Management.pptx
Introduction to Management.pptxAYNETUTEREFE1
 
MIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptMIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptAYNETUTEREFE1
 
chap4-strategic.pptx
chap4-strategic.pptxchap4-strategic.pptx
chap4-strategic.pptxAYNETUTEREFE1
 

More from AYNETUTEREFE1 (16)

Entrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter TwoEntrepreneurship: Business planning Chapter Two
Entrepreneurship: Business planning Chapter Two
 
Operations Management power point Chapter Five
Operations Management power point Chapter FiveOperations Management power point Chapter Five
Operations Management power point Chapter Five
 
Mathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPTMathematics For Management CHAPTER THREE PART I.PPT
Mathematics For Management CHAPTER THREE PART I.PPT
 
OM CHAPTER SIX.PPT
OM CHAPTER SIX.PPTOM CHAPTER SIX.PPT
OM CHAPTER SIX.PPT
 
Introduction to Management.pptx
Introduction to Management.pptxIntroduction to Management.pptx
Introduction to Management.pptx
 
MIS CHAPTER THREE.ppt
MIS CHAPTER THREE.pptMIS CHAPTER THREE.ppt
MIS CHAPTER THREE.ppt
 
Ecommerce_Ch1.ppt
Ecommerce_Ch1.pptEcommerce_Ch1.ppt
Ecommerce_Ch1.ppt
 
Ecommerce_Ch3.ppt
Ecommerce_Ch3.pptEcommerce_Ch3.ppt
Ecommerce_Ch3.ppt
 
E-commerce CH-3.ppt
E-commerce CH-3.pptE-commerce CH-3.ppt
E-commerce CH-3.ppt
 
chap4-strategic.pptx
chap4-strategic.pptxchap4-strategic.pptx
chap4-strategic.pptx
 
chap3-strategic.ppt
chap3-strategic.pptchap3-strategic.ppt
chap3-strategic.ppt
 
Network.ppt
Network.pptNetwork.ppt
Network.ppt
 
Ecommerce_Ch3.ppt
Ecommerce_Ch3.pptEcommerce_Ch3.ppt
Ecommerce_Ch3.ppt
 
Ecommerce_Ch1.ppt
Ecommerce_Ch1.pptEcommerce_Ch1.ppt
Ecommerce_Ch1.ppt
 
Ecommerce_Ch2.ppt
Ecommerce_Ch2.pptEcommerce_Ch2.ppt
Ecommerce_Ch2.ppt
 
Ecommerce_Ch5.ppt
Ecommerce_Ch5.pptEcommerce_Ch5.ppt
Ecommerce_Ch5.ppt
 

Recently uploaded

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 

Recently uploaded (20)

VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 

Ecommerce_Ch4.pptx

  • 2. E-commerce Security 1/7/2007 CS 483 2 Concerns about security Client security issues Server security issues Security policy, risk assessment
  • 3. Ecommerce Security and Cryptography: • What is Security? • Dictionary Definition: protection or defense against attack, interference, espionage (spying), etc. ComputerSecurityClassification: • Confidentiality(or Secrecy) Protecting against unauthorized (illegal) data disclosure and ensuring the authenticity of the data’s source • Integrity Preventing unauthorized data modification • Availability(or Necessity) Preventing data delays or denials (removal) CRYPTOGRAPHY: is a method of protecting information and communication through the use of codes, so that only those for whom the information is intended can read and process it.
  • 4. E-commercecrime andsecurityproblems(StoppingE-CommerceCrimes) • Information assurance (IA) • The protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats • Human firewalls : Methods that filter or limit people’s access to critical business documents
  • 5. Security, Encryption, & Web Ethics • Whois affected? – In past it use to be only large companies with proprietary(branded, patented) issues – Today, stock exchange and other related commercial transactions can also be affected. – Bank accounts, medical records, credit history are a few arenas that must be concernedwithsecurity • Encryption is the process that transforms information into some secret form to prevent unauthorized individuals from using the data shouldtheyacquire it.
  • 6. Security, Encryption, & Web Ethics • Object of IT Security – Confidentiality – Integrity • Confidentiality – strict controls implemented to ensure only certain person who need access to database will have access – protecting and using passwords
  • 7. Security, Encryption, & Web Ethics • Integrity – loss of integrity can result from human error, intentional tampering, or even disastrous events – Efforts must be taken to ensure the accuracyand soundness of data at all time – Internet Fraud • onlinecredit cards • customer trusting the companytheydo business with • onlineauctions, sweepstakes (lotteries) & price offers • travel offers, scholarship scams etc.
  • 8. Security, Encryption, & Web Ethics • Security Methods that are used whenever the Internet & Corporate Networks intersect: –Routers –Firewalls –Intrusion Detection Systems (IDSs)
  • 9. Security, Encryption, & Web Ethics • Routers – are network traffic-managing devices that routes traffic intended for the servers or networks theyare attached • Firewalls – insulates a private network from a public network using carefully established controls on the types of request they will route through to the privatenetwork for processing andfulfillment
  • 10. Security, Encryption, & Web Ethics • Intrusion Detection System(IDSs) –Attempts to detect an intruder breaking into your systemor legitimate user misusing systemresources. – Operates constantly, working in the background and only notifies you when it detects suspicious or illegal activity
  • 11. INFORMATIONASSURANCE • CIA securitytriad (CIAtriad) Three security concepts important to information on the Internet: confidentiality, integrity, and availability Confidentiality • Assurance of data privacyand accuracy. • Keeping private or sensitive information from being revealed to unauthorized individuals, entities, or processes integrity Assurance that stored data has not been modified without authorization; anda message that was sent is the same message that was received availability • Assurance that access to data, the Web site, or other EC data service is timely, available, reliable,and restrictedto authorized users
  • 12. Authentication • Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform no repudiation • Assurance that online customers or trading partners cannot falsely deny (repudiate) their purchaseor transactiondigital signature or digital certificate • Validates the sender and time stamp of a transaction so it cannot be later claimedthatthetransactionwas unauthorizedor invalid.
  • 13. Cont… • applicationfirewalls Specialized tools designed to increase the security of Web applications • common(security) vulnerabilities and exposures (CVE) • Publicly known computer security risks, which are collected, listed, and shared by a board of security-related organizations (cve.mitre.org)
  • 14. Cont…. vulnerability (weakness) Weakness in software or other mechanism that threatens the confidentiality, integrity, or availability of an asset (recall the CIA model). It can be directly used by a hacker to gain access to a system or network risk • The probability that a vulnerability will be known and used
  • 15. Hacker and cracker • Hacker A programmer who breaks into computer systems in order to steal, changeor destroyinformation as a formof cyber-terrorism. • Cracker A programmer who cracks (gains unauthorized access to) computers, typicallyto do malicious things.
  • 16. Threats and Attacks nontechnical attack • An attack that uses chicanery (nonsense) to trick (fake, false) people into revealing sensitive information or performing actions that compromise the security of a network social engineering • A type of nontechnical attack that uses some ruse to trick(fake) users into revealing information or performing an action that compromises a computer or network
  • 17. Threats and Attacks technical attack • An attack perpetrated (done) using software and systems knowledge or expertise time-to-exploitation • The elapsed time between when a vulnerability (weakness) is discovered and the time it is exploited (misused) • Spyware Guide spyware:- Computer software that obtains information from a user's computer without the user's knowledge or consent
  • 18. Threats and Attacks zero-day incidents • Attacks through previously unknown weaknesses in their computer networks • denial of service (DOS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
  • 19. Threats and Attacks worm • A software program that runs independently, consuming the resources of its host in order to maintain itself, that is capable of propagating a complete working version of itself onto another machine macro virus (macro worm) • A virus or worm that executes when the application object that contains the macro is opened or a particular procedure is executed Trojan horse • A program that appears to have a useful function but that contains a hidden function that presents a security risk
  • 20. Securing E-Commerce Communications • access control Mechanism that determines who can legitimately use a network resource • passive token Storage device (e.g., magnetic strip) that contains a secret code used in a two-factor authentication system • active token Small, stand-alone electronic device that generates one-time passwords used in a two-factor authentication system
  • 21. Cont… • biometric systems Authentication systems that identify a person by measurement of a biological characteristic, such as fingerprints, iris (eye) patterns, facial features, or voice • public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components
  • 22. • encryption The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it • plaintext An unencrypted message in human-readable form • cipher text A plaintext message after it has been encrypted into a machine- readable form
  • 23. • encryption algorithm The mathematical formula used to encrypt the plaintext into the cipher text, and vice versa • Key (key value) The secret code used to encrypt and decrypt a message • key space The large number of possible key values (keys) created by the algorithm to use when transforming the message
  • 24. • symmetric (private) key system An encryption system that uses the same key to encrypt and decrypt the message • Data Encryption Standard (DES) The standard symmetric encryption algorithm supported by the NIST and used by U.S. government agencies until October 2000 • Rijndael An advanced encryption standard (AES) used to secure U.S. government communications since October 2, 2000