Online security and payment system

1,270 views

Published on

what is e commerce? various threats to e commerce? and solution for these threats? who are hackers? types of hackers?

Published in: Business, Technology
  • Be the first to comment

Online security and payment system

  1. 1. Q
  2. 2. Transacting or facilitating business on internet is called e-commerce, and its revolve around buying and selling The use of internet and web to transit the business. Digitally refers to commercial transactions between organization and individual.
  3. 3. Most serious losses involved theft of proprietary information or financial fraud 40% reported attacks from outside the organization 38% experienced denial of service attacks 94% detected virus attacks
  4. 4. is any illegal act committed using a computer network especially the Internet. Cybercrime is a subset of computer crime. Stealing and using or selling of data: Company data Personal information in company files
  5. 5. ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party ability to ensure that e-commerce participants do not deny (repudiate) online actions
  6. 6. I ability to identify the identity of a person or entity with whom you are dealing on the Internet ability to ensure that messages and data are available only to those authorized to view them ability to control use of information a customer provides about himself or herself to merchant : ability to ensure that an e-commerce site continues to function as intended
  7. 7. • Designed to breach system security and threaten digital information  Viruses  Worms  Trojan horses  Bots, botnets  Browser parasites  Adware  Spyware
  8. 8.  computer program that has ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign)  designed to spread from computer to computer rather than from file to file  Program that actively reproduces itself across a network  appears to be benign, but then does something other than expected (i.e., games that steal sign-ons and passwords)
  9. 9. Is a malware used by unauthorized person to make a computer zombie for having access on computer Includes adware parasites spyware or any other programme application which is installed on computer through internet traffic without informed consent of a particular user Installed in a computer from social networking Purpose is to just annoying you Not perform criminal activity
  10. 10.  Installed through click on some link  Captured your activities and then send to unauthorized person  Transmit your activities  Change your home page Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising  Captured our key strokes  Steal our confidential or financial information Like our login & password
  11. 11. Deceptive online attempt to obtain confidential information Social engineering, e-mail scams, spoofing legitimate Web sites Use information to commit fraudulent acts (access checking accounts), steal identity  Hackers vs. crackers  Cyber vandalism: intentionally disrupting, defacing, destroying Web site  Types of hackers: white hats, black hats, grey hats
  12. 12. hacker is not cyber criminal know all about the operating system they always do constructive work  A person who breaks security onSystem intrusion  System damage  Cybervandalism  cracker is cyber criminal  crackers creates nothing & destroy much
  13. 13. Individual who intends to gain unauthorized access to computer systems Types of hackers include :  White hats  Black hats  Grey hats  Professional Security Experts not perform criminal activity  lack hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network
  14. 14. A grey hat hacker is a combination of a black hat and a white hat hacker A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. Then they may offer to correct the defect for a fee
  15. 15. Used to denote hacker with criminal intent (two terms often used interchangeably) Intentionally disrupting, defacing or destroying a Web site
  16. 16. Fear that credit card information will be stolen deters online purchases Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity One solution: New identity verification mechanisms
  17. 17. Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Often redirects users to another Web site Threatens integrity of site; authenticity
  18. 18. Hackers flood Web site with useless traffic to inundate and overwhelm network hackers use numerous computers to attack target network from numerous launch points
  19. 19. • A generic term for malicious software A number of factors have contributed to the overall increase in malicious code. Among these factors, the following are paramount: Mixing data and executable instructions Increasingly homogenous computing environments Unprecedented connectivity Larger clueless user base
  20. 20.  Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network  Single largest financial threat  Poorly designed server and client software: Increase in complexity of software programs has contributed to an increase is vulnerabilities that hackers can exploit
  21. 21.  The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose: Secure stored information and information transmission Provides: Message integrity Nonrepudiation Authentication Confidentiality
  22. 22. Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction
  23. 23.  solves symmetric key encryption problem of having to exchange secret key  Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)  Both keys are used to encrypt and decrypt message  Once key is used to encrypt message, same key cannot be used to decrypt message  For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
  24. 24. A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.
  25. 25. • Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) • Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
  26. 26.  Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted)  Alternative method; provides a secure message-oriented communications protocol designed for use in conjunction with HTTP
  27. 27. • Hardware or software filters communications packets and prevents some packets from entering the network based on a security policy • Software servers that handle all communications originating from or being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)
  28. 28. Authentication and access control mechanisms Easiest and least expensive way to prevent threats to system integrity
  29. 29. References KENNETH C LOUDEN

×