SlideShare a Scribd company logo

E-Security Risks and Solutions

Download as PPT, PDF
Marya Sholevar
Marya Sholevar

This document discusses e-commerce security threats and solutions. It outlines several security threats including malware, phishing, hacking, credit card and identity fraud. It also examines dimensions of e-security like integrity, authenticity, confidentiality and availability. The tension between security and ease of use is explored. Technology solutions to secure communications and networks through encryption, SSL, firewalls and anti-virus software are presented.

Education
1 of 33
Chapter Three E-Security By: Marya sholevar Fall 2014
The Scope of the Problem  Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses.  Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies  2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year.
The Different Dimensions of E-commerce Security 1-Integrity The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party 2-Nonrepudiation The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions 3-Authenticity The ability to identify the identity of a person or entity with whom you are dealing in the internet
The Different Dimensions of E-commerce Security 4-Confidentiality The ability to ensure that messages and data are available only to those who are authorized to view them 5-Privacy The ability to control the use of information about oneself 6-Availability The ability to ensure that an e-commerce site continues top function as intended.
The tension between security and other values  Security vs. ease of use:  the more security measures added, the more difficult a site is to use, and the slower it becomes  Security vs. desire of individuals to act anonymously  Use of technology by criminals to plan crimes o threaten nation-state
Security Threats in the E- commerce Environment  Three key points of vulnerability:  Client  Server  Communications channel
What Is Good E- commerce Security?  To achieve highest degree of security  New technologies  Organizational policies and procedures  Industry standards and government laws  Other factors  Time value of money  Cost of security vs. potential loss  Security often breaks at weakest link
Common Security Threats in the E-commerce 1-Malicious code: 1-1 Viruses:  Replicate and spread to other files; most deliver “payload” destructive or benign)  Macro viruses, file-infecting viruses, script viruses 1-2 Worms:  Designed to spread from computer to computer Can replicate without being executed by a user or program like virus
Common Security Threats in the E-commerce 1-3 Trojan horses:  Appears benign, but does something other than expected 1-4 Bots, botnets:  Covertly installed on computer; respond to external commands sent by attacker to create a network of compromised computers for sending spam, generating a DDoS attack, and stealing info from computers
Common Security Threats in the E-commerce 2- Unwanted programs:  Unwanted Programs Installed without user’s informed consent 2-1 Browser parasites:  Can monitor and change settings of a user’s browser. 2-2 Adware:Calls for unwanted pop-up ads 2-3 Spyware:  Can be used to obtain information, such as a user’s keystrokes, e-mail, IMs, etc.
Common Security Threats: Phishing  Phishing:Deceptive online attempt to obtain confidential information  Social engineering E-mail scams, Spoofing legitimate Web sites  Use of information to commit fraudulent acts (access checking accounts), steal identity
Common Security Threats: Hackers  Hackers: Individual who intends to gain unauthorized access to computer systems  Crackers: Hacker with criminal intent  Types of hackers:  White hats – hired by corporate to find weaknesses in the firm’s computer system  Black hats – hackers with intention of causing harm  Grey hats – hackers breaking in and revealing system flaws without disrupting site or attempting to profit from their finds.
Common Security Threats: Credit Card Fraud  Fear of stolen credit card information deters online purchases.  US’s federal law limits liability of individuals to $50 for a stolen credit card.  Hackers target credit card files and other customer. information files on merchant servers; use stolen data to establish credit under false identity.  Online companies at higher risk than offline due to difficulty of guarenteeing true identity of customers.  “E-Sign” law giving digital signatures same authority as hand-written ones applies only to large corporations, but not to B2C e-commerce.
Common Security Threats:Spoofing  Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.  Spoofing a Web site is called “pharming,” redirecting a Web link to another IP address different from the real one.  Threatens integrity (steal business from true site, or alter orders and send to true site), and authenticity (difficult to distinguish between true and fake Web address).  Carried out by hacking local DNS servers.
Common Security Threats: Spam (Junk) Web sites  Collection of advertisements for other sites, some of which containing malicious code.  Appears on search results, hiding their identities by using domain names similar to legitimate ones, and redirecting traffic to spammer domains, e.g., topsearch10.com.
Common Security Threats: Denial of service (DoS) attack  Hackers flood Web site with useless traffic to inundate and overwhelm network.  Use of bot networks built from hundreds of compromised workstations.
Common Security Threats: Distributed denial of service (DDoS) attack  Hackers use multiple computers to attack target network from numerous launch points.  Microsoft and Yahoo have experienced such attacks.
Common Security Threats: Sniffing, Insider jobs: , ...  Sniffing:  Eavesdropping program that monitors information traveling over a network.  Insider jobs:  Single largest financial threat .  Poorly designed server and client software:  Due to increase in complexity and size of OS, application software, and browsers.
Common Security Threats: Sniffing, Insider jobs: , ...  Social network security:  Social engineering attacks tempting visitors to FB pages.  Mobile platform threats:  Same risks as any Internet device Malware, botnets, vishing/smishing .
Technology Solutions  Protecting Internet communications:  Encryption  Securing channels of communication  SSL, S-HTTP, VPNs  Protecting networks  Firewalls  Protecting servers and clients
Protecting Internet Communications: Encryption  Encryption Transforms plain text data into cipher text readable only by sender and receiver.  Purpose:  Secures stored information and information transmission.
Protecting Internet Communications: Encryption  Provides 4 of 6 key dimensions of e-commerce security:  Message integrity – assurance that message hasn’t been altered.  Nonrepudiation – prevents user from denying sending the message.  Authentication – verification of identity of person (computer) sending the msg.  Confidentiality – assurance that msg. was not read by others.
Securing Channels of Communication Secure Sockets Layer (SSL):  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted.  Designed to establish a secure connection between two computers . Virtual Private Network (VPN):  Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
Protecting Networks Firewall:  Hardware or software that filters packets (prevents some packets from entering the network) by using security policy. Two main methods:  Packet filters – looks inside data packets to decide whether they are destined for a prohibited port or originate from a prohibited IP address.  Application gateways – filters communications based on the application being requested, rather than the source or destination of the message
Protecting Networks  Application gateways provide greater security than packet filters, but can compromise system performance Proxy servers (proxies):  Software servers that handle all communications originating from or being sent to the Internet.  Initially for limiting access of internal clients to external Internet servers.  Can be used to restrict access to certain types of sites, such as porno, auction, or stock-trading sites, or to cache frequently-accessed Web pages to reduce download times.
Protecting Servers and Clients  Operating system security enhancements :  Upgrades, patches.  Anti-virus software:  Easiest and least expensive way to prevent threats to system integrity.  Requires daily updates
E-Security Risks and Solutions

Recommended

Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerceWisnu Dewobroto
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Electronic payment system(EPS)
Electronic payment system(EPS)Electronic payment system(EPS)
Electronic payment system(EPS)rahul kundu
 
Digital cash
Digital cashDigital cash
Digital cashUrwi Keche
 
Electronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationElectronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationDevansh Aggarwal
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 

Recommended

Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewallsMurali Mohan
 
Legal ethical issues E commerce
Legal ethical issues E commerceLegal ethical issues E commerce
Legal ethical issues E commerceWisnu Dewobroto
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Electronic payment system(EPS)
Electronic payment system(EPS)Electronic payment system(EPS)
Electronic payment system(EPS)rahul kundu
 
Digital cash
Digital cashDigital cash
Digital cashUrwi Keche
 
Electronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationElectronic Payment System (EPS) Presentation
Electronic Payment System (EPS) PresentationDevansh Aggarwal
 
Web Server Hardware and Software
Web Server Hardware and SoftwareWeb Server Hardware and Software
Web Server Hardware and Softwarewebhostingguy
 
Online Payment Gateway System
Online Payment Gateway SystemOnline Payment Gateway System
Online Payment Gateway SystemMannu Khani
 
consumer oriented applications
consumer oriented applicationsconsumer oriented applications
consumer oriented applicationspreetikapri1
 
E Payment Methods
E Payment MethodsE Payment Methods
E Payment Methodsuniversity of education,Lahore
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-CommerceDattatreya Reddy Peram
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce ApplicationsAnuj Gupta
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..home based
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMSINTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMSLibcorpio
 
architecture framework for ecommerce
architecture framework for ecommercearchitecture framework for ecommerce
architecture framework for ecommercepreetikapri1
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Chapter 8 / Electronic Payment
Chapter 8 / Electronic PaymentChapter 8 / Electronic Payment
Chapter 8 / Electronic PaymentEyad Almasri
 
Risks involved in E-payment
Risks involved in E-payment Risks involved in E-payment
Risks involved in E-payment 14_18
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment systemGc university faisalabad
 
Electronic cheque
Electronic chequeElectronic cheque
Electronic chequeEmmanual Jose
 
E banking
E bankingE banking
E bankingAbhishek Tanna
 
E commerce infrastructure
E commerce infrastructureE commerce infrastructure
E commerce infrastructureRaj vardhan
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.pptAfricaRealInformatic
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerceTej Kiran
 
Chapter Two E commerc business model
Chapter Two E commerc business modelChapter Two E commerc business model
Chapter Two E commerc business modelMarya Sholevar
 
Chapter 6:e marketing
Chapter 6:e marketingChapter 6:e marketing
Chapter 6:e marketingMarya Sholevar
 

More Related Content

What's hot

consumer oriented applications
consumer oriented applicationsconsumer oriented applications
consumer oriented applicationspreetikapri1
 
Online payment system
Online payment systemOnline payment system
Online payment systemmyangel27
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce ApplicationsAnuj Gupta
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message SecurityNrapesh Shah
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..home based
 
Information security management
Information security managementInformation security management
Information security managementUMaine
 
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMSINTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMSLibcorpio
 
architecture framework for ecommerce
architecture framework for ecommercearchitecture framework for ecommerce
architecture framework for ecommercepreetikapri1
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)Biswajit Bhattacharjee
 
Chapter 8 / Electronic Payment
Chapter 8 / Electronic PaymentChapter 8 / Electronic Payment
Chapter 8 / Electronic PaymentEyad Almasri
 
Risks involved in E-payment
Risks involved in E-payment Risks involved in E-payment
Risks involved in E-payment 14_18
 
E commerce infrastructure
E commerce infrastructureE commerce infrastructure
E commerce infrastructureRaj vardhan
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerceTej Kiran
 

What's hot (20)

consumer oriented applications
consumer oriented applicationsconsumer oriented applications
consumer oriented applications
 
E Payment Methods
E Payment MethodsE Payment Methods
E Payment Methods
 
Online payment system
Online payment systemOnline payment system
Online payment system
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce Security
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Some E-commerce Applications
Some E-commerce ApplicationsSome E-commerce Applications
Some E-commerce Applications
 
Data and Message Security
Data and Message SecurityData and Message Security
Data and Message Security
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Information security management
Information security managementInformation security management
Information security management
 
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMSINTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
INTRA- AND INTER- ‎ORGANIZATIONAL ‎SYSTEMS
 
architecture framework for ecommerce
architecture framework for ecommercearchitecture framework for ecommerce
architecture framework for ecommerce
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
 
Chapter 8 / Electronic Payment
Chapter 8 / Electronic PaymentChapter 8 / Electronic Payment
Chapter 8 / Electronic Payment
 
Risks involved in E-payment
Risks involved in E-payment Risks involved in E-payment
Risks involved in E-payment
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Electronic cheque
Electronic chequeElectronic cheque
Electronic cheque
 
E banking
E bankingE banking
E banking
 
E commerce infrastructure
E commerce infrastructureE commerce infrastructure
E commerce infrastructure
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 
Frame work of e commerce
Frame work of e commerceFrame work of e commerce
Frame work of e commerce
 

Viewers also liked

Chapter Two E commerc business model
Chapter Two E commerc business modelChapter Two E commerc business model
Chapter Two E commerc business modelMarya Sholevar
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011Andris Soroka
 
E Crm
E CrmE Crm
E Crmjim
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slidesmonchai sopitka
 
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014Dao Hoa
 
The Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelThe Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelIan Miles
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systemsVishal Singh
 
Chapter 4 payment systems in e-commerce
Chapter 4 payment systems in e-commerceChapter 4 payment systems in e-commerce
Chapter 4 payment systems in e-commerceMarya Sholevar
 
E commerce business models
E commerce business modelsE commerce business models
E commerce business modelsVikram g b
 

Viewers also liked (14)

Chapter Two E commerc business model
Chapter Two E commerc business modelChapter Two E commerc business model
Chapter Two E commerc business model
 
Chapter 6:e marketing
Chapter 6:e marketingChapter 6:e marketing
Chapter 6:e marketing
 
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
DSS - ITSEC conf - Arcot - Security for eCommerce - Riga Nov2011
 
Chapter 7 e crm
Chapter 7 e crmChapter 7 e crm
Chapter 7 e crm
 
E Crm
E CrmE Crm
E Crm
 
04-1 E-commerce Security slides
04-1 E-commerce Security slides04-1 E-commerce Security slides
04-1 E-commerce Security slides
 
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014102 e-business model - 20 cases - v6.8 - update 9 jan 2014
102 e-business model - 20 cases - v6.8 - update 9 jan 2014
 
The Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business ModelThe Digital economy's next Top e-Business Model
The Digital economy's next Top e-Business Model
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
 
E business models
E business modelsE business models
E business models
 
Chapter 4 payment systems in e-commerce
Chapter 4 payment systems in e-commerceChapter 4 payment systems in e-commerce
Chapter 4 payment systems in e-commerce
 
E-Commerce PPT
E-Commerce PPTE-Commerce PPT
E-Commerce PPT
 
E commerce business models
E commerce business modelsE commerce business models
E commerce business models
 

Similar to E-Security Risks and Solutions

onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfjainutkarsh078
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4Anne ndolo
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Security environment
Security environmentSecurity environment
Security environmentJay Choudhary
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threadsLeena Reddy
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
securityenvironment.pptx
securityenvironment.pptxsecurityenvironment.pptx
securityenvironment.pptxrehamrere
 
Improving Cybersecurity Awareness In Advanced Payment Systems
Improving Cybersecurity Awareness In Advanced Payment SystemsImproving Cybersecurity Awareness In Advanced Payment Systems
Improving Cybersecurity Awareness In Advanced Payment SystemsITIO Innovex
 

Similar to E-Security Risks and Solutions (20)

Important Notes
Important NotesImportant Notes
Important Notes
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
E commerce security 4
E commerce security 4E commerce security 4
E commerce security 4
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
Information security
Information securityInformation security
Information security
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Security environment
Security environmentSecurity environment
Security environment
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
Mis security system threads
Mis security system threadsMis security system threads
Mis security system threads
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerce
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
securityenvironment.pptx
securityenvironment.pptxsecurityenvironment.pptx
securityenvironment.pptx
 
Improving Cybersecurity Awareness In Advanced Payment Systems
Improving Cybersecurity Awareness In Advanced Payment SystemsImproving Cybersecurity Awareness In Advanced Payment Systems
Improving Cybersecurity Awareness In Advanced Payment Systems
 

More from Marya Sholevar

Marketing Financial Services
Marketing Financial ServicesMarketing Financial Services
Marketing Financial ServicesMarya Sholevar
 
Chapter 5 tech in e commerce
Chapter 5 tech in e commerceChapter 5 tech in e commerce
Chapter 5 tech in e commerceMarya Sholevar
 
Chapter one Overview of E-Commerce
Chapter one Overview of E-CommerceChapter one Overview of E-Commerce
Chapter one Overview of E-CommerceMarya Sholevar
 
Chapter 6: FINANCIAL OPERATIONS OF I NSURERS
Chapter 6: FINANCIAL OPERATIONS OF I NSURERSChapter 6: FINANCIAL OPERATIONS OF I NSURERS
Chapter 6: FINANCIAL OPERATIONS OF I NSURERSMarya Sholevar
 
Chapter 5: Insurance Marketing
Chapter 5: Insurance MarketingChapter 5: Insurance Marketing
Chapter 5: Insurance MarketingMarya Sholevar
 
Chapter 4: INSURANCE COMPANY OPERATIONS
Chapter 4: INSURANCE COMPANY OPERATIONSChapter 4: INSURANCE COMPANY OPERATIONS
Chapter 4: INSURANCE COMPANY OPERATIONSMarya Sholevar
 
Chapter 3: Organization of insurer
Chapter 3: Organization of insurerChapter 3: Organization of insurer
Chapter 3: Organization of insurerMarya Sholevar
 
Chapter 2:Insurance Contract
Chapter 2:Insurance ContractChapter 2:Insurance Contract
Chapter 2:Insurance ContractMarya Sholevar
 
Chapter 1: Introduction to Insurance
Chapter 1: Introduction to InsuranceChapter 1: Introduction to Insurance
Chapter 1: Introduction to InsuranceMarya Sholevar
 

More from Marya Sholevar (9)

Marketing Financial Services
Marketing Financial ServicesMarketing Financial Services
Marketing Financial Services
 
Chapter 5 tech in e commerce
Chapter 5 tech in e commerceChapter 5 tech in e commerce
Chapter 5 tech in e commerce
 
Chapter one Overview of E-Commerce
Chapter one Overview of E-CommerceChapter one Overview of E-Commerce
Chapter one Overview of E-Commerce
 
Chapter 6: FINANCIAL OPERATIONS OF I NSURERS
Chapter 6: FINANCIAL OPERATIONS OF I NSURERSChapter 6: FINANCIAL OPERATIONS OF I NSURERS
Chapter 6: FINANCIAL OPERATIONS OF I NSURERS
 
Chapter 5: Insurance Marketing
Chapter 5: Insurance MarketingChapter 5: Insurance Marketing
Chapter 5: Insurance Marketing
 
Chapter 4: INSURANCE COMPANY OPERATIONS
Chapter 4: INSURANCE COMPANY OPERATIONSChapter 4: INSURANCE COMPANY OPERATIONS
Chapter 4: INSURANCE COMPANY OPERATIONS
 
Chapter 3: Organization of insurer
Chapter 3: Organization of insurerChapter 3: Organization of insurer
Chapter 3: Organization of insurer
 
Chapter 2:Insurance Contract
Chapter 2:Insurance ContractChapter 2:Insurance Contract
Chapter 2:Insurance Contract
 
Chapter 1: Introduction to Insurance
Chapter 1: Introduction to InsuranceChapter 1: Introduction to Insurance
Chapter 1: Introduction to Insurance
 

Recently uploaded

MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxabhijeetpadhi001
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
MICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptxMICROBIOLOGY biochemical test detailed.pptx
MICROBIOLOGY biochemical test detailed.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

E-Security Risks and Solutions

  • 2. The Scope of the Problem  Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses.  Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies  2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year.
  • 3.
  • 4.
  • 5.
  • 6. The Different Dimensions of E-commerce Security 1-Integrity The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party 2-Nonrepudiation The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions 3-Authenticity The ability to identify the identity of a person or entity with whom you are dealing in the internet
  • 7. The Different Dimensions of E-commerce Security 4-Confidentiality The ability to ensure that messages and data are available only to those who are authorized to view them 5-Privacy The ability to control the use of information about oneself 6-Availability The ability to ensure that an e-commerce site continues top function as intended.
  • 8. The tension between security and other values  Security vs. ease of use:  the more security measures added, the more difficult a site is to use, and the slower it becomes  Security vs. desire of individuals to act anonymously  Use of technology by criminals to plan crimes o threaten nation-state
  • 9. Security Threats in the E- commerce Environment  Three key points of vulnerability:  Client  Server  Communications channel
  • 10.
  • 11.
  • 12. What Is Good E- commerce Security?  To achieve highest degree of security  New technologies  Organizational policies and procedures  Industry standards and government laws  Other factors  Time value of money  Cost of security vs. potential loss  Security often breaks at weakest link
  • 13. Common Security Threats in the E-commerce 1-Malicious code: 1-1 Viruses:  Replicate and spread to other files; most deliver “payload” destructive or benign)  Macro viruses, file-infecting viruses, script viruses 1-2 Worms:  Designed to spread from computer to computer Can replicate without being executed by a user or program like virus
  • 14. Common Security Threats in the E-commerce 1-3 Trojan horses:  Appears benign, but does something other than expected 1-4 Bots, botnets:  Covertly installed on computer; respond to external commands sent by attacker to create a network of compromised computers for sending spam, generating a DDoS attack, and stealing info from computers
  • 15. Common Security Threats in the E-commerce 2- Unwanted programs:  Unwanted Programs Installed without user’s informed consent 2-1 Browser parasites:  Can monitor and change settings of a user’s browser. 2-2 Adware:Calls for unwanted pop-up ads 2-3 Spyware:  Can be used to obtain information, such as a user’s keystrokes, e-mail, IMs, etc.
  • 16. Common Security Threats: Phishing  Phishing:Deceptive online attempt to obtain confidential information  Social engineering E-mail scams, Spoofing legitimate Web sites  Use of information to commit fraudulent acts (access checking accounts), steal identity
  • 17. Common Security Threats: Hackers  Hackers: Individual who intends to gain unauthorized access to computer systems  Crackers: Hacker with criminal intent  Types of hackers:  White hats – hired by corporate to find weaknesses in the firm’s computer system  Black hats – hackers with intention of causing harm  Grey hats – hackers breaking in and revealing system flaws without disrupting site or attempting to profit from their finds.
  • 18. Common Security Threats: Credit Card Fraud  Fear of stolen credit card information deters online purchases.  US’s federal law limits liability of individuals to $50 for a stolen credit card.  Hackers target credit card files and other customer. information files on merchant servers; use stolen data to establish credit under false identity.  Online companies at higher risk than offline due to difficulty of guarenteeing true identity of customers.  “E-Sign” law giving digital signatures same authority as hand-written ones applies only to large corporations, but not to B2C e-commerce.
  • 19. Common Security Threats:Spoofing  Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.  Spoofing a Web site is called “pharming,” redirecting a Web link to another IP address different from the real one.  Threatens integrity (steal business from true site, or alter orders and send to true site), and authenticity (difficult to distinguish between true and fake Web address).  Carried out by hacking local DNS servers.
  • 20. Common Security Threats: Spam (Junk) Web sites  Collection of advertisements for other sites, some of which containing malicious code.  Appears on search results, hiding their identities by using domain names similar to legitimate ones, and redirecting traffic to spammer domains, e.g., topsearch10.com.
  • 21. Common Security Threats: Denial of service (DoS) attack  Hackers flood Web site with useless traffic to inundate and overwhelm network.  Use of bot networks built from hundreds of compromised workstations.
  • 22. Common Security Threats: Distributed denial of service (DDoS) attack  Hackers use multiple computers to attack target network from numerous launch points.  Microsoft and Yahoo have experienced such attacks.
  • 23. Common Security Threats: Sniffing, Insider jobs: , ...  Sniffing:  Eavesdropping program that monitors information traveling over a network.  Insider jobs:  Single largest financial threat .  Poorly designed server and client software:  Due to increase in complexity and size of OS, application software, and browsers.
  • 24. Common Security Threats: Sniffing, Insider jobs: , ...  Social network security:  Social engineering attacks tempting visitors to FB pages.  Mobile platform threats:  Same risks as any Internet device Malware, botnets, vishing/smishing .
  • 25. Technology Solutions  Protecting Internet communications:  Encryption  Securing channels of communication  SSL, S-HTTP, VPNs  Protecting networks  Firewalls  Protecting servers and clients
  • 26.
  • 27. Protecting Internet Communications: Encryption  Encryption Transforms plain text data into cipher text readable only by sender and receiver.  Purpose:  Secures stored information and information transmission.
  • 28. Protecting Internet Communications: Encryption  Provides 4 of 6 key dimensions of e-commerce security:  Message integrity – assurance that message hasn’t been altered.  Nonrepudiation – prevents user from denying sending the message.  Authentication – verification of identity of person (computer) sending the msg.  Confidentiality – assurance that msg. was not read by others.
  • 29. Securing Channels of Communication Secure Sockets Layer (SSL):  Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted.  Designed to establish a secure connection between two computers . Virtual Private Network (VPN):  Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
  • 30. Protecting Networks Firewall:  Hardware or software that filters packets (prevents some packets from entering the network) by using security policy. Two main methods:  Packet filters – looks inside data packets to decide whether they are destined for a prohibited port or originate from a prohibited IP address.  Application gateways – filters communications based on the application being requested, rather than the source or destination of the message
  • 31. Protecting Networks  Application gateways provide greater security than packet filters, but can compromise system performance Proxy servers (proxies):  Software servers that handle all communications originating from or being sent to the Internet.  Initially for limiting access of internal clients to external Internet servers.  Can be used to restrict access to certain types of sites, such as porno, auction, or stock-trading sites, or to cache frequently-accessed Web pages to reduce download times.
  • 32. Protecting Servers and Clients  Operating system security enhancements :  Upgrades, patches.  Anti-virus software:  Easiest and least expensive way to prevent threats to system integrity.  Requires daily updates