Explain security issues and protection about unwanted threat in E-Commerce. Explain Security E-Commerce Environment. Security Threat in E-Commerce Environment.
Internet based e-commerce has besides, great advantages, posed many threats because of its being what is popularly called faceless and borderless.Privacy has been and continues to be a significant issue of concern for both current and prospective electronic commerce customers. In addition to privacy concerns, other ethical issues are involved with electronic commerce. The Internet offers unprecedented ease of access to a vast array of goods and services. The rapidly expanding arena of "click and mortar" and the largely unregulated cyberspace medium have however prompted concerns about both privacy and data security.
Explain security issues and protection about unwanted threat in E-Commerce. Explain Security E-Commerce Environment. Security Threat in E-Commerce Environment.
Internet based e-commerce has besides, great advantages, posed many threats because of its being what is popularly called faceless and borderless.Privacy has been and continues to be a significant issue of concern for both current and prospective electronic commerce customers. In addition to privacy concerns, other ethical issues are involved with electronic commerce. The Internet offers unprecedented ease of access to a vast array of goods and services. The rapidly expanding arena of "click and mortar" and the largely unregulated cyberspace medium have however prompted concerns about both privacy and data security.
Social engineering and human error present the single biggest threat to companies in 2017. In fact, 60% of enterprise companies were targeted by social engineering attacks within the last year. As cyber security automation practices get better, attackers are increasingly relying on social engineering to make their way into systems and networks.
Visit- https://www.siemplify.co/
Cyber security is the body of technologies , processes and practices designed to protect networks , computers , programs and data from attack , damage or unauthorized access . In a computing context , security includes both cyber security and physical security .
Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc.
All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks.
People is normally “the weak link in the chain”.
Social engineering and human error present the single biggest threat to companies in 2017. In fact, 60% of enterprise companies were targeted by social engineering attacks within the last year. As cyber security automation practices get better, attackers are increasingly relying on social engineering to make their way into systems and networks.
Visit- https://www.siemplify.co/
Cyber security is the body of technologies , processes and practices designed to protect networks , computers , programs and data from attack , damage or unauthorized access . In a computing context , security includes both cyber security and physical security .
Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc.
All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks.
People is normally “the weak link in the chain”.
1. Original Post by Catherine JohnsonCryptographic MethodsCSantosConleyha
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
1. Original Post by Catherine JohnsonCryptographic MethodsCAbbyWhyte974
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
Design and Development of an E-Commerce Security Using RSA CryptosystemAM Publications,India
E-commerce has presented a new way of doing transactions all over the world using internet. The success of ecommerce depends greatly on how its information technology is used. Over the years the rate at which ecommerce sensitive information is sent over the internet and network has increased drastically. It is for this reason that every company wants to ensure that its ecommerce information is secured. There is need for ecommerce information transmitted via the internet and computer networks to be protected. There is substantial growth in the areas of credit card fraud and identity theft because the internet is a public network with thousands of millions of users. Amongst users are crackers or hackers that carry out the credit card fraud and identity theft in numerous ways facilitated by poor internet security; a concern regarding the exchange of money securely and conveniently over the internet increases. The criticality, danger, and higher priority importance of any e-commerce money transfer makes it a hot area of research interest in modern computer science and informatics. E-commerce industry is slowly addressing security issues on their internal networks but security protection for the consumers is still in its infancy, thus posing a barrier to the development of e-commerce. There is a growing need for technological solutions to globally secure ecommerce transaction information by using appropriate data security technology. The technology solution proposed for solving this security problem is the RSA cryptosystem. This research paper focuses on securing ecommerce information sent through the computer network and internet using RSA cryptography. It elucidates the implementation of RSA algorithm and shows that ecommerce security powered with RSA cryptography is very important in ecommerce transaction. While many attacks exist, the system has proven to be very secure
Top 20 cyber security interview questions and answers in 2023.pdfAnanthReddy38
Here are 20 commonly asked cybersecurity interview questions along with their answers:
What is the difference between authentication and authorization?
Authentication is the process of verifying the identity of a user, system, or device, while authorization is the process of granting or denying access to specific resources or actions based on the authenticated user’s privileges.
What is a firewall, and how does it work?
A firewall is a network security device that monitors and filters network traffic based on predefined security rules. It acts as a barrier between internal and external networks, allowing or blocking traffic based on the configured rules.
What are the common types of malware, and how do they work?
Common types of malware include viruses, worms, Trojans, ransomware, and spyware. Malware typically infiltrates systems through various means and executes malicious actions, such as stealing data, corrupting files, or gaining unauthorized access.
What is encryption, and why is it important in cybersecurity?
Encryption is the process of converting data into a form that can only be read by authorized parties. It ensures that sensitive information remains secure during storage, transmission, and processing, preventing unauthorized access or tampering.
Explain the concept of “defense in depth.”
Defense in depth is a cybersecurity strategy that employs multiple layers of defense mechanisms to protect systems and data. It involves implementing various security controls at different levels, such as network, host, application, and data, to create overlapping layers of protection.
- Security is a concept similar to being cautious
or alert against any danger. Network security is the condition of
being protected against any danger or loss. Thus safety plays a
important role in bank transactions where disclosure of any data
results in big loss. We can define networking as the combination
of two or more computers for the purpose of resource sharing.
Resources here include files, database, emails etc. It is the
protection of these resources from unauthorized users that
brought the development of network security. It is a measure
incorporated to protect data during their transmission and also
to ensure the transmitted is protected and authentic.
Security of online bank transactions here has been
improved by increasing the number of bits while establishing the
SSL connection as well as in RSA asymmetric key encryption
along with SHA1 used for digital signature to authenticate the
user
Preventing Internet Fraud By Preventing Identity TheftDiane M. Metcalf
This project concentrates on the area of internet fraud called “Identity Theft”. It focuses on the responsibility of the individual cardholder in preventing or reducing fraud. It is based upon a belief that educating and empowering consumers has the ability to decrease internet/e-Commerce fraud by way of reducing identity theft.
Classical trade policies demonstrate that free trade will benefit us, but infant industry theory and strategy trade policy theory tell us we must have some protection of our market and industries on the other side. In your opinion, do you agree with or against free trade? Why?
Please draw the three curves together that is total cost curve, management cost curve and shortage cost curve in one graph.
Suppose that total cost is equal to management cost + shortage cost.
Explain the general trend of each curve.
Economic Study of Television Advertising Market in BangladeshTawhid Rahman
Television has many different affects on the economy in both positive and negative ways. One of the biggest effects television has on the economy is advertisement. More and more people turn to television for advertisement. Advertisement has a huge impact and effect on viewers. After watching an advertisement on television people are heading to the store, looking on the internet, or trying to purchase the product. It only takes a few seconds to convince someone that the product, good or service they are advertising is worth buying and bam people purchase it. Television is unique because it allows people to see the product that is being advertised. Television advertisement affects everyone including children, teens, and adults because they spark the interest of a person instead of pointing out the products features.
A presentation on Creating Brand Image for Art & Artist. In this presentation yo can learn why brand knowledge is important for art, design and crafts professional, how an artist can create his/her personal brand image as well as his/her artworks etc. Basically this presentation was prepared for an interactive lecture, so that in few slides there is no description with image. But I think anyone can understand my idea about Brand. this presentation is very useful for young art students and professionals.
Presentation on Foreign Direct Investment (FDI) in BangladeshTawhid Rahman
Foreign Direct Investment (FDI) plays an important role in the economy of Bangladesh to accelerate GDP, export and domestic investment followed by overall economic growth. Despite global declining trend, in 2016 FDI inflows has increased in Bangladesh, particularly in energy, stockmarket and telecommunication sector.
FDI is a vital issue for Bangladesh to carry out effective measures in protecting the prospective foreign investors so that they can get a congenial atmosphere to invest their capital. Investor should feel that their role in the business arena of Bangladesh is respectfully valued. In this connection, friendly regulations, simplifying regulatory practices, investment incentives and removal of inefficient bureaucratic procedures should be ensured.
In this presentation you can get an overview of Bangladesh market scenario, political, legal, social, cultural, business etiquette, Sino-Bangla relationship, risk and remedy, and few other important authority links.
我有这个演示文稿的中文版本,如果你需要的话,请发邮件到tawhid1983@gmail.com
LIFE is good in CHINA- A Memory book of JUFE IMIB & MIB 2015Tawhid Rahman
This is a special book for Jiangxi University of Finance and Economics (JUFE) International Masters in International Business (IMIB) and Masters in International Business (MIB) students 2 years memory in China. It consists many photos and comments.
A Study on Brand Communication in Bangladesh Social Media.Tawhid Rahman
In today’s competitive business world, no business can survive without proper branding. Branding is therefore important to every business regardless of the size, because it helps distinguish a business from its competitors. As a key component of branding, brand communication determines whether a brand is successfully established and eventually turns a profit. Since brand communication is not free of cost, it is really hard for enterprises, especially Small and Medium Enterprises (SMEs) of Bangladesh to carry out a successful brand communication program through traditional marketing activities, which include television advertising, radio, bill-boards, newspaper etc. However, social media has evolved over the last few years to become the most affordable springboard for brand communication through engaging customers in innovative ways and making them true stakeholders in the value-creation process. Attracted by its potential to drive sales opportunities and to enhance customer engagement, companies of Bangladesh are also coming forward to embrace the full prospects of social media. This paper attempted to explore the present status, problems and prospects of brand communication through social media in the context of Bangladesh market.
This study is exploratory in nature. Duel analysis methods have been used in this research. The first one is qualitative analysis; secondary data are used from different sources to explore an overview of social media usage in Bangladesh. Furthermore, two different survey were conducted among consumers and marketers, with the aim of investigating customers’ motivation and marketers approach for using social media as a channel brand communication in Bangladesh. Finally, descriptive analysis has been done to interpret the data in order to answer all the research questions.
There is no universal communication strategy suitable for all companies, but the appropriate one may be build according to the company goals and means. Process of creating the communication strategy should focus on several targets which companies may identify by themselves or with the help of guides. One of those targets is identifying appropriate ways of engaging with the customers with the combination of Brand Awareness, Brand Engagement and Word-of-Mouth. Nowadays social media especially facebook is becoming a great tool for B2C brand communication. Recent booming of internet uses in Bangladesh enhancing this opportunity for all size of companies. They can enjoy the benefit of social media brand communication with a cost-effective way if they overcome the current challenges.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
E-Commerce security
1. E-Commerce
Explain the six requirements of E-Commerce security
and give a specific example.
Submitted By
Mohammad Tawhidur Rahman
Bangladesh
Date of Submission:
22 September, 2015
2. Mohammad Tawhidur Rahman P-2
Question # 2 : Explain the six requirements of E-Commerce security and
give a specific example.
Answer # 2 :
E-commerce is widely considered the buying and selling of products over the internet, but
any transaction that is completed solely through electronic measures can be considered e-
commerce. Day by day E-commerce playing very good role in online retail marketing and
peoples are using this technology all over the world.
E-commerce security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction. E-commerce Security is a part of the Information Security
framework and is specifically applied to the components that affect e-commerce that
include Computer Security, Data security and other wider realms of the Information
Security framework.
E-commerce security has its own particular nuances and is one of the highest visible
security components that affect the end user through their daily payment interaction with
business.
Today, privacy and security are a major concern for electronic technologies. Privacy
concerns have been found, revealing a lack of trust in a variety of contexts, including
commerce, electronic health records, e-recruitment technology and social networking, and
this has directly influenced users. Security is one of the principal and continuing concerns
that restrict customers and organizations engaging with e-commerce.
Basic Requirements of E-commerce Security-
1. Secrecy : ability to ensure that messages and data are available only to those
authorized to view them. Also ensure that the trading party has the authority of
transaction. It prevents the risks of transactions and economic damage
2. Authenticity : ability to identify the identity of a person or entity with whom you
are dealing on the Internet assures that the “sender” of the message is actually the
person he/she claims.
The term “authentication” determines the user of the computer is actually who he/she
claims. The term “authentication of the receiver” allows the sender to be sure that the
party he/she intend to get the message is the one who is receives it.
3. Integrity : ability to ensure that information being displayed on a web site or
transmitted/received over the Internet has not been altered in any way by an
unauthorized party. It assures that the communication between trading parties are not
alerted by an enemy.
4. Availability : ability to ensure that an e-commerce site continues to function as
intended. Enables exchanging parties to maintain and revisit the history/sequence of
events during a period of transaction. In e-commerce, these could be computer time
stamps, or records of different computer of different stage of transactions.
5. Un-refuse able : ability to ensure that e-commerce participants do not deny (refuse)
online actions. Secure e-payment ensures that “commitment” to pay for goods/services
over media are met.
3. Mohammad Tawhidur Rahman P-3
6. Privacy : ability to control use of information a customer provides about
himself or herself to merchant. It assures that the communication between trading
parties are not revealed to other, therefore unauthorized party can not read or
understand the message.
E-commerce Threats -
Threats are anyone with the capability, technology, opportunity, and intent to do harm.
Potential threats can be foreign or domestic, internal or external, state-sponsored or a
single rogue element.
E-commerce security tools-
Firewalls – Software and Hardware
Public Key infrastructure
Encryption software
Digital certificates
Digital Signatures
Biometrics – retinal scan, fingerprints, voice etc
Passwords
Locks and bars – network operations centers
Each phase of E-commerce transaction has a security measure-
Transaction
phases
Information
phase
Negotiation
phase
Payment phase Delivery phase
Security
Measures
Confidentiality Secure Encryption Secure
Access control Contract Decryption Delivery
Integrity Identification Integrity
Checks Digital
signature
Checks
E-commerce threats and countermeasures in different avenues-
Avenue Threats Countermeasure
Intellectual
property
- Use existing materials
found on the Internet
without the owner's
permission.
e.g., music downloading,
domain name
(cybersquatting), software
pirating
Legislature
Authentication
Client
computer
Trojan horse
Active contents
Viruses
Privacy: Cookie
blockers; Anonymizer
Digital certificate
Browser protection
Antivirus software
Computer forensics expert
Communication
channel
Sniffer program
Backdoor
Spoofing
Denial-of-service
Encryption:
- Public-key encryption (asymmetric) vs
Private-key encryption (symmetric)
- Encryption standard: Data Encryption
Standard (DES), Advanced Encryption
Standard (AES)
4. Mohammad Tawhidur Rahman P-4
Protocol:
- Secure Sockets Layer (SSL)
- Secure Hyper Text Transfer Protocol
(S-HTTP)
Digital signature:
Bind the message originator with the
exact contents of the message
- A hash function is used to transform
messages into a 128-bit digest (message
digest).
- The sender’s private key is used to
encrypt the message digest (digital
signature)
- The message + signature are sent to the
receiver
- The recipient uses the hash function to
recalculate the message digest
- The sender’s public key is used to
decrypt the message digest
- Check to see if the recalculated
message digest = decrypted message
digest
Server Privilege setting
Server Side Include
(SSI), Common
Gateway Interface (CGI)
File transfer
Spamming
Access control and authentication:
- Digital signature from user
- Username and password
- Access control list
Firewalls:
- Packet filter firewall: checks IP address
of incoming packet and rejects anything
that does not match the list of trusted
addresses
- Application level proxy server:
examines the application used for each
individual IP packet (e.g., HTTP, FTP)
to verify its authenticity.
- Stateful packet inspection: examines all
parts of the IP packet to determine
whether or not to accept or reject the
requested communication.
Example of Cryptography/ Encryption-
Cryptography/ encryption is the process of converting ordinary information (called
plaintext) into unintelligible text (called ciphertext). Decryption is the reverse, in other
words, moving from the unintelligible ciphertext back to plaintext.
Plaintext : means the message
Encryption :encoding(hiding the contents from outsiders) the message
Ciphertext :the encrypted message
Decryption :the process of retrieving the plaintext from the ciphertext
“Encryption” and “Decryption” makes use of a “key and a coding method”.
5. Mohammad Tawhidur Rahman P-5
Just as the development of computers and electronics helped in cryptanalysis, it made
possible much more complex ciphers. Furthermore, computers allowed for the encryption
of any kind of data represent able in any binary format, unlike classical ciphers which only
encrypted written language texts; this was new and significant.
Concept of Encryption and Decryption-
The modern field of cryptography can be divided into several areas of study. Here I
discussed about two major areas of cryptography.
1. Symmetric-key cryptography
It refers to encryption methods in which
both the sender and receiver share the
same key (or, less commonly, in which
their keys are different, but related in an
easily computable way). This was the
only kind of encryption publicly known
until June 1976.
2. Asymmetric-key cryptography
Asymmetric-key system is constructed
that calculation of one key (the 'private
key') is computationally infeasible from
the other (the 'public key'), even though
they are necessarily related. Instead, both
keys are generated secretly, as an
interrelated pair. In asymmetric-key
cryptosystems, the public key may be
freely distributed, while its paired private
key must remain secret. In this system,
the public key is used for encryption,
while the private or secret key is used for
decryption.
The e-commerce industry is slowly addressing security issues on their internal networks.
There are guidelines for securing systems and networks available for the e-commerce
systems personnel to read and implement. Educating the consumer on security issues is
still in the infancy stage but will prove to be the most critical element of the e-commerce
security architecture. Privacy has become a major concern for consumers with the rise of
identity theft and impersonation, and any concern for consumers must be treated as a
major concern for e-commerce providers.
-THANK YOU-