The document discusses the importance of network security in e-commerce, highlighting the need for multiple layers of defense to protect data and network integrity. It outlines various security threats, such as malware, phishing, and denial of service attacks, and emphasizes key concepts like authentication, authorization, and auditing. It also describes security protocols like SSL and VPNs, which help secure transactions and communications over the internet.

1. SECURING E-COMMERCE
NETWORKS

2. INTRODUCTION TO NETWORK
SECURITY
• Network security is any activity designed to protect
the usability and integrity of your network and data.
Network security combines multiple layers of defenses
at the edge and in the network. Each network security
layer implements policies and controls. Authorized
users gain access to network resources, but malicious
actors are blocked from carrying out threats.

3. WHAT KINDS OF SECURITY QUESTIONS
ARISE? – USER PERSPECTIVE
•How can the user be sure that the Web server is
owned and operated by a legitimate company?
•How does the user know that the owner of the
Web site will not distribute the information the
user provides to some other party?

4. WHAT KINDS OF SECURITY QUESTIONS
ARISE? – COMPANY’S PERSPECTIVE
•How does the company know the user will not
attempt to break into the Web server or alter the
pages and content at the site?
• How does the company know that the user will
not try to disrupt the server so that it is not
available to others?

5. The discussion of security concerns in electronic
commerce can be divided into two broad types:
1. Client Server Security
2. Data and Transaction Security

6. Client server security - uses various authorization
methods to make sure that only valid user and
programs have access to information resources
such as databases.
Data and transaction security - ensures the
privacy and confidentiality in electronic messages
and data packets, including the authentication of
remote users in network transactions for activities
such as on-line payments.

7. BASIC SECURITY MEASURES
• Authentication The process by which one entity verifies that
another entity is who he, she, or it claims to be.
• Authorization The process that ensures that a person has the
right to access certain resources.
• Auditing The process of collecting information about attempts
to access particular resources, use particular privileges, or
perform other security actions.

8. TYPES OF SECURITY ATTACKS
Malware attack - This is one of the common types of cyber
security threats. It refers to malicious software viruses.
Some examples include worms, spyware, ransomware,
adware, and trojans. Malware not only breaches the
network but also downloads an email attachment and
opens them.
Phishing - A widespread type of cyber security threat.
This social engineering attack involves an attacker
impersonating a trusted contact and sending the victim
fake emails. When the victim opens the email, they give
attackers access to confidential information and account
credentials.

9. Denial of service (DOS) -This is a very big threat for
organizations since the attacker’s target systems, servers,
or networks. They then flood them with traffic to exhaust
their resources and bandwidth. This attack is also known
as a DDoS (Distributed Denial-of-Service) attack.
Password attack - In this attack, the password of a user
is cracked through various programs and tools like
Aircrack, Cain, Abel, John the Ripper, Hashcat, etc.
Internet of things (IOT) attack - In this attack, the
password of a user is cracked through various programs
and tools like Aircrack, Cain, Abel, John the Ripper,
Hashcat, etc.

10. SECURITY PROTOCOLS
• A sequence of operations that ensure protection of data. Used with
a communications protocol, it provides secure delivery of data
between two parties. The term generally refers to a suite of
components that work in tandem (see below). For example, the
802.11i standard provides these functions for wireless LANs.
• On the Web, TLS and SSL are widely used to provide
authentication and encryption in order to send credit card numbers
and other private data to a vendor. Following are the primary
components of a security protocol.

11. SSL ( SECURE SOCKET LAYER)
• Most computers and browsers already can exchange
secure transactions across Internet, making it difficult
for unauthorized people to intercept data such as
credit card numbers. Even if a transmission is
intercepted, the encrypted message cannot be read.
• The two key protocols for secure WWW transactions
are: SSL and S-HTTP (Secure Hypertext Transfer
Protocol).

12. • Originally developed by Netscape, SSL is the most widely used
standard for encrypting data on Internet.
• Provides three basic services:
a)Server authentication- uses public key cryptography to validate
server’s digital certificate and public key on client’s machine.
b)Client authentication- SSL allows client and server machines to jointly
select an encryption algorithm to be used for secure connection. The
key to this algorithm is transmitted using public key cryptography,
after which client and server may communicate using secret key.
c)Encrypted SSL connection- to authenticate transaction between client
and server by above mentioned method.

13. S-HTTP
• Hyper Text Transfer Protocol (HTTP) is a “request
response” type language spoken between web
browser (client software) and a web server (server
software) on Internet to allow communication with each
other and to exchange files.
• The function of Secure- HTTP is to secure web
transactions only. It ensures transaction confidentiality
and authenticity and it ensures non repudiation of
origin.

14. VPN (VIRTUAL PRIVATE NETWORK)
• It is a private communications network often used within
a company, or by several companies or organizations,
to communicate confidentially over a publicly
accessible network.
• VPN message traffic can be carried over a public
networking infrastructure (Internet) on top of standard
protocols, or over a service provider’s private network
with a defined Service Level Agreement (SLA) between
VPN customer and the VPN service provider.

15. FIREWALL
• They are the software and hardware tools that define,
control and limit access to networks and computers
linked to the network of the organization.
• It shields an organization’s networks from exposure
when connecting to the Internet or to untrusted network
& prevent hackers from gaining access to corporate
data.
• It must ensure a) data integrity, b) authentication & c)
confidentiality.

16. • Most firewalls are configured to protect against
unauthenticated log ins from the outside world, preventing
unauthorized users from logging into machines on the
company’s network.
• They can also be employed to block all unsecured access
to the internal network, while also limiting users inside the
company to connect only to acceptable external sites.
• A firewall can be designed to separate groups within an
organization. For ex: HR dept might place their network
behind a firewall to safeguard confidential payroll and
personnel information from other employees.