Downloaded 20 times
Uploaded byMentalist Akram
Threats
This document summarizes threats to databases in e-commerce. It discusses risks to customers like stolen credentials, dishonest merchants, and inappropriate use of transaction details. Merchants also face risks like disputed charges and insufficient customer funds. The main issue is implementing a secure payment scheme. It then outlines security levels from human to physical. Database threats include privilege abuse, database rootkits, and weak authentication. Different authorization levels are needed for different users. The document concludes protection requires access control, inference control, flow control, and encryption.
More Related Content
Threats
- 1.
- 2. Introduction • Name: MD.Wasim Akram • ID: UG 02 22 09 016 • Department: CSE
- 3. Topic • Threats ofDatabase In E-Commerce
- 4. What Is Commerce •Commerce • CCommerce: Exchange of Goods / Services • SContracting parties: Buyer and Seller • CFundamental principles: Trust and Security • S
- 5. What is ECommerce • E-Commerce • EAutomation of commercial transactions using computer and communication technologies • t Facilitated by Internet and WWW • F Business-to-Business: EDI • BBusiness-to-Consumer: WWW retailing
- 6. Continued • CSome features: • –Easy, global access, 24 hour availability • –Customized products and services • –Back Office integration • –Additional revenue stream
- 7.
- 8. E-Commerce risks • ECustomer's risks • –Stolen credentials or password • –Dishonest merchant • –Disputes over transaction • –Inappropriate use of transaction details • - Merchant’s risk
- 9. Continued • Forged orcopied instruments • –Disputed charges • –Insufficient funds in customer’s account • –Unauthorized redistribution of purchased items • i Main issue: Secure payment scheme
- 10. Overview • Levels of data security • Authorization in databases • Application Vulnerabilities • Summary and References
- 11. Levels of DataSecurity • Human level: Corrupt/careless User • Network/User Interface • Database application program • Database system • Operating System • Physical level
- 12. Database Threats • Disclosureof valuable and private information could irreparably damage a company • Security is often enforced through the use of privileges • Some databases are inherently insecure and rely on the Web server to enforce security measures
- 13. Continued • Threats todatabase result in the loss or degradation of some or all of the following security goals: integrity, availability, and confidentially. – Loss of integrity – Loss of availability – Loss of confidentially
- 14. Explanation Of Threatsin Database • 1. Privilege abuse: When database users are provided with privileges that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally. • 3. Database rootkits: A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS). • 4. Weak authentication: Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.
- 15. Different Authorization Different authorizations fordifferent users Accounts clerk vs. Accounts manager vs. End users
- 16. Database/Application Security • Ensurethat only authenticated users can access the system • And can access (read/update) only data/interfaces that they are authorized to access
- 17. How to protectdatabase • To protect database against these types of 4 kinds of countermeasures can be implemented: – Access control – Inference control – Flow control – Encryption
- 18. Conclusion • Thank youmy Honorable Teacher for giving me the privilege for this Presentation……… • Any questions?????