4. What Is Commerce
• Commerce
• CCommerce: Exchange of Goods /
Services
• SContracting parties: Buyer and Seller
• CFundamental principles: Trust and
Security
• S
5. What is E Commerce
• E-Commerce
• EAutomation of commercial transactions
using computer and communication
technologies
• t Facilitated by Internet and WWW
• F Business-to-Business: EDI
• BBusiness-to-Consumer: WWW retailing
6. Continued
• CSome features:
• –Easy, global access, 24 hour availability
• –Customized products and services
• –Back Office integration
• –Additional revenue stream
8. E-Commerce risks
• ECustomer's risks
• –Stolen credentials or password
• –Dishonest merchant
• –Disputes over transaction
• –Inappropriate use of transaction details
• - Merchant’s risk
9. Continued
• Forged or copied instruments
• –Disputed charges
• –Insufficient funds in customer’s account
• –Unauthorized redistribution of purchased
items
• i Main issue: Secure payment scheme
10. Overview
• Levels of data security
• Authorization in databases
• Application Vulnerabilities
• Summary and References
11. Levels of Data Security
• Human level: Corrupt/careless User
• Network/User Interface
• Database application program
• Database system
• Operating System
• Physical level
12. Database Threats
• Disclosure of valuable and private
information could irreparably damage a
company
• Security is often enforced through the use
of privileges
• Some databases are inherently insecure
and rely on the Web server to enforce
security measures
13. Continued
• Threats to database result in the loss or
degradation of some or all of the following
security goals: integrity, availability, and
confidentially.
– Loss of integrity
– Loss of availability
– Loss of confidentially
14. Explanation Of Threats in Database
• 1. Privilege abuse: When database users are provided with
privileges that exceeds their day-to-day job requirement, these
privileges may be abused intentionally or unintentionally.
• 3. Database rootkits: A database rootkit is a program or a
procedure that is hidden inside the database and that provides
administrator-level privileges to gain access to the data in the
database. These rootkits may even turn off alerts triggered by
Intrusion Prevention Systems (IPS).
• 4. Weak authentication: Weak authentication models allow
attackers to employ strategies such as social engineering and brute
force to obtain database login credentials and assume the identity of
legitimate database users.
16. Database/Application Security
• Ensure that only authenticated users can
access the system
• And can access (read/update) only
data/interfaces that they are authorized to
access
17. How to protect database
• To protect database against these types
of 4 kinds of countermeasures can be
implemented:
– Access control
– Inference control
– Flow control
– Encryption
18. Conclusion
• Thank you my Honorable Teacher for
giving me the privilege for this
Presentation………
• Any questions?????