Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Slides:



Advertisements
Similar presentations
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Advertisements

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Transactions, Intermediation, and Processes in EC
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security Controls and Systems in E-Commerce
CS5038 The Electronic Society
Confidentiality and Privacy Controls
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Lecture 4 ref: Chapter 10 E-Commerce Fraud and Security Copyright © 2010 Pearson Education, Inc. 1.
THE INFORMATION SECURITY PROBLEM
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Chapter 11 E-Commerce Security
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 11 E-Commerce Security. Electronic CommercePrentice Hall © Learning Objectives 1.Document the trends in computer and network security attacks.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
E-Commerce Security and Fraud Issues and Protections
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Securing Information Systems
Chapter 10 E-Commerce Security.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Internet Security for Small & Medium Business Week 6
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
E-Commerce Security.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Types of Electronic Infection
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
E-commerce Security By John Doran. What is e-commerce?  the buying and selling of products or services over the internet [3].  Most e-commerce transactions.
Network Security Celia Li Computer Science and Engineering York University.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
E-COMMERCE SECURITY ELECTRONIC COMMERCE. E-Commerce Security Successful e-tailing requires addressing online security and privacy fears of your online.
E-Commerce Infrastructure. Learning Objectives 1. Understand the major components of EC infrastructure. 2. Understand the importance and scope of security.
1.Understand the importance and scope of the security of information systems for EC. 2.Describe the major concepts and terminology of EC security. 3.Learn.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
Issues and Protections
Chapter 17 Risks, Security and Disaster Recovery
Chapter 5 Electronic Commerce | Security
Chapter 5 Electronic Commerce | Security
E-Commerce Security and Fraud Issues and Protections
Chapter 9 E-Commerce Security and Fraud Protection
Chapter 9 E-Commerce Security and Fraud Protection
Electronic Payment Security Technologies
Presentation transcript:

Chapter 11 E-COMMERCE SECURITY

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Learning Objectives Explain EC-related crimes and why they cannot be stopped. Describe an EC security strategy and why a life cycle approach is needed. Describe the information assurance security principles. Describe EC security issues from the perspective of customers and e-businesses. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Learning Objectives Identify the major EC security threats,vulnerabilities,and risk. Identify and describe common EC threats and attacks. Identify and assess major technologies and methods for securing EC communications. Identify and assess major technologies for information assurance and protection of EC networks. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Stopping E-Commerce Crimes Six major reasons why is it difficult for e-tailers to stop cyber criminals and fraudsters: Strong EC security makes online shopping inconvenient for customers Lack of cooperation from credit card issuers and foreign ISPs Online shoppers do not take necessary precautions to avoid becoming a victim IS design and security architecture are vulnerable to attack Software vulnerabilities (bugs) are a huge security problem Managers sometimes ignore due standards of care Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Stopping E-Commerce Crimes Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Stopping E-Commerce Crimes Exposure exists when a computing system: Allows an attacker to conduct information gathering activities. Allows an attacker to hide activities. Includes a capability that behaves as expected,but can be easily compromised. Is a primary point of entry that an attacker may attempt to use to gain access to the system or data or, Is considered a problem according to some reasonable security policy. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

E-Commerce Security Strategy and Life Cycle Approach THE INTERNET’S VULNERABLE DESIGN THE SHIFT TO PROFIT-MOTIVATED CRIMES TREATING EC SECURITY AS A PROJECT Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

E-Commerce Security Strategy and Life Cycle Approach IGNORING EC SECURITY BEST PRACTICES Computing Technology Industry Association (CompTIA) Nonprofit trade group providing information security research and best practices. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance information assurance (IA) The protection of information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance confidentiality Assurance of data privacy and accuracy. Keeping private or sensitive information from being disclosed to unauthorized individuals, entities, or processes. integrity Assurance that stored data has not been modified without authorization; and a message that was sent is the same message that was received. availability Assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and restricted to authorized users. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance authentication Process to verify (assure) the real identity of an individual, computer, computer program, or EC Web site. authorization Process of determining what the authenticated entity is allowed to access and what operations it is allowed to perform. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance nonrepudiation Assurance that an online customer or trading partner cannot falsely deny (repudiate) their purchase or transaction. digital signature or digital certificate Validates the sender and time stamp of a transaction so it cannot later be claimed that the transaction was unauthorized or invalid. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Information Assurance Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Enterprisewide E-Commerce Security and Privacy Model SENIOR MANAGEMENT COMMITMENT AND SUPPORT EC SECURITY AND TRADING EC SECURITY PROCEDURES AND ENFORCEMENT SECURITY TOOLS: HARDWARE AND SOFTWARE Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Basic E-Commerce Security Issues and Perspectives From the user’s perspective: How can the user know whether the Web server is owned and operated by a legitimate company? How does the user know that the Web page and form have not been compromised by spyware or other malicious code? How does the user know that an employee will not intercept and misuse the information? From the company’s perspective: How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? From both parties’ perspectives: How do both parties know that the network connection is free from eavesdropping by a third party “listening” on the line? How do they know that the information sent back and forth between the server and the user’s browser has not been altered? Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Threats and Attacks SOCIAL NETWORKING MAKES SOCIAL ENGINEERING EASY TECHNICAL ATTACKS Denial of service,Zombies,and Phishing Botnets Malicious Code:Viruses,Worms,and Trojan Horses Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Communications Access control Passive tokens ,are storage devices that contain a secert code. Active tokens, usually are small stand-alone electronic devices that generate one-time passwords. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Communications public key infrastructure (PKI) A scheme for securing e-payments using public key encryption and various technical components. encryption plaintext ciphertext encryption algorithm key (key value) keyspace Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Communications Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Communications Public (asymmetric) key encryption Method of encryption that uses a pair of matched keys—a public key to encrypt a message and a private key to decrypt it, or vice versa. public key private key RSA Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Communications Digital Signatures and Certificate Authorities Hash message digest (MD) digital envelope certificate authorities (CAs) Secure Socket Layer (SSL) Protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Networks Defense in depth Need-to-access basis Role-specfic security Monitoring Patch management Incident response team Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Networks firewall A single point between two or more networks where all traffic must pass (choke point); the device authenticates, controls, and logs all traffic. packet packet-filtering routers packet filters application-level proxy bastion gateway proxies Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Securing E-Commerce Networks virtual private network (VPN) A network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network. intrusion detection systems (IDSs) A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.