Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Slides:



Advertisements
Similar presentations
Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
Advertisements

1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Chapter 3 Launching a Business on the Internet. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction of E-Business Life Cycle.
606 CMR 14.00: Background Record Checks What you need to know!
1 E-business Security and Control 2 Opening Case: Visa 10 commandments for online merchants – Maintaining a network firewall – Keeping security patches.
CS5038 The Electronic Society
Chapter 1 Introduction Copyright © Operating Systems, by Dhananjay Dhamdhere Copyright © Introduction Abstract Views of an Operating System.
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Outpost Office Firewall Product presentation. What is Outpost Office Firewall? Software firewall solution designed especially to meet small and medium.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Lesson 30 Computer Safety and Ethics
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
ELC 200 Day 22 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 22 Agenda Quiz 3 Corrected –14 A’s, 2 B’s and 3 no-takes –Too easy!
Topic 5: Basic Security.
Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chapter 12 Implementation and Maintenance
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Computer Security By Duncan Hall.
W elcome to our Presentation. Presentation Topic Virus.
Security and Ethics Safeguards and Codes of Conduct.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
IS3220 Information Technology Infrastructure Security
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Securing Information Systems
Security Issues in Information Technology
Securing Information Systems
Chapter 5 Electronic Commerce | Security Threats - Solution
Instructor Materials Chapter 7 Network Security
Secure Software Confidentiality Integrity Data Security Authentication
Controlling Computer-Based Information Systems, Part II
Chapter 5 Electronic Commerce | Security Threats - Solution
Securing Information Systems
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Chapter 9 E-Commerce Security and Fraud Protection
INFORMATION SYSTEMS SECURITY and CONTROL
Security.
Chapter # 3 COMPUTER AND INTERNET CRIME
Operating System Concepts
Presentation transcript:

Chapter 9 E-Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection & Recovery E-Security: Objectives

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 3 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence E-Security: Security in Cyberspace

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 4 WHY INTERNET IS DIFFERENT? E-Security: Security in Cyberspace Paper-Based CommerceElectronic Commerce Signed Paper DocumentsDigital Signature Person-to-personElectronic Via Website Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilityDifficult Negotiability

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 5 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Non-repudiation Firewalls E-Security: Conceptualizing Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 6 INFORMATION SECURITY DRIVERS Global trading Availability of reliable security packages Changes in attitudes toward security E-Security: Conceptualizing Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 7 PRIVACY FACTOR E-Security: Conceptualizing Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 8 DESIGNING FOR SECURITY Adopt a reasonable security policy Consider web security needs Design the security environment Authorizing and monitoring the system E-Security: Designing for Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 9 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature & level of risks Procedure of failure recovery E-Security: Designing for Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 10 DESIGN THE SECURITY ENVIRONMENT E-Security: Designing for Security SECURITY CONSULTANT Edit payment system CERTIFIED WEBSITE DATABASE CUSTOMER SERVICE CERTIFIED STAFF Verify IT Staff Integrity Guidelines Password Assignment Authorized link Verified Site Test data Exhibit - Logical procedure flow

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 11 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices E-Security: Designing for Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 12 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful E-Security: Designing for Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 13 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 14 KINDS OF THREATS / CRIMES Physically-related Order-related Electronically-related E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 15 CLIENT SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 16 SERVER SECURIY THREATS Web server with an active port Windows NT server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed & indexed E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 17 HOW HACKERS ACTIVATE A DENIAL OF SERVICE Break into less-secured computers connected to a high-bandwidth network Installs stealth program which duplicates itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victims network is overwhelmed & users are denied access E-Security: How Much Risk Can You Afford?

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 18 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvents security capabilities & causes adverse operation Incorporates into computer networks, files & other executable objects E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 19 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive Macro Virus –Exploits macro commands in software application E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 20 VIRUS CHARACTERISTICS Fast –Easily invades and infects computer hard disk Slow –Less likely to detect & destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 21 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the companys systems Update the latest anti-virus software periodically E-Security: Virus – Computer Enemy #1

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 22 BASIC INTERNET SECURITY PRACTICES Password –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchants network processing the order E-Security: Security Protection & Recovery

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 23 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 24 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track of what they did & notifies the system administrator E-Security: Firewall & Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 25 WHAT FIREWALLS CAN PROTECT services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 26 WHAT FIREWALLS CANT PROTECT Attacks without going through the firewall Weak security policy Traitors or disgruntled employees Viruses via floppy disks Data-driven attacks E-Security: Firewall & Security

Awad –Electronic Commerce 1/e © 2002 Prentice Hall 27 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

Chapter 9 E-Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.