Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
E-commerce business. technology. society. Kenneth C. Laudon
E-commerce: business. technology. society.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Implementing Electronic Commerce Security
Chapter 5 Security and Encryption
Principles of Information Security, 2nd edition1 Cryptography.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2010 Pearson Education, Inc. E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Sixth Edition.
Supporting Technologies III: Security 11/16 Lecture Notes.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
1 Chapter 8: Security in Electronic Commerce IT357 Electronic Commerce.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Secure Electronic Transaction (SET)
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
Online Security and Payment Systems
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Dimensions of E – Commerce Security
MGT 3225: E-Business Lecture 5: E-commerce Security and Payment Systems Md. Mahbubul Alam, PhD.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
E-commerceEssentials Kenneth C. Laudon Carol Guercio Traver first edition Copyright © 2014 Pearson Education, Inc.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol.
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Authentication 3: On The Internet. 2 Readings URL attacks
SECURITY IN E-COMMERCE Sheetal Chhabra. Introduction Contents Threats Threats to information security Acts of Human Error or failure Espionage/Trespass.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.
ELC 200 Day 11. Agenda Questions? Assignment 3 is Not Corrected  Missing assignments Assignment 4 is posted  Due March 9:30 AM  Assignment4.pdf.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
Copyright © 2010 Pearson Education, Inc. E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Sixth Edition.
Jump to first page Internet Security in Perspective Yong Cao December 2000.
Network Security Celia Li Computer Science and Engineering York University.
1 6 Chapter 6 Implementing Security for Electronic Commerce.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
MGT 3225: E-Business Lecture 6: E-commerce Security and Payment Systems Md. Mahbubul Alam, PhD.
Security and Encryption
E-commerce business. technology. society. Kenneth C. Laudon
Chapter 5 Electronic Commerce | Security
Chapter 5 Online Security and Payment Systems
E-commerce business. technology. society. Kenneth C. Laudon
Chapter 5 Electronic Commerce | Security
Copyright © 2002 Pearson Education, Inc.
Presentation transcript:

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers that perform common functions for the clients, such as storing files, software applications, etc.

2 The Client/Server Computing Model Figure 3.8, Page 131

Intranets and Extranets Intranet: TCP/IP network located within a single organization for purposes of communication and information processing Extranet: Formed when firms permit outsiders to access their internal TCP/IP networks

4 Sample XML Code Figure 3.21, Page 168

Dimensions of E-commerce Security Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet Confidentiality: ability to ensure that messages and data are available only to those authorized to view them Privacy: ability to control use of information a customer provides about himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as intended Availability: ability to ensure that an e-commerce site continues to function as intended

The Tension Between Security and Other Values Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously

Security Threats in the E- commerce Environment Three key points of vulnerability:  Client  Server  Communications channel Most common threats:  Malicious code  Hacking and cybervandalism  Credit card fraud/theft  Spoofing  Denial of service attacks  Sniffing  Insider jobs

Spoofing, DoS and dDoS Attacks, Sniffing, Insider Jobs Spoofing: Misrepresenting oneself by using fake e- mail addresses or masquerading as someone else Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points Sniffing: type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network Insider jobs:single largest financial threat

Technology Solutions Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients

Protecting Internet Communications: Encryption Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver Purpose:  Secure stored information  Secure information transmission Provides:  Message integrity  Nonrepudiation  Authentication  Confidentiality

Symmetric Key Encryption Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits

Public Key Encryption Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it

13 Public Key Cryptography – A Simple Case Figure 5.6, Page 273

Digital Certificates and Public Key Infrastructure (PKI) Digital certificate: Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties

Limits to Encryption Solutions PKI applies mainly to protecting messages in transit PKI is not effective against insiders Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations

Protecting Networks: Firewalls and Proxy Servers Firewall: Software application that acts as a filter between a company’s private network and the Internet Firewall methods include:  Packet filters  Application gateways Proxy servers: Software servers that handle all communications originating from for being sent to the Internet (act as “spokesperson” or “bodyguard” for the organization)

17 Firewalls and Proxy Servers Figure 5.11, Page 284