Security Risks for an E-Commerce site and how to protect against them.

Slides:

Advertisements

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Advertisements

E-Commerce: Security LO: Create a leaflet discussing security issues Give examples of security issues Illustrate how businesses/individuals can protect.

UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.

Implications and Security Issues of the Internet By Neelesh Patel.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

1 MIS 2000 Class 22 System Security Update: Winter 2015.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

Security, Privacy, and Ethics Online Computer Crimes.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Wonga example Register Question- What risks do you think businesses face due to IT developments?

Hacking, Viruses and the Copyright Law. Learning Objectives  Describe what Hacking is and what Viruses are.  List what viruses can do and describe how.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Internet safety By Lydia Snowden.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Video Following is a video of what can happen if you don’t update your security settings! security.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Identity Theft By: Chelsea Thompson. What is identity theft? The crime of obtaining the personal or financial information of another person for the purpose.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

IT security By Tilly Gerlack.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.

Types of Electronic Infection

Company LOGO Malicious Attacks Brian Duff Nidhi Doshi Timmy Choi Dustin Hellstern.

Payment Systems Unit 34: E-commerce M2 - Compare two different payment systems used in e-commerce systems.

For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!

3.05 Protect Your Computer and Information Unit 3 Internet Basics.

INTERNET SAFETY FOR KIDS

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Computer security By Isabelle Cooper.

Topic 5: Basic Security.

Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.

n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.

MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Cybersecurity Test Review Introduction to Digital Technology.

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Any criminal action perpetrated primarily through the use of a computer.

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.

Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Information Systems Design and Development Security Precautions Computing Science.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Security Risks Todays Lesson Security Risks Security Precautions

Chapter 40 Internet Security.

Presentation transcript:

Security Risks for an E-Commerce site and how to protect against them.

Security Any business that operates online is at risk from Internet threats and so security is vital to successful operation. Identity theft can make customers the victims of serious fraud and damage caused by viruses can close companies down. Businesses need to be able to prove that customers' personal details, such as credit card numbers, will be safe. If this is done well, it can reassure potential customers and widen the potential market.

Prevention of Hacking E-commerce sites need to prevent hacking so that the running of their business is undisturbed and, more importantly, their customers' details are not stolen. Specialist software can be used to look at all the ports on a computer and see which are open and which are closed. If a port is open and not being used, that gives a hacker a way in. Therefore, the best way to deter hackers is to make sure unused ports are closed by the firewall.

Viruses 'Virus' has become a catch-all term to describe any malicious computer program that can cause an unwanted result when run. There are three main types: viruses, worms and Trojans. To try to prevent virus infections/ anti-virus software must be installed on the web server and all of an e-commerce business/s computers. Not only must it be installed/ but it also must be updated regularly/ ideally every day. New viruses are developed all the time and anti-virus software must have the latest defences to provide the best protection possible. All computer users must be wary of attachments/ down loading files/ floppy disks and any unsolicited communication.

Hacking -when someone attempts to enter a computer system with the aim of stealing data, damaging the system or just to show that they can. Virus- a man made program or piece of code that causes an unexpected, usually negative, event and is self-replicating. It is often disguised as a game or image with a clever marketing title, such as officeparty jpg, and attached to an or a down load file. Worm- a virus that resides in the active memory of a computer and duplicates itself. It may send copies of itself to other computers, such as through or Internet Relay Chat (I RC). Trojan- a malicious program that pretends to be a benign application, but purposely does something the user does not expect. Trojans are technically not viruses since they do not replicate, but can be just as destructive. If left in a computer system, provides 'back door' access to the hard drive and data.

Activity Research further into recent viruses and the effects they had on businesses and the public. Make notes for future reference. Categorise each of the viruses as virus/ worm or Trojan. Some examples if you are stuck are: Melissa ILOVEYOU Nimda MyDoom Storm Worm

Identity theft is a relatively new form of crime that has had a recent upsurge and has been highlighted in the media. Identity theft involves a thief who has stolen the personal details of their victim and uses them to apply for services such as credit cards/ loans and mortgages under the guise of their victim. This crime is difficult to detect if the thief has a great deal of information about the victim. The crime is often detected when the victim receives correspondence requesting payment for the thief's spending. Tracing the thief is also difficult/ although possible by following the paper trail of all the correspondence received. The type of customer details stored by e-commerce businesses provides enough information to commit identity theft so it is very important that all e-commerce businesses protect their customers data with every method possible as described on the next slides.

Firewall impact on site performance A firewall builds a protective virtual barrier around a computer or a network of computers so that only authorised programs can access the data. It sets up a gateway and only allows authorised traffic through the gateway. Incoming data is inspected and only allowed through if it is legitimate. This is done by the opening and closing of ports. If ports are left open a back door becomes available for hackers to enter the system. When a user views a website that has passed through a firewall they might not see all of the features on the site. This is because the security policies on the firewall can be set to block certain types of scripts running on the users computer. This is done to prevent viruses and hackers attacking the system. When a security policy is decided for a firewall the administrator must balance the need for high security with the possibility of losing functionality from websites.

Secure sockets layer Secure sockets layer (SSL) is a cryptographic protocol that provides secure communication on the Internet. It provides endpoint authentication/ meaning that both the server and the client need to be identified and confirm that they are who they say they are. This is done by public key encryption and certificate- based authentication.

Identity theft - occurs when a victim's details are stolen and someone else pretends to be him or her, for example applying for financial products and making purchases. Firewall - a piece of software that protects the system from unauthorised access. This is especially important for web servers. Public key encryption- a method of coding information so that only the people with the right key at both ends of the communication can decode it. Certificate-based authentication - a method of cryptography which prevents data being read by unauthorised parties. HTTPS- stands for secure hypertext transfer protocol. Encryption- a method of encoding that is difficult to decipher by unauthorised parties. It uses prime numbers. The higher the prime number, the stronger the encryption.

HTTPS is the protocol usually used by websites on the Internet. HTTPS is a secure version of the protocol, which uses encryption to protect the data entered on the site. This protocol is usually used when customers are entering their payment details. RSA certificates are a method of coding information so that the people at either end are identified by a digital certificate, coupled with a digital signature. These can confirm the identity of the sender or recipient.

Strong Passwords It is vital for all computer users to use strong passwords. This is especially important for web servers and other e -commerce systems. A strong password should have: both letters and numbers both capitals and lowercase symbols such as * or# more than eight characters. Hackers can take advantage of weak passwords, especially those which are easy to guess. If a password is personal to the user, for example a pet's name, it will not take too much effort for a hacker to guess it. Software programs, called password crackers, can run through many possible combinations of characters and test whether each one is the chosen password. The stronger the password, the longer this software will take to work it out, and the more likely hackers will be to go on to try a different website. They are not likely to spend time working their way into a w ell-protected site. Does the password 10gbsotw seem easy to remember?

Alternative authentication methods A new authentication method that is slowly becoming more popular is the use of digital signatures. These are the electronic equivalent of the traditional signatures that have been used for hundreds of years as a personal authentication method. A digital signature allows someone to authenticate a document over the Internet. For example, a customer setting up a direct debit payment would traditionally need to wait for the paperwork to be posted to them, sign it, then return it. Now digital signatures can be used to authenticate the documents immediately anywhere in the world. This benefits both the customers and businesses.

Mega Fun Land To help keep the Mega Fun Land site safe…. What measures will you take to protect your business and your customers' details? What steps will you take for fraud protection, hackers and viruses? How will you ensure that customers have faith in your business? When discussing benefits and drawbacks, ensure you stay objective and give a balanced account of both. Stretch Activity If you have finished this activity I would like you to have a look at the following sites and research into legislation governing e-commerce sites.