E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Slides:

Advertisements

Similar presentations

CP3397 ECommerce.

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

CSA 223 network and web security Chapter one

Security+ Guide to Network Security Fundamentals

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Electronic Transaction Security (E-Commerce)

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Business Data Communications, Fourth Edition Chapter 10: Network Security.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Data Security GCSE ICT.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Securing Information Systems

LECTURE TEN DATABASE INTEGRITY AND SECURITY. Database Integrity Database integrity ensures that data entered into the database is accurate, valid, and.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

Defining Security Issues

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,

BUSINESS B1 Information Security.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Internet Security for Small & Medium Business Week 6

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Encryption and Security Dylan Anderson Michael Huffman Julie Rothacher Dylan Anderson Michael Huffman Julie Rothacher.

Types of Electronic Infection

Protecting Students on the School Computer Network Enfield High School.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Physical ways of keeping your system secure. Unit 7 – Assignment 2. (Task1) By, Rachel Fiveash.

Chapter 30 - Electronic Commerce and Business Introduction E-Commerce is Big Business –all commercial transactions conducted over the Internet shopping,

Privacy, Confidentiality, and Security Component 2/Unit 8c.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.

Chapter 2 Securing Network Server and User Workstations.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.

Network Security & Accounting

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Security Risks Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks.

Access Control / Authenticity Michael Sheppard 11/10/10.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Policies and Security for Internet Access

1 6 Chapter 6 Implementing Security for Electronic Commerce.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Computer Security Sample security policy Dr Alexei Vernitski.

Information Systems Design and Development Security Precautions Computing Science.

LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.

Chapter 40 Internet Security.

PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471

Chapter 17 Risks, Security and Disaster Recovery

INFORMATION SYSTEMS SECURITY and CONTROL

Presentation transcript:

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006

Yesterday’s topics E-business and its advantages For customers For customers For businesses For businesses For business partners and suppliers For business partners and suppliers Security goals Protect confidentiality Protect confidentiality Maintain integrity Maintain integrity Assure availability Assure availability Security problems Accidental data loss Accidental data loss Malware MalwareVirusesWorms Trojan horses How to deal with Malware

Today Intruders How to deal with intruders Overall security measures Secure payment Conclusions

Intruders

What can go wrong? Security issues Intruders Casual prying (read other peoples , documents, etc.) Casual prying (read other peoples , documents, etc.) Snooping by insiders Snooping by insiders Determined attempt to make money Determined attempt to make money Commercial or military espionage Commercial or military espionage Simply for fun or to prove it can be done Simply for fun or to prove it can be done How to deal with intruders Identify every user Advise users to log off when they leave their desk Limit the privileges of users Log files to monitor users activity Encryption Etc.

Insiders What could some of the employees do? Read other people’s s Read other people’s s Attempt to read documents and access information that is NOT intended for their eyes Attempt to read documents and access information that is NOT intended for their eyes Commercial espionage Commercial espionage Install unauthorised software Install unauthorised software How to prevent all of the above? Each employee should log in the system using a unique username / password Each employee should log in the system using a unique username / password Advice all employees not to disclose their password to anyone Advice all employees not to disclose their password to anyone Advice all employees to log off when they leave their desk Advice all employees to log off when they leave their desk Advice all employees to change their password regularly Advice all employees to change their password regularly Limit privileges of employees allowing them to perform only authorised tasks and obtain only authorised information Limit privileges of employees allowing them to perform only authorised tasks and obtain only authorised information Put in place a system that tracks employees actions and network resources accessed Put in place a system that tracks employees actions and network resources accessed Encrypt or password protect all confidential documents / data Encrypt or password protect all confidential documents / data Any other measures? Any other measures?

Outsiders What could they do? As a hobby, prove that “it can be done” As a hobby, prove that “it can be done” Commercial and military espionage Commercial and military espionage Access bank accounts Access bank accounts Access and use other people’s credit card details Access and use other people’s credit card details Shut down systems, etc. Shut down systems, etc. How to prevent outsiders gaining access to resources Identify every user of the system Identify every user of the system Put in place a system that tracks users actions and network resources accessed Put in place a system that tracks users actions and network resources accessed Encrypt confidential documents / data Encrypt confidential documents / data Put firewalls in place to protect the network Put firewalls in place to protect the network Keep all software and operating systems up to date to prevent hackers exploit security holes Keep all software and operating systems up to date to prevent hackers exploit security holes

Overall key security measures

Have a security policy in place and ENFORCE it Have clear guidelines as how security should be implemented Management has to make sure that all IT technicians apply all the security measures Management has to make sure that all employees are aware of the security measures and apply them Technology used to implement security guidelines Sophisticated tools used to analyse, interpret, configure and monitor the state of the network security Sophisticated tools used to analyse, interpret, configure and monitor the state of the network security

Identify each user Clearly identify all network users Technologies used to assure identity Username and passwords Username and passwords Advice employees to : use alphanumeric passwords use alphanumeric passwords to keep them private to keep them private to change them regularly to change them regularly Biometrics Biometrics Install access control programs and physical security devices on all systems. Access control programs run extra checks on users before allowing access. Physical security devices include biometric scanning devices fitted to a computer which check a user’s face, retina, fingerprint, hand, voice, typing rhythm, signature and so on against a set of stored data for all legitimate users. Install access control programs and physical security devices on all systems. Access control programs run extra checks on users before allowing access. Physical security devices include biometric scanning devices fitted to a computer which check a user’s face, retina, fingerprint, hand, voice, typing rhythm, signature and so on against a set of stored data for all legitimate users. Make sure to delete the accounts of employees no longer working for the company

Monitor the network Security monitor Test and monitor the state of the network security Test and monitor the state of the network security Technology used to monitor the network Network log files that record Network log files that record Who logged in, for how long, from which computer, what resources they have accessed, etc. Network vulnerability scanners Network vulnerability scanners Antivirus software Antivirus software Disaster recovery backup technology Disaster recovery backup technology Check security logs and audit trails regularly Conduct regularly a through risk analysis of the network Have a disaster recovery plan

Monitor and restrict access from outside into the network Monitor remote access into the network by Allowing only a limited number of attempts to log in Allowing only a limited number of attempts to log in Block the account if all attempts to log in are unsuccessful Block the account if all attempts to log in are unsuccessful Use log files to monitor the resources accessed by remote users Use log files to monitor the resources accessed by remote users Put firewalls in place before allowing Internet access

Maintain data privacy Data privacy Information must be protected from eavesdropping Information must be protected from eavesdropping Data must be communicated in confidentiality Data must be communicated in confidentiality Technologies used to assure data privacy Password protect confidential documents Password protect confidential documents Encryption Encryption Use secure protocols Use secure protocols ssh (secure shell) https (http scheme) = http with encryption

Encryption Computer encryption is based on the science of cryptography Encryption systems Symmetric key encryption Symmetric key encryption A computer uses a key to encrypt a message before sending it over the network The destination computer uses the same key to decode it The same key has to be installed on both computers Public key encryption Public key encryption A computer uses a combination of private key and public key to encrypt a message. The private key is known only to the computer, while the public key is given to any computer that wants to communicate securely with. The destination computer decodes the message using the public key provided by the sending computer and its own private key

Where is encryption used? Digital signatures A way to ensure that an electronic document (a, word document, excel spreadsheet, etc.) is authentic A way to ensure that an electronic document (a, word document, excel spreadsheet, etc.) is authentic Standard used - Digital Signature Standard which is based on a public-key encryption Standard used - Digital Signature Standard which is based on a public-key encryption If anything is changed in the document after the signature is attached to it, the value the digital signature compares with changes and therefore it will be obvious that changes have been made If anything is changed in the document after the signature is attached to it, the value the digital signature compares with changes and therefore it will be obvious that changes have been made Electronic payment

E-business and electronic payment go hand in hand What are the benefits of electronic payment? One could pay: On the spot by providing credit card information On the spot by providing credit card information On the spot using e-check (account number and bank number) On the spot using e-check (account number and bank number) By direct debit using credit card or bank account By direct debit using credit card or bank account Via specialised companies like PayPal Via specialised companies like PayPal Concerns about electronic payment Identity theft Identity theft To prevent fraud, confidential information has to be transmitted and stored encrypted

Secure methods of payment SSL Stands for Secure Sockets Layer Stands for Secure Sockets Layer Uses public-key encription Uses public-key encription SSL is an Internet Security Protocol used by browsers and web servers to transmit sensitive information SSL is an Internet Security Protocol used by browsers and web servers to transmit sensitive information SSL is part of an overall security protocol known as Transport Layer Security SSL is part of an overall security protocol known as Transport Layer Security

How can a customer know his/her payment information is securely transmitted? Look for the s after http in the web address before making the payment. In other words, the web address should read: https// Look for the padlock symbol in the status bar, at the bottom of the browser window

Conclusions Security – High priority issue As a manager, what can you do? Have a security policy in place and enforce it Have a security policy in place and enforce it Assure user authentication Assure user authentication Look at secure payment methods Look at secure payment methods Keep customers happy by providing secure transactions Keep customers happy by providing secure transactions

Recommended reading material Otuteye,E., A systematic approach to E-business security available on-line at the following address: Robinson, R., Managing Secure eBusiness available on-line at the following address: Otuteye, E., Framework for E-Business Information Security Management available on-line at the following address: