CS5038 The Electronic Society

Slides:



Advertisements
Similar presentations
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall
Advertisements

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
1 CS5038 The Electronic Society Security 1: Security and Crime Online Well begin with a look at whats out there. In Security 2, well think about it all.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Prentice Hall, Chapter 13 E-Commerce Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Securing Information Systems
Chapter 10 E-Commerce Security.
Copyright © 2007 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
PART THREE E-commerce in Action Norton University E-commerce in Action.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Internet Security for Small & Medium Business Week 6
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Prentice Hall, E-Commerce Security Notes based on Laudon&Laudon.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
C8- Securing Information Systems
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
1 CS5038 The Electronic Society Security and Crime Online Lecture Outline Types of Attacks Security Problems Major security issues in online systems Security.
Oz – Foundations of Electronic Commerce © 2002 Prentice Hall Security and Privacy Issues.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Chap1: Is there a Security Problem in Computing?.
Computer Security By Duncan Hall.
Security and Ethics Safeguards and Codes of Conduct.
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
1 CS5038 The Electronic Society Security 1: Security and Crime Online We’ll begin with a look at what’s out there. In Security 2, we’ll think about it.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Securing Information Systems
Securing Information Systems
Pertemuan 20 Materi : Buku Wajib & Sumber Materi :
Network Security (the Internet Security)
Design for Security Pepper.
Lecture 5. Security Threats
Chapter 17 Risks, Security and Disaster Recovery
Chapter 5 Electronic Commerce | Security
Operating system Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Chapter 11 crime and security in the networked economy
Chapter 13 E-Commerce Security Prentice Hall, 2002.
Securing Information Systems
Security in Networking
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Chapter 5 Electronic Commerce | Security
INFORMATION SYSTEMS SECURITY and CONTROL
Security.
Intrusion Detection system
Chapter # 3 COMPUTER AND INTERNET CRIME
Presentation transcript:

CS5038 The Electronic Society Lecture 12: Security and Crime Online Lecture Outline Types of Attacks Security Problems Major security issues in online systems Security Risk Management Security Technologies

Attack Sophistication Vs. Intruder Knowledge www.cert.org Go to presentations, overview, see trend Source: Special permission to reproduce the CERT ©/CC graphic © 2000 by Carnegie Melon University, in Electronic Commerce 2002 in Allen et al. (2000).

Types of Attacks Non-technical – phone or e-mail employee posing as administrator Buffer overflow – hide code at the end of a long entry DNS spoofing – change DNS tables or router maps Sniffing – listen to all packets on network Malicious code: Viruses – propagate locally Worms - propagate between systems Macro viruses and macro worms Trojan horses – e.g. posing as a game

Security Problems Example: Denial of service (DOS) – purchases are not made, ads are not seen Security and ease of use are antithetical to one another E.g. passwords, electronic wallets/credit card Security takes a back seat to market pressures E.g. trying to hurry the time to market Security systems are only as strong as their weakest points Security of a site depends on the security of the whole Internet – DOS, e-mail Knowledge of vulnerabilities is increasing faster than it can be combated - Hackers share secrets and write tools Flaws in ubiquitous applications – Outlook, Word Underreporting: in 1999 32%; in 2000 25% of organisations had serious attacks reported to law enforcement Why might a company not report a crime?

Security Concerns Filling a form at a simple marketing site: User’s perspective Is Web server owned and operated by legitimate company? Web page and form contain some malicious code content? Will Web server distribute user’s information to another party? (or allow to be stolen) Company’s perspective Will the user attempt to break into the Web server or alter the site? Will the user try to disrupt the server so it isn’t available to others? Both perspectives Is network connection free from eavesdropping? Has information sent back and forth between server and browser been altered?

Major security issues in online systems Privacy or Confidentiality trade secrets, business plans, health records, credit card numbers, records of web activity Authentication – for Web page, e-mail Something known – password Something possessed – smartcard Something unique – signature, biometrics Integrity – protect data from being altered or destroyed Financial transaction Non-repudiation – not denying that you bought something PAIN – for payment systems

Security Risk Management Definitions involved in risk management Assets—anything of value worth securing Threat—eventuality representing danger to an asset Vulnerability—weakness in a safeguard Risk Assessment Determine organizational objectives Cannot safeguard against everything – limit to satisfying objectives Example: if Web site is to service customer complaints then top priority is to ensure no disruption – rather than protect data Inventory assets – value and criticality of all assets on network Delineate threats – hackers, viruses, employees, system failure Identify vulnerabilities - http://www.cve.mitre.org/cve/ Quantify the value of each risk e.g. Risk = Asset x Threat x Vulnerability (Symantec.com)

Security Technologies Firewall: Like a bouncer, has rules to determine if data is allowed entry More in CS5401 (For eTech class) Virtual Private Network (VPN) Encryption—scramble communications Intrusion Detection Systems (IDS) Automatically review logs of file accesses and violations Analyse suspicious activity for known patterns of attack Quiz 13

Summary Attack Sophistication Vs. Intruder Knowledge Types of Attacks – non-technical, buffer overflow, malicious code Security Problems - ease of use, market pressure, weak links Security Concerns – e.g. filling a form Major security issues in online systems - PAIN Security Risk Management – assessment, planning, implementation, monitoring Security Technologies – firewall, VPN, IDS Quiz 14

QUIZ 13 hint for q. 5: look at q QUIZ 13 hint for q.5: look at q.7 question 7 - guess you can guess question 9 skip question 12 q.13 answer is stateful packet inspection skip question 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.