Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Unit 1 Business skills for e-commerce

Published byMyles Ramsey Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Unit 1 Business skills for e-commerce"— Presentation transcript:

1 Security Unit 1 Business skills for e-commerce
HND in Computing and Systems Development

2 Timeline Week Activity 1 Introduction & Businesses 10 Assignment 2 LO2
LO1 Stakeholders 11 LO3 Key processes 3 LO1 Functions 12 LO3 e-commerce 4 13 LO3 Security - 1 5 LO2 Impacts 14 LO3 Security - 2 6 Assignment 1 LO1 15 LO3 Legislation 7 LO3Target markets 16 Assignment 3 LO3 issued 8 LO3 Objectives 17 Assignment work 9 LO3 Market research 18

3 LO3: Be able to design e-Commerce solutions
Objectives: business idea eg unique selling proposition, business-to-business opportunities, business to consumer markets; domain name Market research: purpose of research eg identifying information sources, online and offline competition; types of research eg primary, secondary Target markets: market analysis eg size, characteristics, dynamics, competitors, historical background, emerging trends, market share, market segmentation Key processes: technology requirements eg hardware, software, security, maintenance, back end systems; supply sources; distribution channels e-Commerce: payment systems eg electronic cheque, PayPal, NoChex, credit or debit cards; start-up capital; working capital; funding sources Security: key areas eg prevention of hacking, viruses, identity theft, firewall, impact on site performance, Secure Sockets Layer (SSL), Secure HTTP (HTTPS), digital certificates, strong passwords, alternative authentication methods Legislation: relevant legislation eg Data Protection Act 1998, Computer Misuse Act 1990, Consumer Credit Act 1974, Trading Standards, Freedom of Information Act 2000, copyright legislation

4 LO3 Criteria 3.1 investigate market potential for an e-Commerce opportunity 3.2 evaluate current e-Commerce systems in use by organisations 3.3 discuss the financial implications of an e-Commerce solution 3.4 design an e-Commerce solution 3.5 evaluate the suitability of an e-Commerce solution.

5 Participants Customer Merchant Software vendor Attacker
Purchases the products or services Merchant Owns or leases the ecommerce systems Software vendor Supplies the software to run the systems Attacker Exploits the other three for illegitimate gains

6 Points of attack The customer The customer’s computer
Network connection between the customer’s computer and the merchant’s server The merchant The web site’s server The software vendor

7 Attacks Tricking the customer
Calling and extracting information, then using it to con the merchant Phishing False web sites linked from s or registered URL typos eg applr.com

8 Customers computers Port scanning Keystroke loggers
nmap – a security scanner used to discover hosts and services on a computer network Keystroke loggers Distributed by virus, worm or Trojan

9 Network attacks IP address spoofing Packet sniffing
Pretending to be a legitimate PC on a LAN or WAN Packet sniffing Detecting unencrypted or poorly protected wireless traffic False wi-fi hotspots

10 Fraud Chargeback fraud Stolen cards Identity theft
Claiming delivered goods were never received Stolen cards Identity theft Falsely authenticating with stolen or faked documents to create accounts

11 Web server attacks Password guessing Denial of service (DOS)
Manual or automated using common passwords or rainbow tables (reverse encrypted lookups) Denial of service (DOS) Pings of death, ping flood, botnets

12 Software vulnerabilities
Buffer overflow attacks Poor code opens a vulnerability with root access SQL injection Malicious SQL statements inserted Cross site scripting Malicious scripts inserted in legitimate web sites

13 Exploit tools SAINT exploit tools penetration test servers (but do not exploit them) Examples are Chrome password grabber OSX 10.7 User name and hash grabber Reverse shell applet – delivers a signed Java applet ARP spoof tool for man in the middle attacks Automatic drive by download Flash drive trojan that opens connections when run by Autoplay or Open Folder

14 Defences Choose a secure ecommerce platform Use SSL security
PCI (Payment Card Industry) compliant Run regular PCI audit scans Use SSL security Trusted certificates Encrypted connections Even better, use EVSSL More extensive vetting before issuing certificates Green in URL address bar in browser

15 Defences Firewalls Inspect incoming and outgoing packets to make sure the source or destination addresses are legitimate – packet filtering Statefull – is a packet part of a legitimate connection? Application layer – detects illegitimate protocol or port usage

16 UTM (unified threat management
network firewalling network intrusion prevention gateway antivirus (AV) gateway anti-spam VPN content filtering load balancing data leak prevention on-appliance reporting

17 Sensible precautions Don’t store credit card details
Use an address verification and card verification service Enforce strong passwords Detect suspicious activity Software available Use tracking for delivery of all orders Apply all patches and updates Have a sound backup

18 Activity Match the threats to the defences
Determine what the correct defence is for each threat Determine what security measures are appropriate for an SME ecommerce business Local defences Hosted defences Services that can be used

Download ppt "Security Unit 1 Business skills for e-commerce"

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.

Principles of Information Systems, Sixth Edition Electronic Commerce Chapter 8.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.

Security. Introduction to Security Why do we need security? What happens if data is lost? –Wrong business decisions through lack of information –Long-term.
Securing Information Systems

Securing Information Systems
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Defining Security Issues

Defining Security Issues

Similar presentations

Ads by Google