Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Electronic Commerce | Security Threats - Solution

Published byJohn Lane Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 5 Electronic Commerce | Security Threats - Solution"— Presentation transcript:

1 Chapter 5 Electronic Commerce | Security Threats - Solution
Source: E-Commerce by K.C Laudon Organize by - Qasim Rafique System Analyst (Hailey College of Commerce | University of the Punjab

2 Protecting servers (web, company) and clients computers
SSL – (https i.e Encryption ) VPNs (Virtual Private Networks) Firewalls Proxy Servers Protecting servers (web, company) and clients computers Operating system security enhancements Anti-virus software Strong Passwords Strong Database Passwords Strong Web Admin Panel Passwords User Education and Training

3 Securing Channels of Communication ( encryption implementation)
Secure Sockets Layer (SSL): Secure Socket Layer (SSL) is a protocol that encrypts data between the shopper's computer and the site's server. Look for “S” in browser (https instead of http) Look for “small Pad Lock “ in Browser It means you are using SSL to establish a secure negotiation session through session key. Secure Negotiated Session: A client – server session (duration) in which the URL of the requested documents along with the contents, contents of forms, and the cookies exchanged , are encrypted. Session key: A session key is a unique symmetric encryption key chosen just for this single secure session. Once used , it is gone forever. Copyright © 2010 Pearson Education, Inc.

4 Figure 5.12, Page 298 Copyright © 2010 Pearson Education, Inc.

5 Copyright © 2010 Pearson Education, Inc.

6 Copyright © 2010 Pearson Education, Inc.

7 Copyright © 2010 Pearson Education, Inc.

8 Copyright © 2010 Pearson Education, Inc.

9 The browser send out the Public key and the certificate
When your browser requests a secure page and add “S” onto http and show a “pad lock” in browser. The browser send out the Public key and the certificate Checking things such as certificate comes from trusted party (CA) Certificate Currently valid the certificate has a relation with the site (for example citybank.com or amazon.com )from which is coming SSL mean Data encryption which provide 4 out of 6 Security Dimensions for an e-commerce website i.e [Data Integrity, Non - repudiation, Authenticity , Confidentiality ] Copyright © 2010 Pearson Education, Inc.

10 Virtual Private Network (VPN):
A virtual private network (VPN) extends a private network across a public network, such as the Internet. A well-designed VPN can greatly benefit a company. For example, it can: Extend geographic connectivity Improve security Provide faster ROI (return on investment) than traditional WAN Reduce operational costs versus traditional WAN Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP) Copyright © 2010 Pearson Education, Inc.

11 Point-to-Point-Tunneling Protocol (PPTP) is a networking technology that enabled systems (Business users, employees , partner etc.) to dial into a local Internet service provider to connect securely to their corporate network through the Internet. Copyright © 2010 Pearson Education, Inc.

12 Firewall A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls can block ports and programs that try to gain unauthorized access to your computer Copyright © 2010 Pearson Education, Inc.

13 Proxy servers In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary. That process the requests of clients and by forwarding queries and request to other systems or servers on the internet. Proxy servers also improve Web performance by storing frequently used pages locally and reducing upload times .(mean cache) Copyright © 2010 Pearson Education, Inc.

14 Protecting Servers and Clients
Operating system security enhancements Install a purchased copy of operating system (window). Upgrades, patches : upgrades & Patches are autonomic; that is , when using windows xp or vista on the Internet , your are prompted and informed that operating system enhancements are available. Active personal Firewall (Window firewall) User can easily download these security patches for free. The most common known worms and viruses can be prevented by simply keeping your server and client operating system and applications up to date. Copyright © 2010 Pearson Education, Inc.

15 Copyright © 2010 Pearson Education, Inc.

16 Protecting Servers and Clients
Anti-virus software Easiest and least expensive way to prevent threats to system integrity For example, NOD32, KESPERSKY, Symantec, AVGFREE PANDA ETC. Requires daily updates Antivirus software will protect a computer from many, but not all, of the most common types of viruses. The software will also destroy any viruses already present on the hard drive. Premium – level anti – virus software is updated hourly. However, new viruses are being developed daily, so routine updates of the software are needed to prevent new viruses from causing damage. Copyright © 2010 Pearson Education, Inc.

17 Password Selection (For e-commerce site)
Password Polices Password Selection (For e-commerce site) Web Admin Panel Passwords Database Passwords Password Protected Website Directories (Folders) Education Website Employees and Customers Password policies Ensure that password policies are enforced for shoppers and internal users. A sample password policy, defined as part of the Federal Information Processing Standard (FIPS), is shown in the table below. Copyright © 2010 Pearson Education, Inc.

18 Password Policies Copyright © 2010 Pearson Education, Inc.

19 User Education and Training
Information System is only as secure as the people who use it. Education is the best way to ensure that your customers take appropriate precautions: Install personal firewalls for the client machines. Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site. Use appropriate password policies, firewalls, and routine external security audits. By default, rogue programs that run with root privileges can be easily hidden. An external attacker or malicious insider might do this to hide hacking files, such as rootkits, on the system. Copyright © 2010 Pearson Education, Inc.

Download ppt "Chapter 5 Electronic Commerce | Security Threats - Solution"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)

2 An Overview of Telecommunications and Networks Telecommunications: the _________ transmission of signals for communications (home net) (home net)
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
Data Security.

Data Security.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Similar presentations

Ads by Google