Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 Electronic Commerce | Security Threats - Solution

Similar presentations


Presentation on theme: "Chapter 5 Electronic Commerce | Security Threats - Solution"— Presentation transcript:

1 Chapter 5 Electronic Commerce | Security Threats - Solution
Source: E-Commerce by K.C Laudon Organize by - Qasim Rafique System Analyst (Hailey College of Commerce | University of the Punjab

2 Protecting servers (web, company) and clients computers
SSL – (https i.e Encryption ) VPNs (Virtual Private Networks) Firewalls Proxy Servers Protecting servers (web, company) and clients computers Operating system security enhancements Anti-virus software Strong Passwords Strong Database Passwords Strong Web Admin Panel Passwords User Education and Training

3 Securing Channels of Communication ( encryption implementation)
Secure Sockets Layer (SSL): Secure Socket Layer (SSL) is a protocol that encrypts data between the shopper's computer and the site's server. Look for “S” in browser (https instead of http) Look for “small Pad Lock “ in Browser It means you are using SSL to establish a secure negotiation session through session key. Secure Negotiated Session: A client – server session (duration) in which the URL of the requested documents along with the contents, contents of forms, and the cookies exchanged , are encrypted. Session key: A session key is a unique symmetric encryption key chosen just for this single secure session. Once used , it is gone forever. Copyright © 2010 Pearson Education, Inc.

4 Figure 5.12, Page 298 Copyright © 2010 Pearson Education, Inc.

5 Copyright © 2010 Pearson Education, Inc.

6 Copyright © 2010 Pearson Education, Inc.

7 Copyright © 2010 Pearson Education, Inc.

8 Copyright © 2010 Pearson Education, Inc.

9 The browser send out the Public key and the certificate
When your browser requests a secure page and add “S” onto http and show a “pad lock” in browser. The browser send out the Public key and the certificate Checking things such as certificate comes from trusted party (CA) Certificate Currently valid the certificate has a relation with the site (for example citybank.com or amazon.com )from which is coming SSL mean Data encryption which provide 4 out of 6 Security Dimensions for an e-commerce website i.e [Data Integrity, Non - repudiation, Authenticity , Confidentiality ] Copyright © 2010 Pearson Education, Inc.

10 Virtual Private Network (VPN):
A virtual private network (VPN) extends a private network across a public network, such as the Internet. A well-designed VPN can greatly benefit a company. For example, it can: Extend geographic connectivity Improve security Provide faster ROI (return on investment) than traditional WAN Reduce operational costs versus traditional WAN Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP) Copyright © 2010 Pearson Education, Inc.

11 Point-to-Point-Tunneling Protocol (PPTP) is a networking technology that enabled systems (Business users, employees , partner etc.) to dial into a local Internet service provider to connect securely to their corporate network through the Internet. Copyright © 2010 Pearson Education, Inc.

12 Firewall A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls can block ports and programs that try to gain unauthorized access to your computer Copyright © 2010 Pearson Education, Inc.

13 Proxy servers In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary. That process the requests of clients and by forwarding queries and request to other systems or servers on the internet. Proxy servers also improve Web performance by storing frequently used pages locally and reducing upload times .(mean cache) Copyright © 2010 Pearson Education, Inc.

14 Protecting Servers and Clients
Operating system security enhancements Install a purchased copy of operating system (window). Upgrades, patches : upgrades & Patches are autonomic; that is , when using windows xp or vista on the Internet , your are prompted and informed that operating system enhancements are available. Active personal Firewall (Window firewall) User can easily download these security patches for free. The most common known worms and viruses can be prevented by simply keeping your server and client operating system and applications up to date. Copyright © 2010 Pearson Education, Inc.

15 Copyright © 2010 Pearson Education, Inc.

16 Protecting Servers and Clients
Anti-virus software Easiest and least expensive way to prevent threats to system integrity For example, NOD32, KESPERSKY, Symantec, AVGFREE PANDA ETC. Requires daily updates Antivirus software will protect a computer from many, but not all, of the most common types of viruses. The software will also destroy any viruses already present on the hard drive. Premium – level anti – virus software is updated hourly. However, new viruses are being developed daily, so routine updates of the software are needed to prevent new viruses from causing damage. Copyright © 2010 Pearson Education, Inc.

17 Password Selection (For e-commerce site)
Password Polices Password Selection (For e-commerce site) Web Admin Panel Passwords Database Passwords Password Protected Website Directories (Folders) Education Website Employees and Customers Password policies Ensure that password policies are enforced for shoppers and internal users. A sample password policy, defined as part of the Federal Information Processing Standard (FIPS), is shown in the table below. Copyright © 2010 Pearson Education, Inc.

18 Password Policies Copyright © 2010 Pearson Education, Inc.

19 User Education and Training
Information System is only as secure as the people who use it. Education is the best way to ensure that your customers take appropriate precautions: Install personal firewalls for the client machines. Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and the e-Commerce Web site. Use appropriate password policies, firewalls, and routine external security audits. By default, rogue programs that run with root privileges can be easily hidden. An external attacker or malicious insider might do this to hide hacking files, such as rootkits, on the system. Copyright © 2010 Pearson Education, Inc.


Download ppt "Chapter 5 Electronic Commerce | Security Threats - Solution"

Similar presentations


Ads by Google