Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute.

Published byLitzy Bartram Modified over 9 years ago

Similar presentations

Presentation on theme: "CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute."— Presentation transcript:

1 CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute of Information TechnologyT1-Lecture-9

2 T1-Lecture-9 E Commerce Security Environment Chapter-04Part-I For Lecture Material/Slides Thanks to: Copyright © 2010 Pearson Education, Inc

3 Objectives Understand the scope of e-commerce crime and security problems. Describe the key dimensions of e-commerce security. Understand the tension between security and other values. Identify the key security threats in the e-commerce environment. T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-3

4 Online Robbery - Introduction In comparison to robbing a bank, internet banking can be robbed remotely and more safely Stealing a music / video CD from shop is harder than downloading from illegal websites If you take internet as a global market place; Many fake websites exists online to trap users by putting some attractive contents and extra ordinary deals and offers, making the remote users to provide their credit card information etc. One can not break into physical home easily and breach the privacy but if the password of social networking account is hacked then the privacy is compromised T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-4

5 Cyber Attack - Introduction Denial of Service Attack (DOS): When one computer sends or flood the high number of data packets to a targeted computer resulting in chocking the resources ( communication path, processor etc.) Distributed Denial of Service Attack (DDOS) when many computers attack on single websites, or online system from many locations in a single time resulting in overwhelming the system and creating congestion and many other impairments and making the system or website unavailable for legitimate users T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-5

6 Cyber Attack - Introduction Botnet: Artificially intelligent or robot computers can work together. A group of such computers (even in millions) capable of being managed remotely by single person attack on some online system or website. Example: In 2007 1 million computers were used in an organized attack on govt. of Estonia’s important servers T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-6

7 DDOS T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-7 http://www.cs3-inc.com/pk_whatisddos.html

8 CYBER Warfare Reference for study Russia – Estonia Cyber war Twitter DDoS Korean DDoS Taught at US Military academies http://www.dean.usma.edu/Teams/CyberDefense/Def ault.cfm http://www.dean.usma.edu/Teams/CyberDefense/Def ault.cfm bh-fed-03-dodge.pdf iwar_wise.pdf T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-8 http://www.linkedin.com/in/danielragsdale /

9 Your PC may be part of Botnet Botnets are responsible for over 80% of the spam sent to the computer users Some computer users download those spam files because of having less knowledge Some computers become infected because of unavailability of antivirus software Some computers are compromised by means of using pirated software 10 % of the world’s billion-plus computers on internet are capable of being captured by stealth malware programs which are installed by clicking malicious links and downloading hidden files. T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-9

10 The E-commerce Security Environment Overall size and losses of cybercrime unclear Reporting issues 2008 CSI survey: 49% respondent firms detected security breach in last year Of those that shared numbers, average loss $288,000 Underground economy marketplace Stolen information stored on underground economy servers Credit cards, bank information, personal identity etc etc are sold at these servers. T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 10

11 Rates of different stolen objects at Underground e market T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 11

12 Types of Attacks Against Computer Systems (Cybercrime) T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 12 Source: Based on data from Computer Security Institute, 2009.

13 What Is Good E-commerce Security? To achieve highest degree of security Use of New technologies Organizational policies and procedures Industry standards and government laws Other factors to be looked in: Time value of Information Cost of security vs. potential loss Security often breaks at weakest link T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 13

14 The E-commerce Security Environment T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 14

15 Ideal E Commerce Environment Capable of making secure commercial transaction Achieving highest degree of security Adopting new technologies Giving awareness to users about online safety Defining and understanding industrial standards Implementing governments laws Prosecuting the violators of laws T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 15

16 Dimensions of E-commerce Security T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 16

17 Typical Transection facilitated by Technologies T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 17

18 The Tension Between Security and Other Values Security vs. ease of use ◦ The more security measures added, the more difficult a site is to use, and the slower it becomes Security vs. desire of individuals to act anonymously ◦ Use of technology by criminals to plan crimes or threaten nation-state T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 18

19 Security Threats in the E-commerce Environment Three key points of vulnerability: 1.Client 2.Server 3.Communications pipeline T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 19

20 A Typical E-commerce Transaction T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 20 SOURCE: Boncella, 2000.

21 Vulnerable Points in an E-commerce Environment T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 21 SOURCE: Boncella, 2000.

22 Most Common Security Threats Malicious code Viruses ◦ virus is a computer program that has the ability to replicate or make copies of itself, and spread to other files Worms ◦ worm is designed to spread from computer to computer Trojan horses ◦ Trojan horse appears to be nonthreatening, but then does something other than expected Bots, botnets Software Robots called bots (As Explained) T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 22

23 Most Common Security Threats in the E-commerce Environment Unwanted programs: Browser parasites ◦ Adware ◦ Spyware T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 23

24 T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 24

25 Spyware Software that sits on your computer ◦ Monitors everything that you do and sends out reports to Marketing agencies ◦ Usually ties to a POP-UP server Top Spyware ◦ I-Look Up ◦ CoolWebSearch ◦ N-CASE ◦ GATOR ◦ DoubleClick If you have ever loaded ICQ on your PC you have Spyware If you have ever loaded KAZAA on your PC you have Spyware If you have ever loaded Quicken or TurboTax you have Spyware T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 25

26 Most Common Security Threats Phishing ◦ Deceptive online attempt to obtain confidential information ◦ Social engineering, e-mail scams, spoofing legitimate Web sites ◦ Use information to commit fraudulent acts (access checking accounts), steal identity Hacking and cyber-vandalism ◦ Hackers vs. crackers ◦ hacker is an individual who intends to gain unauthorized access to a computer system T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 26

27 Most Common Security Threats cracker is the term typically used within the hacking community to demote a hacker with criminal intent Cyber-vandalism: intentionally disrupting, defacing, destroying Web site Types of hackers: white hats are “good” hackers that help organizations locate and fix security flaws black hats are hackers who act with the intention of causing harm grey hats are hackers who believe they are pursuing some greater good by breaking in and revealing system flaws T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 27

28 Most Common Security Threats Credit card fraud/theft Fear of stolen credit card information deters online purchases Hackers target merchant servers; use data to establish credit under false identity Online companies at higher risk than offline Spoofing: misrepresenting self by using fake e-mail address or other form of identification spoofing a Web site also called Pharming: Redirecting a Web link to a new, fake Web site Spam/junk Web sites Splogs T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 28

29 Snoop and Sniff T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 29

30 Most Common Security Threats Denial of service (DoS) attack Hackers flood site with useless traffic to overwhelm network Distributed denial of service (DDoS) attack Hackers use multiple computers to attack target network Sniffing Eavesdropping program that monitors information traveling over a network Insider jobs Single largest financial threat Poorly designed server and client software T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 30

31 The Virus: Computer Enemy Number One Most serious attack on a client computer or a server in an Internet environment is the virus A virus is a malicious code that replicates itself and can be used to disrupt the information infrastructure Viruses commonly compromise system integrity, circumvent security capabilities, and cause adverse operation by taking advantage of the information system of the network T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 31

32 Types of Viruses File virus is one that attacks executable files Boot virus attacks the boot sectors of the hard drive and diskettes Macro virus exploits the macro commands in software applications such as Microsoft Word T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 32

33 Levels of Virus Damage T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 33

34 Steps for Antivirus Strategy Establish a set of simple enforceable rules for others to follow Educate and train users on how to check for viruses on a disk Inform users of the existing and potential threats to the company’s systems and the sensitivity of information they contain Periodically update the latest antivirus software T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 34

35 Getting Rid of Viruses Get a good Virus Projection Software Free (not Recommended) ◦ Anti-Vir Anti-Vir ◦ Avast Avast ◦ AVG AVG Not Free ◦ Norton AntiVirus Norton AntiVirus ◦ MacAfee MacAfee Free for UMFK students and staff ◦ http://www.umfk.maine.edu/it/downloads/default.cfm http://www.umfk.maine.edu/it/downloads/default.cfm ◦ Update definition files often T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 35

36 Spyware Solutions Enforce strict user Web policies on surfing and downloading activities Install a desktop firewall on every laptop and desktop - http://www.zonelabs.com http://www.zonelabs.com Do not give users administrator privileges Configure an e-mail gateway to block all executable e- mail attachments Ensure desktop antivirus software signatures are up to date - http://www.grisoft.comhttp://www.grisoft.com T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 36

37 End of: T1-Lecture-9 E Commerce Security Environment Chapter-04Part-I Thank You T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1- 37

Download ppt "CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad GM-IT CIIT Islamabad CIIT Virtual Campus, CIIT COMSATS Institute."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice HallCopyright © 2009 Pearson Education, Inc. Slide 5-1 Online Security and Payment Systems.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
E-commerce business. technology. society. Kenneth C. Laudon

E-commerce business. technology. society. Kenneth C. Laudon
Computer Viruses.

Computer Viruses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Chapter 5 Security and Encryption

Chapter 5 Security and Encryption
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.

Copyright © 2004 Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google