Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be."— Presentation transcript:

1 Chapter 9 E-Security

2 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be April 30 Chap 13, 14, & 15 Assignment 8 (last) will be assigned next week Should be progressing on Framework Lecture/Discuss E-security

3 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 3 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection & Recovery E-Security: Objectives

4 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 4 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence E-Security: Security in Cyberspace

5 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 5 WHY INTERNET IS DIFFERENT? E-Security: Security in Cyberspace Paper-Based CommerceElectronic Commerce Signed paper DocumentsDigital Signature Person-to-personElectronic via Website Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilitySpecial Security Protocol

6 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 6 Digital Signature Act (Oct 1v 2000) A contract or agreement in interstate or foreign commerce will not be denied legal effect, validity, or enforceability if the contract or agreement is in electronic form and is signed by an electronic signature. Note that the act covers only foreign and interstate commerce. Therefore, where both parties to a contract are in the same state, the law would not seem to apply. However, most states have enacted their own digital signature laws, which cover intrastate transactions. The Act permits, but does not require the use of an electronic signature. A legal requirement to furnish a record to a consumer in writing can be satisfied by an electronic record, so long as the consumer consents. A legal record retention requirement can be satisfied with electronic records.

7 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 7 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Non-repudiation Firewalls E-Security: Conceptualizing Security

8 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 8 INFORMATION SECURITY DRIVERS Global trading –On-line, real time Availability of reliable security packages –Good products…expensive Changes in attitudes toward security –Strategic asset E-Security: Conceptualizing Security

9 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 9 PRIVACY FACTOR E-Security: Conceptualizing Security

10 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 10 DESIGNING FOR SECURITY Adopt a reasonable security policy –Cost effective –Proactive Consider web security needs –Data sensitivity Design the security environment Authorizing and monitoring the system –Accountability –Traceability E-Security: Designing for Security

11 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 11 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature & level of risks Procedure of failure recovery E-Security: Designing for Security

12 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 12 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices E-Security: Designing for Security

13 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 13 Security Design Process Adopt a Security Policy That Makes Sense Authorize and Monitor The Security System Police The Security Perimeter Design The Security Environment Consider Web Security Needs

14 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 14 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful E-Security: Designing for Security

15 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 15 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required E-Security: How Much Risk Can You Afford?

16 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 16 KINDS OF THREATS / CRIMES Physically-related –Create physical changes Order-related –Manipulation of existing orders Electronically-related –Sniffers –Spoofers –Script kiddies E-Security: How Much Risk Can You Afford?

17 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 17 CLIENT SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack E-Security: How Much Risk Can You Afford?

18 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 18 SERVER SECURIY THREATS Web server with an active port Windows NT server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed & indexed E-Security: How Much Risk Can You Afford?

19 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 19 HOW HACKERS ACTIVATE A DISTRIBUTED DENIAL OF SERVICE ATTACK (DDoS) Break into less-secured computers connected to a high-bandwidth network Installs stealth program which duplicate itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victim’s network is overwhelmed & users are denied access E-Security: How Much Risk Can You Afford?

20 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 20 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvent security capabilities & cause adverse operation Incorporate into computer networks, files & other executable objects E-Security: Virus – Computer Enemy #1

21 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 21 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive Macro Virus –Exploits macro commands in software application E-Security: Virus – Computer Enemy #1

22 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 22 VIRUS CHARACTERISTICS Fast –Easily invade and infect computer hard disk Slow –Less likely to detect & destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence E-Security: Virus – Computer Enemy #1

23 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 23 ANTI-VIRUS STRATEGY Establish a set of simple enforceable rules Educate & train users Inform users of the existing & potential threats to the company’s systems Update the latest anti-virus software periodically E-Security: Virus – Computer Enemy #1

24 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 24 BASIC INTERNET SECURITY PRACTICES Password –http://www.crackpassword.com/http://www.crackpassword.com/ –Alpha-numeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchant’s network processing the order E-Security: Security Protection & Recovery

25 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 25 SECURITY RECOVERY Attack Detection Damage Assessment Correction & Recovery Corrective Feedback E-Security: Security Protection & Recovery

26 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 26 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track what they did & notifies the system administrator E-Security: Firewall & Security

27 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 27 WHAT FIREWALL CAN PROTECT Email services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information E-Security: Firewall & Security

28 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 28 WHAT FIREWALL CAN’T PROTECT Attacks without going through the firewall Weak security policy ‘Traitors’ or disgruntled employees Viruses via floppy disks Data-driven attack E-Security: Firewall & Security

29 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 29 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs E-Security: Firewall & Security

30 Awad –Electronic Commerce 2/e © 2003 Prentice Hall 30 Assignment # 7 On Page 276 Answer Discussion Questions 1, 2 & 3 –Answers should be well reasoned and explained in under one page per question –Turn in a well formatted typed response sheet –Due Tuesday, November 19 at start of class

Download ppt "Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be."

Similar presentations

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
CS5038 The Electronic Society

CS5038 The Electronic Society
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.

DICOM INTERNATIONAL DICOM INTERNATIONAL CONFERENCE & SEMINAR April 8-10, 2008 Chengdu, China DICOM Security Eric Pan Agfa HealthCare.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &

ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Similar presentations

Ads by Google