1. Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8

2. Copyright © 2002 Pearson Education, Inc. Slide 5-2 CHAPTER 5 Created by, David Zolzer, Northwestern State University—Louisiana Security

3. Copyright © 2002 Pearson Education, Inc. Slide 5-3 Internet Fraud Complaints Reported to the IFCC Page 232, Figure 5.1

4. Copyright © 2002 Pearson Education, Inc. Slide 5-4 The E-commerce Security Environment Page 234, Figure 5.2

5. Copyright © 2002 Pearson Education, Inc. Slide 5-5 Dimensions of E-commerce Security Page 235, Table 5.1

6. Copyright © 2002 Pearson Education, Inc. Slide 5-6 The Tension Between Security and Other Values  Ease of use  The more security measures that are added to an e-commerce site, the more difficult it is to use and the slower the site becomes, hampering ease of use. Security is purchased at the price of slowing down processors and adding significantly to data storage demands. Too much security can harm profitability, while not enough can potentially put a business out of business.

7. Copyright © 2002 Pearson Education, Inc. Slide 5-7 The Tension Between Security and Other Values  Public Safety and the Criminal Uses of Security  There is tension between the claims of individuals to act anonymously and the needs of the public officials to maintain public safety that can be threatened by criminals or terrorists.

8. Copyright © 2002 Pearson Education, Inc. Slide 5-8 Security Threats in the E-commerce Environment  Three key points of vulnerability  the client  the server  communications pipeline

9. Copyright © 2002 Pearson Education, Inc. Slide 5-9 A Typical E-commerce Transaction Page 238, Figure 5.3

10. Copyright © 2002 Pearson Education, Inc. Slide 5-10 Vulnerable Points in an E-commerce Environment Page 239, Figure 5.4

11. Copyright © 2002 Pearson Education, Inc. Slide 5-11 Seven Security Threats to E- commerce Sites  Malicious code  includes a variety of threats such as viruses, worms, Trojan horses, and “bad applets”  virus is a computer program that has the ability to replicate or make copies of itself, and spread to other files  worm is designed to spread from computer to computer  Trojan horse appears to be benign, but then does something other than expected

12. Copyright © 2002 Pearson Education, Inc. Slide 5-12 Examples of Malicious Code Page 241 Table 5.2

13. Copyright © 2002 Pearson Education, Inc. Slide 5-13 Seven Security Threats to E- commerce Sites  Hacking and cybervandalism  hacker is an individual who intends to gain unauthorized access to a computer system  cracker is the term typically used within the hacking community to demote a hacker with criminal intent  cybervandalism is intentionally disrupting, defacing, or even destroying a site

14. Copyright © 2002 Pearson Education, Inc. Slide 5-14 Seven Security Threats to E- commerce Sites  Hacking and cybervandalism  white hats are “good” hackers that help organizations locate and fix security flaws  black hats are hackers who act with the intention of causing harm  grey hats are hackers who believe they are pursuing some greater good by breaking in and revealing system flaws

15. Copyright © 2002 Pearson Education, Inc. Slide 5-15 Seven Security Threats to E- commerce Sites  Credit card fraud  Different from traditional commerce  Hackers target files on merchant server  Spoofing  Misrepresenting oneself by using fake email addresses or masquerading as someone else

16. Copyright © 2002 Pearson Education, Inc. Slide 5-16 Seven Security Threats to E- commerce Sites  Denial of Service Attacks  Flooding a Web site with useless traffic to inundate and overwhelm the network  Distributed Denial of Service attack uses numerous computers to attack the target network from numerous launch points

17. Copyright © 2002 Pearson Education, Inc. Slide 5-17 Seven Security Threats to E- commerce Sites  Sniffing  A type of eavesdropping program that monitors information traveling over a network  Insider Jobs  Employees with access to sensitive information  Sloppy internal security procedures  Able to roam throughout an organization’s system without leaving a trace

18. Copyright © 2002 Pearson Education, Inc. Slide 5-18 Tools Available to Achieve Site Security Page 247, Figure 5.5

19. Copyright © 2002 Pearson Education, Inc. Slide 5-19 Firewalls and Proxy Servers Page 262, Figure 5.11

20. Copyright © 2002 Pearson Education, Inc. Slide 5-20 Protecting Servers and Clients  Operating system controls allow for the authentication of the user and access controls to files, directories, and network paths  Anti-virus software is the easiest and least expensive way to prevent threats to system integrity

21. Copyright © 2002 Pearson Education, Inc. Slide 5-21 Policies, Procedures, and Laws  Developing an e-commerce security plan  perform a risk assessment  develop a security policy  develop an implementation plan  create a security organization  perform a security audit

22. Copyright © 2002 Pearson Education, Inc. Slide 5-22 Developing an E-commerce Security Plan Page 264, Figure 5.12

23. Copyright © 2002 Pearson Education, Inc. Slide 5-23 AKHIR PERTEMUAN 8