Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security.

Published byTyler Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security."— Presentation transcript:

1 Chapter 13 Understanding E-Security

2 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security How Much Risk Can You Afford? Virus – Computer Enemy #1 Security Protection and Recovery

3 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 3 ABUSE & FAILURE Fraud Theft Disruption of Service Loss of Customer Confidence

4 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 4 WHY INTERNET IS DIFFERENT? Paper-Based CommerceElectronic Commerce Signed paper DocumentsDigital Signature Person-to-personElectronic via Web site Physical Payment SystemElectronic Payment System Merchant-customer Face-to-faceFace-to-face Absence Easy Detectability of modificationDifficult Detectability Easy NegotiabilityDifficult Negotiability

5 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 5 SECURITY CONCERNS Confidentiality Authentication Integrity Access Control Nonrepudiation Firewalls

6 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 6 INFORMATION SECURITY DRIVERS Global trading Availability of reliable security packages Changes in attitudes toward security

7 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 7 PRIVACY FACTOR

8 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 8 DESIGNING FOR SECURITY Adopt a reasonable security policy Consider Web security needs Design the security environment Authorizing and monitoring the system

9 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 9 ADOPT A REASONABLE SECURITY POLICY Policy –Understanding the threats information must be protected against to ensure Confidentiality Integrity Privacy –Should cover the entire e-commerce system Internet security practices Nature and level of risks Procedure of failure recovery

10 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 10 DESIGN THE SECURITY ENVIRONMENT SECURITY CONSULTANT Edit payment system CERTIFIED WEBSITE DATABASE CUSTOMER SERVICE CERTIFIED STAFF Verify IT Staff Integrity Guidelines Password Assignment Authorized link Verified Site Test data Exhibit - Logical procedure flow

11 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 11 SECURITY PERIMETER Firewalls Authentication Virtual Private Networks (VPN) Intrusion Detection Devices

12 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 12 AUTHORIZING & MONITORING SYSTEM Monitoring –Capturing processing details for evidence –Verifying e-commerce is operating within security policy –Verifying attacks have been unsuccessful

13 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 13 HOW MUCH RISK CAN YOU AFFORD? Determine specific threats inherent to the system design Estimate pain threshold Analyze the level of protection required

14 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 14 KINDS OF THREATS/CRIMES Physically-related Order-related Electronically-related

15 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 15 CLIENT SECURITY THREATS Why? –Sheer Nuisances –Deliberate Corruption of Files –Rifling Stored Information How? –Physical Attack –Virus –Computer-to-computer Attack

16 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 16 SERVER SECURIY THREATS Web server with an active port Windows NT server, not upgraded to act as firewall Anonymous FTP service Web server directories that can be accessed and indexed

17 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 17 HOW HACKERS ACTIVATE A DENIAL OF SERVICE Break into less-secured computers connected to a high-bandwidth network Installs stealth program which duplicate itself indefinitely to congest network traffic Specifies a target network from a remote location and activates the planted program Victim’s network is overwhelmed and users are denied access

18 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 18 VIRUS – COMPUTER ENEMY #1 A malicious code replicating itself to cause disruption of the information infrastructure Attacks system integrity, circumvent security capabilities and cause adverse operation Incorporate into computer networks, files and other executable objects

19 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 19 TYPES OF VIRUSES Boot Virus –Attacks boot sectors of the hard drive Macro Virus –Exploits macro commands in software application

20 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 20 VIRUS CHARACTERISTICS Fast –Easily invade and infect computer hard disk Slow –Less likely to detect and destroy Stealth –Memory resident –Able to manipulate its execution to disguise its presence

21 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 21 ANTIVIRUS STRATEGY Establish a set of simple enforceable rules Educate and train users Inform users of the existing and potential threats to the company’s systems Update the latest antivirus software periodically

22 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 22 BASIC INTERNET SECURITY PRACTICES Password –Alphanumeric –Mix with upper and lower cases –Change frequently –No dictionary names Encryption –Coding of messages in traffic between the customer placing an order and the merchant’s network processing the order

23 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 23 SECURITY RECOVERY Attack Detection Damage Assessment Correction and Recovery Corrective Feedback

24 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 24 FIREWALL & SECURITY Firewall –Enforces an access control policy between two networks –Detects intruders, blocks them from entry, keeps track what they did and notifies the system administrator

25 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 25 WHAT FIREWALL CAN PROTECT E-mail services known to be problems Unauthorized external logins Undesirable material, e.g. pornography Unauthorized sensitive information

26 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 26 WHAT FIREWALL CAN’T PROTECT Attacks without going through the firewall Weak security policy “Traitors” or disgruntled employees Viruses via floppy disks Data-driven attack

27 Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 27 SPECIFIC FIREWALL FEATURES Security Policy Deny Capability Filtering Ability Scalability Authentication Recognizing Dangerous Services Effective Audit Logs

28 Chapter 13 Understanding E-Security

Download ppt "Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security."

Similar presentations

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.

Chapter 9 E-Security. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security Designing for Security.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.

© Paradigm Publishing, Inc. 8-1 Chapter 8 Security Issues and Strategies Chapter 8 Security Issues and Strategies.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.

Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &

ELC 200 Day 25. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 Agenda Student Evaluations Quiz 4 (last) will be April 30 Chap 13, 14, &
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google