Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Java Applets Java: platform-independent programming language – Provides Web page active content – Server sends applets with client-requested pages –

Published byDale Montgomery Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Java Applets Java: platform-independent programming language – Provides Web page active content – Server sends applets with client-requested pages –"— Presentation transcript:

1 1 Java Applets Java: platform-independent programming language – Provides Web page active content – Server sends applets with client-requested pages – Most cases: operation visible to visitor – Possibility: functions not noticed by visitor Advantages – Adds functionality to business application’s functionality; relieves server-side programs Disadvantage – Possible security violations (Trojan horse, zombie) E-Business, Ninth Edition

2 2 Java Applets (cont’d.) Java sandbox – Confines Java applet actions to set of rules defined by security model – Rules apply to all untrusted Java applets Not established as secure – Java applets running within sandbox constraint No full client system access Java applet security information – Java Security Page

3 3 JavaScript – Scripting language developed by Netscape – Enables Web page designers to build active content – Based loosely on Sun’s Java programming language – Can be used for attacks Cannot commence execution on its own User must start ill-intentioned JavaScript program E-Business, Ninth Edition

4 4 ActiveX Controls ActiveX control – Objects containing programs and properties Web designers place on Web pages Component construction – Many different programming languages Common: C++ and Visual Basic Run on Windows operating systems computers Executed on client computer like any other program

5 5 ActiveX Controls (cont’d.) Comprehensive ActiveX controls list – ActiveX page at Download.com Security danger – Execute like other client computer programs – Have access to full system resources Cause secrecy, integrity, and necessity violations – Actions cannot be halted once started Web browsers – Provide notice of Active-X download or install E-Business, Ninth Edition

6 6 Graphics and Plug-Ins Graphics, browser plug-ins, and e-mail attachments can harbor executable content Code embedded in graphic might harm client computer Browser plug-ins (programs) – Enhance browser capabilities – Can pose security threats 1999 RealPlayer plug-in Plug-ins executing commands buried within media

7 E-Business, Ninth Edition7 Viruses, Worms, and Antivirus Software Programs display e-mail attachments by automatically executing associated programs – Word and Excel macro viruses can cause damage Virus: software – Attaches itself to another program – Causes damage when host program activated Worm: virus – Replicates itself on computers it infects – Spreads quickly through the Internet Macro virus – Small program (macro) embedded in file

8 E-Business, Ninth Edition8 Viruses, Worms, and Antivirus Software (cont’d.) ILOVEYOU virus (“love bug”) – Spread with amazing speed – Infected computers – Clogged e-mail systems – Replicated itself explosively through Outlook e-mail – Caused other harm 2001 Code Red and Nimda – Multivector virus: entered computer system in several different ways (vectors) 2002 and 2003 Bugbear: – New virus-worm combination

9 E-Business, Ninth Edition9 Viruses, Worms, and Antivirus Software (cont’d.) Antivirus software – Detects viruses and worms – Either deletes or isolates them on client computer 2005 and 2006 Zotob – New breed of Trojan horse-worm combination 2007: Storm virus 2008 and continuing into 2009: Conflicker 2009 and 2010 – New viruses designed specifically to hijack users’ online banking sessions

10 E-Business, Ninth Edition10 FIGURE 10-5 Major viruses, worms, and Trojan horses

11 11 FIGURE 10-5 Major viruses, worms, and Trojan horses (cont.) 11E-Business, Ninth Edition

12 12 FIGURE 10-5 Major viruses, worms, and Trojan horses (cont.) E-Business, Ninth Edition

13 13 Digital Certificates Digital certificate (digital ID) – E-mail message attachment or program embedded in Web page – Verifies sender or Web site – Contains a means to send encrypted message – Signed message or code Provides proof of holder identified by the certificate – Used for online transactions Electronic commerce, electronic mail, and electronic funds transfers E-Business, Ninth Edition

14 14 FIGURE 10-6 Delmar Cengage Learning’s digital certificate information displayed in Firefox browser

15 15 Digital Certificates (cont’d.) Certification authority (CA) – Issues digital certificates to organizations, individuals Digital certificates cannot be forged easily Six main elements – Certificate owner’s identifying information – Certificate owner’s public key – Dates certificate is valid – Certificate serial number – Certificate issuer name – Certificate issuer digital signature E-Business, Ninth Edition

16 16 Digital Certificates (cont’d.) Key – Number: usually long binary number Used with encryption algorithm “Lock” message characters being protected – Longer keys provide better protection Identification requirements vary – Driver’s license, notarized form, fingerprints Companies offering CA services – Thawte, VeriSign, DigiCert, Entrust, GeoTrust, Equifax Secure, RapidSSL.com E-Business, Ninth Edition

17 17 Digital Certificates (cont’d.) Secure Sockets Layer-Extended Validation (SSL-EV) digital certificate – Issued after more extensive verification confirmed Annual fees – $200 to more than $1500 Digital certificates expire after period of time – Provides protection (users and businesses) – Must submit credentials for reevaluation periodically E-Business, Ninth Edition

18 18 Security for Client Computers Client computers – Must be protected from threats Threats – Originate in software and downloaded data – Malevolent server site masquerades as legitimate Web site Users and client computers duped into revealing information E-Business, Ninth Edition

19 Protecting Client Computers

20 20 Cookies Internet connection between Web clients and servers – Stateless connection Independent information transmission No continuous connection (open session) maintained between any client and server Cookies – Small text files Web servers place on Web client – Identify returning visitors – Allow continuing open session E-Business, Ninth Edition

21 21 Cookies (cont’d.) Time duration cookie categories – Session cookies: exist until client connection ends – Persistent cookies: remain indefinitely – Electronic commerce sites use both Cookie sources – First-party cookies Web server site places them on client computer – Third-party cookies Different Web site places them on client computer E-Business, Ninth Edition

22 22 Cookies (cont’d.) Disable cookies entirely – Complete cookie protection – Problem Useful cookies blocked (along with others) Full site resources not available Web browser cookie management functions – Refuse only third-party cookies – Review each cookie before accepted – Provided by Google Chrome, Microsoft Internet Explorer, Mozilla Firefox, Opera E-Business, Ninth Edition

23 23 FIGURE 10-3 Mozilla Firefox dialog box for managing stored cookies E-Business, Ninth Edition

24 24 Web Bugs Web bug – Tiny graphic that third-party Web site places on another site’s Web page – Purpose Provide a way for a third-party site to place cookie on visitor’s computer Internet advertising community: – Calls Web bugs “clear GIFs” or “1-by-1 GIFs” Graphics created in GIF format Color value of “transparent,” small as 1 pixel by 1 pixel E-Business, Ninth Edition

25 25 Active Content Active content – Programs embedded transparently in Web pages – Cause action to occur – E-commerce example Place items into shopping cart; compute tax and costs Advantages – Extends HTML functionality – Moves data processing chores to client computer Disadvantages – Can damage client computer E-Business, Ninth Edition

26 26 Active Content (cont’d.) Cookies, Java applets, JavaScript, VBScript, ActiveX controls, graphics, Web browser plug-ins, e-mail attachments Scripting languages: provide executable script – Examples: JavaScript and VBScript Applet: small application program – Typically runs within Web browser Browsers include tools limiting applets’ actions Active content modules – Embedded in Web pages (invisible) E-Business, Ninth Edition

27 27 FIGURE 10-4 Advanced JavaScript settings in Mozilla Firefox E-Business, Ninth Edition

28 28 Active Content (cont’d.) Crackers: embed malicious active content Trojan horse – Program hidden inside another program (Web page) Masking true purpose Zombie (Trojan horse) – Secretly takes over another computer – Launches attacks on other computers Botnet (robotic network, zombie farm) – All controlled computers act as an attacking unit E-Business, Ninth Edition

29 29 FIGURE 10-7 Internet Explorer address window display for an SSL-EV Web site 29E-Business, Ninth Edition

30 30 Steganography – Hiding information within another piece of information Can be used for malicious purposes Hiding encrypted file within another file – Casual observer cannot detect anything of importance in container file – Two-step process Encrypting file protects it from being read Steganography makes it invisible Al Qaeda used steganography to hide attack orders E-Business, Ninth Edition

31 31 Physical Security for Clients Client computers – Control important business functions – Same physical security as early systems New physical security technologies – Fingerprint readers (less than $100) Stronger protection than password approaches Biometric security device – Identification using element of person’s biological makeup Writing pads, eye scanners, palm reading scanners, reading back of hand vein pattern E-Business, Ninth Edition

32 32 Communication Channel Security Internet – Not designed to be secure – Designed to provide redundancy Remains unchanged from original insecure state – Message traveling on the Internet Subject to secrecy, integrity, and necessity threats E-Business, Ninth Edition

Download ppt "1 Java Applets Java: platform-independent programming language – Provides Web page active content – Server sends applets with client-requested pages –"

Similar presentations

Threats and Protection Mechanisms

Threats and Protection Mechanisms
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Electronic Commerce Ninth Edition

Electronic Commerce Ninth Edition
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
E-Business Tenth Edition

E-Business Tenth Edition
1 Chapter 5 Security Threats to Electronic Commerce.

1 Chapter 5 Security Threats to Electronic Commerce.
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
Security Threats to Electronic Commerce

Security Threats to Electronic Commerce
Chapter 5 Security Threats to Electronic Commerce

Chapter 5 Security Threats to Electronic Commerce
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
B.A. (Mahayana Studies) 000-209 Introduction to Computer Science November 2005 - March 2006 9. Safety and Security What are the main safety and security.

B.A. (Mahayana Studies) Introduction to Computer Science November March Safety and Security What are the main safety and security.
Electronic Commerce Security Presented by: Chris Brawley Chris Avery.

Electronic Commerce Security Presented by: Chris Brawley Chris Avery.
Electronic Commerce COMP3210 Dr. Paul Walcott 08/11/04 The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave.

Electronic Commerce COMP3210 Dr. Paul Walcott 08/11/04 The Department of Computer Science Mathematics and Physics, University of the West Indies, Cave.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
Chapter 10: Electronic Commerce Security

Chapter 10: Electronic Commerce Security

Similar presentations

Ads by Google