Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to E-Commerce Security By Graham Mead.

Published byGwen Rich Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to E-Commerce Security By Graham Mead."— Presentation transcript:

1 An Introduction to E-Commerce Security By Graham Mead

2 Security Strategies Enforce Secure Passwords by Design. Don’t trust users are who they say they are, unless they can prove it. PCI Data Security Standard https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/ ISO/IEC 27001 (risks to information assets)

3 Secure Transfer Methods HTTPS, SSH, SFTP. These protocols use encryption. They allow you to transfer data securely. Use the ‘High’ encryption level for Remote Desktop. This uses a 128 bit key. Never use telnet, http or ftp to login. These are insecure protocols.

4 Default Security is Weak Configuration found in Admin Tools -> Terminal Services Configuration. Change the Encryption drop down box to at least High.

5 HTTPS Example Click on the padlock to see this window. The White box would display the address of the web site. The Green box would

6 Implementing Security Mod_security http://www.modsecurity.org/ can filter out bad traffic and help protect web applications.http://www.modsecurity.org/ mod_ssl allows the HTTPS protocol to be used with apache.

7 Mod Security Over 70% of all attacks now carried out over the web port. (modsecurity) Mod Security is a web application layer firewall. It can be used to help protect web sites. Two example alerts can be seen in the image below. First it protects against a directory listing, that could be valuable to an attacker Secondly it protects against an SQL Injection attack.

8 Security is Everyone's Responsibility. Don’t be the weak link.

9 References http://www.modsecurity.org/documentation /faq.html#d0e47 (modsecurity.org 2007)http://www.modsecurity.org/documentation /faq.html#d0e47

Download ppt "An Introduction to E-Commerce Security By Graham Mead."

Similar presentations

BalaBit Shell Control Box

BalaBit Shell Control Box
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
HTTPS Hypertext Transfer Protocol Secure Marcela López Hurtado.

HTTPS Hypertext Transfer Protocol Secure Marcela López Hurtado.
For further information computersecurity.wlu.ca

For further information computersecurity.wlu.ca
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.

Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Email Services Encrypted Memory Sticks Fax Secure.

November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.
Telnet/SSH: Connecting to Hosts Internet Technology1.

Telnet/SSH: Connecting to Hosts Internet Technology1.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google