14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)

7/26/2019 14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)

1/20

Security Overview & Electronic

Commerce Threats


2/20

Electronic BusinessMS 114

It is not the strongest of the species that survive, nor the most

intelligent, but the one most responsive to change

Charles Darw in

If youre not changing faster than your environment, you are

falling behind

Jack Welsh , CEO of GE


3/20

Security in Cyberspace

The electronic system that supports e-commerce issusceptible to abuse and failure in many ways:

Fraud:

Resulting in direct financial loss. Funds might be transferred from one account to

another, or financial records might simply be

destroyed.


4/20


Theft: Theft of confidential, proprietary, technological, or

marketing information belonging to the firm or to

the customer.

An intruder may disclose such information to a

third party, resulting in damage to a key customer,

a client, or the firm itself.

Disruption: Disruption of service resulting in major losses to

business or inconvenience to the customer.


5/20


Loss:

Loss of customer confidence stemming from

illegal intrusion into customer files or company

business, dishonesty, human mistakes, or networkfailure.


6/20

Security Issues

Security concerns generally include thefollowing issues:

Confidentiality:

Knowing who can read data. Ensuring that information in the network remains

private.

This is done via encryption. Identification and Authentication:

Making sure that message sender or principal are

authentic.


7/20

Security Issues

Availability

System resources are safeguarded from tamperingand are available for authorized users at the timeand in the format needed

Integrity:

Making sure that information is not accidental ormaliciously altered or corrupted in transit.

Access Control: Restricting the use of resources to authorized

principals.


8/20

Security Issues

Nonrepudiation: Ensuring that principal cannot deny that they sent the

message.

Privacy

Individual rights to nondisclosure

Firewalls:

A filter between corporate network and the Internet to

secure corporate information and files from intruders butallowing access to authorized principals.


9/20

Security Threats in the E-commerce Environment

Three key points of vulnerability: Client

Server

Communications channel

Most common threats: Malicious code

Hacking and cybervandalism

Credit card fraud/theft

Zombied PC

Phishing Denial of service attacks

Sniffing

Spoofing


10/20

A Typical E-commerce Transaction


11/20

Vulnerable Points in an E-commerce Environment


12/20

Malicious Code Virus-

It is a software program which attach it self to otherprograms without the owner of program being aware of it.

when the main program is executed the virus is spreadcausing damage.

Worms

designed to spread from computer to computer It can spread without any human intervention.

It can propagate through network and can affect hand helddevices.

Trojan horse-

It is software that appears to perform a desirable functionfor the user prior to run or install.

Perhaps in addition to the expected function, stealsinformation or harms the system.


13/20

Malicious Code

Bad applets (malicious mobile code)-

malicious Java applets or ActiveX controls that may be

downloaded onto client and activated merely by surfing to

a Web site


14/20

Examples of Malicious Code


15/20

Hacking and Cybervandalism

Hacker: Individual who intends to gain unauthorizedaccess to a computer systems

Cracker: Used to denote hacker with criminal intent(two terms often used interchangeably)

Cybervandalism: Intentionally disrupting, defacing ordestroying a Web site

Types of hackers include: White hatsMembers of tiger teams used by corporate

security departments to test their own security measures Black hatsAct with the intention of causing harm

Grey hatsBelieve they are pursuing some greater goodby breaking in and revealing system flaws


16/20

Credit Card Fraud

Fear that credit card information will be stolendeters online purchases

Hackers target credit card files and other

customer information files on merchantservers; use stolen data to establish creditunder false identity

One solution: New identity verificationmechanisms


17/20

Kinds of Threats or Crimes Zombied PCs

-A zombie computer (often

shortened as zombie) is a computerconnected to the

Internetthat has been compromisedby a hacker,

computer virusor Trojan horse.

Generally, a compromised machine is only one of many ina botnet, and will be used to perform malicious tasks of

one sort or another under remote direction. Most owners

of zombie computers are unaware that their system is

being used in this way. Because the owner tends to be

unaware, these computers are metaphorically compared

to zombies.
http://en.wikipedia.org/wiki/Computerhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Hacker_%28computer_security%29http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Botnethttp://en.wikipedia.org/wiki/Zombiehttp://en.wikipedia.org/wiki/Zombiehttp://en.wikipedia.org/wiki/Botnethttp://en.wikipedia.org/wiki/Trojan_horse_%28computing%29http://en.wikipedia.org/wiki/Computer_virushttp://en.wikipedia.org/wiki/Hacker_%28computer_security%29http://en.wikipedia.org/wiki/Computer_securityhttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Computer


18/20

Kinds of Threats or Crimes Phishing- is the criminallyfraudulentprocess of

attempting to acquire sensitive information such as

usernames, passwordsand credit card details by

masquerading as a trustworthy entity in an electronic

communication. Phishing is typically carried out by e-mailor instant

messaging, and it often directs users to enter details at a

fake website whose look and feelare almost identical to

the legitimate one.

Phishing is an example of social engineeringtechniques

used to fool users, and exploits the poor usability of

current web security technologies.
http://en.wikipedia.org/wiki/Criminalhttp://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29http://en.wikipedia.org/wiki/Look_and_feelhttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/Instant_messaginghttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/E-mailhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Electronic_communicationhttp://en.wikipedia.org/wiki/Passwordhttp://en.wikipedia.org/wiki/Fraudhttp://en.wikipedia.org/wiki/Criminal


19/20

Kinds of Threats or Crimes DoS - A denial-of-service attack(DoS attack) or distributed

denial-of-service attack(DDoS attack) is an attempt to makea computer resource unavailable to its intended users. Although the meansto carry out, motivesfor, and targets of a DoS

attack may vary, it generally consists of the concerted efforts of aperson or people to prevent an Internetsiteor servicefromfunctioning efficiently or at all, temporarily or indefinitely.

Perpetratorsof DoS attacks typically target sites orservices hosted onhigh-profile web serverssuch as banks, credit cardpayment gateways,and even root name servers.

The term is generally used with regards to computer networks, but isnot limited to this field, for example, it is also used in reference to CPUresource management.

One common method of attack involves saturating the target machinewith external communications requests, such that it cannot respond tolegitimate traffic, or responds so slowly as to be rendered effectivelyunavailable.
http://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Internethttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/CPUhttp://en.wikipedia.org/wiki/CPUhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Root_nameserverhttp://en.wikipedia.org/wiki/Credit_cardhttp://en.wikipedia.org/wiki/Web_serverhttp://en.wikipedia.org/wiki/Web_servicehttp://en.wikipedia.org/wiki/Websitehttp://en.wikipedia.org/wiki/Internet


20/20

Kinds of Threats or Crimes

Sniffing:

type of eavesdropping program that monitors

information traveling over a network; enables

hackers to steal proprietary information fromanywhere on a network

Spoofing:

Misrepresenting oneself by using fake e-mailaddresses or masquerading as someone else

Date post:	02-Mar-2018
Category:	Documents
Upload:	akhil-khanna
View:	218 times
Download:	0 times

14cf16e3-50fa-4830-90c7-0051d942d79b , eb unit-2 part-1 (1)

Documents