Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • 8905 1 8905 Unit2part12015

    Enviado por

    Rohit Aggarwal
    6 visualizações21 páginas
    e-commerce

    Título original

    8905_1_8905_Unit2part12015

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    e-commerce

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    6 visualizações21 páginas

    8905 1 8905 Unit2part12015

    Enviado por

    Rohit Aggarwal
    e-commerce

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 21

    Security Issues, E-Commerce

    Threats
    Part-1

    Security in Cyberspace
    The field of electronic security focuses on designing
    measures that can enforce security policies.
    Security in e-commerce generally employs
    procedures such as authentication, ensuring
    confidentiality, and the use of cryptography to
    communicate over open systems.
    The electronic system that supports e-commerce is
    susceptible to abuse and failure in many ways

    Security in Cyberspace
    The electronic system that supports e-commerce is
    susceptible to following threats:

    Fraud
    Resulting in direct financial loss.
    Funds might be transferred from one account to
    another, or financial records might simply be
    destroyed.

    Electronic Business MS114

    UNIT-II

    Security in Cyberspace
    Theft
    Theft of confidential, proprietary, technological, or
    marketing information belonging to the firm or to
    the customer.
    An intruder may disclose such information to a
    third party, resulting in damage to a key customer,
    a client, or the firm itself.
    Disruption
    Disruption of service resulting in major losses to
    business or inconvenience to the customer.
    Electronic Business MS114

    UNIT-II

    Security in Cyberspace
    Loss
    Loss of customer confidence stemming from
    illegal intrusion into customer files or company
    business, dishonesty, human mistakes, or network
    failure.

    Electronic Business MS114

    UNIT-II

    Security Issues
    Security concerns generally include the following
    issues:
    Confidentiality
    Knowing who can read data.
    Ensuring that information in the network remains
    private.
    This is done via encryption.
    Identification and Authentication
    Making sure that message sender or principal are
    authentic.
    Electronic Business MS114

    UNIT-II

    Security Issues
    Availability
    System resources are safeguarded from tampering
    and are available for authorized users at the time
    and in the format needed
    Integrity
    Making sure that information is not accidental or
    maliciously altered or corrupted in transit.
    Access Control
    Restricting the use of resources to authorized
    principals.
    Electronic Business MS114

    UNIT-II

    Security Issues
    Nonrepudiation
    Ensuring that principal cannot deny that they sent
    the message.
    Privacy
    Individual rights to nondisclosure
    Firewalls
    A filter between corporate network and the
    Internet to secure corporate information and files
    from intruders but allowing access to authorized
    principals.
    Electronic Business MS114
    UNIT-II

    Security Threats in the E-commerce


    Environment
    Three key points of vulnerability:
    Client
    Server
    Communications channel
    Most common threats:
    Malicious code
    Hacking and cybervandalism
    Credit card fraud/theft
    Zombied PC
    Phishing
    Denial of service attacks
    Sniffing
    Spoofing
    Electronic Business MS114

    UNIT-II

    A Typical E-commerce Transaction

    Electronic Business MS114

    UNIT-II

    Vulnerable Points in an E-commerce Environment

    Electronic Business MS114

    UNIT-II

    Malicious Code
    Virus It is a software program which attach it self to other
    programs without the owner of program being aware of it.
    when the main program is executed the virus is spread
    causing damage.
    Worms
    designed to spread from computer to computer
    It can spread without any human intervention.
    It can propagate through network and can affect hand held
    devices.
    Trojan horse It is software that appears to perform a desirable function
    for the user prior to run or install.
    Perhaps in addition to the expected function, steals
    Electronic Business MS114
    information or harms the system.
    UNIT-II

    Malicious Code
    Bad applets (malicious mobile code) malicious Java applets or ActiveX controls that may be
    downloaded onto client and activated merely by surfing to
    a Web site

    Electronic Business MS114

    UNIT-II

    Examples of Malicious Code

    Electronic Business MS114

    UNIT-II

    Hacking and Cybervandalism


    Hacker: Individual who intends to gain unauthorized access to
    a computer systems
    Cracker: Used to denote hacker with criminal intent (two
    terms often used interchangeably)
    Cybervandalism: Intentionally disrupting, defacing or
    destroying a Web site
    Types of hackers include:
    White hats Members of tiger teams used by corporate
    security departments to test their own security measures
    Black hats Act with the intention of causing harm
    Grey hats Believe they are pursuing some greater good
    by breaking in and revealing system flaws
    Electronic Business MS114

    UNIT-II

    Credit Card Fraud


    Fear that credit card information will be stolen deters
    online purchases
    Hackers target credit card files and other customer
    information files on merchant servers; use stolen data
    to establish credit under false identity
    One solution: New identity verification mechanisms

    Electronic Business MS114

    UNIT-II

    Kinds of Threats or Crimes


    Zombied PCs - A zombie computer (often
    shortened as zombie) is a computer connected to the
    Internet that has been compromised by a hacker,
    computer virus or Trojan horse.
    Generally, a compromised machine is only one of many in
    a botnet and will be used to perform malicious tasks of one
    sort or another under remote direction. Most owners of
    zombie computers are unaware that their system is being
    used in this way. Because the owner tends to be unaware,
    these computers are metaphorically compared to zombies.

    Electronic Business MS114

    UNIT-II

    Kinds of Threats or Crimes


    Phishing - is the criminally fraudulent process of
    attempting to acquire sensitive information such as
    usernames, passwords and credit card details by
    masquerading as a trustworthy entity in an electronic
    communication
    Phishing is typically carried out by e-mail or instant
    messaging, and it often directs users to enter details at a
    fake website whose look and feel are almost identical to the
    legitimate one.
    Phishing is an example of social engineering techniques
    used to fool users, and exploits the poor usability of current
    web security technologies.

    Electronic Business MS114

    UNIT-II

    Kinds of Threats or Crimes


    DoS - A denial-of-service attack (DoS attack) or distributed
    denial-of-service attack (DDoS attack) is an attempt to make
    a computer resource unavailable to its intended users.
    Although the means to carry out, motives for, and targets of
    a DoS attack may vary, it generally consists of the
    concerted efforts of a person or people to prevent an
    Internet service or service from functioning efficiently or at
    all, temporarily or indefinitely.
    Perpetrators of DoS attacks typically target sites or services
    hosted on high-profile web servers such as banks, credit
    card payment gateways, and even root name servers.
    Electronic Business MS114

    UNIT-II

    Kinds of Threats or Crimes


    The term is generally used with regards to computer
    network, but is not limited to this field, for example, it is
    also used in reference to CPU resource management.
    One common method of attack involves saturating the
    target machine with external communication requests, such
    that it cannot respond to legitimate traffic, or responds so
    slowly as to be rendered effectively unavailable.

    Kinds of Threats or Crimes


    Sniffing:
    type of eavesdropping program that monitors information
    traveling over a network; enables hackers to steal
    proprietary information from anywhere on a network
    Spoofing:
    Misrepresenting oneself by using fake e-mail addresses or
    masquerading as someone else

    Electronic Business MS114

    UNIT-II

    Você também pode gostar