Anzeige
Anzeige

Más contenido relacionado

Anzeige

WK8.pptx

  1. ECOMMERCE Esecurity LECTURER: OSMAN KANU PHONE#: +23276141146 / +23280031888 EMAIL: okanu@ccmtsl.com
  2. Learning Objectives After studying this unit, students would be able to understand  The concept of E-Security  Dimensions of Security Design  Firewalls and system integrity  Virus protection  Protection from intruders
  3. INTRODUCTION The term “e-security” is often interchangeable used with other terms such as “internet security”, “cyber security”, and / or “IT Security”. Broadly “e-security encompasses security aspects of the information economy, including information systems and communications networks”. E-Security is a branch of computer security specifically related to the Internet, often involving browser security but also network security. Its objective is to establish rules and measures to use against attacks over the Internet.
  4. Pictorial concept of E-security
  5. Importance of E-commerce security: E-security addresses the security of a company, locates its vulnerabilities and supervises the mechanisms implemented to protect the on-line services provided by the company, in order to keep adversaries (hackers, malicious users and intruders) from getting into the company’s networks, computers and services. Thus, in order to protect the critical information in electronic form belonging to any private or public sector organization, we need to employ the e-security measures.
  6. Common e-commerce pitfalls In an enterprise, a security exposure might result in possible damage in the organizations information and communication systems. Example of exposure includes unauthorized disclosure of information, modification of business or employer’s data and denial of legal access to the information system. Hackers gain access to information Inadequate security enables hackers to gain access to sensitive business data (price lists, catalogues, intellectual property, etc).Hackers may also gain access to the information of your business or customers with a view to committing fraud. Loss of customer confidence Security breaches can damage the confidence of customers in e-commerce service. A lack of customer confidence is fatal to the success of online venture. Denial-of-service attacks Denial-of-service attacks prevent access to authorized users, so that the site is forced to offer a reduced level of service or cease operation completely.
  7. E-Security Tools The tools which are used to secure e-commerce are:  Firewalls-hardware and software  Password Manager  Authentication infrastructure  Encryption Software  Biometrics
  8. Fundamentals of Computer Security Computer security has several fundamental goals: Confidential − Information should not be accessible to unauthorized person. It should not be intercepted during transmission. Integrity − Information should not be altered during its transmission over the network. Availability − Information should be available wherever and whenever requirement within time limit specified. Authenticity − There should be a mechanism to authenticate user before giving him/her access to required information. Non-Reputability − It is protection against denial of order or denial of payment. Once a sender sends a message, the sender should not able to deny sending the message. Similarly the recipient of message should not be able to deny receipt. Encryption − Information should be encrypted and decrypted only by authorized user. Auditable − Data should be recorded in such a way that it can be audited for integrity requirements.
  9. Security Design All security solutions need to begin with a policy. Some basic security policy questions that must be answered are:  What components are most critical but vulnerable?  What information is confidential and needs to be protected?  How will confidentiality be ensured?  What authentication system should be used?  What intrusion detection systems should be installed?  Who has authority and responsibility for installing and configuring critical e-business infrastructure?  What plans need to be in place to ensure continuity or minimum disruption of service?
  10. Security Design A viable security policy should have the following characteristics:  The policy must be clear and concise  Compliance must be verifiable and enforceable  Systems must have good control for legitimate use: access, authentication, and authorization  There must be regular backup of all critical data  There must be a disaster recovery and business continuity plan
  11. Measures to ensure Security Major security measures are as follows:  Encryption  Authentication  Firewall  Authorization  Security policies
  12. E-Commerce Threats Anything with the capability, technology, opportunity and intent to do harm is called threat. E-commerce threats can be classified into the following categories; 1. Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g.,  music downloading,  domain name (cybersquatting),  software pirating 2. Client computer threats  Trojan horse  Active contents  Viruses
  13. E-Commerce Threats 3. Server threats  Privilege setting  File transfer  Spamming 4. Communication channel threats  Sniffer program  Spoofing  Denial-of-service
  14. A procedure that recognizes, reduces, or eliminates a threat 1. Intellectual property protection  Legislature  Authentication 2. Client computer protection  Browser protection  Antivirus software  Computer forensics expert
  15. A procedure that recognizes, reduces, or eliminates a threat Server protection – Access control and authentication * Username and password * Access control list – Firewalls Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list of trusted addresses (prone to IP spoofing)
  16. Virus protection A computer virus is a type of malware that is intentionally written to gain entry into your computer, without your knowledge or permission. It has the capacity to modify or replicate itself, in which case it will continue spreading. Types of Computer Viruses Macro Viruses Macro viruses infect files that are created using certain applications or programs that contain macros, like .doc, .xls, .pps, .mdb, etc. Overwrite Viruses These types of viruses delete any information in a file they infect, leaving them partially or completely useless once they are infected.
  17. Virus protection Web Scripting Virus Most web pages include some complex codes in order to create an interactive and interesting content. Such a code is often exploited to cause certain undesirable actions. Worm This program is very similar to a virus and has the ability to self-replicate leading to negative effects on your computer. But they can be detected and eliminated by an antivirus software. Trojans Trojans can illegally trace important login details of users online. For example E-Banking is very common among users, therefore, vulnerability of tracing your login details whenever your PC is working without any strong powerful antivirus installed. Email Virus This is a virus spread via an email. Such a virus will hide in an email and when the recipient opens the mail.
  18. Virus protection Logic Bombs They are not considered viruses because they do not replicate. They are not even programs in their own right, but rather camouflaged segments of other programs. They are only executed when a certain predefined condition is met. Virus Symptoms The following points will highlight the ways in which virus can be detected: If your computer starts performing differently for no apparent reason, it may be infected by a virus. Antivirus software will give a warning of an infection. However, that may not happen if it is not updated or if antivirus software stops functioning for some reason. (For example, some viruses attack antivirus software).
  19. Q & A
  20. Thank You
Anzeige