chapter 9 e-security. awad –electronic commerce 2/e © 2003 prentice hall 2 day 24 agenda quiz 3...
Post on 15-Jan-2016
217 views
TRANSCRIPT
![Page 1: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/1.jpg)
WWWWWW
Chapter 9
E-Security
![Page 2: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/2.jpg)
2WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
Day 24 Agenda
• Quiz 3 Corrected– 4 A’s, 4 B’s and 1 C
• Quiz 4 (last) will be April 30• Chap 13, 14, & 15
• Assignment 8 (last) will be assigned next week
• Should be progressing on Framework • Lecture/Discuss E-security
![Page 3: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/3.jpg)
3WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
OBJECTIVES
• Security in Cyberspace
• Conceptualizing Security
• Designing for Security
• How Much Risk Can You Afford?
• Virus – Computer Enemy #1
• Security Protection & Recovery
E-Security: Objectives
![Page 4: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/4.jpg)
4WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
ABUSE & FAILURE
• Fraud
• Theft
• Disruption of Service
• Loss of Customer Confidence
E-Security: Security in Cyberspace
![Page 5: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/5.jpg)
5WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
WHY INTERNET IS DIFFERENT?
E-Security: Security in Cyberspace
Paper-Based Commerce Electronic Commerce
Signed paper Documents Digital Signature
Person-to-person Electronic via Website
Physical Payment System Electronic Payment System
Merchant-customer Face-to-face Face-to-face Absence
Easy Detectability of modification Difficult Detectability
Easy Negotiability Special Security Protocol
![Page 6: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/6.jpg)
6WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
Digital Signature Act (Oct 1v 2000)
• A contract or agreement in interstate or foreign commerce will not be denied legal effect, validity, or enforceability if the contract or agreement is in electronic form and is signed by an electronic signature. Note that the act covers only foreign and interstate commerce. Therefore, where both parties to a contract are in the same state, the law would not seem to apply. However, most states have enacted their own digital signature laws, which cover intrastate transactions.
• The Act permits, but does not require the use of an electronic signature.
• A legal requirement to furnish a record to a consumer in writing can be satisfied by an electronic record, so long as the consumer consents.
• A legal record retention requirement can be satisfied with electronic records.
![Page 7: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/7.jpg)
7WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
SECURITY CONCERNS
• Confidentiality
• Authentication
• Integrity
• Access Control
• Non-repudiation
• Firewalls
E-Security: Conceptualizing Security
![Page 8: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/8.jpg)
8WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
INFORMATION SECURITY DRIVERS
• Global trading– On-line, real time
• Availability of reliable security packages– Good products…expensive
• Changes in attitudes toward security– Strategic asset
E-Security: Conceptualizing Security
![Page 9: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/9.jpg)
9WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
PRIVACY FACTOR
E-Security: Conceptualizing Security
0%
10%
20%
30%
40%
50%
Men Women Ages 18-29
Ages 30-49
Ages 50or older
Incomeless than$40,000
Surfers who agree with the statement: The Internet is a serious threat to privacy
![Page 10: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/10.jpg)
10WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
DESIGNING FOR SECURITY
• Adopt a reasonable security policy – Cost effective– Proactive
• Consider web security needs– Data sensitivity
• Design the security environment• Authorizing and monitoring the system
– Accountability– Traceability
E-Security: Designing for Security
![Page 11: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/11.jpg)
11WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
ADOPT A REASONABLE SECURITY POLICY
• Policy– Understanding the threats information must be
protected against to ensure• Confidentiality
• Integrity
• Privacy
– Should cover the entire e-commerce system• Internet security practices
• Nature & level of risks
• Procedure of failure recovery
E-Security: Designing for Security
![Page 12: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/12.jpg)
12WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
SECURITY PERIMETER
• Firewalls
• Authentication
• Virtual Private Networks (VPN)
• Intrusion Detection Devices
E-Security: Designing for Security
![Page 13: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/13.jpg)
13WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
Security Design Process
Consider Web Security NeedsConsider Web Security Needs
Design The SecurityEnvironment
Design The SecurityEnvironment
Police The SecurityPerimeter
Police The SecurityPerimeter
Authorize and MonitorThe Security System
Authorize and MonitorThe Security System
Adopt a Security Policy That Makes Sense
Adopt a Security Policy That Makes Sense
![Page 14: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/14.jpg)
14WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
AUTHORIZING & MONITORING SYSTEM
• Monitoring– Capturing processing details for evidence– Verifying e-commerce is operating within
security policy– Verifying attacks have been unsuccessful
E-Security: Designing for Security
![Page 15: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/15.jpg)
15WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
HOW MUCH RISK CAN YOU AFFORD?
• Determine specific threats inherent to the system design
• Estimate pain threshold
• Analyze the level of protection required
E-Security: How Much Risk Can You Afford?
![Page 16: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/16.jpg)
16WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
KINDS OF THREATS / CRIMES
• Physically-related– Create physical changes
• Order-related– Manipulation of existing orders
• Electronically-related– Sniffers– Spoofers– Script kiddies
E-Security: How Much Risk Can You Afford?
![Page 17: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/17.jpg)
17WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
CLIENT SECURITY THREATS
• Why?– Sheer Nuisances– Deliberate Corruption of Files– Rifling Stored Information
• How?– Physical Attack– Virus– Computer-to-computer Attack
E-Security: How Much Risk Can You Afford?
![Page 18: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/18.jpg)
18WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
SERVER SECURIY THREATS
• Web server with an active port
• Windows NT server, not upgraded to act as firewall
• Anonymous FTP service
• Web server directories that can be accessed & indexed
E-Security: How Much Risk Can You Afford?
![Page 19: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/19.jpg)
19WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
HOW HACKERS ACTIVATE A DISTRIBUTED DENIAL OF SERVICE
ATTACK (DDoS)• Break into less-secured computers
connected to a high-bandwidth network• Installs stealth program which duplicate
itself indefinitely to congest network traffic• Specifies a target network from a remote
location and activates the planted program• Victim’s network is overwhelmed & users
are denied access
E-Security: How Much Risk Can You Afford?
![Page 20: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/20.jpg)
20WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
VIRUS – COMPUTER ENEMY #1
• A malicious code replicating itself to cause disruption of the information infrastructure
• Attacks system integrity, circumvent security capabilities & cause adverse operation
• Incorporate into computer networks, files & other executable objects
E-Security: Virus – Computer Enemy #1
![Page 21: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/21.jpg)
21WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
TYPES OF VIRUSES
• Boot Virus– Attacks boot sectors of the hard drive
• Macro Virus– Exploits macro commands in software application
E-Security: Virus – Computer Enemy #1
![Page 22: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/22.jpg)
22WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
VIRUS CHARACTERISTICS
• Fast– Easily invade and infect computer hard disk
• Slow– Less likely to detect & destroy
• Stealth– Memory resident – Able to manipulate its execution to disguise its
presence
E-Security: Virus – Computer Enemy #1
![Page 23: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/23.jpg)
23WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
ANTI-VIRUS STRATEGY
• Establish a set of simple enforceable rules
• Educate & train users
• Inform users of the existing & potential threats to the company’s systems
• Update the latest anti-virus software periodically
E-Security: Virus – Computer Enemy #1
![Page 24: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/24.jpg)
24WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
BASIC INTERNET SECURITY PRACTICES
• Password– http://www.crackpassword.com/
– Alpha-numeric
– Mix with upper and lower cases
– Change frequently
– No dictionary names
• Encryption– Coding of messages in traffic between the customer
placing an order and the merchant’s network processing the order
E-Security: Security Protection & Recovery
![Page 25: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/25.jpg)
25WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
SECURITY RECOVERY
• Attack Detection
• Damage Assessment
• Correction & Recovery
• Corrective Feedback
E-Security: Security Protection & Recovery
![Page 26: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/26.jpg)
26WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
FIREWALL & SECURITY
• Firewall– Enforces an access control policy between two
networks– Detects intruders, blocks them from entry,
keeps track what they did & notifies the system administrator
E-Security: Firewall & Security
![Page 27: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/27.jpg)
27WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
WHAT FIREWALL CAN PROTECT
• Email services known to be problems
• Unauthorized external logins
• Undesirable material, e.g. pornography
• Unauthorized sensitive information
E-Security: Firewall & Security
![Page 28: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/28.jpg)
28WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
WHAT FIREWALL CAN’T PROTECT
• Attacks without going through the firewall
• Weak security policy
• ‘Traitors’ or disgruntled employees
• Viruses via floppy disks
• Data-driven attack
E-Security: Firewall & Security
![Page 29: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/29.jpg)
29WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
SPECIFIC FIREWALL FEATURES
• Security Policy
• Deny Capability
• Filtering Ability
• Scalability
• Authentication
• Recognizing Dangerous Services
• Effective Audit Logs
E-Security: Firewall & Security
![Page 30: Chapter 9 E-Security. Awad –Electronic Commerce 2/e © 2003 Prentice Hall 2 Day 24 Agenda Quiz 3 Corrected –4 A’s, 4 B’s and 1 C Quiz 4 (last) will be](https://reader035.vdocuments.site/reader035/viewer/2022062804/56649d4e5503460f94a2d784/html5/thumbnails/30.jpg)
30WWWWWW Awad –Electronic Commerce 2/e© 2003 Prentice Hall
Assignment # 7
• On Page 276
• Answer Discussion Questions 1, 2 & 3– Answers should be well reasoned and explained
in under one page per question– Turn in a well formatted typed response sheet– Due Tuesday, November 19 at start of class