SlideShare une entreprise Scribd logo
1  sur  35
Télécharger pour lire hors ligne
e-commerce
                                          business. technology. society.

                                          eighth edition




                                          Kenneth C. Laudon
                                          Carol Guercio Traver


     Copyright © 2012 Pearson Education




      Chapter 4
      E-commerce Security and
      Payment Systems


Copyright © 2012 Pearson Education




                                                                           1
Cyberwar: Mutually Assured Destruction (MAD)
                                      Class Discussion

      What is the difference between hacking and
      cyberwar?
          Cyberwar is much more serious treat to infrastructure of entire nation
      Why has cyberwar become more potentially
      devastating in the past decade?
        Because highly developed nations has relied more on the Internet
      for business, government, and industrial and utility controls
      What percentage of computers have been
      compromised by stealth malware programs?
          10%
      Will a political solution to MAD 2.0 be effective
      enough?
          Probably not
 Copyright © 2012 Pearson Education                                   Slide 4-3




Computer-generated Simulation of a DDoS Attack




 Copyright © 2012 Pearson Education                                   Slide 4-4




                                                                                   2
Learning Objectives
     Understand the scope of e-commerce crime and security
     problems
     Describe the key dimensions of e-commerce security
     Understand the tension between security and other values
     Identify the key security threats in the e-commerce
     environment
     Describe how technology helps protect the security of
     messages sent over the Internet
     Identify the tools used to establish secure Internet
     communications channels and protect networks, servers, and
     clients
     Appreciate the importance of policies, procedures, and laws in
     creating security


Copyright © 2012 Pearson Education                            Slide 4-5




Copyright © 2012 Pearson Education                            Slide 4-6




                                                                          3
The E-commerce Security Environment
        Overall size and losses of cybercrime
        unclear
             Reporting issues
        2011 CSI survey: 46% of respondent
        firms detected breach in last year
        Underground economy marketplace:
             Stolen information stored on underground
             economy servers

  Copyright © 2012 Pearson Education                    Slide 4-7




Types of
Attacks
Against
Computer
Systems
(Cybercrime)




Figure 4.1, Page 246
SOURCE: Based on data from
Computer Security Institute,
2011
Copyright © 2012 Pearson Education                      Slide 4-8




                                                                    4
Copyright © 2012 Pearson Education                      Slide 4-9




      What Is Good E-commerce Security?
        To achieve highest degree of security
             New technologies
             Organizational policies and procedures
             Industry standards and government laws
        Other factors
             Time value of money
             Cost of security vs. potential loss
             Security often breaks at weakest link

  Copyright © 2012 Pearson Education                  Slide 4-10




                                                                    5
The E-commerce Security Environment




Figure 4.2, Page 249
Copyright © 2012 Pearson Education                          Slide 4-11




              Dimensions of E-commerce Security
     Integrity: ability to ensure that information being displayed
     on a Web site or transmitted/received over the Internet has
     not been altered in any way by an unauthorized party
     Nonrepudiation: ability to ensure that e-commerce
     participants do not deny (repudiate) online actions
     Authenticity: ability to identify the identity of a person or
     entity with whom you are dealing on the Internet
     Confidentiality: ability to ensure that messages and data are
     available only to those authorized to view them
     Privacy: ability to control use of information a customer
     provides about himself or herself to merchant
     Availability: ability to ensure that an e-commerce site
     continues to function as intended
Copyright © 2012 Pearson Education                          Slide 4-12




                                                                         6
Table 4.3, Page 250
Copyright © 2012 Pearson Education                       Slide 4-13




      The Tension Between Security and
                Other Values
     Security vs. Ease of use:
          The more security measures added, the more
          difficult a site is to use, and the slower it becomes
          Too much security can harm profitability, while not
          enough security can put you out of business
     Public safety and criminal uses of the
     Internet
          Use of technology by criminals to plan crimes or
          threaten nation-state
          The Internet is both anonymous and pervasive, an
          ideal communication tool for criminal and terrorist
          groups
Copyright © 2012 Pearson Education                       Slide 4-14




                                                                      7
Security Threats in the
                  E-commerce Environment
     Three key points of vulnerability in
     e-commerce environment:
       1. Client
       2. Server
       3. Communications pipeline (Internet
             communications channels)
Copyright © 2012 Pearson Education                 Slide 4-15




                A Typical E-commerce Transaction




Figure 4.3, Page 253
Copyright © 2012 Pearson Education                 Slide 4-16




                                                                8
Vulnerable Points in an E-commerce Transaction




Figure 4.4, Page 254
Copyright © 2012 Pearson Education       Slide 4-17




 Most Common Security Threats in the
      E-commerce Environment
     Malicious code
          Viruses
          Worms
          Trojan horses
          Bots, botnets
     Unwanted programs
          Browser parasites
          Adware
          Spyware

Copyright © 2012 Pearson Education       Slide 4-18




                                                      9
Malicious Code
     Viruses:
          Replicate and spread to other files; most deliver
          “payload” (destructive or benign)
          Macro viruses, file-infecting viruses, script viruses
     Worms:
          Designed to spread from computer to computer
          Can replicate without being executed by a user or
          program like virus
     Trojan horse:
          Appears benign, but does something other than expected
     Bots:
          Covertly installed on computer; respond to external
          commands sent by attacker to create a network of
          compromised computers for sending spam, generating a
          DDoS attack, and stealing info from computers
Copyright © 2012 Pearson Education                                Slide 4-19




Copyright © 2012 Pearson Education                                Slide 4-20




                                                                               10
Copyright © 2012 Pearson Education                                    Slide 4-21




                               Unwanted Programs
     Installed without user’s informed
     consent
          Browser parasites
                Can monitor and change settings of a user’s browser

          Adware
                Calls for unwanted pop-up ads

          Spyware
                Can be used to obtain information, such as a user’s
                keystrokes, e-mail, IMs, etc.

Copyright © 2012 Pearson Education                                    Slide 4-22




                                                                                   11
Most Common Security Threats (cont.)
     Social engineering
     Phishing
          Deceptive online attempt to obtain confidential
          information
                E-mail scams
                Spoofing legitimate Web sites
                Use of information to commit fraudulent acts (access
                checking accounts), steal identity



Copyright © 2012 Pearson Education                            Slide 4-23




                       Phishing Mail Example




Copyright © 2012 Pearson Education                            Slide 4-24




                                                                           12
Copyright © 2012 Pearson Education                                       Slide 4-25




   Most Common Security Threats (cont.)
     Hacking
          Hackers: Individual who intends to gain unauthorized
          access to computer systems
          Crackers: Hacker with criminal intent
          Types of hackers:
                White hats – hired by corporate to find weaknesses in the firm’s
                computer system
                Black hats – hackers with intention of causing harm
                Grey hats – hackers breaking in and revealing system flaws
                without disrupting site or attempting to profit from their finds.
     Cybervandalism:
          Intentionally disrupting, defacing, destroying Web site
     Data breach
           When organizations lose control over corporate
           information to outsiders
Copyright © 2012 Pearson Education                                       Slide 4-26




                                                                                      13
Credit Card Fraud
     Fear of stolen credit card information deters online
     purchases
     US’s federal law limits liability of individuals to $50
     for a stolen credit card
     Hackers target credit card files and other customer
     information files on merchant servers; use stolen
     data to establish credit under false identity
     Online companies at higher risk than offline due to
     difficulty of guarenteeing true identity of customers
     “E-Sign” law giving digital signatures same authority
     as hand-written ones applies only to large
     corporations, but not to B2C e-commerce
Copyright © 2012 Pearson Education                                Slide 4-28




Spoofing (Pharming) and Spam (Junk) Web Sites
     Spoofing (Pharming)
          Misrepresenting oneself by using fake e-mail addresses or
          masquerading as someone else
          Spoofing a Web site is called “pharming,” redirecting a Web
          link to another IP address different from the real one
          Threatens integrity (steal business from true site, or alter
          orders and send to true site), and authenticity (difficult to
          distinguish between true and fake Web address)
          Carried out by hacking local DNS servers
     Spam (Junk) Web sites
          Collection of advertisements for other sites, some of which
          containing malicious code
          Appears on search results, hiding their identities by using
          domain names similar to legitimate ones, and redirecting
          traffic to spammer domains, e.g., topsearch10.com
Copyright © 2012 Pearson Education                                Slide 4-29




                                                                               14
DoS and DDoS Attacks
     Denial of service (DoS) attack
          Hackers flood Web site with useless traffic to
          inundate and overwhelm network

          Use of bot networks built from hundreds of
          compromised workstations

     Distributed denial of service (DDoS) attack
          Hackers use multiple computers to attack target
          network from numerous launch points
          Microsoft and Yahoo have experienced such attacks

Copyright © 2012 Pearson Education                            Slide 4-31




                               Denial of Service
Ping Flooding
   Attacker sends a flood of pings to the intended
   victim
   The ping packets will saturate the victim’s
   bandwidth
                                             Internet


 Attacking System(s)




SOURCE: PETER SHIPLEY                                   Victim System
Copyright © 2012 Pearson Education                            Slide 4-32




                                                                           15
Denial of Service
  SMURF ATTACK
    Uses a ping packet with two extra twist
    Attacker chooses an unwitting victim
    Spoofs the source address
    Sends request to network in broadcast mode
                                                                     ICMP = Internet Control
                                                                           Message Protocol
                                               INTERNET
                                       1 SYN
                        PERPETRATOR
                                                            VICTIM

                                                     10,000 SYN/ACKs -- VICTIM IS DEAD
            INNOCENT
         REFLECTOR SITES

  BANDWIDTH MULTIPLICATION:
    A T1 (1.54 Mbps) can easily
     yield 100 MBbps of attack

                                 ICMP echo (spoofed source address of victim)
                                 sent to IP broadcast address
                                ICMP echo reply
  Copyright © 2012 Pearson Education                                     SOURCE: 4-33
                                                                            Slide CISCO




                     DDoS Attack Illustrated
Hacker
               1 Hacker scans                      Unsecured Computers
                   Internet for
                unsecured systems
                that can be
                compromised




                                                          Internet

Scanning
Program


  Copyright © 2012 Pearson Education                                            Slide 4-34




                                                                                               16
DDoS Attack Illustrated
Hacker
                                      Zombies




  2 Hacker secretly
     installs zombie
 agent programs,                      Internet
 turning unsecured
 computers into
 zombies


 Copyright © 2012 Pearson Education              Slide 4-35




                    DDoS Attack Illustrated
Hacker
                                      Zombies
                    Master
                    Server




  3 Hacker selects                    Internet
 a Master Server to
 send commands to
 the zombies

 Copyright © 2012 Pearson Education              Slide 4-36




                                                              17
DDoS Attack Illustrated
Hacker
                                      Zombies
                    Master
                    Server




  4 Using client                      Internet
 program, hacker sends
 commands to Master
 Server to launch zombie                      Targeted
 attack against a                              System
 targeted system
 Copyright © 2012 Pearson Education                  Slide 4-37




                    DDoS Attack Illustrated
Hacker
                                      Zombies
                    Master
                    Server




  5 Master Server                     Internet
     sends signal to
 zombies to launch
 attack on targeted                           Targeted
 system                                        System

 Copyright © 2012 Pearson Education                  Slide 4-38




                                                                  18
DDoS Attack Illustrated
Hacker
                                               Zombies
                    Master
                    Server



 6 Targeted system is
 overwhelmed by bogus
 requests that shut it                        Internet
 down for legitimate
 users
                                                       Targeted
                          Request Denied                System

         User
 Copyright © 2012 Pearson Education                               Slide 4-39




    Most Common Security Threats (cont.)
      Sniffing
           Eavesdropping program that monitors information traveling
           over a network
      Insider jobs: Single largest financial threat
      Poorly designed server and client software
           Due to increase in complexity and size of OS, application
           software, and browsers
      Social network security
           Social engineering attacks tempting visitors to FB pages to
           click on “bad-behavior” links
      Mobile platform threats
           Same risks as any Internet device
           Malware, botnets, vishing/smishing [discuss on textbook]
 Copyright © 2012 Pearson Education                               Slide 4-40




                                                                               19
Technology Solutions
        Protecting Internet communications
             Encryption
        Securing channels of communication
             SSL, S-HTTP, VPNs
         Protecting networks
             Firewalls
        Protecting servers and clients

  Copyright © 2012 Pearson Education              Slide 4-42




Tools Available to
Achieve Site
Security




Figure 4.7, Page 270
Copyright © 2012 Pearson Education                Slide 4-43




                                                               20
Encryption
     Encryption
          Transforms plain text data into cipher text readable only by
          sender and receiver
          Purpose: Secures stored information and information
          transmission
          Provides 4 of 6 key dimensions of e-commerce security:
             Message integrity – assurance that message hasn’t been
             altered
             Nonrepudiation – prevents user from denying sending
             the message
             Authentication – verification of identity of person
             (computer) sending the msg
             Confidentiality – assurance that msg. was not read by
             others
Copyright © 2012 Pearson Education                               Slide 4-44




                 Symmetric Key Encryption
     Also known as secret key encryption
     Sender and receiver use same digital key to encrypt and
     decrypt message
     Requires different set of keys for each transaction
     Strength of encryption
          Length of binary key used to encrypt data
     Advanced Encryption Standard (AES)
          Most widely used symmetric key encryption
          Uses 128-, 192-, and 256-bit encryption keys
     Other standards use keys with up to 2,048 bits

Copyright © 2012 Pearson Education                               Slide 4-45




                                                                              21
Symmetric Encryption and Decryption




© 2004 D. A. Menascé. AllPearson Education
     Copyright © 2012 Rights Reserved.                           Slide 4-46




                               Public Key Encryption
           Solves symmetric key encryption problem of having to
           exchange secret key
           Uses two mathematically related digital keys
                 Public key (widely disseminated)
                 Private key (kept secret by owner)

           Both keys used to encrypt and decrypt message
           Once key used to encrypt message, same key cannot be
           used to decrypt message
           E.g., Sender uses recipient’s public key to encrypt
           message; recipient uses private key to decrypt it
     Copyright © 2012 Pearson Education                          Slide 4-47




                                                                              22
Public Key Encryption and Decryption




© 2004 D. A. Menascé. AllPearson Education
     Copyright © 2012 Rights Reserved.                             Slide 4-48




                          Public Key Cryptography: A Simple Case




      Figure 4.8, Page 276
     Copyright © 2012 Pearson Education                            Slide 4-49




                                                                                23
Public Key Encryption using Digital
              Signatures and Hash Digests
           Public key encryption provides confidentiality, but not
           authentication, integrity, and non-repudiation
           Hash function:
                 Mathematical algorithm that produces fixed-length number called
                 message or hash digest
           Hash digest of message sent to recipient along with
           message to verify integrity
           Hash digest and message encrypted with recipient’s
           public key
           Entire cipher text then encrypted with sender’s private
           key—creating digital signature—for authenticity, non-
           repudiation
     Copyright © 2012 Pearson Education                                      Slide 4-50




                                         Message Digest



                                             Message
        Message                               Digest            101…1010
                                             Function         Small
           Large                                              (e.g., 128 bits)



© 2004 D. A. Menascé. AllPearson Education
     Copyright © 2012 Rights Reserved.                                       Slide 4-51




                                                                                          24
Message Digest


                  A                                       Digest A
                                             Message
                                              Digest
                                             Function
                  B                                       Digest B


      If A =B => Digest A = Digest B
© 2004 D. A. Menascé. AllPearson Education
     Copyright © 2012 Rights Reserved.                         Slide 4-52




                                         Message Digest



                                             Message
                   ?                          Digest      Digest A
                                             Function


       Extremely hard to get A from Digest A!
© 2004 D. A. Menascé. AllPearson Education
     Copyright © 2012 Rights Reserved.                         Slide 4-53




                                                                            25
Public Key Cryptography with Digital Signatures




Figure 4.9, Page 278
Copyright © 2012 Pearson Education                                        Slide 4-54




                              Digital Envelopes
     Address weaknesses of:
          Public key encryption
                Computationally slow, decreased transmission speed, increased
                processing time
          Symmetric key encryption
                Computationally faster, but less secure due to insecure
                transmission lines
     Uses more efficient symmetric key encryption to
     encrypt document
     Uses public key encryption to encrypt symmetric
     key and send the encrypted key (digital
     envelope) and encrypted document to the
     recipient
Copyright © 2012 Pearson Education                                        Slide 4-55




                                                                                       26
Creating a Digital Envelope




Figure 4.10, Page 279
Copyright © 2012 Pearson Education                                Slide 4-56




               Digital Certificates and
            Public Key Infrastructure (PKI)
     Still missing a way to verify identity of Web sites
     By using digital document issued by a trusted third
     party called certificate authority (CA)
     Digital certificate includes:
          Name of subject/company
          Subject’s public key
          Digital certificate serial number
          Expiration date, issuance date
          Digital signature of CA
     Public Key Infrastructure (PKI):
          CAs and digital certificate procedures that are accepted by all
          parties
          Pretty Good Privacy (PGP) – a widely used e-mail public key
          encryption software [go to pgpi.org to download it]
Copyright © 2012 Pearson Education                                Slide 4-57




                                                                               27
Digital Certificates and Certification Authorities




Figure 4.11, Page 280
Copyright © 2012 Pearson Education                  Slide 4-58




            Limits to Encryption Solutions
     PKI mainly protect messages in transit
     Doesn’t protect storage of private key
          PKI not effective against insiders, employees
          Protection of private keys by individuals may be
          haphazard
     No guarantee that verifying computer of
     merchant is secure
     CAs are unregulated, self-selecting
     organizations
Copyright © 2012 Pearson Education                  Slide 4-59




                                                                 28
Securing Channels of Communication
     Secure Sockets Layer (SSL):
          Establishes a secure, negotiated client-server session in
          which URL of requested document, along with contents,
          is encrypted
          Designed to establish a secure connection between two
          computers
     Virtual Private Network (VPN):
          Allows remote users to securely access internal
          network via the Internet, using Point-to-Point
          Tunneling Protocol (PPTP)


Copyright © 2012 Pearson Education                           Slide 4-61




            Secure Negotiated Sessions Using SSL




Figure 4.12, Page 285
Copyright © 2012 Pearson Education                           Slide 4-62




                                                                          29
Protecting Networks
     Firewall
          Hardware or software that filters packets (prevents
          some packets from entering the network) by using
          security policy
          Two main methods:
                Packet filters – looks inside data packets to decide
                whether they are destined for a prohibited port or
                originate from a prohibited IP address
                Application gateways – filters communications based on
                the application being requested, rather than the source or
                destination of the message
          Application gateways provide greater security than
          packet filters, but can compromise system
          performance
Copyright © 2012 Pearson Education                                 Slide 4-63




                         Protecting Networks
     Proxy servers (proxies)
          Software servers that handle all
          communications originating from or being sent
          to the Internet
          Initially for limiting access of internal clients to
          external Internet servers
          Can be used to restrict access to certain types of
          sites, such as porno, auction, or stock-trading
          sites, or to cache frequently-accessed Web
          pages to reduce download times
Copyright © 2012 Pearson Education                                 Slide 4-64




                                                                                30
Firewalls and Proxy Servers




Figure 4.13, Page 288
Copyright © 2012 Pearson Education                     Slide 4-65




            Protecting Servers and Clients
     Operating system security
     enhancements
          Upgrades, patches

     Anti-virus software:
          Easiest and least expensive way to prevent
          threats to system integrity
          Requires daily updates


Copyright © 2012 Pearson Education                     Slide 4-66




                                                                    31
Management Policies, Business
           Procedures, and Public Laws
     U.S. firms and organizations spend 14%
     of IT budget on security hardware,
     software, services ($35 billion in 2010)
     Managing risk includes
          Technology a foundation of security
          Effective management policies also required
          Public laws and active enforcement

Copyright © 2012 Pearson Education                            Slide 4-67




 A Security Plan: Management Policies
     Risk assessment: assessment of risks and points
     of vulnerability
     Develop security policy: set of statements
     prioritizing information risks, identifying
     acceptable risk targets, and identifying
     mechanisms for achieving targets
     Develop implementation plan
          Create security organization
          Administers access controls
          Authentication procedures, including biometrics
          Authorization policies, authorization management systems
     Perform security audit: review of security
     practices and procedures
Copyright © 2012 Pearson Education                           Slide 4-68




                                                                           32
Developing an E-commerce Security Plan




Figure 4.14, Page 290
Copyright © 2012 Pearson Education                                     Slide 4-69




      The Role of Laws and Public Policy
     Laws that give authorities tools for identifying,
     tracing, prosecuting cybercriminals:
          National Information Infrastructure Protection Act of 1996
          USA Patriot Act
          Homeland Security Act
     Private and private-public cooperation
          CERT Coordination Center
          US-CERT
     Government policies and controls on encryption
     software
     OECD guidelines
Copyright © 2012 Pearson Education                                     Slide 4-70




                                                                                    33
Copyright © 2012 Pearson Education   Slide 4-71




Copyright © 2012 Pearson Education   Slide 4-72




                                                  34
Copyright © 2012 Pearson Education   Slide 4-73




                                                  35

Contenu connexe

Tendances

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Preventionsonalikharade3
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber SecurityNiki Upadhyay
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 

Tendances (20)

Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Phishing
PhishingPhishing
Phishing
 
Phishing Attack Awareness and Prevention
Phishing Attack Awareness and PreventionPhishing Attack Awareness and Prevention
Phishing Attack Awareness and Prevention
 
Cloud with Cyber Security
Cloud with Cyber SecurityCloud with Cyber Security
Cloud with Cyber Security
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Phishing
PhishingPhishing
Phishing
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 

Similaire à 04-1 E-commerce Security slides

laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptPriyalPatel158383
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptMohammedAliShakil
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protectiontumetr1
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxFahimMuntasir21
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sectorSeqrite
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protectionBavijesh Thaliyil
 
Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)David Robinson
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 
Topic 4- new (2).pptxTopic 4- new (2).pptx
Topic 4- new (2).pptxTopic 4- new (2).pptxTopic 4- new (2).pptxTopic 4- new (2).pptx
Topic 4- new (2).pptxTopic 4- new (2).pptx2002SpareTyre
 
Leading Cybersecurity Company in Dubai.pptx
Leading Cybersecurity Company in Dubai.pptxLeading Cybersecurity Company in Dubai.pptx
Leading Cybersecurity Company in Dubai.pptxscsseoin
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform  moshe Notorious 9 ciso platform  moshe
Notorious 9 ciso platform moshe Priyanka Aash
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBsGFI Software
 

Similaire à 04-1 E-commerce Security slides (20)

laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
 
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.pptlaudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
 
e commerce security and fraud protection
e commerce security and fraud protectione commerce security and fraud protection
e commerce security and fraud protection
 
ID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptxID-20305090 Fahim Montasir.pptx
ID-20305090 Fahim Montasir.pptx
 
Importance of cyber security in education sector
Importance of cyber security in education sectorImportance of cyber security in education sector
Importance of cyber security in education sector
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
 
Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)Asset slide-show-identifying-it-security-threats (1)
Asset slide-show-identifying-it-security-threats (1)
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Appsec Introduction
Appsec IntroductionAppsec Introduction
Appsec Introduction
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
Chapter 3_dp-pertemuan 4&5
 Chapter 3_dp-pertemuan 4&5 Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
 
Topic 4- new (2).pptxTopic 4- new (2).pptx
Topic 4- new (2).pptxTopic 4- new (2).pptxTopic 4- new (2).pptxTopic 4- new (2).pptx
Topic 4- new (2).pptxTopic 4- new (2).pptx
 
Security in it
Security in it Security in it
Security in it
 
Leading Cybersecurity Company in Dubai.pptx
Leading Cybersecurity Company in Dubai.pptxLeading Cybersecurity Company in Dubai.pptx
Leading Cybersecurity Company in Dubai.pptx
 
Security On The Internet Essay
Security On The Internet EssaySecurity On The Internet Essay
Security On The Internet Essay
 
Unit 2aa
Unit 2aaUnit 2aa
Unit 2aa
 
Notorious 9 ciso platform moshe
Notorious 9 ciso platform  moshe Notorious 9 ciso platform  moshe
Notorious 9 ciso platform moshe
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 

Plus de monchai sopitka

KLW Student Advice Sharing
KLW Student Advice SharingKLW Student Advice Sharing
KLW Student Advice Sharingmonchai sopitka
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertisingmonchai sopitka
 
11 E-commerce Online Retailing and Services
11 E-commerce Online Retailing and Services11 E-commerce Online Retailing and Services
11 E-commerce Online Retailing and Servicesmonchai sopitka
 
10 Social Networks and Communities
10 Social Networks and Communities10 Social Networks and Communities
10 Social Networks and Communitiesmonchai sopitka
 
08 Ethics, Law and E-commerce
08 Ethics, Law and E-commerce08 Ethics, Law and E-commerce
08 Ethics, Law and E-commercemonchai sopitka
 
05 Business Models for E-commerce slides
05 Business Models for E-commerce slides05 Business Models for E-commerce slides
05 Business Models for E-commerce slidesmonchai sopitka
 
04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slidesmonchai sopitka
 
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slidesmonchai sopitka
 
02 E-commerce Infrastructure: The Internet, Web, and Mobile slides
02 E-commerce Infrastructure: The Internet, Web, and Mobile slides02 E-commerce Infrastructure: The Internet, Web, and Mobile slides
02 E-commerce Infrastructure: The Internet, Web, and Mobile slidesmonchai sopitka
 
01 Introduction to E-commerce slides
01 Introduction to E-commerce slides01 Introduction to E-commerce slides
01 Introduction to E-commerce slidesmonchai sopitka
 
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...monchai sopitka
 
A Design and Development of Library Inventory Management System for Android D...
A Design and Development of Library Inventory Management System for Android D...A Design and Development of Library Inventory Management System for Android D...
A Design and Development of Library Inventory Management System for Android D...monchai sopitka
 

Plus de monchai sopitka (13)

KLW Student Advice Sharing
KLW Student Advice SharingKLW Student Advice Sharing
KLW Student Advice Sharing
 
07 E-commerce Advertising
07 E-commerce Advertising07 E-commerce Advertising
07 E-commerce Advertising
 
11 E-commerce Online Retailing and Services
11 E-commerce Online Retailing and Services11 E-commerce Online Retailing and Services
11 E-commerce Online Retailing and Services
 
10 Social Networks and Communities
10 Social Networks and Communities10 Social Networks and Communities
10 Social Networks and Communities
 
09 Online Media
09 Online Media09 Online Media
09 Online Media
 
08 Ethics, Law and E-commerce
08 Ethics, Law and E-commerce08 Ethics, Law and E-commerce
08 Ethics, Law and E-commerce
 
05 Business Models for E-commerce slides
05 Business Models for E-commerce slides05 Business Models for E-commerce slides
05 Business Models for E-commerce slides
 
04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides
 
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides
03 Building an E-commerce Presence: Web Sites, Mobile Sites, and Apps slides
 
02 E-commerce Infrastructure: The Internet, Web, and Mobile slides
02 E-commerce Infrastructure: The Internet, Web, and Mobile slides02 E-commerce Infrastructure: The Internet, Web, and Mobile slides
02 E-commerce Infrastructure: The Internet, Web, and Mobile slides
 
01 Introduction to E-commerce slides
01 Introduction to E-commerce slides01 Introduction to E-commerce slides
01 Introduction to E-commerce slides
 
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...
การออกแบบและพัฒนาระบบบริหารสินค้าในร้านค้าปลีกบนโทรศัพท์เคลื่อนที่ Android โด...
 
A Design and Development of Library Inventory Management System for Android D...
A Design and Development of Library Inventory Management System for Android D...A Design and Development of Library Inventory Management System for Android D...
A Design and Development of Library Inventory Management System for Android D...
 

Dernier

Metabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxMetabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxDr. Santhosh Kumar. N
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhatriParmar
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...Nguyen Thanh Tu Collection
 
Riti theory by Vamana Indian poetics.pptx
Riti theory by Vamana Indian poetics.pptxRiti theory by Vamana Indian poetics.pptx
Riti theory by Vamana Indian poetics.pptxDhatriParmar
 
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxAUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxiammrhaywood
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...Nguyen Thanh Tu Collection
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargavJitendra Bhargav
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxDr. Santhosh Kumar. N
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...Subham Panja
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptxmary850239
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...Marlene Maheu
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxHimansu10
 
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17Celine George
 
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandThe OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandDr. Sarita Anand
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollDr. Bruce A. Johnson
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.docdieu18
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxDhatriParmar
 
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxBBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxProf. Kanchan Kumari
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudDr. Bruce A. Johnson
 

Dernier (20)

Metabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptxMetabolism , Metabolic Fate& disorders of cholesterol.pptx
Metabolism , Metabolic Fate& disorders of cholesterol.pptx
 
Dhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian PoeticsDhavni Theory by Anandvardhana Indian Poetics
Dhavni Theory by Anandvardhana Indian Poetics
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - HK2 (...
 
Riti theory by Vamana Indian poetics.pptx
Riti theory by Vamana Indian poetics.pptxRiti theory by Vamana Indian poetics.pptx
Riti theory by Vamana Indian poetics.pptx
 
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptxAUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
AUDIENCE THEORY - PARTICIPATORY - JENKINS.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (FRIE...
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargav
 
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptxMetabolism of  lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
Metabolism of lipoproteins & its disorders(Chylomicron & VLDL & LDL).pptx
 
ANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research MethodologyANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research Methodology
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptx
 
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17
How to Customise Quotation's Appearance Using PDF Quote Builder in Odoo 17
 
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita AnandThe OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
The OERs: Transforming Education for Sustainable Future by Dr. Sarita Anand
 
LEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community CollLEAD5623 The Economics of Community Coll
LEAD5623 The Economics of Community Coll
 
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
30-de-thi-vao-lop-10-mon-tieng-anh-co-dap-an.doc
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptx
 
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptxBBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
BBA 205 BE UNIT 2 economic systems prof dr kanchan.pptx
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced Stud
 

04-1 E-commerce Security slides

  • 1. e-commerce business. technology. society. eighth edition Kenneth C. Laudon Carol Guercio Traver Copyright © 2012 Pearson Education Chapter 4 E-commerce Security and Payment Systems Copyright © 2012 Pearson Education 1
  • 2. Cyberwar: Mutually Assured Destruction (MAD) Class Discussion What is the difference between hacking and cyberwar? Cyberwar is much more serious treat to infrastructure of entire nation Why has cyberwar become more potentially devastating in the past decade? Because highly developed nations has relied more on the Internet for business, government, and industrial and utility controls What percentage of computers have been compromised by stealth malware programs? 10% Will a political solution to MAD 2.0 be effective enough? Probably not Copyright © 2012 Pearson Education Slide 4-3 Computer-generated Simulation of a DDoS Attack Copyright © 2012 Pearson Education Slide 4-4 2
  • 3. Learning Objectives Understand the scope of e-commerce crime and security problems Describe the key dimensions of e-commerce security Understand the tension between security and other values Identify the key security threats in the e-commerce environment Describe how technology helps protect the security of messages sent over the Internet Identify the tools used to establish secure Internet communications channels and protect networks, servers, and clients Appreciate the importance of policies, procedures, and laws in creating security Copyright © 2012 Pearson Education Slide 4-5 Copyright © 2012 Pearson Education Slide 4-6 3
  • 4. The E-commerce Security Environment Overall size and losses of cybercrime unclear Reporting issues 2011 CSI survey: 46% of respondent firms detected breach in last year Underground economy marketplace: Stolen information stored on underground economy servers Copyright © 2012 Pearson Education Slide 4-7 Types of Attacks Against Computer Systems (Cybercrime) Figure 4.1, Page 246 SOURCE: Based on data from Computer Security Institute, 2011 Copyright © 2012 Pearson Education Slide 4-8 4
  • 5. Copyright © 2012 Pearson Education Slide 4-9 What Is Good E-commerce Security? To achieve highest degree of security New technologies Organizational policies and procedures Industry standards and government laws Other factors Time value of money Cost of security vs. potential loss Security often breaks at weakest link Copyright © 2012 Pearson Education Slide 4-10 5
  • 6. The E-commerce Security Environment Figure 4.2, Page 249 Copyright © 2012 Pearson Education Slide 4-11 Dimensions of E-commerce Security Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet Confidentiality: ability to ensure that messages and data are available only to those authorized to view them Privacy: ability to control use of information a customer provides about himself or herself to merchant Availability: ability to ensure that an e-commerce site continues to function as intended Copyright © 2012 Pearson Education Slide 4-12 6
  • 7. Table 4.3, Page 250 Copyright © 2012 Pearson Education Slide 4-13 The Tension Between Security and Other Values Security vs. Ease of use: The more security measures added, the more difficult a site is to use, and the slower it becomes Too much security can harm profitability, while not enough security can put you out of business Public safety and criminal uses of the Internet Use of technology by criminals to plan crimes or threaten nation-state The Internet is both anonymous and pervasive, an ideal communication tool for criminal and terrorist groups Copyright © 2012 Pearson Education Slide 4-14 7
  • 8. Security Threats in the E-commerce Environment Three key points of vulnerability in e-commerce environment: 1. Client 2. Server 3. Communications pipeline (Internet communications channels) Copyright © 2012 Pearson Education Slide 4-15 A Typical E-commerce Transaction Figure 4.3, Page 253 Copyright © 2012 Pearson Education Slide 4-16 8
  • 9. Vulnerable Points in an E-commerce Transaction Figure 4.4, Page 254 Copyright © 2012 Pearson Education Slide 4-17 Most Common Security Threats in the E-commerce Environment Malicious code Viruses Worms Trojan horses Bots, botnets Unwanted programs Browser parasites Adware Spyware Copyright © 2012 Pearson Education Slide 4-18 9
  • 10. Malicious Code Viruses: Replicate and spread to other files; most deliver “payload” (destructive or benign) Macro viruses, file-infecting viruses, script viruses Worms: Designed to spread from computer to computer Can replicate without being executed by a user or program like virus Trojan horse: Appears benign, but does something other than expected Bots: Covertly installed on computer; respond to external commands sent by attacker to create a network of compromised computers for sending spam, generating a DDoS attack, and stealing info from computers Copyright © 2012 Pearson Education Slide 4-19 Copyright © 2012 Pearson Education Slide 4-20 10
  • 11. Copyright © 2012 Pearson Education Slide 4-21 Unwanted Programs Installed without user’s informed consent Browser parasites Can monitor and change settings of a user’s browser Adware Calls for unwanted pop-up ads Spyware Can be used to obtain information, such as a user’s keystrokes, e-mail, IMs, etc. Copyright © 2012 Pearson Education Slide 4-22 11
  • 12. Most Common Security Threats (cont.) Social engineering Phishing Deceptive online attempt to obtain confidential information E-mail scams Spoofing legitimate Web sites Use of information to commit fraudulent acts (access checking accounts), steal identity Copyright © 2012 Pearson Education Slide 4-23 Phishing Mail Example Copyright © 2012 Pearson Education Slide 4-24 12
  • 13. Copyright © 2012 Pearson Education Slide 4-25 Most Common Security Threats (cont.) Hacking Hackers: Individual who intends to gain unauthorized access to computer systems Crackers: Hacker with criminal intent Types of hackers: White hats – hired by corporate to find weaknesses in the firm’s computer system Black hats – hackers with intention of causing harm Grey hats – hackers breaking in and revealing system flaws without disrupting site or attempting to profit from their finds. Cybervandalism: Intentionally disrupting, defacing, destroying Web site Data breach When organizations lose control over corporate information to outsiders Copyright © 2012 Pearson Education Slide 4-26 13
  • 14. Credit Card Fraud Fear of stolen credit card information deters online purchases US’s federal law limits liability of individuals to $50 for a stolen credit card Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity Online companies at higher risk than offline due to difficulty of guarenteeing true identity of customers “E-Sign” law giving digital signatures same authority as hand-written ones applies only to large corporations, but not to B2C e-commerce Copyright © 2012 Pearson Education Slide 4-28 Spoofing (Pharming) and Spam (Junk) Web Sites Spoofing (Pharming) Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else Spoofing a Web site is called “pharming,” redirecting a Web link to another IP address different from the real one Threatens integrity (steal business from true site, or alter orders and send to true site), and authenticity (difficult to distinguish between true and fake Web address) Carried out by hacking local DNS servers Spam (Junk) Web sites Collection of advertisements for other sites, some of which containing malicious code Appears on search results, hiding their identities by using domain names similar to legitimate ones, and redirecting traffic to spammer domains, e.g., topsearch10.com Copyright © 2012 Pearson Education Slide 4-29 14
  • 15. DoS and DDoS Attacks Denial of service (DoS) attack Hackers flood Web site with useless traffic to inundate and overwhelm network Use of bot networks built from hundreds of compromised workstations Distributed denial of service (DDoS) attack Hackers use multiple computers to attack target network from numerous launch points Microsoft and Yahoo have experienced such attacks Copyright © 2012 Pearson Education Slide 4-31 Denial of Service Ping Flooding Attacker sends a flood of pings to the intended victim The ping packets will saturate the victim’s bandwidth Internet Attacking System(s) SOURCE: PETER SHIPLEY Victim System Copyright © 2012 Pearson Education Slide 4-32 15
  • 16. Denial of Service SMURF ATTACK Uses a ping packet with two extra twist Attacker chooses an unwitting victim Spoofs the source address Sends request to network in broadcast mode ICMP = Internet Control Message Protocol INTERNET 1 SYN PERPETRATOR VICTIM 10,000 SYN/ACKs -- VICTIM IS DEAD INNOCENT REFLECTOR SITES BANDWIDTH MULTIPLICATION: A T1 (1.54 Mbps) can easily yield 100 MBbps of attack ICMP echo (spoofed source address of victim) sent to IP broadcast address ICMP echo reply Copyright © 2012 Pearson Education SOURCE: 4-33 Slide CISCO DDoS Attack Illustrated Hacker 1 Hacker scans Unsecured Computers Internet for unsecured systems that can be compromised Internet Scanning Program Copyright © 2012 Pearson Education Slide 4-34 16
  • 17. DDoS Attack Illustrated Hacker Zombies 2 Hacker secretly installs zombie agent programs, Internet turning unsecured computers into zombies Copyright © 2012 Pearson Education Slide 4-35 DDoS Attack Illustrated Hacker Zombies Master Server 3 Hacker selects Internet a Master Server to send commands to the zombies Copyright © 2012 Pearson Education Slide 4-36 17
  • 18. DDoS Attack Illustrated Hacker Zombies Master Server 4 Using client Internet program, hacker sends commands to Master Server to launch zombie Targeted attack against a System targeted system Copyright © 2012 Pearson Education Slide 4-37 DDoS Attack Illustrated Hacker Zombies Master Server 5 Master Server Internet sends signal to zombies to launch attack on targeted Targeted system System Copyright © 2012 Pearson Education Slide 4-38 18
  • 19. DDoS Attack Illustrated Hacker Zombies Master Server 6 Targeted system is overwhelmed by bogus requests that shut it Internet down for legitimate users Targeted Request Denied System User Copyright © 2012 Pearson Education Slide 4-39 Most Common Security Threats (cont.) Sniffing Eavesdropping program that monitors information traveling over a network Insider jobs: Single largest financial threat Poorly designed server and client software Due to increase in complexity and size of OS, application software, and browsers Social network security Social engineering attacks tempting visitors to FB pages to click on “bad-behavior” links Mobile platform threats Same risks as any Internet device Malware, botnets, vishing/smishing [discuss on textbook] Copyright © 2012 Pearson Education Slide 4-40 19
  • 20. Technology Solutions Protecting Internet communications Encryption Securing channels of communication SSL, S-HTTP, VPNs Protecting networks Firewalls Protecting servers and clients Copyright © 2012 Pearson Education Slide 4-42 Tools Available to Achieve Site Security Figure 4.7, Page 270 Copyright © 2012 Pearson Education Slide 4-43 20
  • 21. Encryption Encryption Transforms plain text data into cipher text readable only by sender and receiver Purpose: Secures stored information and information transmission Provides 4 of 6 key dimensions of e-commerce security: Message integrity – assurance that message hasn’t been altered Nonrepudiation – prevents user from denying sending the message Authentication – verification of identity of person (computer) sending the msg Confidentiality – assurance that msg. was not read by others Copyright © 2012 Pearson Education Slide 4-44 Symmetric Key Encryption Also known as secret key encryption Sender and receiver use same digital key to encrypt and decrypt message Requires different set of keys for each transaction Strength of encryption Length of binary key used to encrypt data Advanced Encryption Standard (AES) Most widely used symmetric key encryption Uses 128-, 192-, and 256-bit encryption keys Other standards use keys with up to 2,048 bits Copyright © 2012 Pearson Education Slide 4-45 21
  • 22. Symmetric Encryption and Decryption © 2004 D. A. Menascé. AllPearson Education Copyright © 2012 Rights Reserved. Slide 4-46 Public Key Encryption Solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys Public key (widely disseminated) Private key (kept secret by owner) Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message E.g., Sender uses recipient’s public key to encrypt message; recipient uses private key to decrypt it Copyright © 2012 Pearson Education Slide 4-47 22
  • 23. Public Key Encryption and Decryption © 2004 D. A. Menascé. AllPearson Education Copyright © 2012 Rights Reserved. Slide 4-48 Public Key Cryptography: A Simple Case Figure 4.8, Page 276 Copyright © 2012 Pearson Education Slide 4-49 23
  • 24. Public Key Encryption using Digital Signatures and Hash Digests Public key encryption provides confidentiality, but not authentication, integrity, and non-repudiation Hash function: Mathematical algorithm that produces fixed-length number called message or hash digest Hash digest of message sent to recipient along with message to verify integrity Hash digest and message encrypted with recipient’s public key Entire cipher text then encrypted with sender’s private key—creating digital signature—for authenticity, non- repudiation Copyright © 2012 Pearson Education Slide 4-50 Message Digest Message Message Digest 101…1010 Function Small Large (e.g., 128 bits) © 2004 D. A. Menascé. AllPearson Education Copyright © 2012 Rights Reserved. Slide 4-51 24
  • 25. Message Digest A Digest A Message Digest Function B Digest B If A =B => Digest A = Digest B © 2004 D. A. Menascé. AllPearson Education Copyright © 2012 Rights Reserved. Slide 4-52 Message Digest Message ? Digest Digest A Function Extremely hard to get A from Digest A! © 2004 D. A. Menascé. AllPearson Education Copyright © 2012 Rights Reserved. Slide 4-53 25
  • 26. Public Key Cryptography with Digital Signatures Figure 4.9, Page 278 Copyright © 2012 Pearson Education Slide 4-54 Digital Envelopes Address weaknesses of: Public key encryption Computationally slow, decreased transmission speed, increased processing time Symmetric key encryption Computationally faster, but less secure due to insecure transmission lines Uses more efficient symmetric key encryption to encrypt document Uses public key encryption to encrypt symmetric key and send the encrypted key (digital envelope) and encrypted document to the recipient Copyright © 2012 Pearson Education Slide 4-55 26
  • 27. Creating a Digital Envelope Figure 4.10, Page 279 Copyright © 2012 Pearson Education Slide 4-56 Digital Certificates and Public Key Infrastructure (PKI) Still missing a way to verify identity of Web sites By using digital document issued by a trusted third party called certificate authority (CA) Digital certificate includes: Name of subject/company Subject’s public key Digital certificate serial number Expiration date, issuance date Digital signature of CA Public Key Infrastructure (PKI): CAs and digital certificate procedures that are accepted by all parties Pretty Good Privacy (PGP) – a widely used e-mail public key encryption software [go to pgpi.org to download it] Copyright © 2012 Pearson Education Slide 4-57 27
  • 28. Digital Certificates and Certification Authorities Figure 4.11, Page 280 Copyright © 2012 Pearson Education Slide 4-58 Limits to Encryption Solutions PKI mainly protect messages in transit Doesn’t protect storage of private key PKI not effective against insiders, employees Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations Copyright © 2012 Pearson Education Slide 4-59 28
  • 29. Securing Channels of Communication Secure Sockets Layer (SSL): Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted Designed to establish a secure connection between two computers Virtual Private Network (VPN): Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP) Copyright © 2012 Pearson Education Slide 4-61 Secure Negotiated Sessions Using SSL Figure 4.12, Page 285 Copyright © 2012 Pearson Education Slide 4-62 29
  • 30. Protecting Networks Firewall Hardware or software that filters packets (prevents some packets from entering the network) by using security policy Two main methods: Packet filters – looks inside data packets to decide whether they are destined for a prohibited port or originate from a prohibited IP address Application gateways – filters communications based on the application being requested, rather than the source or destination of the message Application gateways provide greater security than packet filters, but can compromise system performance Copyright © 2012 Pearson Education Slide 4-63 Protecting Networks Proxy servers (proxies) Software servers that handle all communications originating from or being sent to the Internet Initially for limiting access of internal clients to external Internet servers Can be used to restrict access to certain types of sites, such as porno, auction, or stock-trading sites, or to cache frequently-accessed Web pages to reduce download times Copyright © 2012 Pearson Education Slide 4-64 30
  • 31. Firewalls and Proxy Servers Figure 4.13, Page 288 Copyright © 2012 Pearson Education Slide 4-65 Protecting Servers and Clients Operating system security enhancements Upgrades, patches Anti-virus software: Easiest and least expensive way to prevent threats to system integrity Requires daily updates Copyright © 2012 Pearson Education Slide 4-66 31
  • 32. Management Policies, Business Procedures, and Public Laws U.S. firms and organizations spend 14% of IT budget on security hardware, software, services ($35 billion in 2010) Managing risk includes Technology a foundation of security Effective management policies also required Public laws and active enforcement Copyright © 2012 Pearson Education Slide 4-67 A Security Plan: Management Policies Risk assessment: assessment of risks and points of vulnerability Develop security policy: set of statements prioritizing information risks, identifying acceptable risk targets, and identifying mechanisms for achieving targets Develop implementation plan Create security organization Administers access controls Authentication procedures, including biometrics Authorization policies, authorization management systems Perform security audit: review of security practices and procedures Copyright © 2012 Pearson Education Slide 4-68 32
  • 33. Developing an E-commerce Security Plan Figure 4.14, Page 290 Copyright © 2012 Pearson Education Slide 4-69 The Role of Laws and Public Policy Laws that give authorities tools for identifying, tracing, prosecuting cybercriminals: National Information Infrastructure Protection Act of 1996 USA Patriot Act Homeland Security Act Private and private-public cooperation CERT Coordination Center US-CERT Government policies and controls on encryption software OECD guidelines Copyright © 2012 Pearson Education Slide 4-70 33
  • 34. Copyright © 2012 Pearson Education Slide 4-71 Copyright © 2012 Pearson Education Slide 4-72 34
  • 35. Copyright © 2012 Pearson Education Slide 4-73 35