-
Security Issues, E-Commerce ThreatsThreats
Part-1
-
Security in Cyberspace The field of electronic security focuses
on designing
measures that can enforce security policies.
Security in e-commerce generally employsprocedures such as
authentication, ensuringconfidentiality, and the use of
cryptography toconfidentiality, and the use of cryptography
tocommunicate over open systems.
The electronic system that supports e-commerce issusceptible to
abuse and failure in many ways
-
Security in CyberspaceThe electronic system that supports
e-commerce is
susceptible to following threats:
Fraud Resulting in direct financial loss.
Funds might be transferred from one account to
Electronic Business MS114
UNIT-II
Funds might be transferred from one account toanother, or
financial records might simply bedestroyed.
-
Security in Cyberspace Theft
Theft of confidential, proprietary, technological, ormarketing
information belonging to the firm or tothe customer.
An intruder may disclose such information to a
Electronic Business MS114
UNIT-II
An intruder may disclose such information to athird party,
resulting in damage to a key customer,a client, or the firm
itself.
Disruption
Disruption of service resulting in major losses tobusiness or
inconvenience to the customer.
-
Security in Cyberspace
Loss Loss of customer confidence stemming from
illegal intrusion into customer files or companybusiness,
dishonesty, human mistakes, or network
Electronic Business MS114
UNIT-II
business, dishonesty, human mistakes, or networkfailure.
-
Security IssuesSecurity concerns generally include the
following
issues:
Confidentiality
Knowing who can read data.
Ensuring that information in the network remains
Electronic Business MS114
UNIT-II
Ensuring that information in the network remains private.
This is done via encryption.
Identification and Authentication
Making sure that message sender or principal are authentic.
-
Security Issues Availability
System resources are safeguarded from tampering and are
available for authorized users at the time and in the format
needed
Integrity
Electronic Business MS114
UNIT-II
Integrity Making sure that information is not accidental or
maliciously altered or corrupted in transit. Access Control
Restricting the use of resources to authorized principals.
-
Security Issues
Nonrepudiation
Ensuring that principal cannot deny that they sent the
message.
Privacy
Individual rights to nondisclosure
Electronic Business MS114
UNIT-II
Individual rights to nondisclosure
Firewalls
A filter between corporate network and the Internet to secure
corporate information and files from intruders but allowing access
to authorized principals.
-
Security Threats in the E-commerce Environment
Three key points of vulnerability: Client Server Communications
channel
Most common threats: Malicious code
Electronic Business MS114
UNIT-II
Malicious code Hacking and cybervandalism Credit card
fraud/theft Zombied PC Phishing Denial of service attacks Sniffing
Spoofing
-
A Typical E-commerce Transaction
Electronic Business MS114
UNIT-II
-
Vulnerable Points in an E-commerce Environment
Electronic Business MS114
UNIT-II
-
Malicious Code Virus-
It is a software program which attach it self to otherprograms
without the owner of program being aware of it.
when the main program is executed the virus is spreadcausing
damage.
Worms designed to spread from computer to computer
Electronic Business MS114
UNIT-II
designed to spread from computer to computer It can spread
without any human intervention. It can propagate through network
and can affect hand held
devices. Trojan horse-
It is software that appears to perform a desirable functionfor
the user prior to run or install.
Perhaps in addition to the expected function, stealsinformation
or harms the system.
-
Malicious Code
Bad applets (malicious mobile code)-
malicious Java applets or ActiveX controls that may bedownloaded
onto client and activated merely by surfing toa Web site
Electronic Business MS114
UNIT-II
-
Examples of Malicious Code
Electronic Business MS114
UNIT-II
-
Hacking and Cybervandalism
Hacker: Individual who intends to gain unauthorized access to a
computer systems
Cracker: Used to denote hacker with criminal intent (two terms
often used interchangeably)
Cybervandalism: Intentionally disrupting, defacing or destroying
a Web site
Electronic Business MS114
UNIT-II
Types of hackers include: White hats Members of tiger teams used
by corporate
security departments to test their own security measures Black
hats Act with the intention of causing harm Grey hats Believe they
are pursuing some greater good
by breaking in and revealing system flaws
-
Credit Card Fraud
Fear that credit card information will be stolen detersonline
purchases
Hackers target credit card files and other customerinformation
files on merchant servers; use stolen datato establish credit under
false identity
Electronic Business MS114
UNIT-II
to establish credit under false identity One solution: New
identity verification mechanisms
-
Kinds of Threats or Crimes Zombied PCs - A zombie computer
(often
shortened as zombie) is a computer connected to theInternet that
has been compromised by a hacker,computer virus or Trojan horse.
Generally, a compromised machine is only one of many in
a botnet and will be used to perform malicious tasks of one
Electronic Business MS114
UNIT-II
a botnet and will be used to perform malicious tasks of onesort
or another under remote direction. Most owners ofzombie computers
are unaware that their system is beingused in this way. Because the
owner tends to be unaware,these computers are metaphorically
compared to zombies.
-
Kinds of Threats or Crimes Phishing - is the criminally
fraudulent process of
attempting to acquire sensitive information such asusernames,
passwords and credit card details bymasquerading as a trustworthy
entity in an electroniccommunication
Electronic Business MS114
UNIT-II
Phishing is typically carried out by e-mail or instantmessaging,
and it often directs users to enter details at afake website whose
look and feel are almost identical to thelegitimate one.
Phishing is an example of social engineering techniquesused to
fool users, and exploits the poor usability of currentweb security
technologies.
-
Kinds of Threats or Crimes
DoS - A denial-of-service attack (DoS attack) or
distributeddenial-of-service attack (DDoS attack) is an attempt to
makea computer resource unavailable to its intended users.
Although the means to carry out, motives for, and targets ofa
DoS attack may vary, it generally consists of theconcerted efforts
of a person or people to prevent an
Electronic Business MS114
UNIT-II
concerted efforts of a person or people to prevent anInternet
service or service from functioning efficiently or atall,
temporarily or indefinitely.
Perpetrators of DoS attacks typically target sites or
serviceshosted on high-profile web servers such as banks,
creditcard payment gateways, and even root name servers.
-
Kinds of Threats or Crimes
The term is generally used with regards to computernetwork, but
is not limited to this field, for example, it isalso used in
reference to CPU resource management.
One common method of attack involves saturating thetarget
machine with external communication requests, suchtarget machine
with external communication requests, suchthat it cannot respond to
legitimate traffic, or responds soslowly as to be rendered
effectively unavailable.
-
Kinds of Threats or Crimes
Sniffing:
type of eavesdropping program that monitors informationtraveling
over a network; enables hackers to stealproprietary information
from anywhere on a network
Spoofing:
Electronic Business MS114
UNIT-II
Spoofing:
Misrepresenting oneself by using fake e-mail addresses
ormasquerading as someone else
