23
E-COMMERCE Heema Kumari Priyanka Kumari Manisha Kumari Awanti Amrit

Ecommerce final ppt

Tags:

Embed Size (px)

Citation preview

Page 1: Ecommerce final ppt

E-COMMERCE

Heema KumariPriyanka KumariManisha KumariAwanti Amrit

Page 2: Ecommerce final ppt

Digital certificate

Page 3: Ecommerce final ppt

SECURING E-COMMERCE NETWORKS

The selection and operation of technologies that ensure network security should be based on:

Defense in depth

Need-to-access basispolicy of least privilege (POLP)

Policy of blocking access to network resources unless access is required to conduct business

Role-specific security

Monitoring

Patch management

Incident response team (IRT)

Page 4: Ecommerce final ppt

FIREWALLS

firewall

A single point between two or more networks where all traffic must pass (choke point); the device authenticates, controls, and logs all traffic

packet

Segment of data sent from one computer to another on a network

application-level proxy

A firewall that permits requests for Web pages to move from the public Internet to the private network

bastion gateway

A special hardware server that utilizes application-level proxy software to limit the types of requests that can be passed to an organization’s internal networks from the public Internet

Page 5: Ecommerce final ppt

intrusion detection systems (IDSs)A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it seeshoneynetA network of honeypotshoneypotProduction system (e.g., firewalls, routers, Web servers, database servers) that looks like it does real work, but which acts as a decoy and is watched to study how network intrusions occur

Page 6: Ecommerce final ppt

personal firewallA network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface cardvirtual private network (VPN)A network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network.protocol tunnelingMethod used to ensure confidentiality and integrity of data transmitted over the Internet, by encrypting data packets, sending them in packets across the Internet, and decrypting them at the destination address

Page 7: Ecommerce final ppt

proxies

Special software programs that run on the gateway server and pass repackaged packets from one network to the other

demilitarized zone (DMZ)

Network area that sits between an organization’s internal network and an external network (Internet), providing physical isolation between the two networks that is controlled by rules enforced by a firewall

Page 8: Ecommerce final ppt

SECURING ECOMMERCE NETWORKS DIAGRAM

Page 9: Ecommerce final ppt

SECURING PROTOCOLS

HTTPS

SSL

VPN

IDS

FIREWALLS

PUBLIC KEY INFRASTRUCTURE

Page 10: Ecommerce final ppt

Hyper Text transfer protocolsHTTPS is the Hyper-Text Transfer Protocol with SSL Encryption. It is the most popular network protocol for establishiing secure connections for exchanging documents on the World-Wide Web. It is basically HTTP carried over a TCP socket, which has been secured using SSL

Developed by CommerceNet Consortium

Extension to HTTP that provides numerous security features

Client and server authentication

Spontaneous encryption

Request/response nonrepudiation

Provides symmetric and public-key encryption, and message digests (summaries of messages as integers)

Whereas SSL is designed to establish a secure connection between two computers, S-HTTP is designed to send individual messages securely.

Page 11: Ecommerce final ppt

HTTP messages contain two parts: the header and the body of the message. The header contains instructions to the recipients (browser and server) on how to process the message’s body

During the transfer transaction, both the client browser and the server, use the information contained in the HTTP header to negotiate formats they will use to transfer the requested information.

The S-HTTP protocol extends this negotiation between the client browser and the server to include the negotiation for security matters. Hence S-HTTP uses additional headers for message encryption, digital certificates and authentication in the HTTP format which contains additional instructions on how to decrypt the message body.

Page 12: Ecommerce final ppt

Secure Sockets LayerSSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client (e.g., Outlook).

It is used by the most companies to provide security and privacy and establishes a secure session between a browser and a server.

A channel is the two way-way communication stream established between the browser and the server, and the definition of a channel security indicates three basic requirements:

The channel is reliable.

The channel is private.

The channel is authenticated.

Page 13: Ecommerce final ppt

Secure Sockets Layer (cont.)

This encryption is preceded by a ‘data handshake’ and has two major phases:

The first phase is used to establish private communication, and uses the key-agreement algorithm.

The second phase is used for client authentication.

Limits of SSL:

While the possibility is very slight, successful cryptographic attacks made against these technologies can render SSL insecure.

A downside of both SSL and SET protocols is that they both require to use cryptographic algorithms that place significant load on the computer systems involved in commerce transactions.

For the low and medium e-commerce applications, there is no additional server cost to support SET over SSL.

Page 14: Ecommerce final ppt

ROLES OF SSL IN E-COMMERCETo secure online credit card transactions.To secure system logins and any sensitive information exchanged online.To secure webmail and applications like Outlook Web Access, Exchange and Office Communications Server.To secure workflow and virtualisation applications like Citrix Delivery Platforms or cloud-based computing platforms.To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.To secure the transfer of files over https and FTP(s) services such as website owners updating new pages to theirTo secure intranet based traffic such as internal networks, file sharing, extranets, and database connections.To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway.

Page 15: Ecommerce final ppt

WHAT IS VPN ?

Virtual Private Network is a type of private network that uses public telecommunication, such as the Internet, instead of leased lines to communicate.

Became popular as more employees worked in remote locations .

Terminologies to understand how VPNs work.

Page 16: Ecommerce final ppt

AdvantagesFlexibility of growth.

Efficiency with broadband technology.

Page 17: Ecommerce final ppt

Disadvantages VPNs require an in-depth understanding of public network security issues and proper deployment of precautions .

Availability and performance depends on factors largely outside of their control .

Immature standards .

VPNs need to accommodate protocols other than IP and existing internal network technology .

Page 18: Ecommerce final ppt

Roles of VPNs

Large-scale encryption between multiple fixed sites such as remote offices and central offices

Network traffic is sent over the branch office Internet connection

This saves the company hardware and management expenses

Page 19: Ecommerce final ppt

Intrusion Detection Systems (IDS)IDS classification

Host-based IDS: monitor single host activityNetwork-based IDS: monitor network traffic

logical components:Sensors

collect data from various sources such as log files, network packetssends them to the analyzer

Analyzersprocess data from sensors and determine if intrusion has occurredmay also provide guidance for the actions to take

user interface view the output and manage the behavior

Page 20: Ecommerce final ppt

IDS REQUIREMENTo run continually with minimal human supervision

o be fault tolerant

o resist subversion

o minimal overhead on system

scalable, to serve a large numbe of users

configured according to system security policies

o allow dynamic reconfiguration

Page 21: Ecommerce final ppt

Fire wall

A network node designed to protect an individual user’s desktop system from the public network by monitoring all the traffic that passes through the computer’s network interface card

Page 22: Ecommerce final ppt

FirewallsA firewall is a barrier placed between the private

network and the outside world.All incoming and outgoing traffic must pass

through it.Can be used to separate address domains.

Control network traffic.Cost: ranges from no-cost (available on the

Internet) to $ 100,000 hardware/software system.Types:

Router-BasedHost BasedCircuit Gateways

Page 23: Ecommerce final ppt

PUBLIC KEY INFRASTRUCTUREA PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.


ppt FINAL Riesgos especificos 1.ppt

ppt FINAL Riesgos especificos 1.ppt

Documents
Ecommerce connect octobre 2014 - final

Ecommerce connect octobre 2014 - final

Documents
Cab Ppt New Final Aisa Ppt Final (1)

Cab Ppt New Final Aisa Ppt Final (1)

Documents
Ecw Ppt Final Ppt for Presentation

Ecw Ppt Final Ppt for Presentation

Documents
final ppt

final ppt

Documents
final ppt

final ppt

Documents
Protecting Your Ecommerce Company FINAL

Protecting Your Ecommerce Company FINAL

Documents
Ecommerce - Final presentation Final -2

Ecommerce - Final presentation Final -2

Documents
2can presentation ecommerce(final)

2can presentation ecommerce(final)

Economy & Finance
final final ppt (1)

final final ppt (1)

Documents
Ecommerce ppt

Ecommerce ppt

Business
3 Unit Final Ppt-final

3 Unit Final Ppt-final

Documents
Ecommerce Final Presentation

Ecommerce Final Presentation

Documents
Social media and ecommerce william toll - final

Social media and ecommerce william toll - final

Business
Ecommerce final ppt

Ecommerce final ppt

Business
Final ppt 4.12.2015.ppt

Final ppt 4.12.2015.ppt

Documents
Ecommerce trends for 2017 ppt

Ecommerce trends for 2017 ppt

Business
Ppt ecommerce 19.01.2015 - Amparo Rogrigo, Tania Martínez y Silvia Mir

Ppt ecommerce 19.01.2015 - Amparo Rogrigo, Tania Martínez y Silvia Mir

Economy & Finance
China eCommerce Market Analysis: Final Report 2013

China eCommerce Market Analysis: Final Report 2013

Marketing
EC PPT FINAL 1.10.ppt

EC PPT FINAL 1.10.ppt

Documents
Ppt presentation final final

Ppt presentation final final

Education
Informe Final Ecommerce

Informe Final Ecommerce

Documents
diego bresler ppt groupon ecommerce day montevideo

diego bresler ppt groupon ecommerce day montevideo

Documents
FINAL-Protecting Your eCommerce Company With Enforceable

FINAL-Protecting Your eCommerce Company With Enforceable

Documents
QADM Final Final PPT

QADM Final Final PPT

Documents
ASIAN CRISES Ift Ppt Final Final Final

ASIAN CRISES Ift Ppt Final Final Final

Documents
PPT ELECTIVO FINAL FINAL BONITO.pptx

PPT ELECTIVO FINAL FINAL BONITO.pptx

Documents
FINAL final ppt

FINAL final ppt

Documents
Ecommerce Final Report - Malav

Ecommerce Final Report - Malav

Documents
Lecture - ECommerce 2012.ppt › teaching › 1112 › ECommerce › Lecture.pdf22 May 2012 International Perspectives on Internet Legislation 1 These lecture notes were specially

Lecture - ECommerce 2012.ppt › teaching › 1112 › ECommerce › Lecture.pdf22 May 2012 International Perspectives on Internet Legislation 1 These lecture notes were specially

Documents