Embed Size (px)
Citation preview
*E-SECURITY
Meryem UysalLeyla AkınOrkun Burak YalçınZeynep Bozoğlan
*WHAT IS E-SECURITY?
* Nowadays, internet is a big part of our lives. We use internet for many things. For example; For example, communication, banking operations, obtain information about a product, shopping, health, transportation, entertainment, education, etc..
*When we are using applications, sometimes we need to share our personal information such as credit card number, our e-mail password or user name, our and our phone number etc..
*We use so much information on the internet, for this reason our sensitive issues are security.
*banks which know this, big web sites and goverment agencies spend a lot money for this and they establish units which care only this issue.
*However, not only big companies, and also we need to take precautions for internet. Because rate of encountering us and spyware or stolen our identity information is very hight.
*E security protects us against this risks
*Why do we need e-security?
*Everyone has a special life and some information are special for us: Although our personal information is not a state secret, nobody wants to be read their mails or be taken their files.
*Most systems used today is the Internet network clearly. Banks, Insurance companies, factories, universities are open to the Internet network for sharing information.
* For example, an interactive banking system is a platform that can easily be displayed your accounts .if a malicious person access to your account ,this can be very bad for you.
*Network Security
*You have to protect you computer network. Network security technology protect your network from theft, misuse of confidential business information, arising from Internet viruses and their malicious attacks.
* If you do not use network security, you are on risk for unauthorized intrusion, network closure, service interruption, regulatory non-compliance, and legal action risks
*Network Security
*Network security does not use on a single method.If a solution fails, the others protect your company and your data aganist various network attacks.
*Security layers in your networks mean your valuable information open for your use and protection against threats.
*Especially network security protects against Internal and external network attacks. Threats can come from inside and outside the four walls of your business. An effective security system watch all network activity and finds unusual behavior, gives an appropriate response.
*Network Security
*Everywhere, every time it ensures the confidentiality of all communications.
*Employees can access to the network from home or on the move with the assurance that communications are the hidden and protected.
*It controls access to the information with defining users and systems correctly.
*Businesses can create their own rules regarding access to data.
*Denying access or approval may be based on to the user ID , job function, or other specific criteria.
*Network Security
*Makes you more reliable.
*Because of security technologies protect your system against known attacks and adapted for new threats, employees, customers and business partners, be sure it is safe for information
*E-Commerce Security
*In electronic commerce, buyers ans sellers want to take precautions.Because they do not see each other. Especially they want to know each other Ids.Thanks to digital signatures and digital certificates they are sure each other Ids.
*E-Commerce Security
*Another issue is risk of falling into the hands of 3rd parties information such as credit cards number that they have to give when they are shopping online.
*Therefore,protecting of this information is great importance for the development of electronic commerce.
*E-Commerce Security
*However, in electronic commerce, falling credit card information into the hands of others is less risk than in daily life.
*in daily life, we give credit cards to other peple so privacy of credit card information disappear.
*If security systems use basis of during the data flow between user workplace and bank, information to be transferred encrypted , it is prevented another people to use our information .
EMTM 553 13 12/15/00
*Goals of Security
DATA
Integrity
DATA
Availability
DATA
Confidentiality
Source: GUNTER
*WHY E-SECURITY?
*When trading online users who are victims of cybercrime rate the last month
* More than 10 million people are victims of cybercrime
* 15 percent of social network users that hacket profile
What Is Good E-commerce
Security?*To achieve highest degree of security
*New technologies
*Organizational policies and procedures
*Industry standards and government laws
*Other factors
*Time value of money
*Cost of security vs. potential loss
*Security often breaks at weakest link
Copyright © 2010 Pearson Education, Inc.
Developing an E-commerce Security Plan
Figure 5.14, Page 303 Slide 5-16
Security in e- commerce
*SECURE PASSWORD
*PASSWORD-PROTECT YOUR COMPUTER
*1. STRATEGIES FOR PROTECTING YOUR PRIVACY ONLINE
*PROTECTING DATA ON OUR COMPUTERS
*Set up a guest account on your computer and let other people use your machine with that guest account. By doing this, you keep them away from your own files and data.
*Password-protect access to your computer, and activate it even if you step away just for a moment.
*Password-protect directories, folders and files that contain sensitive information.
*Sometimes having passwords can also arouse suspicion if you live in a vulnerable situation. It may be safer to keep sensitive information on a portable memory drive
* PROTECTING AGAINST COMPUTER VIRUSES
*Use an operating system other than Windows. All of the malicious computer virus out there are built for Windows machine. If you shift to another operating system (Linux, BSD, Mac OS), the most common computer virus will not be able to do anything with your machine.
*But if you choose to remain a Windows user, you must have a reliable anti-virus softare. One that regularly updates its libraries to be able to track the latest computer virus infecting the Internet. One such anti-virus software is
*Keep your anti-virus software up-to-date and schedule daily virus checks on your machine. (handy tip: schedule your anti-virus check up during your lunchbreak so it doesn't interrupt your work). Make sure that your anti-virus checks incoming email and downloads automatically.
*Never open email attachments unless you're absolutely sure that the file is not infected.
*Whenever you use a CD or thumb drive that's been used on a different machine, run your anti-virus software on it first to make sure that it's clean.
*Back up your data regularly. Make it a habit to do so at the very least, once a month.
*All operating systems issue regular updates or patches, keep your computer's
* PROTECTING YOUR IDENTITY
*Be careful what personal information you
share online
*Create a different email account for registering in social networking sites
*Do not feel obligated to fill out all fields when registering onlin
Consider using a name that is not your real name or a nickname as your email name, screen name or user ID. Instead, pick a name that is gender- and age-neutral. Use secure passwords.
*Protecting yourself
*Ports*Open ports allow access to a variety of problems
*Port Scanner
*Nanoprobe
*Finding an open port tells you what services are available!
*Close down as many as necessary to make the system secure.
13 Nisan 2004
* Internet Üzerinden İlk Banka Hırsızlığı
•1994 yılında Vladimir Levin Citibank’ı Rusyadan hack etti• Citibank $400.000 kaybetti ; iş çevreleri $400 milyon olduğunu söylüyor.
• Hackerlar organize olarak çalışıyor
*E- Security Technologies
*There are 4 basic security principles:
*1. Authenticity - " How do I know who sent me this? "Is this the person who he/she claims to be ?
*2. Security - " How do I know this hasn't been tampered with? "Is my information accessible to anyone other than me ?
*3. Non – Repudation - " How do I know they won't deny sending this? "
Is this information recorded accurately ?*4. Privacy and Confidentiality - " How do I know no-one else will see this? "
Is my customer data private, do I have control over how that information is used?*There are many e-security technologies each adressing these 4 principles in different ways.
Authentication Technologies
* Business is built around trust and relationships. For these to work, customers and businesses need to be sure of who they are dealing with. Physical checks are not possible on the Internet, so we must rely on other means to confirm identity and that the information we send and receive is not being tampered with.
* Most authentication technologies rely on a combination of one or more of the following elements:
Something you know, such as a password or PIN; Something you possess, such as a smart card or access
key; and Something you are - a unique physical quality, such as
your fingerprint or iris (an area collectively known as biometrics).
Authentication Technologies
* Most e-security systems suitable for small businesses rely on password systems. Enhanced options for authenticating identities and communications include:
Encryption systems provide a means of sending data in encrypted or secure form between different Internet locations. Secure Sockets Layer (SSL) technology is often used for online shopping applications.
Public key infrastructure (PKI), which uses digital signature certificates to authenticate individuals and companies. This technology is being widely adopted by government agencies for online transactions. A simpler version, Pretty Good Privacy (PGP), is often used for emails.
Virtual private networks (VPNs), which are used by large businesses to allow remote employees to securely connect to central computer networks via the Internet, for example. If you are a small company but supply to larger businesses, you may find you are required to join or transact over their VPN.
* Secure Access (Password Authentication)
* In password authentication systems, each user of a site or computer is assigned a unique username and password. If the correct password is entered, access to a site or service is granted; if not, access is denied. Passwords are widely implemented in many software packages, but offer only a relatively low level of security.
* Secure Connections (SSL)
* Secure Sockets Layer (SSL) combines a basic password system with extra security for website access. Once a website verifies that a username and password match up, it creates a secure connection for exchanging confidential information.
* Secure Interconnection (PKI)
* Public key infrastructure (PKI) is used by government agencies and banks for secure transactions. For instance, the Australian Tax Office (ATO) uses it for handling quarterly Business Activity Statements (BAS) and tax returns. In 2000/2001, 280,000 people used PKI to submit their tax returns electronically.
* PKI makes use of a system known as public key cryptography, combined with carefully documented policies, to ensure that transactions are authentic and secure. Public key cryptography uses two keys to scramble and decipher messages. One key is known as a 'public key' and is widely distributed. The other is called a 'private key' and is held secretly by an individual. Messages are protected by scrambling them with the public key of the recipient. Computer algorithms ensure that only the private key held by the person you are mailing can decrypt or unscramble the message. The larger the key files involved, the higher the level of security.
* Secure personal connection (PGP)
* Pretty Good Privacy (PGP) is a popular security option for individuals. Like PKI, it uses public key encryption. However, unlike PKI, it allows users to generate their own public and private keys. This makes it cheaper and easier to implement, but does not offer the same reassurance as a certificate issued by an independent third party.
* Secure networking (VPNs)
* Virtual private networks (VPNs) use advanced encryption and 'tunnelling' technologies to enable businesses to establish secure private connections between their corporate networks and third-party networks such as the Internet. VPNs allow mobile workers and businesses with multiple office sites to communicate securely at high speeds. They offer one of the highest levels of network and Internet security, but may be an expensive solution for smaller businesses.
* The diagram below shows how processes in the paper world relate to equivalent processes in the
electronic world.
* Obviously, not every business needs to invest in every available e-security technology. The level of e-security required will depend on how extensively you wish to take advantage of Internet technologies, and how much you are prepared to spend. The Pyramid of Authentication Technologies (above) shows the trade-offs in security and popularity in the main systems on offer.
*Conclusion
*There are many solutions available to help introduce e-security to your business. Basic systems such as passwords are low cost and easy to implement, but don't provide the same degree of security as more elaborate systems such as PKI. Your business is likely to need a mixture of solutions. For instance, you might use password protection for most internal business requirements, and PKI for more private documents such as interactions with your bank.
Some Aplication in Turkey and Word
*A firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.Cisco ASA, Fortinet,Labris, Juniper, NetSafe-Unity, Netscreen ve Symantec.
*A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected"
*E mail security(spam,fake e-posta etc.)
● Password security● İnformation security● iSAFE
Internet Filtering in Word
● Countries which apply internet filtering in the word:
● England, France, Germany, Denmark, Italy, Australia,
● USA, Canada, Brazil, Argentina, Cuba, Colombia, Peru,
● Russia, Iran, Saudi Arabia, China, Japan, Spain, Thailand,
● Switzerland , Bulgaria and Sweden.
Intering Filtering in Word
Notice and TakedownNotice and take down is a process operated by
online hosts in response to court orders or allegations that content is illegal. Content is removed by the host following notice.
Secure Internet in Turkey
THANK YOU FOR
LISTENINGTO US
