Adapted from Ecommerce, Laudon and Traver - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

Adapted from Ecommerce, Laudon and Traver

Description:

Malicious code. Hacking and Cybervandelism. Credit card fraud. Spoofing. Denial of Service Attacks ... Examples of Malicious. Code. Page 241. Table 5.2. Tools ... – PowerPoint PPT presentation

Number of Views:229
Avg rating:3.0/5.0
Slides: 30
Provided by: george73
Category:

less

Transcript and Presenter's Notes

Title: Adapted from Ecommerce, Laudon and Traver


1
CHAPTER 5
Security and Encryption
Adapted from Ecommerce, Laudon and Traver
2
Learning Objectives
  • Understand the scope of e-commerce crime and
    security problems
  • Describe the key dimensions of e-commerce
    security
  • Understand the tension between security and other
    values
  • Identify the key security threats in the
    e-commerce environment

3
Learning Objectives
  • Describe how various forms of encryption
    technology help protect the security of messages
    sent over the Internet
  • Identify the tools used to establish secure
    Internet communications channels
  • Identify the tools used to protect networks,
    servers, and clients
  • Appreciate the importance of policies,
    procedures, and laws in creating security

4
The E-commerce Security Environment
  • Recent survey of 538 security practitioners in
    U.S. corporations and government agencies
    reported
  • 85 detected breaches of computer security within
    the last 12 months
  • 64 acknowledged financial loss as a result
  • 35 quantified their financial loss to total 337
    million in aggregate

5
The E-commerce Security Environment
  • Most serious losses involved theft of proprietary
    information or financial fraud
  • 40 reported attacks from outside the
    organization
  • 38 experienced denial of service attacks
  • 94 detected virus attacks

6
The E-commerce Security Environment
  • Page 234, Figure 5.2

7
Dimensions of E-commerce Security
  • Integrity
  • Nonrepudiation
  • Authenticity
  • Confidentiality
  • Privacy
  • Availability

8
Dimensions of E-commerce Security
  • Page 235, Table 5.1

9
The Tension Between Security and Other Values
  • Ease of use
  • Public Safety and the Criminal Uses of Security

10
Security Threats in the E-commerce Environment
  • Three key points of vulnerability
  • the client
  • the server
  • communications pipeline

11
A Typical E-commerce Transaction
  • Page 238, Figure 5.3

12
Vulnerable Points in an E-commerce Environment
  • Page 239, Figure 5.4

13
Seven Security Threats to E-commerce Sites
  • Malicious code
  • Hacking and Cybervandelism
  • Credit card fraud
  • Spoofing
  • Denial of Service Attacks
  • Sniffing
  • Insider Jobs

14
Examples of Malicious Code
  • Page 241
  • Table 5.2

15
Tools Available to Achieve Site Security
  • Page 247, Figure 5.5

16
Encryption
  • The process of transforming plain text or data
    into cipher text that cannot be read by anyone
    outside of the sender and the receiver. The
    purpose of encryption is (a) to secure stored
    information and (b) to secure information
    transmission.
  • Cipher text is text that has been encrypted and
    thus cannot be read by anyone besides the sender
    and the receiver

17
Public Key Cryptography - A Simple Case
  • Page 251, Figure 5.6

18
Public Key Cryptography with Digital Signatures
  • Page 252, Figure 5.7

19
Public Key Cryptography Creating a Digital
Envelope
  • Page 254, Figure 5.8

20
Digital Certificates and Public Key Infrastructure
  • Page 255, Figure 5.9

21
Encryption
  • Public Key Infrastructure (PKI) are certification
    authorities and digital certificate procedures
    that are accepted by all parties
  • Pretty Good Privacy (PGP) is a widely used email
    public key encryption software program

22
Securing Channels of Communications
  • Secure Sockets Layer (SSL) is the most common
    form of securing channels
  • Secure negotiated session is a client-server
    session in which the URL of the requested
    document, along with the contents, the contents
    of forms, and the cookies exchanged, are
    encrypted.
  • Session key is a unique symmetric encryption key
    chosen for a single secure session

23
Secure Negotiated Sessions Using SSL
  • Page 259, Figure 5.10

24
Protecting Networks
  • Firewalls are software applications that act as a
    filter between a companys private network and
    the Internet itself
  • Proxy server is a software server that handles
    all communications originating from or being sent
    to the Internet, acting as a spokesperson or
    bodyguard for the organization

25
Firewalls and Proxy Servers
  • Page 262, Figure 5.11

26
Protecting Servers and Clients
  • Operating system controls allow for the
    authentication of the user and access controls to
    files, directories, and network paths
  • Anti-virus software is the easiest and least
    expensive way to prevent threats to system
    integrity

27
Policies, Procedures, and Laws
  • Developing an e-commerce security plan
  • perform a risk assessment
  • develop a security policy
  • develop an implementation plan
  • create a security organization
  • perform a security audit

28
E-commerce Security Legislation
  • Page 268, Table 5.3

29
Government Efforts to Regulate and Control
Encryption
  • Page 269, Table 5.4
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Adapted from Ecommerce, Laudon and Traver" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!