SlideShare une entreprise Scribd logo

Important Notes

Télécharger en tant que PPTX, PDF
Usman Abdullah
Usman Abdullah
FormationTechnologie
1  sur  17
Lecture # 19 SECURITY
THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
A TYPICAL E-COMMERCE TRANSACTION
MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality

Recommandé

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographicIBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREATLadyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?AariyaRathi
 

Recommandé

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographicIBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREATLadyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?AariyaRathi
 
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiMatthew J McMahon
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?AariyaRathi
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the InternetBretz Harllynne Moltio
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScanMicroWorld Software Services Pvt Ltd
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID SystemGayathridevi120
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greececonradrbeeler
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine IDr Ajith Karawita
 

Contenu connexe

Tendances

HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiMatthew J McMahon
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?AariyaRathi
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the InternetBretz Harllynne Moltio
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID SystemGayathridevi120
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 

Tendances (20)

HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Malicion software
Malicion softwareMalicion software
Malicion software
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 

En vedette

Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine IDr Ajith Karawita
 
типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работDemanessa
 
Why NextCMS: Layout Editor
Why NextCMS: Layout EditorWhy NextCMS: Layout Editor
Why NextCMS: Layout EditorPhuoc Nguyen Huu
 
Social media networking
Social media networkingSocial media networking
Social media networkingarnihapsari
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Emailcampaigncloudos
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартыноваDemanessa
 
That syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudThat syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudHajin Lim
 
коучинг
коучингкоучинг
коучингDemanessa
 
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...Olena Ursu
 
нормы времени
нормы временинормы времени
нормы времениDemanessa
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугOlena Ursu
 
кислицын максим
кислицын максимкислицын максим
кислицын максимDemanessa
 
Evaluation
EvaluationEvaluation
Evaluationharps123
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estoniaCarl Custav
 

En vedette (20)

5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greece
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine I
 
Quantum Meruit
Quantum MeruitQuantum Meruit
Quantum Meruit
 
типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работ
 
110006677914
110006677914110006677914
110006677914
 
Cillian
CillianCillian
Cillian
 
Why NextCMS: Layout Editor
Why NextCMS: Layout EditorWhy NextCMS: Layout Editor
Why NextCMS: Layout Editor
 
Pissarro's peers
Pissarro's peersPissarro's peers
Pissarro's peers
 
Social media networking
Social media networkingSocial media networking
Social media networking
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Email
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартынова
 
That syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudThat syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloud
 
коучинг
коучингкоучинг
коучинг
 
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
 
нормы времени
нормы временинормы времени
нормы времени
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послуг
 
кислицын максим
кислицын максимкислицын максим
кислицын максим
 
6. tymchuk
6. tymchuk6. tymchuk
6. tymchuk
 
Evaluation
EvaluationEvaluation
Evaluation
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estonia
 

Similaire à Important Notes

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfjainutkarsh078
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptxAmeyBarbade1
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanismCAS
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 

Similaire à Important Notes (20)

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
CYBER.pptx
CYBER.pptxCYBER.pptx
CYBER.pptx
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 

Plus de Usman Abdullah

Assignment............
Assignment............Assignment............
Assignment............Usman Abdullah
 
Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Usman Abdullah
 

Plus de Usman Abdullah (6)

Assignment............
Assignment............Assignment............
Assignment............
 
Oedogonium
OedogoniumOedogonium
Oedogonium
 
Window xp slides
Window xp slidesWindow xp slides
Window xp slides
 
Festivals Of Pakistan
Festivals Of PakistanFestivals Of Pakistan
Festivals Of Pakistan
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1
 

Dernier

MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 

Dernier (20)

MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 

Important Notes

  • 2. THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
  • 3.
  • 4.
  • 5. THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
  • 6. SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
  • 7. A TYPICAL E-COMMERCE TRANSACTION
  • 8. MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
  • 9. UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
  • 10. PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
  • 11. HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
  • 12. CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
  • 13. SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
  • 14. DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
  • 15. OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
  • 16. TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
  • 17. PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality