My IT Management course in UBC MBA Prof: Ron Cenfetelli Web 2.0 – Moving beyond HTML Confidentiality Authentication Ability to verify the identity of people/organizations Data/Message Integrity Ensuring communications were not modified in transit/storage Nonrepudiation Parties cannot deny a communication Proof that the sender sent and proof that the receiver received

1. E-business Infrastructure and Security Ron Cenfetelli Web Server Browser TCP/IP

6. Growth in the Internet Population (% of Americans who go online) – source Pew Internet and American Life Foundation

7. Growth in the Internet Population (% of Americans who go online) – source Pew Internet and American Life Foundation

8. Internet usage, Canada & US

9. January 16, 2008 “ Internet penetration continues to show signs of hitting a plateau. The percentage of former users who say they have no intention of going back online continues to increase, and less than half of those who have never used the Internet plan to log on in the coming year. “

10. Digital Divide? Age , Education , Income and Location appear to be highly predictive of broadband access

11. Internet Infrastructure Intranet T1 line Phone line T3 line Backbone Internet ISP Company A Person 2 POP NAP

15. Source: Fitzgerald & Dennis

16. http://www.caida.org/tools/visualization/walrus/gallery1/ries-t2.png

17. BusinessWeek: 15 Jan 2007

18. Jan 2000 Cooperative Association for Internet Data Analysis http://www.caida.org/analysis/topology/as_core_network/historical.xml

19. May 2003 http://www.caida.org/analysis/topology/as_core_network/historical.xml

20. April 2005 http://www.caida.org/analysis/topology/as_core_network/historical.xml

23. Uniform Resource Locator (URL) http://www.sauder.ubc.ca/bcom/ PROTOCOL FOR THE WEB DIRECTORY Domain Name Uniform Resource Locater (URL) Host Computer Top Level Domain (TLD)

35. A “Packet”

36. Routers Internet Routers POP NAP

38. TCP/IP – Organized Chaos Brad sends “HELLO” to Al Al H E L Internet L O Packet Router

39. Internet in Action Internet 101.org © 1997-2004 Scott Cottingham

48. Security

49. Why Security Matters to e-Business Peter Steiner -p. 61, The New Yorker, (July 5, 1993)

50. Wednesday, 2 January 2008,

53. Malware marries Web 2.0 “ Where human beings solve the puzzles the viruses cannot."

54. See link On WebCT

55. Security in the Physical World Lock Security forces Safe Signature Physical barriers Fingerprint Seal Contract

64. Hashing Hashing algorithm A value say X Hashing algorithm Y Sender Receiver If X = Y, message sent and received are the same. X message message X=Hash Value message X message

65. PKI Components: Digital Signature (cont.) Note how the private/public key process is reversed! Compute digest from hashing algorithm Encrypt Digest Transmission Decrypt Digest Compute expecteddigest from hashing algorithm Confirm or deny integrity of message Cleartext message Sender encrypts with his private key Cleartext message Receiver decrypts w/ Sender’s public key Digital Signature Digest Digest Expected Digest

71. Putting it all together… Customer Internet merchant Certificate authority Customer’s info requests and Merchant’s info are exchanged. Customer verifies Merchant (received msg’s are signed with a hash that can be decrypted with the merchant’s public keys held by CA) Provides encrypted information for purchases ( encrypted with merchant’s public key). Credit card and message digest is signed with customer’s private key. Merchant verifies Customer (received msg’s are signed with a hash that can be decrypted with the customer’s public keys held by CA) Customer’s Public Key Merchant’s Public Key

72. More Security and Identification We’ve discussed how to ID ourselves across the Internet, but how do we ID ourselves at our “point of presence”?

78. Biometrics: Face Source: http://www.zdnet.com/products/stories/reviews/0,4161,2204062,00.html

79. Biometrics: Voice Source: http://www.zdnet.com/products/stories/reviews/0,4161,2204062,00.html

80. Biometrics: Fingerprint Source: http://www.zdnet.com/products/stories/reviews/0,4161,2204062,00.html

87. “ Symantec says the Trojan.Silentbanker has so far targeted over 400 banks around the world, but according to a blog posted by Symantec's Liam O’Murchu on January 14 [2008], the most worrying aspect is that the Trojan can perform man-in-the-middle attacks (where an attacker can read, insert and modify messages between two parties without either party knowing).” http://m-net.net.nz/2157/latest-news/latest-news/trojan.silentbanker-defeats-2-factor-authentication-attacks-400-b.php

88. A local Trojan Horse Vancouver Sun - October 6, p. A3

89. Questions? Comments?