SlideShare une entreprise Scribd logo

Important Notes

Télécharger en tant que PPTX, PDF
Usman Abdullah
Usman Abdullah
FormationTechnologie
1  sur  17
Lecture # 19 SECURITY
THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
A TYPICAL E-COMMERCE TRANSACTION
MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality

Recommandé

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographicIBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREATLadyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?AariyaRathi
 

Recommandé

Dyre Malware infographic
Dyre Malware infographicDyre Malware infographic
Dyre Malware infographicIBM Security
 
Phishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayPhishing, Pharming, and the latest potholes on the Information Highway
Phishing, Pharming, and the latest potholes on the Information HighwayKevin Lim
 
1 understanding cyber threats
1 understanding cyber threats 1 understanding cyber threats
1 understanding cyber threats mohamad Hamizi
 
Ransomware
RansomwareRansomware
RansomwareDeepakKumar4980
 
INTERNET THREAT
INTERNET THREATINTERNET THREAT
INTERNET THREATLadyleyladyley
 
Web server security challenges
Web server security challengesWeb server security challenges
Web server security challengesMartins Chibuike Onuoha
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-systemSouman Guha
 
What is threat intelligence ?
What is threat intelligence ?What is threat intelligence ?
What is threat intelligence ?AariyaRathi
 
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiMatthew J McMahon
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?AariyaRathi
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the InternetBretz Harllynne Moltio
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScanMicroWorld Software Services Pvt Ltd
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID SystemGayathridevi120
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greececonradrbeeler
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine IDr Ajith Karawita
 

Contenu connexe

Tendances

HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiMatthew J McMahon
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020SecPod Technologies
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Symptai Consulting Limited
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?AariyaRathi
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the InternetBretz Harllynne Moltio
 
Client server security threats
Client server security threatsClient server security threats
Client server security threatsrahul kundu
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attackstechexpert2345
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attackAmna
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N GHafizra Mas
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attackKarthik
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Malicion software
Malicion softwareMalicion software
Malicion softwareA. Shamel
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID SystemGayathridevi120
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 

Tendances (20)

HCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbiHCA 530, Week2, Psa i-091516-ransomware notice from fbi
HCA 530, Week2, Psa i-091516-ransomware notice from fbi
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
 
Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?Can your company survive a modern day cyber attack?
Can your company survive a modern day cyber attack?
 
What is a malware attack?
What is a malware attack?What is a malware attack?
What is a malware attack?
 
Common Security Issues on the Internet
Common Security Issues on the InternetCommon Security Issues on the Internet
Common Security Issues on the Internet
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Ransomware attack
Ransomware attackRansomware attack
Ransomware attack
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScan
 
Ict H A C K I N G
Ict H A C K I N GIct H A C K I N G
Ict H A C K I N G
 
Phishing - A modern web attack
Phishing - A modern web attackPhishing - A modern web attack
Phishing - A modern web attack
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Malicion software
Malicion softwareMalicion software
Malicion software
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 

En vedette

Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine IDr Ajith Karawita
 
типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работDemanessa
 
Why NextCMS: Layout Editor
Why NextCMS: Layout EditorWhy NextCMS: Layout Editor
Why NextCMS: Layout EditorPhuoc Nguyen Huu
 
Social media networking
Social media networkingSocial media networking
Social media networkingarnihapsari
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Emailcampaigncloudos
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартыноваDemanessa
 
That syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudThat syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudHajin Lim
 
коучинг
коучингкоучинг
коучингDemanessa
 
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...Olena Ursu
 
нормы времени
нормы временинормы времени
нормы времениDemanessa
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугOlena Ursu
 
кислицын максим
кислицын максимкислицын максим
кислицын максимDemanessa
 
Evaluation
EvaluationEvaluation
Evaluationharps123
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estoniaCarl Custav
 

En vedette (20)

5 Stages Of Greece
5 Stages Of Greece5 Stages Of Greece
5 Stages Of Greece
 
Clinical materials for medicine I
Clinical materials for medicine IClinical materials for medicine I
Clinical materials for medicine I
 
Quantum Meruit
Quantum MeruitQuantum Meruit
Quantum Meruit
 
типология исследовательских работ
типология исследовательских работтипология исследовательских работ
типология исследовательских работ
 
110006677914
110006677914110006677914
110006677914
 
Cillian
CillianCillian
Cillian
 
Why NextCMS: Layout Editor
Why NextCMS: Layout EditorWhy NextCMS: Layout Editor
Why NextCMS: Layout Editor
 
Pissarro's peers
Pissarro's peersPissarro's peers
Pissarro's peers
 
Social media networking
Social media networkingSocial media networking
Social media networking
 
ElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising EmailElectionMall Cloud and Online Fundraising Email
ElectionMall Cloud and Online Fundraising Email
 
умп э мдк ск мартынова
умп э мдк ск мартыноваумп э мдк ск мартынова
умп э мдк ск мартынова
 
That syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloudThat syncing feeling early user experiences with the cloud
That syncing feeling early user experiences with the cloud
 
коучинг
коучингкоучинг
коучинг
 
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
ЗАХОДИ ІЗ ВПРОВАДЖЕННЯ ЕЛЕМЕНТІВ Е-ВРЯДУВАННЯ В ЛУЦЬКІЙ МІСЬКІЙ РАДІ. Борис К...
 
нормы времени
нормы временинормы времени
нормы времени
 
Презентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послугПрезентація щодо реформування системи надання адміністративних послуг
Презентація щодо реформування системи надання адміністративних послуг
 
кислицын максим
кислицын максимкислицын максим
кислицын максим
 
6. tymchuk
6. tymchuk6. tymchuk
6. tymchuk
 
Evaluation
EvaluationEvaluation
Evaluation
 
Ecological problems in estonia
Ecological problems in estoniaEcological problems in estonia
Ecological problems in estonia
 

Similaire à Important Notes

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-securityMarya Sholevar
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfjainutkarsh078
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy controlSifat Hossain
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptxAmeyBarbade1
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanismCAS
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attacktaufiq463421
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtaufiq463421
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Symantec
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx230405
 

Similaire à Important Notes (20)

Chapter three e-security
Chapter three e-securityChapter three e-security
Chapter three e-security
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdfonlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
 
Online security and payment system
Online security and payment systemOnline security and payment system
Online security and payment system
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
Ethics,security and privacy control
Ethics,security and privacy controlEthics,security and privacy control
Ethics,security and privacy control
 
Cyber security By rajeev.pptx
Cyber security By rajeev.pptxCyber security By rajeev.pptx
Cyber security By rajeev.pptx
 
Internet threats and defence mechanism
Internet threats and defence mechanismInternet threats and defence mechanism
Internet threats and defence mechanism
 
CYBER.pptx
CYBER.pptxCYBER.pptx
CYBER.pptx
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
Internet Security Threat Report 2014 :: Volume 19 Appendices - The hardcore n...
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Orientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptxOrientation 28 sep education purpose only.pptx
Orientation 28 sep education purpose only.pptx
 

Plus de Usman Abdullah

Assignment............
Assignment............Assignment............
Assignment............Usman Abdullah
 
Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Usman Abdullah
 

Plus de Usman Abdullah (6)

Assignment............
Assignment............Assignment............
Assignment............
 
Oedogonium
OedogoniumOedogonium
Oedogonium
 
Window xp slides
Window xp slidesWindow xp slides
Window xp slides
 
Festivals Of Pakistan
Festivals Of PakistanFestivals Of Pakistan
Festivals Of Pakistan
 
Final presentation
Final presentationFinal presentation
Final presentation
 
Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1Dna fingerprinting powerpoint 1
Dna fingerprinting powerpoint 1
 

Dernier

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 

Dernier (20)

Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 

Important Notes

  • 2. THE E-COMMERCE SECURITY ENVIRONMENT: THE SCOPE OF THE PROBLEM Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses – Symantec: Cybercrime on the rise from 2006 – Internet Crime Complaint Center (IC3): Logged 1 000 000+ consumer complaints about alleged online fraud or cyber crime and referred 460,000+ complaints to law enforcement agencies – 2007 Computer Security Institute (CSI) survey: 46% detected security breach; 91% suffered financial loss as a result. The average annual loss reported in this year’s survey shot up to $350,424 from $168,000 the previous year. – Underground economy marketplace that offers sales of stolen information growing.
  • 3.
  • 4.
  • 5. THE DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY • Integrity – The ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in any way by an unauthorized party • Non repudiation – The ability to ensure that e-commerce participants do not deny (i.e. repudiate) their online actions • Authenticity – The ability to identify the identity of a person or entity with whom you are dealing in the internet • Confidentiality – The ability to ensure that messages and data are available only to those who are authorized to view them • Privacy – The ability to control the use of information about oneself • Availability – The ability to ensure that an e-commerce site continues top function as intended
  • 6. SECURITY THREATS IN THE E-COMMERCE ENVIRONMENT Three key points of vulnerability: – Client – Server – Communications channel
  • 7. A TYPICAL E-COMMERCE TRANSACTION
  • 8. MALICIOUS CODE • Viruses: – Have ability to replicate and spread to other files; most also deliver a “payload” of some sort (destructive or benign); include macro viruses, file-infecting viruses, and script viruses • Worms: – Designed to spread from computer to computer • Trojan horse: – Appears to be benign, but then does something other than expected • Bots: – Can be covertly installed on computer; responds to external commands sent by the attacker
  • 9. UNWANTED PROGRAMS Installed without the user’s informed consent – Browser parasites: Can monitor and change settings of a user’s browser. – Adware: Calls for unwanted pop-up ads – Spyware: Can be used to obtain information, such as a user’s keystrokes, e- mail, IMs, etc.
  • 10. PHISHING AND IDENTITY THEFT Any deceptive, online attempt by a third party to obtain confidential information for financial gain – Most popular type: e-mail scam letter – One of fastest growing forms of e-commerce crime
  • 11. HACKING AND CYBERVANDALISM • Hacker: Individual who intends to gain unauthorized access to computer systems • Cracker: Hacker with criminal intent (two terms often used interchangeably) • Cyber vandalism: Intentionally disrupting, defacing or destroying a Web site • Types of hackers include: – White hats – Black hats – Grey hats
  • 12. CREDIT CARD FRAUD Fear that credit card information will be stolen deters online purchases • Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity • One solution: New identity verification mechanisms
  • 13. SPOOFING (PHARMING) AND SPAM (JUNK) WEB SITES Spoofing (Pharming) – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Threatens integrity of site; authenticity Spam (Junk) Web sites – Use domain names similar to legitimate one, redirect traffic to spammer redirection domains
  • 14. DOS AND DDOS ATTACKS Denial of service (DoS) attack – Hackers flood Web site with useless traffic to inundate and overwhelm network • Distributed denial of service (DDoS) attack – Hackers use numerous computers to attack target network from numerous launch points
  • 15. OTHER SECURITY THREATS Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network • Insider jobs: Single largest financial threat • Poorly designed server and client software: Increase in complexity of software programs has contributed to increase is vulnerabilities that hackers can exploit
  • 16. TECHNOLOGY SOLUTIONS • Protecting Internet communications (encryption) • Securing channels of communication (SSL, S-HTTP, VPNs) • Protecting networks (firewalls) • Protecting servers and clients
  • 17. PROTECTING INTERNET COMMUNICATIONS: ENCRYPTION Encryption: – Process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver • Purpose: – Secure stored information and information transmission • Provides: – Message integrity – Nonrepudiation – Authentication – Confidentiality