Securing e-Business

Part I
Securing e-Business
Content Outline

Need of securing e-Business

Online vulnerabilities and attacks that can cripple e-
business

8/31/2016 2
Securing e-Business
Objective

At the end of this session you will be able to,

Justify the need for securing e-Business
Identify Online vulnerabilities and attacks that can
cripple e-Business
Analyze the Online vulnerabilities and attacks

8/31/2016 3
Securing e-Business

8/31/2016 4
Securing e-Business

8/31/2016 5
Securing e-Business

8/31/2016 6
Securing e-Business

8/31/2016 7
Securing e-Business

More recently, Yahoo,

Amazon.com, eBay, and some
other popular World Wide Web
(WWW) sites were targets of
what appears to have been a
coordinated "denial-of-service"
attack

8/31/2016 8
Securing e-Business
Think-Pair-Share

Objective: Justify the need for securing e-Business

Time: 10 mins. Type: Pair

Learners Task:

Think why is computer, data and network security important?

Discuss it in pair
Share your points in the class

8/31/2016 9
Securing e-Business
Need for Securing e-Business

To protect company assets

To gain a competitive
advantage
To keep your job

To comply with regulatory

requirements and fiduciary
responsibilities

8/31/2016 10
Securing e-Business

e-Business security is concerned with,

Confidentiality of information

Maintaining its Knowledge-value

Ensuring its availability to legitimate users and customers

when required to perform an authorized business activity

8/31/2016 11
Securing e-Business

A 2001 Computer Security Institute (CSI)/ Federal Bureau of

Investigation (FBI) survey of U.S. corporations, federal
agencies, universities, and financial institutions on security
problems revealed that:

40% had unauthorized access by an

outsider

70% said their Internet connection was a

frequent point of attack

8/31/2016 12
Securing e-Business

A 2001 Computer Security Institute (CSI)/ Federal Bureau of

Investigation (FBI) survey of U.S. corporations, federal
agencies, universities, and financial institutions on security
problems revealed that:

94% were hit by a virus

85% detected security breaches in the

last 12 months

64% had financial losses as a result of

security breaches
8/31/2016 13
Securing e-Business

Basic Security Concepts:

8/31/2016 14
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Vulnerability is an inherent weakness in the

design, configuration, or implementation of a
network or system that renders it susceptible to
a threat

8/31/2016 15
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

An attack is a specific technique used to

exploit vulnerability

8/31/2016 16
Securing e-Business

Who are the enemies?

8/31/2016 17
Securing e-Business
Webquest

Objective: Identify online vulnerabilities and attacks that can

cripple your e-Business
Time: 90 mins. Type: Group, Presentation
Learners Task:
7 equal groups
Assign following topics to each group
o Group 1: Hackers, Unaware Staff, and Disgruntled Staff
o Group 2: Snoops and Password Crackers
o Group 3: Viruses and Worms
o Group 4: Trojan and Rootkits
o Group 5: Adware, Spyware and Malware
o Group 6: Phishing and Pharming
o Group 7: DoS, and Pornography
8/31/2016 18
Securing e-Business
Webquest

Objective: Identify online vulnerabilities and attacks that can

cripple your e-Business
Time: 90 mins. Type: Group, Presentation
20 mins. Group Discussion
10 mins. For each group presentation

Learners Task:
Refer the webquest ppt and follow the instructions given
in it.

8/31/2016 19
Securing e-Business
Debriefing

Online Vulnerabilities
and Attacks that can
Cripple e-Business

8/31/2016 20
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business
Attacks

Active Attack Passive Attack

Employ more overt actions No overt activity that can be
on the network or system monitored or detected

Easier to detect Very difficult to detect

Example: denial-of-service Example: Packet sniffing or

attack or active probing of traffic analysis
systems and networks
8/31/2016 21
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Hackers
Computer enthusiasts who take pleasure in gaining access
to other peoples computers or networks
Someone who attempts to break into computer systems
Crashes entire computer system, steals or damages
confidential data, defaces Web pages, and
ultimately disrupts business

8/31/2016 22
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Unaware Staff
Unconscious attack by human errors
Most common ways to pick up a virus is from a floppy disk
or by downloading files from the Internet, using simple
passwords
Crashes entire computer system, data can be hacked

8/31/2016 23
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Disgruntled Staff
Angry employees, often those who have been
reprimanded, fired, or laid off, might vindictively infect
their corporate networks with viruses or intentionally
delete crucial files
More dangerous group as they are aware of the network,
the value of the information within it, where high-priority
information is located and the safeguards protecting it

8/31/2016 24
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Password Crackers
Very common type of attack on unsuspecting users
Easily available on the Internet
Password cracking is illegal and the accused can be tried
under the provisions of the IT Act 2000 in India

8/31/2016 25
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Viruses
A computer program that can copy itself and infect a
computer without permission or knowledge of the user.
The original virus may modify the copies, or the copies
may modify themselves, or some viruses may act as a
mere nuisance while some can totally damage your
system and all the data inside it.

8/31/2016 26
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Viruses
A virus can only spread from one computer to another
when its host is taken to the uninfected computer,
By a user sending it over a network or the Internet, or by carrying
it on a removable medium such as a floppy disk, CD, or USB drive.
Spread to other computers by infecting files on a network file
system or a file system that is accessed by another computer.

8/31/2016 27
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Worms
A worm can spread itself to other computers without
needing to be transferred as part of a host.
Instead of infecting existing files, a worm replicates itself
and infects a network, consuming system resources in
the process.
An e-mail worm will spread from an infected computer by
sending itself to all email addresses in the infected machines
address book.

8/31/2016 28
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Trojan
Trojan horse is a file that appears harmless until executed.
Trojans attack by masquerading as legitimate programs
hoping to obtain sensitive information from an unsuspecting
user or even take control over his system.

8/31/2016 29
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Rootkit
A set of programs designed to corrupt the legitimate
control of an operating system by its operators.
Usually, a rootkit will obscure its installation and
attempt to prevent its removal through a subversion of
standard system security.
Techniques include concealing running processes, files
or system data from the operating system.

8/31/2016 30
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Rootkit
Rootkits exist for a variety of operating systems,
such as Microsoft Windows, Mac OS, Linux and Solaris.
Rootkits often modify parts of the operating system or
install themselves as drivers or kernel modules.
Tip: Kernel Modules are usually those files that are typically
used to add support for new hardware. Its important element
in your operating system.

8/31/2016 31
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Adware
Adware or advertising-supported software is any software
package which automatically plays, displays, or
downloads advertising material to a computer after the
software is installed on it or while the application is being used.
Some types of adware are also spyware and can be
classified as privacy-invasive software.

8/31/2016 32
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Adware
It is usually seen by the programmer as a way to recover
programming development costs, and in some cases it may
allow the program to be provided to the user free of charge
or at a reduced price.
The advertising income may allow or motivate the
programmer to continue to write, maintain and upgrade
the software product.
Users may also be given the option
to pay for a "registered" or "licensed"
copy to do away with the
advertisements.

8/31/2016 33
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Spyware
Computer software that is installed secretly on a personal
computer to intercept or take partial control over the user's
interaction with the computer, without the user's informed
consent.
As name suggests - software that secretly monitors the
user's behavior, the functions of spyware extend well beyond
simple monitoring.

8/31/2016 34
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Spyware
Spyware programs collect various types of personal
information and interfere with user control, such as:
Installing additional software,
Redirecting Web browser activity,
Accessing websites blindly which cause more harmful viruses, or
Diverting advertising revenue to a third party.
Spyware can even change computer
settings, resulting in slow connection
speeds, different home pages, and
loss of Internet or other programs.

8/31/2016 35
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Why should you be concerned about spyware or

adware?

Passwords, credit card details and other personal

information could end up in the wrong hands;
Your computer could get unwanted viruses, worms or even
Trojan;
You would receive unwanted emails;
Your computer could be used by malicious operators to do
damage not only your own computer but to other
computer users too

8/31/2016 36
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Malware
A software designed to infiltrate or damage a computer
system without the owner's informed consent.
It is a blend of the words "malicious" and "software
to mean a variety of forms of hostile, intrusive, or annoying
software or program code.

8/31/2016 37
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Malware
Software is considered Malware based on the perceived
intent of the creator that includes computer viruses, worms,
trojan horses, spyware, dishonest adware, and other
malicious and unwanted software.
Malware should not be confused with defective software,
that is, software which has a legitimate purpose but
contains harmful bugs.

8/31/2016 38
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Phishing
The act of fraudulently acquiring sensitive information
from a user, such as passwords and credit card details,
by masquerading as a trustworthy person or business with
real need for such information in a seemingly official
electronic notification or message.

8/31/2016 39
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Phishing
Such attacks are classified as social engineering attacks
because perpetrators acquire the details by gaining the
victim's trust. The term phishing comes from the fact
that these internet scammers use sophisticated lures as
they fish for users' financial information and passwords.

8/31/2016 40
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Pharming
It is another fraudulent activity where the Pharmer instead
of setting up a similar Website,
Exploits the DNS Server software
Acquires the domain name of a Website
Redirects traffic from that site to another site.
Once the user falls prey to this, the rest of the fraudulent
activity is similar to phishing.

8/31/2016 41
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Denial of Service (DOS) Attacks

An attempt to make a computer resource unavailable to its
intended users.
It comprises the concerted, malevolent efforts of a
person/s to prevent an Internet site or service from
functioning efficiently or at all, temporarily or indefinitely.

8/31/2016 42
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Denial of Service (DOS) Attacks

Perpetrators of DoS attacks typically target sites or services
hosted on high-profile Web servers such as:
Banks,
Credit card payment gateways
DNS root servers
Most common is saturating the target (victim) machine
with external communications requests, such that it
cannot respond to legitimate traffic, or responds so slowly
as to be rendered effectively unavailable.

8/31/2016 43
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Denial of Service (DOS) Attacks

DoS attacks are implemented by:
Forcing the targeted computer(s) to reset, or consume its
resources such that it can no longer provide its intended
service; and/or,
Obstructing the communication media between the intended
users and the victim so that they can no longer communicate
adequately.

8/31/2016 44
Securing e-Business
Online Vulnerabilities and Attacks that can Cripple e-Business

Pornography
Pornographic Websites are some of the biggest spammers
on the Internet today causing detrimental effect on an
individual's personal and social life.
Pornography constitutes not only images but also videos
and text.

8/31/2016 45
Securing e-Business

Any Doubts?

8/31/2016 46
Securing e-Business
Summary

Internet use for both private and business use is growing in

economic importance all around the world, but it has its
limitations chiefly because of private and business consumer
concerns about privacy and the security of financial
transactions
Cyber attacks and cybercrime are growing exponentially
Online Vulnerabilities and Attacks can Cripple e-Business
Important to protect data from online virus attacks

8/31/2016 47
Securing e-Business
Resources

http://eitechonline.com/solutions/security/who_enemies
_are.asp
http://www.itsecurity.com/features/the-top-5-internal-
security-threats-041207/

8/31/2016 48
Securing e-Business
Self Learning and Debate

Objective: Justify which security tool is the best for your

organization OR Debate on Security Tools
Time: 30 mins. Type: Group Discussion , Debate
Learners Task:
Divide the class into 3 equal groups.
Group 1: Firewall
Group 2: Virtual Private Network (VPNs)
Group 3: Intrusion Detection System (IDS)
Search on internet what it is? How it works? And why to
use it?
Next session: there will be debate: each group will present
their information and tell their tool is best for securing
e-Business
8/31/2016 49
Securing e-Business

Thank You!!

8/31/2016 50