Documente Academic
Documente Profesional
Documente Cultură
Copyright © 2002 Pearson Education, Inc. Slide 5-1 Copyright © 2002 Pearson Education, Inc. Slide 5-2
Copyright © 2002 Pearson Education, Inc. Slide 5-3 Copyright © 2002 Pearson Education, Inc. Slide 5-4
Copyright © 2002 Pearson Education, Inc. Slide 5-5 Copyright © 2002 Pearson Education, Inc. Slide 5-6
1
Internet Fraud Complaints Reported The E-commerce Security
to the IFCC Environment
Page 232, Figure 5.1 Page 234, Figure 5.2
Copyright © 2002 Pearson Education, Inc. Slide 5-7 Copyright © 2002 Pearson Education, Inc. Slide 5-8
Dimensions of Dimensions of
E-commerce Security E-commerce Security
§ Integrity refers to the ability to ensure that § Authenticity refers to the ability to identify
information being displayed on a Web site the identity of a person or entity with
or transmitted or received over the whom you are dealing on the Internet
Internet, has not been altered in any way § Confidentiality refers to the ability to
by an unauthorized party ensure that messages and data are
§ Nonrepudiation refers to the ability to available only to those who are authorized
ensure that e -commerce participants do to view them
not deny (I.e., repudiate) their online
actions
Copyright © 2002 Pearson Education, Inc. Slide 5-9 Copyright © 2002 Pearson Education, Inc. Slide 5-10
Dimensions of Dimensions of
E-commerce Security E-commerce Security
Page 235, Table 5.1
Copyright © 2002 Pearson Education, Inc. Slide 5-11 Copyright © 2002 Pearson Education, Inc. Slide 5-12
2
The Tension Between Security and The Tension Between Security and
Other Values Other Values
Copyright © 2002 Pearson Education, Inc. Slide 5-13 Copyright © 2002 Pearson Education, Inc. Slide 5-14
Copyright © 2002 Pearson Education, Inc. Slide 5-15 Copyright © 2002 Pearson Education, Inc. Slide 5-16
§ Malicious code
§ includes a variety of threats such as viruses,
worms, Trojan horses, and “bad applets”
§ virus is a computer program that has the
ability to replicate or make copies of itself, and
spread to other files
§ worm is designed to spread from computer to
computer
§ Trojan horse appears to be benign, but then
does something other than expected
Copyright © 2002 Pearson Education, Inc. Slide 5-17 Copyright © 2002 Pearson Education, Inc. Slide 5-18
3
Examples of Malicious Seven Security Threats to E-
Code commerce Sites
Page 241
Table 5.2 § Hacking and cybervandalism
§ hacker is an individual who intends to gain
unauthorized access to a computer system
§ cracker is the term typically used within the
hacking community to demote a hacker with
criminal intent
§ cybervandalism is intentionally disrupting,
defacing, or even destroying a site
Copyright © 2002 Pearson Education, Inc. Slide 5-19 Copyright © 2002 Pearson Education, Inc. Slide 5-20
Copyright © 2002 Pearson Education, Inc. Slide 5-21 Copyright © 2002 Pearson Education, Inc. Slide 5-22
Copyright © 2002 Pearson Education, Inc. Slide 5-23 Copyright © 2002 Pearson Education, Inc. Slide 5-24
4
Tools Available to Achieve Site
Security Encryption
Page 247, Figure 5.5
Copyright © 2002 Pearson Education, Inc. Slide 5-25 Copyright © 2002 Pearson Education, Inc. Slide 5-26
Encryption Encryption
§ Key or cipher is any method for § Symmetric key encryption (secret key
transforming plain text to cipher text encryption) the sender and the receiver
§ Substitution cipher is where every use the same key to encrypt and decrypt
occurrence of a given letter is the message
systematically replaced by another letter § Data Encryption Standard (DES) is the
§ Transposition cipher changes the ordering most widely used symmetric key
of the letters in each word in some encryption, developed by the National
systematic way Security Agency (NSA) and IBM. Uses a
56-bit encryption key
Copyright © 2002 Pearson Education, Inc. Slide 5-27 Copyright © 2002 Pearson Education, Inc. Slide 5-28
Copyright © 2002 Pearson Education, Inc. Slide 5-29 Copyright © 2002 Pearson Education, Inc. Slide 5-30
5
Public Key Cryptography with
Digital Signatures Encryption
Page 252, Figure 5.7
Copyright © 2002 Pearson Education, Inc. Slide 5-31 Copyright © 2002 Pearson Education, Inc. Slide 5-32
Copyright © 2002 Pearson Education, Inc. Slide 5-33 Copyright © 2002 Pearson Education, Inc. Slide 5-34
Encryption Encryption
Copyright © 2002 Pearson Education, Inc. Slide 5-35 Copyright © 2002 Pearson Education, Inc. Slide 5-36
6
Securing Channels of Secure Negotiated Sessions Using
Communications SSL
Page 259, Figure 5.10
Copyright © 2002 Pearson Education, Inc. Slide 5-37 Copyright © 2002 Pearson Education, Inc. Slide 5-38
Securing Channels of
Communications Protecting Networks
§ Secure Hypertext Transfer Protocol (S-HTTP) is a § Firewalls are software applications that
secure message -oriented communications
protocol designed for use in conjunction with act as a filter between a company’s private
HTTP. Cannot be used to secure non-HTTP network and the Internet itself
messages § Proxy server is a software server that
§ Virtual Private Networks (VPN) allow remote handles all communications originating
users to securely access internal networks via
the Internet, using Point-to-Point Tunneling from or being sent to the Internet, acting
Protocol (PPTP) as a spokesperson or bodyguard for the
§ PPTP is an encoding mechanism that allows one organization
local network to connect to another using the
Internet as a conduit
Copyright © 2002 Pearson Education, Inc. Slide 5-39 Copyright © 2002 Pearson Education, Inc. Slide 5-40
Copyright © 2002 Pearson Education, Inc. Slide 5-41 Copyright © 2002 Pearson Education, Inc. Slide 5-42
7
Developing an
Policies, Procedures, and Laws E-commerce Security Plan
Page 264, Figure 5.12
Copyright © 2002 Pearson Education, Inc. Slide 5-43 Copyright © 2002 Pearson Education, Inc. Slide 5-44
Copyright © 2002 Pearson Education, Inc. Slide 5-45 Copyright © 2002 Pearson Education, Inc. Slide 5-46
§ Biometrics is the study of measurable § Security audit involves the routine review
biological or physical characteristics that of access logs identifying how outsiders
can be used for access controls are using the site as well as how insiders
§ Authorization policies determine differing are accessing the site’s assets
levels of access to information assets for § Tiger team is a group whose sole job
differing levels of users activity is attempting to break into a site
§ Authorization management system § CERT Coordination Center monitors and
establishes where and when a user is tracks criminal activity reported to it by
permitted to access certain parts of a Web private corporations and government
site agencies that seek out its help
Copyright © 2002 Pearson Education, Inc. Slide 5-47 Copyright © 2002 Pearson Education, Inc. Slide 5-48
8
Role of of Laws and
Public Policy E-commerce Security Legislation
Page 268, Table 5.3
Copyright © 2002 Pearson Education, Inc. Slide 5-49 Copyright © 2002 Pearson Education, Inc. Slide 5-50