Everything you wanted to know about PowerPoint but were afraid to ask.
Everything you want to know about the Internet, secure e- commerce, e-business, and other new...
-
date post
19-Dec-2015 -
Category
Documents
-
view
212 -
download
0
Transcript of Everything you want to know about the Internet, secure e- commerce, e-business, and other new...
Everything you want to know about the Internet, secure e-commerce, e-business, and other new digital economy but were afraid to ask
Looking at current situation and future opportunities
Budi Rahardjo
Current affiliations
Bandung High-Tech Valley (BHTV)
Introduction to the Internet
The Internet … means
Information Bahn, the net, … a global system connecting public and private network to share information among universities, governments, business, individuals
Technology based on TCP/IP, web oriented
The Internet
Recognized as foundation of the “New Digital Networked Economy”
Important!Numerous IT / Internet initiatives in
the USA to guarantee their domination
The History of the Internet
ARPANET (1969) MILNET (1980) NSFNET (1986)
National Science Foundation Network (NSFNET) linked researchers across the country with five supercomputer centers
Commercial Internet (1995-Now)
Let the game begins...
Internet Technology
LAN
LAN LAN
LAN
WAN
WAN
Internet
Internet Growth
Exponential Matthew Gray of the Massachusetts Institute of
Technologyhttp://www.mit.edu/people/mkgray/net/
Internet Statistics and Demographicshttp://lcweb.loc.gov/global/internet/inet-stats.html
Connection from home
Internet
ISP
Client
ISP
Client
• Modem• Phone Line• Computer• ISP Connection
Internet Services
World Wide Web (WWW)Electronic Mail (Email)File Transfer Protocol (FTP)Internet Relay Chat (IRC), MUDMultimedia ApplicationsNewsgroupWide Area Information Systemand many more...
Internet Apps
Distance Learning
Electronic Commerce
Voice Over Internet
Video On Demand
WebTV/InternetTV
New Internet Devices
Introduction to e-commerce, e-business
What is e-commerce?
Commerce based on electronics / information technology
e-commerce to commerce is like email to conventional mail Things that were not possible are now
possible How many conventional mails you send
to your friends monthly? You send more emails.
What is e-business
Business utilizes electronics or ITE-business or Out-of-business
Things that make you hmm…
Computers were only used to replace typewriter
Computers can do more (not just an electronic typewriter) Save, recall, easy editing Transfer files without changing the format,
layout, content File sharring Desktop publishing, arts Features that were difficult to
interpolate from typewriter
E-commerce & E-business then…
Uses Internet (media & technology, web)
Internet and computer networks are not just replacement of telephone and fax
The ability to exploit technology (information, computing, communication) will win Save cost, reduce time, reach the whole
world, better supply chain, …
Implications
Advances in computing, communication should increase our quality of life. Is it? Longer working hours. Work even at home No “life” (family) Wider gaps between the have and the
have notsAre you really ready for this?
E-commerce & E-Business in Indonesia
Depends on readiness in Economy: understanding the New Digital
Economy Legal framework: Cyberlaw (eg. Digital
signature law, IPR) Hard infrastructure: telcos, power, human
resources Soft infrastructure: IDNIC (domain), IDCERT
(security) Community: culture, ethics
Indonesia Cybercommunity
Define “Indonesia cybercommunity”!Since the Indonesian digital
population is still small, opportunity to create a better community. No “burden of size”.
Ethics!
Ethics: Do well or do right?
“Business ethics” is oxymoronDo the right thing!Corporate must have values
From “Silicon Valley”, magazine of San Jose Mercury News, 4.16.2000http://www.svmagazine.com/2000/week17/features/Story01.html
Example: Propel.com 13 commandments
Think and act like an owner Have fun Recognize accomplishment Keep a balance in your life Teach and learn from each other Communicate without fear of retribution Require quality beyond customer expectations Improve continuously Go the extra mile to take care of customer Play to win-win Act with sense of urgency Make and meet commitments Give back to the community
Something to ponder
In the end, your integrity is all you’ve got(Jack Welch, GE)
Reading materials
From Business to E-Business in 8 Stepshttp://www.cognitiative.com
Secure E-Commerce
E-commerce & Security
Trust, security and confidence are esential to underpin e-commerce
E-commerce will be accepted if the security is at an acceptable level
Are we there yet? Is it acceptable?Business cannot wait
E-security Statistics
Difficult to get exact numbers due to negative publicity
1996. FBI National Computer Crime Squad, detected computer crime 15%, only 10% of that number is reported.
1996. American Bar Association: survey of 1000 companies, 48% experienced computer fraud in the last 5 years.
1996. Di Inggris, NCC Information Security Breaches Survey: computer crime increased 200% from1995 to 1996.
1997. FBI: computer crime case in court increased 950% from 1996 to 1997, convicted in court increased 88%.
More Statistics
1999 CSI/FBI Computer Crime and Security SurveyDisgruntled employees 86%
Independent hackers 74%US Competitors 53%Foreign corp. 30%Foreign gov. 21%
http://www.gosci.com
The Point …
Security awareness is still low.No budget!
Information Week (survey in USA, 1999), 1271 system or network manager, only 22% think that security is important
Vandalized Indonesian Sites
Polri, Satelindo, BEJ, BCADoS attack to various web sites
Security Services
Privacy / confidentialityIntegrityAuthenticationAvailabilityNon-repudiationAccess controlSome can be achived with cryptography
Privacy / confidentiality
Proteksi data [pribadi] yang sensitif Nama, tempat tanggal lahir, agama,
hobby, penyakit yang pernah diderita, status perkawinan
Data pelanggan Sangat sensitif dalam e-commerce,
healthcareSerangan: sniffer
Integrity
Informasi tidak berubah tanpa ijin (tampered, altered, modified)
Serangan: spoof, virus, trojan horse
Authentication
Meyakinkan keaslian data, sumber data, orang yang mengakses data, server yang digunakan penggunaan digital signature,
biometricsSerangan: password palsu
Availability
Informasi harus dapat tersedia ketika dibutuhkan server dibuat hang, down, crash Serangan terhadap Yahoo!, ebay, CNN
Serangan: Denial of Service (DoS) attack
Non-repudiation
Tidak dapat menyangkal (telah melakukan transaksi) menggunakan digital signature perlu pengaturan masalah hukum
Access Control
Mekanisme untuk mengatur siapa boleh melakukan apa biasanya menggunakan password adanya kelas / klasifikasi
Jenis Serangan (attack)
Menurut W. Stallings Interruption Interception Modification Fabrication
Teknologi Kriptografi
Penggunaan enkripsi untuk meningkatkan keamanan
Private key vs public keyContoh: DES, RSA
Private Key Cryptosystem
Encryption DecryptionPlaintextCiphertext
Shared (secret) key
Y$3*@My phone555-1234
My phone555-1234
Plaintext
Private Key Cryptosystem
Uses one secret key to encrypt and decrypt
Problem in key distribution and management Key distribution requires separate channel The number of keys grows exponentially
Advantage: fast operationExamples: DES, IDEA
Public Key Cryptosystem
Encryption DecryptionPlaintextCiphertext
Y$3*@My phone555-1234
My phone555-1234
Plaintext
Public key
Private key
Public key repositoryCertificate Authority (CA)
Public Key Cryptosystem
Uses different keys to encrypt and decrypt
Less number of keysRequires extensive computing power to
calculateRequires key repositoryKey management may be complicatedExamples: RSA, ECC
Public Key Cryptosystem
Public Key Infrastructure (PKI)Infrastruktur Kunci Publik (IKP)
Now the foundation of secure e-commerce. Standard.
Certification Authority Verisign Indosign (recently launced)
Studying Hackers
Who are they?What are their motives?How do they get in?What do they do after they got in?
Other Security Issues
USA export restriction for strong cryptography
Cyberlaw: Legal to use cryptography? Digital signature law? Privacy issues Intellectual Proverty Rights
National Critical Infrastructure Protection
ID-CERT
Indonesia’s first computer emergency response coordination
VolunteersNeed more supporthttp://[email protected]