Security environment
-
Upload
jay-choudhary -
Category
Business
-
view
137 -
download
0
Transcript of Security environment
SECURITY ENVIRONMENT
BY : JAYPAL SINGH CHOUDHARY
ANUPMA TRIPATHI SGSITS MBA
INTRODUCTION:
E-commerce security is the protection of e-commerce assets from unauthorized access, use of it.
The importance of securing e-commerce– Secrecy: protection against unauthorized data disclosure and authentication of data source.
– Integrity: prevention against unauthorized data modification.
– Necessity: prevention against data delays or removal.
– Non-repudiation: prevention against any one party from reneging on an agreement after the fact protect corporation's image and reputation.
Unauthorized access
Loss of message confidentiality or integrity
User Identification
Access Control
Players:
◦ User community◦ Network Administration◦ Introducers
“$$”The Internet:open
virus
Hackers and crackers
Data being stolenElectronic mail can be intercepted and readCustomer’s credit card numbers may be read
Login/password and other access information stolen
Operating system shutdownFilesystem corruptionUser login information can be captured
E-mail is the most widely used application in the Internet.
Who wants to read your mail ?Business competitorsReporters,CriminalsFriends and Family
Two approaches are used:PGP: Pretty Good PrivacyPEM: Privacy-Enhanced Mail
Authentication problems
Impersonation attacks
Privacy problems
Hacking and similar attacks
Integrity problems
Repudiation problems
How to communicate securely:
SSL – “the web security protocols”
IPSEC – “the IP layer security protocol”
SMIME – “the email security protocol”
SET – “credit card transaction security protocol”
Secured HTTP (S-HTTP)Security on application layer
Protection mechanism:
Digital Signature
Message authentication
Message encryption
Support private & public key cryptograph
Enhanced HTTP data exchange
Non-repudiation
Authenticity
Confidentiality
Privacy
Availability
- Increased Data Access
- Much more valuable Data
- Scalability with Large User Communities
- Manageability
- Assurance
Applications that run on computersRely on servers for
FilesDevicesProcessing power
Example: E-mail clientAn application that enables you to
send and receive e-mail
ClientsClients are Applications
Servers
Computers or processes that manage network resourcesDisk drives (file servers)Printers (print servers) Network traffic (network servers)
Example: Database ServerA computer system that processes database
queries
Servers Manage Resources
Communication Networks
Networks Connect Clients and Servers
ELEMENTS OF A ELEMENTS OF A COMPREHENSIVE SECURITY COMPREHENSIVE SECURITY PROGRAMPROGRAMHave Good Passwords
Use Good Antiviral ProductsUse Good CryptographyHave Good FirewallsHave a Backup SystemAudit and Monitor Systems and
NetworksHave Training and Awareness
ProgramsTest Your Security Frequently
Principles
Certification authority
Malicious code◦ Viruses◦ Worms◦ Trojan horses◦ Bots, botnets
Unwanted programs ◦ Browser parasites◦ Adware◦ Spyware
Copyright © 2010 Pearson Education, Inc.
Slide 5-19
Phishing◦ Deceptive online attempt to obtain confidential
information
◦ Social engineering, e-mail scams, spoofing legitimate Web sites
◦ Use information to commit fraudulent acts (access checking accounts), steal identity
Hacking and cybervandalism◦ Hackers vs. crackers
◦ Cybervandalism: intentionally disrupting, defacing, destroying Web site
◦ Types of hackers: white hats, black hats, grey hats
Copyright © 2010 Pearson Education, Inc.
Slide 5-20
Credit card fraud/theft◦ Fear of stolen credit card information deters online
purchases
◦ Hackers target merchant servers; use data to establish credit under false identity
◦ Online companies at higher risk than offline
Spoofing: misrepresenting self by using fake e-mail address
Pharming: spoofing a Web site
◦ Redirecting a Web link to a new, fake Web site
۩ Electronic data security is important at a time when people are considering banking and other financial transaction by PCs.
۩ One major threat to data security is unauthorized network monitoring also called packet sniffing.
Messaging Security is a program that provides protection for companies messaging infrastructure.
It protects all the personal message of the company which are related to company’s vision and mission.
It is use to protect the systems from unauthorized access, disclosure, disruption, modification, perusal, inspection, recording or destruction.
Encryption is the mutation of informationin any form (text, video, and graphics)
intoa representation unreadable by anyonewithout a decryption key.
No can figure out the private key from the corresponding public key. Hence, the key management problems is mostly confined to the management of private keys
The need for sender and receiver to share secret information over public channels is completely eliminated.