1 5 Chapter 5 Security Threats to Electronic Commerce.
-
Upload
maud-payne -
Category
Documents
-
view
222 -
download
0
Transcript of 1 5 Chapter 5 Security Threats to Electronic Commerce.
![Page 1: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/1.jpg)
1
5
Chapter 5
Security Threats to
Electronic Commerce
Electronic Commerce
![Page 2: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/2.jpg)
2
5
Objectives
Important computer and electronic commerce security terms
Why secrecy, integrity, and necessity are three parts of any security program
The roles of copyright and intellectual property and their importance in any study of electronic commerce
![Page 3: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/3.jpg)
3
5
Objectives
Threats and counter measures to eliminate or reduce threats
Specific threats to client machines, Web servers, and commerce servers
Enhance security in back office products, such as database servers
How security protocols plug security holes Roles encryption and certificates play
![Page 4: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/4.jpg)
4
5
Security Overview
Many fears to overcome Intercepted e-mail messages Unauthorized access to digital intelligence Credit card information falling into the
wrong hands Two types of computer security
Physical - protection of tangible objects Logical - protection of non-physical objects
![Page 5: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/5.jpg)
5
5
Security OverviewFigure 5-1
Countermeasures are procedures, either physical or logical, that recognize, reduce, or eliminate a threat
![Page 6: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/6.jpg)
6
5
Computer Security Classification
Secrecy Protecting against unauthorized data
disclosure and ensuring the authenticity of the data’s source
Integrity Preventing unauthorized data modification
Necessity Preventing data delays or denials
(removal)
![Page 7: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/7.jpg)
7
5
Copyright and Intellectual Property
Copyright Protecting expression
Literary and musical works Pantomimes and choreographic works Pictorial, graphic, and sculptural works Motion pictures and other audiovisual works Sound recordings Architectural works
![Page 8: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/8.jpg)
8
5
Copyright and Intellectual Property
Intellectual property The ownership of ideas and control over
the tangible or virtual representation of those ideas
U.S. Copyright Act of 1976 Protects previously stated items for a fixed
period of time Copyright Clearance Center
Clearinghouse for U.S. copyright information
![Page 9: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/9.jpg)
9
5
Copyright Clearance Center Home PageFigure 5-2
![Page 10: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/10.jpg)
10
5
Security Policy andIntegrated Security
Security policy is a written statement describing what assets are to be protected and why, who is responsible, which behaviors are acceptable or not Physical security Network security Access authorizations Virus protection Disaster recovery
![Page 11: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/11.jpg)
11
5
Specific Elements of a Security Policy
Authentication Who is trying to access the site?
Access Control Who is allowed to logon and access the
site? Secrecy
Who is permitted to view selected information
![Page 12: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/12.jpg)
12
5
Specific Elements of a Security Policy
Data integrity Who is allowed to change data?
Audit What and who causes selected events to
occur, and when?
![Page 13: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/13.jpg)
13
5
Intellectual Property Threats
The Internet presents a tempting target for intellectual property threats Very easy to reproduce an exact copy of
anything found on the Internet People are unaware of copyright
restrictions, and unwittingly infringe on them
Fair use allows limited use of copyright material when certain conditions are met
![Page 14: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/14.jpg)
14
5
The Copyright Website Home PageFigure 5-3
![Page 15: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/15.jpg)
15
5
Intellectual Property Threats
Cybersquatting The practice of registering a domain name
that is the trademark of another person or company
Cybersquatters hope that the owner of the trademark will pay huge dollar amounts to acquire the URL
Some Cybersquatters misrepresent themselves as the trademark owner for fraudulent purposes
![Page 16: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/16.jpg)
16
5
Electronic Commerce Threats
Client Threats Active Content
Java applets, Active X controls, JavaScript, and VBScript
Programs that interpret or execute instructions embedded in downloaded objects
Malicious active content can be embedded into seemingly innocuous Web pages
Cookies remember user names, passwords, and other commonly referenced information
![Page 17: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/17.jpg)
17
5
Java, Java Applets, and JavaScript
Java is a high-level programming language developed by Sun Microsystems
Java code embedded into appliances can make them run more intelligently
Largest use of Java is in Web pages (free applets can be downloaded)
Platform independent - will run on any computer
![Page 18: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/18.jpg)
18
5
Java Applet ExampleFigure 5-4
![Page 19: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/19.jpg)
19
5
Sun’s Java Applet PageFigure 5-5
![Page 20: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/20.jpg)
20
5
Java, Java Applets, and JavaScript
Java sandbox Confines Java applet actions to a security
model-defined set of rules Rules apply to all untrusted applets,
applets that have not been proven secure Signed Java applets
Contain embedded digital signatures which serve as a proof of identity
![Page 21: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/21.jpg)
21
5
ActiveX Controls
ActiveX is an object, called a control, that contains programs and properties that perform certain tasks
ActiveX controls only run on Windows 95, 98, or 2000
Once downloaded, ActiveX controls execute like any other program, having full access to your computer’s resources
![Page 22: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/22.jpg)
22
5
ActiveX Warning Dialog boxFigure 5-6
![Page 23: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/23.jpg)
23
5
Graphics, Plug-ins, andE-mail Attachments
Code can be embedded into graphic images causing harm to your computer
Plug-ins are used to play audiovisual clips, animated graphics Could contain ill-intentioned commands
hidden within the object E-mail attachments can contain
destructive macros within the document
![Page 24: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/24.jpg)
24
5
Netscape’s Plug-ins PageFigure 5-7
![Page 25: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/25.jpg)
25
5
Communication Channel Threats
Secrecy Threats Secrecy is the prevention of unauthorized
information disclosure Privacy is the protection of individual rights
to nondisclosure Theft of sensitive or personal information
is a significant danger Your IP address and browser you use are
continually revealed while on the web
![Page 26: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/26.jpg)
26
5
Communication Channel Threats
Anonymizer A Web site that provides a measure of
secrecy as long as it’s used as the portal to the Internet
http://www.anonymizer.com Integrity Threats
Also known as active wiretapping Unauthorized party can alter data
Change the amount of a deposit or withdrawal
![Page 27: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/27.jpg)
27
5
Anonymizer’s Home PageFigure 5-8
![Page 28: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/28.jpg)
28
5
Communication Channel Threats
Necessity Threats Also known as delay or denial threats Disrupt normal computer processing
Deny processing entirely Slow processing to intolerably slow speeds Remove file entirely, or delete information from
a transmission or file Divert money from one bank account to
another
![Page 29: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/29.jpg)
29
5
Server Threats
The more complex software becomes, the higher the probability that errors (bugs) exist in the code
Servers run at various privilege levels Highest levels provide greatest access
and flexibility Lowest levels provide a logical fence
around a running program
![Page 30: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/30.jpg)
30
5
Server Threats
Secrecy violations occur when the contents of a server’s folder names are revealed to a Web browser
Administrators can turn off the folder name display feature to avoid secrecy violations
Cookies should never be transmitted unprotected
![Page 31: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/31.jpg)
31
5
Displayed Folder NamesFigure 5-9
![Page 32: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/32.jpg)
32
5
Server Threats
One of the most sensitive files on a Web server holds the username and password pairs
The Web server administrator is responsible for ensuring that this, and other sensitive files, are secure
![Page 33: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/33.jpg)
33
5
Database Threats
Disclosure of valuable and private information could irreparably damage a company
Security is often enforced through the use of privileges
Some databases are inherently insecure and rely on the Web server to enforce security measures
![Page 34: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/34.jpg)
34
5
Oracle Security Features PageFigure 5-10
![Page 35: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/35.jpg)
35
5
Other Threats
Common Gateway Interface (CGI) Threats CGIs are programs that present a security
threat if misused CGI programs can reside almost
anywhere on a Web server and therefore are often difficult to track down
CGI scripts do not run inside a sandbox, unlike JavaScript
![Page 36: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/36.jpg)
36
5
Other Threats
Other programming threats include Programs executed by the server Buffer overruns can cause errors Runaway code segments
The Internet Worm attack was a runaway code segment
Buffer overflow attacks occur when control is released by an authorized program, but the intruder code instructs control to be turned over to it
![Page 37: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/37.jpg)
37
5
Buffer Overflow AttackFigure 5-11
![Page 38: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/38.jpg)
38
5
Computer Emergency Response Team (CERT)
Housed at Carnegie Mellon University Responds to security events and
incidents within the U.S. government and private sector
Posts CERT alerts to inform Internet users about recent security events
![Page 39: 1 5 Chapter 5 Security Threats to Electronic Commerce.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649cdf5503460f949a921e/html5/thumbnails/39.jpg)
39
5
CERT AlertsFigure 5-12