Đang tải... (xem toàn văn)
In this chapter, the learning objectives are: Understand the scope of e-commerce crime and security problems, describe the key dimensions of e-commerce security, understand the tension between security and other values, identify the key security threats in the e-commerce environment.
CSC 330 E-Commerce Teacher Ahmed Mumtaz Mustehsan GM-IT CIIT Islamabad Virtual Campus, CIIT COMSATS Institute of Information Technology T1-Lecture-9 T1-Lecture-9 E Commerce Security Environment Chapter-04 Part-I For Lecture Material/Slides Thanks to: Copyright © 2010 Pearson Education, Inc Objectives Understand the scope of e-commerce crime and security problems Describe the key dimensions of e-commerce security Understand the tension between security and other values Identify the key security threats in the e-commerce environment T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-3 Online Robbery - Introduction In comparison to robbing a bank, internet banking can be robbed remotely and more safely Stealing a music / video CD from shop is harder than downloading from illegal websites If you take internet as a global market place; Many fake websites exists online to trap users by putting some attractive contents and extra ordinary deals and offers, making the remote users to provide their credit card information etc One can not break into physical home easily and breach the privacy but if the password of social networking account is hacked then the privacy is compromised T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-4 Cyber Attack - Introduction Denial of Service Attack (DOS): When one computer sends or flood the high number of data packets to a targeted computer resulting in chocking the resources ( communication path, processor etc.) Distributed Denial of Service Attack (DDOS) when many computers attack on single websites, or online system from many locations in a single time resulting in overwhelming the system and creating congestion and many other impairments and making the system or website unavailable for legitimate users T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-5 Cyber Attack - Introduction Botnet: Artificially intelligent or robot computers can work together A group of such computers (even in millions) capable of being managed remotely by single person attack on some online system or website Example: In 2007 million computers were used in an organized attack on govt of Estonia’s important servers T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-6 DDOS http://www.cs3inc.com/pk_whatisddos.html T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-7 CYBER Warfare Reference for study Russia – Estonia Cyber war Twitter DDoS Korean DDoS Taught at US Military academies http://www.dean.usma.edu/Teams/CyberDefense/Default bh-fed-03-dodge.pdf iwar_wise.pdf http://www.linkedin.com/in/danielragsdale / T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-8 Your PC may be part of Botnet Botnets are responsible for over 80% of the spam sent to the computer users Some computer users download those spam files because of having less knowledge Some computers become infected because of unavailability of antivirus software Some computers are compromised by means of using pirated software 10 % of the world’s billion-plus computers on internet are capable of being captured by stealth malware programs which are installed by clicking malicious links and downloading hidden files T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 1-9 The E-commerce Security Environment Overall size and losses of cybercrime unclear Reporting issues 2008 CSI survey: 49% year Of respondent firms detected security breach in last those that shared numbers, average loss $288,000 Underground economy marketplace Stolen information stored on underground economy servers Credit cards, bank information, personal identity etc etc are sold at these servers T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 110 Most Common Security Threats in the E-commerce Environment Unwanted programs: Browser parasites ◦Adware ◦Spyware T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 123 T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 124 Spyware Software that sits on your computer ◦ Monitors everything that you and sends out reports to Marketing agencies ◦ Usually ties to a POP-UP server Top Spyware ◦ I-Look Up ◦ CoolWebSearch ◦ N-CASE ◦ GATOR ◦ DoubleClick If you have ever loaded ICQ on your PC you have Spyware If you have ever loaded KAZAA on your PC you have Spyware If you have ever loaded Quicken or TurboTax you have Spyware T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 125 Most Common Security Threats Phishing ◦Deceptive online attempt to obtain confidential information ◦Social engineering, e-mail scams, spoofing legitimate Web sites ◦Use information to commit fraudulent acts (access checking accounts), steal identity Hacking and cyber-vandalism ◦Hackers vs crackers ◦hacker is an individual who intends to gain unauthorized access to a computer system T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 126 Most Common Security Threats cracker is the term typically used within the hacking community to demote a hacker with criminal intent Cyber-vandalism: intentionally disrupting, defacing, destroying Web site Types of hackers: white hats are “good” hackers that help organizations locate and fix security flaws black hats are hackers who act with the intention of causing harm grey hats are hackers who believe they are pursuing some greater good by breaking in and revealing system flaws T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 127 Most Common Security Threats Credit card fraud/theft Fear of stolen credit card information deters online purchases Hackers target merchant servers; use data to establish credit under false identity Online companies at higher risk than offline Spoofing: misrepresenting self by using fake e-mail address or other form of identification spoofing a Web site also called Pharming: Redirecting a Web link to a new, fake Web site Spam/junk Web sites Splogs T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 128 Snoop and Sniff T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 129 Most Common Security Threats Denial of service (DoS) attack Hackers flood site with useless traffic to overwhelm network Distributed denial of service (DDoS) attack Hackers use multiple computers to attack target network Sniffing Eavesdropping program that monitors information traveling over a network Insider jobs Single largest financial threat Poorly designed server and client software T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 130 The Virus: Computer Enemy Number One Most serious attack on a client computer or a server in an Internet environment is the virus A virus is a malicious code that replicates itself and can be used to disrupt the information infrastructure Viruses commonly compromise system integrity, circumvent security capabilities, and cause adverse operation by taking advantage of the information system of the network T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 131 Types of Viruses File virus is one that attacks executable files Boot virus attacks the boot sectors of the hard drive and diskettes Macro virus exploits the macro commands in software applications such as Microsoft Word T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 132 Levels of Virus Damage T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 133 Steps for Antivirus Strategy Establish a set of simple enforceable rules for others to follow Educate and train users on how to check for viruses on a disk Inform users of the existing and potential threats to the company’s systems and the sensitivity of information they contain Periodically T1-Lecture-9 update the latest antivirus software Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 134 Getting Rid of Viruses Get a good Virus Projection Software Free (not Recommended) ◦Anti-Vir ◦Avast ◦AVG Not Free ◦Norton AntiVirus ◦MacAfee Free for UMFK students and staff ◦http://www.umfk.maine.edu/it/downloads/default.cfm ◦Update definition files often T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 135 Spyware Solutions Enforce strict user Web policies on surfing and downloading activities Install a desktop firewall on every laptop and desktop http://www.zonelabs.com Do not give users administrator privileges Configure an e-mail gateway to block all executable email attachments Ensure desktop antivirus software signatures are up to date - http://www.grisoft.com T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 136 End of: T1-Lecture-9 E Commerce Security Environment Chapter-04 Part-I Thank You T1-Lecture-9 Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 137 ...T1 -Lecture- 9 E Commerce Security Environment Chapter- 04 Part-I For Lecture Material/Slides Thanks to: Copyright © 2010 Pearson Education, Inc Objectives Understand the scope of e-commerce. .. of security vs potential loss Security T1 -Lecture- 9 often breaks at weakest link Ahmed Mumtaz Mustehsan Copyright © 2010 Pearson Education, Inc 113 The E-commerce Security Environment T1 -Lecture- 9... and security problems Describe the key dimensions of e-commerce security Understand the tension between security and other values Identify the key security threats in the e-commerce environment