1 / 9

The continuing need for e-commerce security

The continuing need for e-commerce security . for fourth year in a row the overall frequency of successful attacks on computer system declined. In 2001 the percentage of respondents indicating that there organizations computer system had experienced unauthorized use was approximately 65 % .

haig
Download Presentation

The continuing need for e-commerce security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The continuing need for e-commerce security • for fourth year in a row the overall frequency of successful attacks on computer system declined. In 2001 the percentage of respondents indicating that there organizations computer system had experienced unauthorized use was approximately 65 % . • most of the organizations indicated that they did not report the intrusion because they In 2004 the % was 53% among these organizations that experience unauthorized use the median number of incidents was between one and five incidents. Last year the median was 6 to 10 incidents.organizations in the survey conduct security audit and employ a variety of technology and procedures to defend against cyber attacks. • Most of the all of the respondents indicated that they employed anti virus software and fire walls. • Organization still are reticent to report computer intrusions to legal authority less then 50% of the respondents did so in 2004 feared negative publicity or worried that their competitors would use it against them.

  2. Types of threats and attacks • non technical attacks : attack that uses chicanery to trick people into revealing sensitive information or performing action as that compromise the security of a network. social engineering :- a type of non technical attack that uses social pressure to trick computer users into compromising computer networks to which those individuals have access. Social engineering praise on individuals desire to help an individual fear of getting into trouble or the general trust among the individual. There are two categories of social engineering : human base and computer base. A multiple approach should be used to combat social engineering : • education and training • Policies and procedures • Penetration testing.

  3. Technologies for securing networks • S-HTTP: It is a secure message oriented communications protocol designed for use in conjuction with HTTP. • VPN(Virtual Private Network) : A network that uses the public internet to carry information but remains private by using encryption to scramble the communication, authentication to ensure that information has not been tampered with, and accessed control to verify the identity of anyone using the network. • Protocol tunneling: methods used to ensue confidentiality and integrity of data transmitted over the internet by encrypting data packets across the internet, decrypting them at the destination address. • Secure socket layer : protocol that utilises standard certificate for authentication and data encryption to ensure privacy.

  4. Technical attacks An attack perpetrated using software and systems knowledge or expertise:- • Malicious code: viruses, worms, and trojan horses • Service interruption or degradation • Missappropriation • Data contamination • Eavesdropping • Cryptanalysis • Masquerade • Skimming • Hacking.

  5. IT ACT 2000 an act to provide legal recognition for transaction out by mean of by means of electronic data interchange and other means of electronic communication reffered to as electronic commerce which involves the use alternatives to paper base methods of communication and storage of information to filing of documents with the government agencies and further to amend the Indian penal code, the indian evidence act 1872, the bankers book evidence act, 1891 and the reserve bank of Indian act, 1934 and for matters connected with or incidental there to.

  6. Security is everyone’s business The DHS strategy includes 5 national priorities : • A national cyber space security response system • A national cyber space security threats and vulnerability reduction program. • A national cyber space security awareness and training program. • Securing government cyber space • National security and international security corporation….. in June 2003 the DHS created the national cyber security division to implement US CYBERSPACE security strategy. More specifically the NCSD was charged with identifying, analyzing, and reducing cyber threats..

  7. Basic security issues • Authentication : the process by which one entity verifies that another entity is who he, she, or it claims to be is called authentication. • Authorization : authorization ensures that a person has the right to access certain resources. • Auditing : the process of collecting information about accessing particular resources using particular privileges, or performing other security actions is known as auditing. • Integrity : the ability to protect data from being altered or destroyed in an unauthorized or accidental manner is called integrity. • Non- repudiation : it is the ability to limit parties from refuting that a legitimate transaction took place…..

  8. Securing EC networks • Layered security • Controlling access • Role specific security • Monitoring • Keep system patched • Response team Biometric systems : authentication systems that identify a person by measurement of a biological characteristics such as finger prints, iris patterns, facial features or voice. Example of biometrics templates are : • Finger print scanning • Iris scanning • Voice scanning • Key stroke monitoring

  9. Firewalls A network node consisting of both hardware and software that isolates a private network from a public network. The term firewall came into use in the 1700’s to describe the gaps cut into forest so that fire could be prevented from spreading to other parts of the forest. Types of firewall are:- • Packet filtering routers • Packets • Packet filters • Application level proxy • Bastion gateway • proxies

More Related