lesson 2 the business landscape threats to e commerce l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Lesson 2 The Business Landscape Threats to E-Commerce PowerPoint Presentation
Download Presentation
Lesson 2 The Business Landscape Threats to E-Commerce

Loading in 2 Seconds...

play fullscreen
1 / 23

Lesson 2 The Business Landscape Threats to E-Commerce - PowerPoint PPT Presentation


  • 303 Views
  • Uploaded on

Lesson 2 The Business Landscape Threats to E-Commerce Why E-Commerce ? Fast Efficient Anonymous Lowers labor cots Lowers capital expenditures (facility, maintenance, upgrades) How large is E-Commerce ? Big business San Antonio Express: Nov/Dec 01: $13.8B Nov/Dev 00: $12B

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Lesson 2 The Business Landscape Threats to E-Commerce' - Ava


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
why e commerce
Why E-Commerce?
  • Fast
  • Efficient
  • Anonymous
  • Lowers labor cots
  • Lowers capital expenditures (facility, maintenance, upgrades)
how large is e commerce
How large is E-Commerce?
  • Big business
  • San Antonio Express:
    • Nov/Dec 01: $13.8B
    • Nov/Dev 00: $12B
    • 13% of 2001 Holiday budget
  • NPR:
    • Nov/Dec 03: $20B
    • 29% growth over 2002, same period
types of business on the internet
Types of Business on the Internet
  • Banking
  • Investing
  • B2B
  • Healthcare
  • Loans/Mortgage
commonly used terminology
Commonly Used Terminology
  • EDI: electronic data interchange…data over proprietary networks
  • VAN: value added networks (same as EDI)
  • Internet: allowed small businesses to compete on even terms with big businesses doing EDI/VAN
  • Intranet: internal network usually supporting back office administrative functions
  • Extranet: external network connecting different businesses…the extension of LANs over Internet
threats to e commerce
Threats to E-Commerce
  • Internal—the achilles heel
    • Security breach—countermeasures: screen employees, intrusion detection systems, auditing
    • Carelessness—countermeasures: training and education, access control
  • External—the main focus of security
    • No hard data on true threat as most companies are not forthcoming with information (hurts business
    • Survey of Fortune 500 Companies
    • 42% reported unauthorized use
    • 32% reported losing upwards of $100M
type of external threats
Type of External Threats
  • Vandalism: WWW defacement
  • Sabotage: usually orchestrated for some ulterior motive
  • Breach of Privacy or Confidentially
      • EMAIL
      • Phone Calls
      • Credit Card number
      • Surfing Habits
type of external threats 2
Type of External Threats(2)
  • Theft and Fraud, recent events
    • Moldova ISP modem hijacking via trojan horse software
    • Russian E-Bay Credit Card Scam
  • Violations of Data Integrity
      • Incorrect data can lower E-commerce trust
      • Ruin investments
  • Denial of Service (DOS)
      • Early Virus/Worms
      • Emergence of Blended Threats
e commerce security systems approach
E-Commerce Security—Systems Approach
  • The Key Components:
    • Client Security – Operating system, Use of active content (Java, Active X)
    • Secure Transport—Secure Sockets Layer(SSL), Secure HTTP (SHTTP), PKI
    • Web Server Security—Common Gateway Interface Scripts
    • Operating System Security—the foundation for all security

“The security of the system is only as strong as the weakest link”

e commerce security example typical web server w backend database

CLIENT

SERVER

WEB

SERVER

DBA

SERVER

E-Commerce Security ExampleTypical WEB SERVER W/Backend Database

FIREWALL

Database

Router

slide11

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

USE

ACL

slide12

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

slide13

HARDEN

OPERATING

SYSTEM

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

slide14

HARDEN

OPERATING

SYSTEM

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

RESTRICTED

READ/WRITE

slide15

HARDEN

OPERATING

SYSTEM

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

RESTRICTED

READ/WRITE

USE STATEFUL

INSPECTION

slide16

HARDEN

OPERATING

SYSTEM

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

RESTRICTED

READ/WRITE

SSH/VPN

USE STATEFUL

INSPECTION

slide17

HARDEN

OPERATING

SYSTEM

WEB

SERVER

Router

CLIENT

SERVER

DBA

SERVER

Enforce

Port Mapping

USE

ACL

RESTRICTED

READ/WRITE

SSH/VPN

USE STATEFUL

INSPECTION

Physical Security

Security Policies

types of attacks
Types of Attacks
  • Criminal Attacks
  • Intellectual Property Theft
  • Identity Theft
  • Brand Theft
  • Privacy Violations
  • DDoS and Dos
  • Surveillance/Traffic Analysis
  • Publicity Attacks
criminal attacks
Criminal Attacks
  • How can I acquire the maximum financial return by attacking the system?”
    • Fraud: e-check, credit cards, ATM networks
    • SCAMs: sale of internet services, sale of merchandise, auctions, pyramid and multi-level marketing schemes, business opportunities
    • Destructive Attacks
    • Terrorist
    • Vengeful employees
    • Hackers
intellectual property theft
Intellectual Property Theft
  • Trade Secrets
  • Company Databases
  • Music ($11B/year)
  • Software (1997, Business Software Alliance: $15B/year)
other thefts
Other Thefts
  • Indentity Theft
    • Credit cards
    • SSN
  • Brand Theft
    • Forged domain name transfer request (SEX.COM)
    • Page-jacking: web sites steal traffic away from other sites
    • MCI 1-800-COLLECT and ATT 1-800 C0LLECT
privacy violations
Privacy Violations
  • Targeted attacks---computer security thwarts these
  • Data Harvesting—works on correlation, automation supports
summary
Summary
  • Benefits of E-Commerce
  • Common Terminology
  • Threats to E-Commerce
  • Key Components of E-Commerce Security
  • Types of Attacks