lesson 2 the business landscape threats to e commerce l.
Skip this Video
Loading SlideShow in 5 Seconds..
Lesson 2 The Business Landscape Threats to E-Commerce PowerPoint Presentation
Download Presentation
Lesson 2 The Business Landscape Threats to E-Commerce

Loading in 2 Seconds...

  share
play fullscreen
1 / 23
Download Presentation

Lesson 2 The Business Landscape Threats to E-Commerce - PowerPoint PPT Presentation

Ava
304 Views
Download Presentation

Lesson 2 The Business Landscape Threats to E-Commerce

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lesson 2 The Business LandscapeThreats to E-Commerce

  2. Why E-Commerce? • Fast • Efficient • Anonymous • Lowers labor cots • Lowers capital expenditures (facility, maintenance, upgrades)

  3. How large is E-Commerce? • Big business • San Antonio Express: • Nov/Dec 01: $13.8B • Nov/Dev 00: $12B • 13% of 2001 Holiday budget • NPR: • Nov/Dec 03: $20B • 29% growth over 2002, same period

  4. Types of Business on the Internet • Banking • Investing • B2B • Healthcare • Loans/Mortgage

  5. Commonly Used Terminology • EDI: electronic data interchange…data over proprietary networks • VAN: value added networks (same as EDI) • Internet: allowed small businesses to compete on even terms with big businesses doing EDI/VAN • Intranet: internal network usually supporting back office administrative functions • Extranet: external network connecting different businesses…the extension of LANs over Internet

  6. Threats to E-Commerce • Internal—the achilles heel • Security breach—countermeasures: screen employees, intrusion detection systems, auditing • Carelessness—countermeasures: training and education, access control • External—the main focus of security • No hard data on true threat as most companies are not forthcoming with information (hurts business • Survey of Fortune 500 Companies • 42% reported unauthorized use • 32% reported losing upwards of $100M

  7. Type of External Threats • Vandalism: WWW defacement • Sabotage: usually orchestrated for some ulterior motive • Breach of Privacy or Confidentially • EMAIL • Phone Calls • Credit Card number • Surfing Habits

  8. Type of External Threats(2) • Theft and Fraud, recent events • Moldova ISP modem hijacking via trojan horse software • Russian E-Bay Credit Card Scam • Violations of Data Integrity • Incorrect data can lower E-commerce trust • Ruin investments • Denial of Service (DOS) • Early Virus/Worms • Emergence of Blended Threats

  9. E-Commerce Security—Systems Approach • The Key Components: • Client Security – Operating system, Use of active content (Java, Active X) • Secure Transport—Secure Sockets Layer(SSL), Secure HTTP (SHTTP), PKI • Web Server Security—Common Gateway Interface Scripts • Operating System Security—the foundation for all security “The security of the system is only as strong as the weakest link”

  10. CLIENT SERVER WEB SERVER DBA SERVER E-Commerce Security ExampleTypical WEB SERVER W/Backend Database FIREWALL Database Router

  11. WEB SERVER Router CLIENT SERVER DBA SERVER USE ACL

  12. WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL

  13. HARDEN OPERATING SYSTEM WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL

  14. HARDEN OPERATING SYSTEM WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL RESTRICTED READ/WRITE

  15. HARDEN OPERATING SYSTEM WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL RESTRICTED READ/WRITE USE STATEFUL INSPECTION

  16. HARDEN OPERATING SYSTEM WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL RESTRICTED READ/WRITE SSH/VPN USE STATEFUL INSPECTION

  17. HARDEN OPERATING SYSTEM WEB SERVER Router CLIENT SERVER DBA SERVER Enforce Port Mapping USE ACL RESTRICTED READ/WRITE SSH/VPN USE STATEFUL INSPECTION Physical Security Security Policies

  18. Types of Attacks • Criminal Attacks • Intellectual Property Theft • Identity Theft • Brand Theft • Privacy Violations • DDoS and Dos • Surveillance/Traffic Analysis • Publicity Attacks

  19. Criminal Attacks • How can I acquire the maximum financial return by attacking the system?” • Fraud: e-check, credit cards, ATM networks • SCAMs: sale of internet services, sale of merchandise, auctions, pyramid and multi-level marketing schemes, business opportunities • Destructive Attacks • Terrorist • Vengeful employees • Hackers

  20. Intellectual Property Theft • Trade Secrets • Company Databases • Music ($11B/year) • Software (1997, Business Software Alliance: $15B/year)

  21. Other Thefts • Indentity Theft • Credit cards • SSN • Brand Theft • Forged domain name transfer request (SEX.COM) • Page-jacking: web sites steal traffic away from other sites • MCI 1-800-COLLECT and ATT 1-800 C0LLECT

  22. Privacy Violations • Targeted attacks---computer security thwarts these • Data Harvesting—works on correlation, automation supports

  23. Summary • Benefits of E-Commerce • Common Terminology • Threats to E-Commerce • Key Components of E-Commerce Security • Types of Attacks