e-commerce_(unit_5).ppt

43
Trusting others electronically E-Commerce infrastructure Security threats – the real threats and the perceptions Network connectivity and availability issues Better architecture and planning Global economy issues Flexible solutions

Upload: amit-pal-singh

Post on 12-Apr-2015

4 views

Category:

Documents


0 download

DESCRIPTION

E commerce and security issues

TRANSCRIPT

Page 1: E-Commerce_(Unit_5).ppt

Trusting others electronically E-Commerce infrastructure

Security threats – the real threats and the perceptions

Network connectivity and availability issues Better architecture and planning

Global economy issues Flexible solutions

Page 2: E-Commerce_(Unit_5).ppt

Trusting others electronically

Authentication

Handling of private information

Message integrity

Digital signatures and non-repudiation

Access to timely information

Page 3: E-Commerce_(Unit_5).ppt

Trusting the medium Am I connected to the correct web site? Is the right person using the other computer? Did the appropriate party send the last email? Did the last message get there in time,

correctly?

Page 4: E-Commerce_(Unit_5).ppt

Public-Key Infrastructure (PKI) Distribute key pairs to all interested entities

Certify public keys in a “trusted” fashion

The Certificate Authority

Secure protocols between entities

Digital Signatures, trusted records and non-

repudiation

Page 5: E-Commerce_(Unit_5).ppt

Authentication problems

Impersonation attacks

Privacy problems

Hacking and similar attacks

Integrity problems

Repudiation problems

Page 6: E-Commerce_(Unit_5).ppt

How to communicate securely:

SSL – “the web security protocols”

IPSEC – “the IP layer security protocol”

SMIME – “the email security protocol”

SET – “credit card transaction security

protocol”

Page 7: E-Commerce_(Unit_5).ppt

Issues with variable response during peak time

Guaranteed delivery, response and receipts

Spoofing attacks Attract users to other sites

Denial of service attacks Prevent users from accessing the site

Tracking and monitoring networks

Page 8: E-Commerce_(Unit_5).ppt

Variable connectivity levels and cost

Variable economies and cultures

Taxation and intellectual property issues

Interoperability between different

economies

Page 9: E-Commerce_(Unit_5).ppt

Networking Products Firewalls Remote access and Virtual Private

Networks (VPNs) Encryption technologies Public Key Infrastructure Scanners, monitors and filters Web products and applications

Page 10: E-Commerce_(Unit_5).ppt

Support for peak access

Replication and mirroring, round robin

schemes – avoid denial of service

Security of web pages through

certificates and network architecture to

avoid spoofing attacks

Page 11: E-Commerce_(Unit_5).ppt

Identity-based certificate to identify all

users of an application

Determine rightful users for resources

“Role-based” certificates to identify the

authorization rights for a user

Page 12: E-Commerce_(Unit_5).ppt

12

What is EDI?

Exchange of electronic data between companies using precisely defined transactions

Set of hardware, software, and standards that accommodate the EDI process

Page 13: E-Commerce_(Unit_5).ppt

13

Figure 11.2 Benefits of EDI

Page 14: E-Commerce_(Unit_5).ppt

14

Figure 11.3 Suppliers, manufacturers, and retailers cooperate in some of the most successful applications of EDI.

Page 15: E-Commerce_(Unit_5).ppt

15

Figure 11.4

Page 16: E-Commerce_(Unit_5).ppt

16

EDI on the WebAdvantages of Web EDI

Lower cost More familiar software Worldwide connectivity

Disadvantages of Web EDI Low speed Poor security

Page 17: E-Commerce_(Unit_5).ppt

17

The Importance of EDI Need for timely, reliable data exchange in

response to rapidly changing markets Emergence of standards and guidelines Spread of information into many organizational

units Greater reliability of information technology Globalization of organizations

Page 18: E-Commerce_(Unit_5).ppt

18

Message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution)

Three alternative functions used: message encryption message authentication code (MAC) hash function

Page 19: E-Commerce_(Unit_5).ppt

19

Message encryption by itself also provides a measure of authentication

If symmetric encryption is used then: receiver know sender must have created it since only sender and receiver now key used know content cannot of been altered Provides both: sender authentication and

message authenticity.

Page 20: E-Commerce_(Unit_5).ppt

20

If public-key encryption is used: encryption provides no confidence of sender since anyone potentially knows public-key however if

sender signs message using his private-key then encrypts with recipients public key have both secrecy and authentication

but at cost of two public-key uses on message

Page 21: E-Commerce_(Unit_5).ppt

21

A small fixed-sized block of data: Depends on both message and a secret key Like encryption though need not be reversible

Appended to message as a signature Receiver performs same computation on

message and checks it matches the MAC Provides assurance that message is

unaltered and comes from sender

Page 22: E-Commerce_(Unit_5).ppt

22

MAC provides authentication Message can be encrypted for secrecy

generally use separate keys for each can compute MAC either before or after

encryption is generally regarded as better done before

why use a MAC? sometimes only authentication is needed sometimes need authentication to persist

longer than the encryption (e.g., archival use) note that a MAC is not a digital signature

Page 23: E-Commerce_(Unit_5).ppt

23

A hash function is like a MAC condenses arbitrary message to fixed

sizeh = H(M)

usually assume that the hash function is public and not keyed-note that a MAC is keyed

hash used to detect changes to message can use in various ways with message most often to create a digital signature

Page 24: E-Commerce_(Unit_5).ppt
Page 25: E-Commerce_(Unit_5).ppt

Spyware Adware Embedded Programs Trojan Horse Browser Hijackers Dialers Malware

Page 26: E-Commerce_(Unit_5).ppt

Profit A challenge Malice Boredom Business

Page 27: E-Commerce_(Unit_5).ppt

Computer is running slower than normal Popups (on or off the internet) New toolbars Home page changes Search results look different Error messages when accessing the web

Page 28: E-Commerce_(Unit_5).ppt
Page 29: E-Commerce_(Unit_5).ppt
Page 30: E-Commerce_(Unit_5).ppt
Page 31: E-Commerce_(Unit_5).ppt
Page 32: E-Commerce_(Unit_5).ppt
Page 33: E-Commerce_(Unit_5).ppt
Page 34: E-Commerce_(Unit_5).ppt
Page 35: E-Commerce_(Unit_5).ppt
Page 36: E-Commerce_(Unit_5).ppt

Be conscious of what you are clicking on/downloading

Some pop-ups have what appears to be a close button, but will actually try to install spyware when you click on it. Always look for the topmost right red X.

Remember that things on the internet are rarely free. “Free” Screensavers etc. generally contain ads or worse that pay the programmer for their time.

Page 37: E-Commerce_(Unit_5).ppt

Download.com – All programs are adware/spyware free

Freesaver.com – Screensavers from this site are safe DO NOT click on ads

KFOR or News9 Cleansoftware.org

Page 38: E-Commerce_(Unit_5).ppt

Sits between two networks Used to protect one from the other Places a bottleneck between the networks

All communications must pass through the bottleneck – this gives us a single point of control

Page 39: E-Commerce_(Unit_5).ppt

Packet Filtering Rejects TCP/IP packets from unauthorized hosts and/or

connection attempts bt unauthorized hosts Network Address Translation (NAT)

Translates the addresses of internal hosts so as to hide them from the outside world

Also known as IP masquerading Proxy Services

Makes high level application level connections to external hosts on behalf of internal hosts to completely break the network connection between internal and external hosts

Page 40: E-Commerce_(Unit_5).ppt

Encrypted Authentication Allows users on the external network to authenticate to

the Firewall to gain access to the private network Virtual Private Networking

Establishes a secure connection between two private networks over a public network This allows the use of the Internet as a connection medium

rather than the use of an expensive leased line

Page 41: E-Commerce_(Unit_5).ppt

Virus Scanning Searches incoming data streams for virus signatures so

theey may be blocked Done by subscription to stay current

McAfee / Norton

Content Filtering Allows the blocking of internal users from certain types

of content. Usually an add-on to a proxy server Usually a separate subscription service as it is too hard and

time consuming to keep current

Page 42: E-Commerce_(Unit_5).ppt

Part of an overall Firewall strategy Sits between the local network and the external network

Originally used primarily as a caching strategy to minimize outgoing URL requests and increase perceived browser performance

Primary mission is now to insure anonymity of internal users Still used for caching of frequently requested files Also used for content filtering

Acts as a go-between, submitting your requests to the external network Requests are translated from your IP address to the Proxy’s IP

address E-mail addresses of internal users are removed from request

headers Cause an actual break in the flow of communications

Page 43: E-Commerce_(Unit_5).ppt

Terminates the TCP connection before relaying to target host (in and out)

Hide internal clients from external network

Blocking of dangerous URLs

Filter dangerous content

Check consistency of retrieved content

Eliminate need for transport layer routing between networks

Single point of access, control and logging