e security project
TRANSCRIPT
-
8/2/2019 e Security Project
1/25
E-security
Internet Security for
Small & Medium Business
-
8/2/2019 e Security Project
2/25
Why do I need e-security?www.noie.gov.au/publications/NOIE/trust/Chap1/index.htm
The potential of the InternetEmail and World Wide Web500 million people being connected to the
InternetThe benefit of doing business over the
InternetIncreased potential costumer base,Reduced paperwork and administration,
Reduced time to receive orders, supply goods andmake and receive payments, andAccess to great range of supplies
-
8/2/2019 e Security Project
3/25
WHY INTERNET IS DIFFERENT?
3
E-Security: Security in Cyberspace
Paper-Based Commerce Electronic Commerce
Signed paper Documents Digital Signature
Person-to-person Electronic via Website
Physical Payment System Electronic Payment System
Merchant-customer Face-to-face Face-to-face Absence
Easy Detectability of modification Difficult Detectability
Easy Negotiability Special Security Protocol
-
8/2/2019 e Security Project
4/25
Security Design Process
4
-
8/2/2019 e Security Project
5/25
Network Traffic
5
-
8/2/2019 e Security Project
6/25
You may considerE-bankingE-shoppingE-tailingSending and receiving orders to and
from partnersLoading your tax return or business
activity statements or conductingother transactions with government
agencies.
-
8/2/2019 e Security Project
7/25
Why security is an issue on the Internet?The Internet carrying risk
By FBI last year, more than 1 million creditcard numbers stolen via the InternetInformation transmitted over Internet can be
intercepted at any point
Overview of security neededBusinesses need to considerThe basic applications such as emailHow to go about buying and selling onlineHow to protect computer system and
The legal issues surrounding e-business.
-
8/2/2019 e Security Project
8/25
E-security technologiesFour basic security principlesAuthenticitySecurityNon-repudiation
Privacy or confidentiality
-
8/2/2019 e Security Project
9/25
IV. A Four Pillar Approach
-
8/2/2019 e Security Project
10/25
arLegal framework, Incentives,
Liability
No one owns the internet so how can self-regulation work?
Basic laws in the e-security area vary a lotacross countries as do penalties
Defining a money transmitterHow to define a proper service level
agreement (SLA)Downstream liability
Issues in certification and standard setting
-
8/2/2019 e Security Project
11/25
arSupervision and External
Monitoring
Technology Supervision and OperationalRisk:Retail Payment Networks;Commercial Banks;
E-Security VendorsCapital Standards and E-RiskOn-Site IT examinationsOff-site processesCoordination: between regulatory agencies;
between supervisors and law enforcement
Cyber-Risk Insurance
Education and Prevention
-
8/2/2019 e Security Project
12/25
Pillar 3Certification, Standards, Policies
and Processes
CertificationSoftware and hardware
Security vendorsE-transactions
Policies
Standards
Procedures
-
8/2/2019 e Security Project
13/25
Pillar 4Layered Electronic Security
12 Core Layers of proper e-security
Part of proper operational risk management
General axioms in layering e-securityAttacks and losses are inevitableSecurity buys timeThe network is only as secure as its weakest link
-
8/2/2019 e Security Project
14/25
GSM Vulnerabilities
SIM-CARDVulnerability
SMS Bombs
GatewayVulnerability
WAP Vulnerability
Man in the Middle
Attack
-
8/2/2019 e Security Project
15/25
-
8/2/2019 e Security Project
16/25
Authentication technologiesAuthentication technoligies rely on
Something you knowSomething you possess
Something you are a unique physical quality
Password systems for authenticating identities
and communications:Secure sockets layer (SSL) technologies
Public key infrastructure (PKI)
Virtual private network (VPN)
Secure managed services
-
8/2/2019 e Security Project
17/25
The pyramid of AuthenticationTechnologies.
PKI Plus
Biometrics
Digital Signature
Certificate - PKI
Digital Signature
Certificate - PGP
Passwords + SSL
Password / Tokens
High level of
security offered.
For highly valued
information
Lower level ofsecurity offered.
For less valuable
information
-
8/2/2019 e Security Project
18/25
How to send email securely?
Email network
Web-basedEmail server
IntranetEmail server
MailServer
MailServer
MailServer
Email Users
-
8/2/2019 e Security Project
19/25
Secure Web emailWeb-based email service is a sensible choice
Dedicated email encryptionUse public key and PGP
Secure email gateways
Secure email versus postal mailSecure envelope
Inside being signed and authenticated
-
8/2/2019 e Security Project
20/25
How to conduct securetransaction online?
SSL and e-commerceSSL limitationData transmitted using SSLSSL offering strong authenticationA secure envelopeA guarantee to your destinationSignature on envelope
-
8/2/2019 e Security Project
21/25
How to deal with other e-securitythreats?
Viruses
HackingDenials of services
Dumping
Port scanning and sniffing
Method of protection - firewall
-
8/2/2019 e Security Project
22/25
Securing your own PCfile sharing
browser securityThe importance of the real world securityensure your workplace IT equipment is stored
in a secure and lockable location
Keeping up-to-data logs of all equipment.
-
8/2/2019 e Security Project
23/25
Privacy - important issue fore-security
The privacy act and e-securityWebsite privacy policies
Cookies and Web bugs
Monitoring stuff online
-
8/2/2019 e Security Project
24/25
Laws applying to e-business
Electronic Transaction Act 1999 (ETA)giving information in writingproviding a signatureproducing a document in material form and
recording or retaining information
-
8/2/2019 e Security Project
25/25
Thanks!
CBRC