security threats ecom
Post on 14-Sep-2014
119 views
DESCRIPTION
TRANSCRIPT
Security Threats
In Ecommerce Environment
Vijay Kumar Verm
a (VJY)
17-April-2014
OBJECTIVE
Introduction
Types & Prevent
What is Secu
rity Threats?α An action or event that might
compromise security. A threat is a potential violation of security.
α A threat is an object, person, or other entity that represents a constant danger to an asset.
α A potential cause of an incident, that may result in harm of systems and organization.
α It is Noun.
What is Secu
rity Vulnerabilit
y?α Vulnerability could be defined as “a flaw or weakness in hardware, software or process that exposes a system to compromise”.
α It is Adjective
α A vulnerability is that quality of a resource or its environment that allows the threat to be realized.
NOW
Introduction
Types & Prevent
Types of S
ecurity Threats
0x1. Malicious Code0x2. Phishing and identity theft0x3. Credit card fraud/theft0x4. DOS / Ddos Attacks 0x5. Unwanted Programs0x6. Hacking & Cyber Vandalism0x7. Spoofing and spam websites
Malicious Code
α Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.
α It describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
α Malicious Code can take the form of:
1. Java Applets2. ActiveX Controls3. Scripting languages4. Browser plug-ins5. Pushed content
α Malicious Code can give a user remote access to a computer.
α This is known as an application backdoor.
Phishing and id
entify th
eftα Phishing is an internet scam where the user is convinced to give valuable information.
α Phishing will redirect the user to a different website through emails, instant messages, spywares etc.
α Phisher offer illegitimate websites to the user to fill personal information.
α The main purpose of phishing is to get access to the customer's bank accounts, passwords and other security information
α Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, usually as a method to gain access to resources or obtain credit and other benefits in that person's name.
Credit Card Fraud/Theftα scammers may use spyware or some other
scam to obtain your credit card details.
α A scammer might steal or trick you into telling them your security code (the three or four digit code on your card) and then make purchases over the internet or the telephone.
α The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.
α If they know your PIN, they could get cash advances from an ATM using a ‘cloned’ credit card
α Between Nov. 27, 2013 and Dec. 15, 2013 a breach of systems at Target Corporation exposed data from about 40 million credit cards. The information stolen included names, account number, expiry date and Card security code.
DoS and DDosα Denial of service Attack (Dos) α It is an attack through which a person can render a system unusable, or significantly slow it down for legitimate users, by overloading its resources.
α Distributed Denial of service Attack (DDos)
α On the Internet, a distributed denial-of-service attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system
α It is an attempt to make a machine or network resource unavailable to its intended users.
α Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.
Potentially Unwanted Programs
α It is a program that may be unwanted, despite the possibility that users consented to download it.
α UPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.
Hacking & Cyber Vandalismα vandalism is the act of editing the
project in a malicious manner that is intentionally disruptive. Vandalism includes the addition, removal, or other modification of the text or other material that is either humorous, nonsensical, a hoax, or that is of an offensive, humiliating, or otherwise degrading nature.
Spoofing and Spam Websit
esα Spoofing is when an attacker pretends to be someone else in order gain access to restricted resources or steal information. This type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to get into their accounts advantage.
α IP spoofing, Email Spoofing
α “Website spam or webspam is the term for web pages that are designed by webmasters to trick search engine robots and direct traffic to their websites.
Thank You