Category: Education

Presentation Description

No description available.


Presentation Transcript



Concept of Electronic Security:

In the world of eCommerce / eBusiness and the domain of ICT. The concept of electronic seurity ( eSecurity ) transcends beyond the ambit of traditional security or the idea of putting physical controls and policy provisions to avoid pilferage or loss of physical assets and other form of resources. Concept of Electronic Security

Slide 3:

eSecurity in the world of eCommerce / eBusiness is referring to the ability of a system to prevent illegal or inappropriate use of its data and to deter hackers. Protecting a site and it’s data against malicious or accidental damage and loss. Security Management Solutions – consist of a diverse set of hardware, software, and services for managing intrusion events uncovering known software vulnerabilities and automating the distribution of software patches.

Classes of Computer Security:

Physical Security – includes provision of tangible protection devices such as alarms, guars, fireproof doors, security fences, safes or vaults, and bombproof buildings. Logical Security – includes protection of assets using nonphysical means such as the intangible security protection against data and other forms of information. Classes of Computer Security

Other Categories of Computer Security :

Secrecy – refers to protecting against unauthorized data disclosure and ensuring the authenticity of the data source. Integrity – refers to preventing unauthorized data modification. Necessity (also known as denial of service) – refers to preventing data delays or denial(removal). Other Categories of Computer Security

Responsibility and Security:

Personal Responsibility – Security aspects for the information technology infrastructure covering both hardware and software. It is because online users or individual parties are directly and in directly involved in eCommerce / eBusiness transactions hence should exercise due prudence and care to protect online transactions from external intrusions or intervention that may result to damages and/or costly experience for both parties. Institutional Responsibility – online merchants or any other host computers particularly those connected thru LAN or WAN have to see to it hardware and software provisions as well as the variety of information are considered corporate assets that need to be protected. Responsibility and Security

eBusiness SecurityConcerns with the following Questions and issues::

How secure is the server software? How secure are the communication? How is the data protected once it is delivered to the eBusiness ? How are credit and transaction authenticated and authorized? Connection to the internet Unknown risks Customer privacy and security of customer information Security consciousness eBusiness SecurityConcerns with the following Questions and issues:

Slide 8:

Match? Enter password Encode Password Read encoded Password Grant Access Encoded Password File Deny access NO YES SERVER USER PASSWORD SYSTEM

Slide 9:

Encryption Technology is a system security option which encodes and decodes information transmitted over the internet so that only the sender and intended recipient can read the information. It is done by way of using a complex set of mathematical formulas so complex that it would take the powerful computer years to decode the message. Public key – encrypts the data. Private key – decrypts the data

Common Types of Attacks on The Web:

Denial of service attacks Vandalism Information Theft Common Types of Attacks on The Web

Destructive Programs:

Virus Worms Trojan Horse Hoax Logic bomb Trap door Destructive Programs

Slide 12:

Hackers(crackers) – Someone who breaks into the computer system usually with damaging implications to the data stored in the computers. Hacking – is classified or categorized as a form of cyber crime. Cyber crime – is the general term for illegal or unethical activities performed in the cyber space.

Slide 13:

Hacker Computer Program Computer Program Computer Program eBay.com/Amazon.com/Sulit.com Customer Customer Customer The Hacking Process

Slide 14:

Smurf attack or smurfing – is a form of attack wherein the hacker floods the ISP with so many garbage packets that all the ISP’s available bandwidth is used up. Spamming - the practice of indiscriminate distribution of message without permission of the receiver and without consideration of the messages appropriateness. How to cut Spamming? > Tell users not to validate their addresses by answering spam requests for replies if they want to be taken off the mailing list. > Disable the relay feature on mail servers so mail cannot bounced off the server. > Delete spam and forget it. FIREWALL – A set of hardware and software that isolates a company’s internal private network from the internet – or any private network - by controlling external access to the corporation’s server.

Slide 15:

Diagram of a Firewall

Slide 16:

How Firewalls Work Primarily, firewalls allow or block network traffic between devices based upon rules set up by the firewall administrator. Each rule defines a specific traffic pattern you want the firewall to detect and the action you want the firewall to take when that pattern is detected. Note - A firewall can only operate on communications traffic that physically passes through it. A firewall has no impact on traffic between two devices on the same "side" of the firewall (i.e., both connected to the same firewall network card or port).

Slide 17:

Biometric control - an automated method of verifying the identity of a person based on physiological or behavioral characteristics. Common Biometric Verification schemes: Face geometry Fingerprints Hand geometry Blood vessel pattern in the retina of a person’s eye Voice Signature Keystroke dynamics Facial thermography Iris scan Using password or PIN

Slide 18:

Authentication Criteria Criteria Example Personal Characteristics Height, Weight Hair and Eye color Picture Biometrics Knowledge of a secret Password PIN Combination to a safe Possession of an object ID Badge Credit card Physical location Physically secure site Callback GPS

Requirements to a Secure Electronic Commerce:

Secrecy Integrity Availability Key management Non repudiation Authentication Requirements to a Secure Electronic Commerce

Deterring Hackers:

Change access password frequently Restrict system use Limit access to data Set up physical access control Partition responsibility Encrypt data Establish procedural controls Institute educational programs Audit system activities Log all transactions and user’s activities Deterring Hackers

Slide 21:


authorStream Live Help