Information Security 11.2 Web &EC Security Chapter 17 復大软件学院
1 Information Security 11.2 Web & EC Security Chapter 17
Review Cryptography Authentication techniques PKI 復大软件学院
2 Review • Cryptography • Authentication techniques • PKI
Review Cryptography Authentication techniques PKI 系统安全 应用安全 网络安全 安全协议 安全的密码算法 復大软件学院
3 Review • Cryptography • Authentication techniques • PKI 安全的密码算法 安全协议 系统安全 应用安全 网络安全
Review · Security services Confidentiality Integrity Authentication Non-repudiation Availability 復大软件学院
4 Review • Confidentiality • Integrity • Authentication • Non-repudiation • Availability • Security services
Outline Web EC Security Considerations Definitions; web, EC threats Secure Socket Layer(ssL) and Transport Layer Security (TLs) Secure Electronic Transaction (SET) 復大软件学院
5 Outline • Web & EC Security Considerations – Definitions: web, EC – threats • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Secure Electronic Transaction (SET)
Outline Web EC Security Considerations Definitions; web, EC threats Secure Socket Layer(SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) 復大软件学院
6 Outline • Web & EC Security Considerations – Definitions: web, EC – threats • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Secure Electronic Transaction (SET)
Web Security Web now widely used by business government, individuals but internet Web are vulnerable 復大软件学院
7 Web Security • Web now widely used by business, government, individuals • but Internet & Web are vulnerable
co) Web Security Considerations The WEB is very visible Complex software hide many security flaws Web servers are easy to configure and manage Web server may be exploited as a launching pad into the intranet Users are not aware of the risks 復大软件学院
8 Web Security Considerations • The WEB is very visible. • Complex software hide many security flaws. • Web servers are easy to configure and manage. • Web server may be exploited as a launching pad into the intranet. • Users are not aware of the risks
Web Security So, have a variety of threats user web server Confidentiality httpetc.plaintext integrity denial of service Authentication need added security mechanisms 復大软件学院
9 Web Security • So, have a variety of threats user web server – Confidentiality http, etc. plaintext – integrity – denial of service – Authentication • need added security mechanisms
O EC, Electronic Commerce 定义 基于电子技术来实现商务活动 ·电报 ·电话 ·互联网 復大软件学院
10 EC,Electronic Commerce • 定义 : –基于电子技术来实现商务活动 • 电报 • 电话 • 互联网