Chapter 11 E-Commerce Security
Chapter 11 E-Commerce Security
Learning objectives Document the trends in computer and network security attacks 2. Describe the common security practices of businesses of all sizes 3. Understand the basic elements of Ec security 4. Explain the basic types of network security attacks 5. Describe common mistakes that organizations make in managing security 6. Discuss some of the major technologies for securing EC communications 7. Detail some of the major technologies for securing EC networks components Electronic Commerc Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 2 Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements of EC security. 4. Explain the basic types of network security attacks. 5. Describe common mistakes that organizations make in managing security. 6. Discuss some of the major technologies for securing EC communications. 7. Detail some of the major technologies for securing EC networks components
The Continuing Need for E-Commerce Security Computer Security Institute (CsI) Nonprofit organization located in San Francisco, California, that is dedicated to serving and training information, computer, and network security professionals Computer Emergency Response Team(CERT) Group of three teams at Carnegie Mellon University that monitor the incidence of cyber attacks analyze vulnerabilities, and provide guidance on protecting against attacks Electronic Commerce Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 3 The Continuing Need for E-Commerce Security Computer Security Institute (CSI) Nonprofit organization located in San Francisco, California, that is dedicated to serving and training information, computer, and network security professionals Computer Emergency Response Team (CERT) Group of three teams at Carnegie Mellon University that monitor the incidence of cyber attacks, analyze vulnerabilities, and provide guidance on protecting against attacks
Security Is Everyone's Business The dHs (Department of Homeland Security) strategy includes five national priorities 1. A national cyberspace security response system 2. A national cyberspace security threat and vulnerability reduction program 3. A national cyberspace security awareness and training program Securing governments cyberspace 5. National security and international security cooperation Electronic Commerce Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 4 Security Is Everyone’s Business • The DHS (Department of Homeland Security) strategy includes five national priorities: 1. A national cyberspace security response system 2. A national cyberspace security threat and vulnerability reduction program 3. A national cyberspace security awareness and training program 4. Securing governments’ cyberspace 5. National security and international security cooperation
Security Is Everyone's Business Accomplishing these priorities requires concerted effort at five levels Level 1-The Home User/Small Business evel 2-Large enterprises evel 3--Critical Sectors/Infrastructure Level 4-National lssues and vulnerabilities Leve|5— Global Electronic Commerc Prentice Hall 2006 5
Electronic Commerce Prentice Hall © 2006 5 Security Is Everyone’s Business • Accomplishing these priorities requires concerted effort at five levels: – Level 1—The Home User/Small Business – Level 2—Large Enterprises – Level 3—Critical Sectors/Infrastructure – Level 4—National Issues and Vulnerabilities – Level 5—Global
Security Is Everyone's Business National cyber Security Division(NCSD) A division of the department of Homeland Security charged with implementing U.S cyberspace security strategy Electronic Commerc Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 6 Security Is Everyone’s Business National Cyber Security Division (NCSD) A division of the Department of Homeland Security charged with implementing U.S. cyberspace security strategy
Basic security Issues What kinds of security questions arise? From the users perspective How can the user be sure that the web server is owned and operated by a legitimate company? How does the user know that the Web page and form do not contain some malicious or dangerous code or content How does the user know that the owner of the Web site will not distribute the information the user provides to some other party? Electronic Commerc Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 7 Basic Security Issues • What kinds of security questions arise? – From the user’s perspective: • How can the user be sure that the Web server is owned and operated by a legitimate company? • How does the user know that the Web page and form do not contain some malicious or dangerous code or content? • How does the user know that the owner of the Web site will not distribute the information the user provides to some other party?
Basic security Issues What kinds of security questions arise? From the companys perspective How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? How does the company know that the user will not try to disrupt the server so that it is not available to others? Electronic Commerc Prentice Hall 2006
Electronic Commerce Prentice Hall © 2006 8 Basic Security Issues • What kinds of security questions arise? – From the company’s perspective: • How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? • How does the company know that the user will not try to disrupt the server so that it is not available to others?
Basic security Issues What kinds of security questions arise? From both parties' perspectives How do both parties know that the network connection is free from eavesdropping by a third party "listening on the line? How do they know that the information sent back and-forth between the server and the users browser has not been altered? Electronic Commerc Prentice Hall 2006
