Professional Documents
Culture Documents
Unwanted programs
Browser parasites-program that can monitor and change the settings of a users browser Spyware-program used to obtain information such as users keystrokes, e-mail, instant messages and so on
Hacking and cybervandalism Hackers vs. crackers (Hacker is an individual who intends to gain unauthorized access to a computer system, Cracker is someone within the hacking community, used to denote a hacker with criminal intent) Cyber vandalism: intentionally disrupting, defacing, destroying Web site
Sniffing
Eavesdropping program that monitors information traveling over a network When used legitimately, they help identify potential network trouble-spots
Email wiretraps are a variation of sniffing. A hidden code in an e-mail message allows someone to monitor all succeeding messages forwarded with the original msg
Insider jobs
Single largest financial threat Bank employees steal more money than bank robbers Employees have access to privileged information, and when the internal security is poor, they are able to roam through the organizations network without leaving a trace
Technology Solutions
Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients
Encryption Transforms plain text or data into cipher text readable only by sender and receiver Purpose of encryption is
To secure stored information To secure information transmission A key or cipher is used to transform plain text into cipher text Substitution Cipher- Every occurrence of a given letter is systematically replaced by another letter Transposition Cipher-The ordering of the letters in each word is changed in some systematic way
Both keys used to encrypt and decrypt message Once key used to encrypt message, same key cannot be used to decrypt message Sender uses recipients public key to encrypt message; recipient uses his/her private key to decrypt it
Digital Signature
To ensure the authenticity and to ensure non-repudiation, the sender encrypts the entire block of cipher text one more time using senders private key This produces a digital signature or esignature or signed cipher text A digi: signature is close to a handwritten signature and changes for every document
Digital Envelope
Addresses weaknesses of: Public key encryption
Computationally slow, decreased transmission speed, increased processing time
The symmetric key- which the recipient will require to decrypt the document is itself encrypted, using the recipients public key-Key within a key (Digital Envelope)
The encrypted report and the digital envelope is sent across the web The recipient uses his/her pvt key to decrypt the symmetric key, and the recipient uses the symmetric key to decrypt the report Method saves time because encryption and decryption are faster with symmetric keys
Public Key Infrastructure- CAs and digital certificate procedures that are accepted by all parties
Protecting Networks
Firewall Hardware or software that filters communication packets Prevents some packets from entering the network based on security policy Controls traffic to and from servers and clients, forbidding communications from untrustworthy sources Two main methods:
1.
Packet filters-Examine data packets to determine whether they are destined for a prohibited port or originate from a prohibited IP address Application gateways-Firewall that filters communications based on the application being requested, rather than the source or destination of the msg
2.
Proxy Servers
When a user on an internal network requests a web page, the request is routed first to proxy server Proxy server validates the user and the nature of the request, then sends the request to the internet Web page sent by the external internet first passes through the proxy and if acceptable, it passes through the internal n/w web server to the clients desktop Proxy servers also improve web performance by storing frequently requested pages locally, reducing upload times They hide the internal network address, making it difficult for hackers to break
Security Plan
An assessment of the risks and points of vulnerability is done Security policy is defined-a set of stmts prioritizing the info: risks, identifying acceptable risk targets, and identifying the mechanisms for achieving the targets Implementation Plan-Action steps to achieve security goals To implement the plan, an organizational unit is formed-Security Organization Educates and trains users Maintains the tools chosen to implement security And keeps mgmt informed of the threats and breakdowns Security Review involves routine review of access logs
Payment Systems
Retail Payments
Credit cards Pvt label credit or debit cards
Credit or post-paid: A central server verifies the customer and checks with the bank whether funds are sufficient before any interchanges are made
Working of E-cash
2. Transfer money Currency Server 7. Credit merchant account
Consumer Bank
6. Return e-cash
Electronic Cheques
Programmed to accept individuals or a group who prefers to pay on credit or through some method, but not cash Functions as a msg to the senders bank to transfer funds, and the msg is given to the receiver, who in turn endorses the cheque and presents it to the bank to obtain funds
Working of e-cheques
Consumers Bank
7. Forward cheque 6. Forward cheque 3. Validates cheques
Merchants Bank
8. Account update
Clearing House
5. Forward to bank
Consumer Browser
Merchant system
Smart cards
They contain microprocessors that are able to hold more information than cards based on the traditional magnetic strips 2 types of smart cards
Relationship-based smart credit card Electronic purse and debit cards
Smart with programmable microchips that store a specified monetary value inside them When the balance on a purse is empty, it can be recharged with more money
Credit Card
When a customer buys a product or avails a service, the details of the credit card are given to the seller of goods or to the service providers involved The credit card provider makes the payment Credit card transactions simply requires that the consumer have a legitimate credit card number, expiration date and a PIN (Personal Identification Number) PIN prevent the misuse of card in case stolen Credit card system can be divided into 3 categories
Payment by furnishing details of credit card Payment by providing encrypted details of the credit card Payment made on the basis of verification by third party