E-COMMERCE AND SECURITY

Submitted by
Ashwathi.p
(0920135)
MBA-B
 Customer Security: Basic Principles

Any system has to meet these requirements:

• Privacy: information must be kept from unauthorized parties.

• Integrity: message must not be altered or tampered with.
• Authentication: sender and recipient must prove their identities to
each other.
• Non-repudiation: proof is needed that the message was indeed
received.
• Encryption: Deals with information hiding. It ensures you cannot spy
on others during Internet banking transactions.
• Auditing: Keeps a record of operations. Merchants use auditing to
prove that you bought a specific merchandise.
 Players in e-commerce security issues
• The shopper
• The merchant
• The software vendor
• The hacker
 Points the attacker can target

• Shopper
• Shopper' computer
• Network connection between shopper and Web site's
server
• Web site's server
• Software vendor
 Possible attacks :
• Tricking the shopper
• Snooping the shopper's computer
• Sniffing the network: Attacker sniffing the network between client and
server

• Guessing passwords
• Using denial of service attacks
• Using known server bugs
• Using server root exploits
 Attacker sniffing the network

Denial of service attacks

 Defense your system:
At the end of the day, your system is only as secure as the people who
use it.

• Education is the best way to ensure that your customers take

appropriate precautions:
• Install personal firewalls for the client machines.
• Store confidential information in encrypted form.
• Encrypt the stream using the Secure Socket Layer (SSL) protocol to
protect information flowing between the client and the e-Commerce
Web site.
• Use appropriate password policies, firewalls, and routine external
security audits.
• Use threat model analysis, strict development policies, and external
security audits to protect ISV software running the Web site.
Attacks and Defenses