Lecture 9 – Security Threats and Countermeasures eBusiness

for End Users

eBusiness

Lecture 9 - Security Threats and

Countermeasures for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.2

Introduction to Lecture 9

Topics covered:
• Online security issues
• Cookies
• Active content
• Viruses and worms
• Anti-virus software
• Digital certificates

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.3

Online Security Concerns

• Unauthorised access to confidential emails
• Unauthorised access to sensitive data
• Stolen credit card details
• Stolen personal details (identity theft)

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 1

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.4

Physical Computer Security

“Tangible protection devices”

• Alarms
• Security guards
• Fireproof doors
• Security fences
• Safes or vaults

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.5

Logical Computer Security

“Protection of assets using non-physical

means”
• Passwords
• Firewall
• Anti-virus software
• Biometrics

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.6

Risk Management Model

Schneider, G. (2007) Electronic Commerce 7th Ed, p.441

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 2

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.7

Countermeasures
• Logical or physical procedures that
recognise, reduce or eliminate a threat to
computer security
• Risk management used to determine
probability and impact of a threat, in order
to identify the appropriate countermeasures

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.8

Security Policy
“Written statement specifying which assets are
to be protected, why and by whom”
• Physical security
• Network security
• Access authorisations
• Virus protection
• Disaster recovery

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.9

Requirements for
Secure eCommerce
Requirement Meaning
Secrecy Prevent unauthorised persons from accessing confidential
information or obtaining credit card details
Integrity Enable computer to automatically detect messages that have
been altered in transit
Availability Provide delivery
y assurance so that messages
g or message
g
segments cannot be lost
Key Provide secure distribution and management of keys needed to
provide secure communications
management
Non- Provide undeniable end-to-end proof of the origin and recipient
of each message
repudiation
Authentication Securely identify clients and servers through the use of digital
signatures and certificates
Schneider, G. (2007) Electronic Commerce 7th Ed, p.443

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 3

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.10

End User Security Issues

• Cookies
• Active content
• Java Applets
pp and JavaScript
p
• Viruses and worms
• Anti-virus software
• Digital certificates
• Biometrics

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.11

Cookies
• Save information about a web user
• Session cookies and persistent cookies are
used in eCommerce
• Can reveal private information about a web
user or track them as they shop or surf
• Cookies can be disabled by the user
• Third party cookie blockers can be used

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.12

Active Content
“Programs that are embedded in web
pages that cause action to occur”
• Examples include cookies, Java applets,
J
JavaScript
S i t andd ActiveX
A ti X controls
t l
• Can be used by hackers to embed
malicious content in web pages
• Other threats include Trojan horse and
zombie

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 4

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.13

Java Applets and JavaScript

Java Applets
• Programming language developed by Sun
• Once downloaded, embedded Java code can run
on a user’s computer, possibly leading to security
violations
i l ti
JavaScript
• Scripting language developed by Netscape
• Can be used for attacks by executing code on the
user’s hard disk
• Requires the user to start the program

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.14

Viruses and Worms

• Virus - software that attaches itself to
another program and causes damage
• Worm - a type of virus that replicates itself
on the computer it infects
• Typically spread by email attachments
• Users can also be infected by websites
• Growing problem for eCommerce sites

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.15

Anti-Virus Software
• Detects viruses and worms
• Deletes them or isolates them so they
cannot run
• Software must be kept up-to-date
• Software companies provide news on latest
virus threats

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 5

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.16

Digital Certificate
“Attachment to an email or program that verifies
the sender or website is who they claim to be”
• Certificate owner’s identifying information
• Certificate owner’s public key
• Dates between which the certificate is valid
• Serial number of the certificate
• Name of the certificate issuer
• Digital signature of the certificate issuer

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.17

Example of Digital Certificate

Schneider, G. (2007) Electronic Commerce 7th Ed, p.457

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.18

Biometric Security

“Uses an element of a person’s

biological makeup to perform
identification”
• Fingerprint recognition
• Iris recognition
• Facial patterns
• Hand measurements

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 6

Lecture 9 – Security Threats and Countermeasures eBusiness
for End Users

Security Threats and Countermeasures for End Users Lecture 9 - 9.19

Summary
• Security threats are a growing concern for
eCommerce sites
• Risk management can be used to identify
physical and logical threats
• Businesses should develop a security policy
• Wide range of security threats to end users
• Possible countermeasures include anti-
virus software and digital certificates

© NCC Education Limited

V1.0

Security Threats and Countermeasures for End Users Lecture 9 - 9.20

© NCC Education Limited

V1.0

V1.0 Visuals Handout Lecture 9 – Page 7