Professional Documents
Culture Documents
eBusiness
Introduction to Lecture 9
Topics covered:
• Online security issues
• Cookies
• Active content
• Viruses and worms
• Anti-virus software
• Digital certificates
Countermeasures
• Logical or physical procedures that
recognise, reduce or eliminate a threat to
computer security
• Risk management used to determine
probability and impact of a threat, in order
to identify the appropriate countermeasures
Security Policy
“Written statement specifying which assets are
to be protected, why and by whom”
• Physical security
• Network security
• Access authorisations
• Virus protection
• Disaster recovery
Requirements for
Secure eCommerce
Requirement Meaning
Secrecy Prevent unauthorised persons from accessing confidential
information or obtaining credit card details
Integrity Enable computer to automatically detect messages that have
been altered in transit
Availability Provide delivery
y assurance so that messages
g or message
g
segments cannot be lost
Key Provide secure distribution and management of keys needed to
provide secure communications
management
Non- Provide undeniable end-to-end proof of the origin and recipient
of each message
repudiation
Authentication Securely identify clients and servers through the use of digital
signatures and certificates
Schneider, G. (2007) Electronic Commerce 7th Ed, p.443
Cookies
• Save information about a web user
• Session cookies and persistent cookies are
used in eCommerce
• Can reveal private information about a web
user or track them as they shop or surf
• Cookies can be disabled by the user
• Third party cookie blockers can be used
Active Content
“Programs that are embedded in web
pages that cause action to occur”
• Examples include cookies, Java applets,
J
JavaScript
S i t andd ActiveX
A ti X controls
t l
• Can be used by hackers to embed
malicious content in web pages
• Other threats include Trojan horse and
zombie
Anti-Virus Software
• Detects viruses and worms
• Deletes them or isolates them so they
cannot run
• Software must be kept up-to-date
• Software companies provide news on latest
virus threats
Digital Certificate
“Attachment to an email or program that verifies
the sender or website is who they claim to be”
• Certificate owner’s identifying information
• Certificate owner’s public key
• Dates between which the certificate is valid
• Serial number of the certificate
• Name of the certificate issuer
• Digital signature of the certificate issuer
Biometric Security
Summary
• Security threats are a growing concern for
eCommerce sites
• Risk management can be used to identify
physical and logical threats
• Businesses should develop a security policy
• Wide range of security threats to end users
• Possible countermeasures include anti-
virus software and digital certificates