Professional Documents
Culture Documents
eBusiness
Introduction to Lecture 10
Topics covered:
• Communication channel security
• Encryption and Secure Sockets Layer (SSL)
• Web server threats
• Database threats
• Access control and authentication
• Firewalls
Secrecy Threats
• Secrecy is the prevention of unauthorised
information disclosure
• Privacy is the protection of individual rights
to non-disclosure
• Sniffer programs pose a threat to email
• Backdoors in software provide opportunities
for hackers
Integrity Threats
• Active wiretapping – altering a message
stream of information
• Cybervandalism – defacing of an existing
website’s
website s page
• Spoofing – pretending to be somebody you
are not
• Phishing – attempts to capture confidential
customer information via spoof emails
Wireless Threats
• Security provided by Wireless
Encryption Protocol (WEP)
• Manyy mobile devices have default
login and password set
• Companies often fail to change these
settings
• Wireless devices can be attacked by
wardrivers using warchalking
Encryption
Comparison of
Encryption Methods
Hash Functions
and Digital Signatures
• Intended to eliminate threat of an eCommerce
message being altered
• Hash algorithm is applied to the message
• Produces message digest that cannot be inverted
to produce original information
• Sender encrypts message digest using private key
• Encrypted message digest is called a digital
signature
Database Threats
• eCommerce systems store valuable user data and
product information in databases
• Once a user is authenticated, sections of the
database become available
• Poor security can mean that hackers gain
authentication
• Trojan horse programs can change or remove
access rights and allow hackers to gain entry
Access Control
and Authentication
Firewalls
• Software or hardware/software combination
• Controls packet traffic moving through a network
• Provides a defence between the internal network
and the Internet
• Categories are packet filter, gateway server and
proxy server
• Intrusion detection systems can help to identify and
block possible attacks
Summary
• Wide range of threats posed by using the
Internet as a communications channel
• Secrecy and privacy are key concerns
• Encryption
E ti techniques
t h i play
l an iimportant
t t
role in ensuring effective eCommerce
security
• Variety of security risks to web servers
• Disaster recovery plans should be in place