Internet Security for Small & Medium Business

E-security

Why do I need e-security?
www.noie.gov.au/publications/NOIE/trust/Chap1/index.htm

The potential of the Internet
Email and World Wide Web 500 million people being connected to the

Internet The benefit of doing business over the Internet

 Increased potential costumer base,  Reduced paperwork and administration,  Reduced time to receive orders, supply goods and

make and receive payments, and  Access to great range of supplies

E-Security: Security in Cyberspace WHY INTERNET IS DIFFERENT? Paper-Based Commerce Signed paper Documents Person-to-person Physical Payment System Merchant-customer Face-to-face Easy Detectability of modification Easy Negotiability 3 Electronic Commerce Digital Signature Electronic via Website Electronic Payment System Face-to-face Absence Difficult Detectability Special Security Protocol .

Security Design Process 4 .

Network Traffic 5 .

.You may consider E-banking E-shopping E-tailing Sending and receiving orders to and from partners Loading your tax return or business activity statements or conducting other transactions with government agencies.

more than 1 million credit card numbers stolen via the Internet Information transmitted over Internet can be intercepted at any point Overview of security needed Businesses need to consider  The basic applications such as email  How to go about buying and selling online  How to protect computer system and  The legal issues surrounding e-business.Why security is an issue on the Internet? The Internet carrying risk By FBI last year. .

E-security technologies Four basic security principles Authenticity Security Non-repudiation Privacy or confidentiality .

A Four Pillar Approach .IV.

Liability No one owns the internet so how can self- regulation work? Basic laws in the e-security area vary a lot across countries as do penalties Defining a money transmitter How to define a proper service level agreement (SLA) Downstream liability Issues in certification and standard setting . Incentives.Pillar 1 Legal framework.

Pillar 2 Supervision and External Monitoring Technology Supervision and Operational Risk: Retail Payment Networks. E-Security Vendors Capital Standards and E-Risk On-Site IT examinations Off-site processes Coordination: between regulatory agencies. between supervisors and law enforcement  Cyber-Risk Insurance  Education and Prevention .Commercial Banks.

Standards.Pillar 3 Certification. Policies and Processes Certification Software and hardware Security vendors E-transactions Policies Standards Procedures .

Pillar 4 Layered Electronic Security 12 Core Layers of proper e-security Part of proper operational risk management General axioms in layering e-security Attacks and losses are inevitable Security buys time The network is only as secure as its weakest link .

GSM Vulnerabilities  SIM-CARD Vulnerability  SMS Bombs  Gateway Vulnerability  WAP Vulnerability  Man in the Middle Attack .

.

Authentication technologies Authentication technoligies rely on  Something you know  Something you possess  Something you are a unique physical quality Password systems for authenticating identities and communications:  Secure sockets layer (SSL) technologies  Public key infrastructure (PKI)  Virtual private network (VPN)  Secure managed services .

PKI Plus Biometrics Digital Signature Certificate .The pyramid of Authentication Technologies.PGP Passwords + SSL Password / Tokens Lower level of security offered. High level of security offered.PKI For highly valued information Digital Signature Certificate . For less valuable information .

How to send email securely? Email network Web-based Email server Intranet Email server Mail Server Mail Server Mail Server Email Users .

Secure Web email Web-based email service is a sensible choice Dedicated email encryption Use public key and PGP Secure email gateways Secure email versus postal mail Secure envelope Inside being signed and authenticated .

How to conduct secure transaction online? SSL and e-commerce SSL limitation Data transmitted using SSL SSL offering strong authentication A secure envelope A guarantee to your destination Signature on envelope .

firewall .How to deal with other e-security threats? Viruses Hacking Denials of services Dumping Port scanning and sniffing  Method of protection .

.Securing your own PC file sharing browser security The importance of the real world security ensure your workplace IT equipment is stored in a secure and lockable location Keeping up-to-data logs of all equipment.

Privacy .important issue for e-security The privacy act and e-security Website privacy policies Cookies and Web bugs Monitoring stuff online .

Laws applying to e-business Electronic Transaction Act 1999 (ETA) giving information in writing providing a signature producing a document in material form and recording or retaining information .

Thanks! CBRC .

Sign up to vote on this title
UsefulNot useful