1 . What is ecommerce security and why is it important?
2 . Tips on how to identify risks to ecommerce?
3. Tips on how to determine ways to protect ecommerce from those threats? 4. What are electronic payment devices?
5. Precisely what are the security requirements for electronic payment systems? 6. What security procedures are used to fulfill these requirements?
WHAT IS E-COMMERCE RELIABILITY
E-commerce protection is the protection of ecommerce assets via unauthorized get, use, alteration, or damage.
6th dimensions of e-commerce secureness (Table five. 1)
1 . Integrity: reduction against illegal data adjustment 2 . Nonrepudiation: prevention against any one party from reneging on an arrangement after the reality 3. Credibility: authentication of data source
some. Confidentiality: protection against unauthorized info disclosure 5. Privacy: provision of data control and disclosure
6. Availableness: prevention against data holdups hindrances impediments or removing
WEB COMMERCE THREATS (Figure 5. 4)
Threats: you aren't the capability, technology, opportunity, and intent to carry out harm. Potential threats can be foreign or domestic, inner or exterior, state-sponsored or maybe a single rogue element. Terrorists, insiders, negative employees, and hackers are included in this account (President's Percentage on Critical Infrastructure Protection)
Loss of Privacy/confidentiality, data misuse/abuse
Cracking, eavesdropping, spoofing, rootkits
Viruses, Trojan infections, worms, hostile ActiveX and Java
System unavailability, denial of support, natural unfortunate occurances, power disruptions 18%
2001 Information Security Industry Survey
1 ) Intellectual real estate threats -- use existing materials located on the Internet without the owner's authorization, e. g., music downloading it, domain name (cybersquatting), software pirating 2 . Consumer computer dangers
– Trojan horse
– Active items
a few. Communication channel threats
– Sniffer system
four. Server dangers
– Advantage setting
– Server Side Consist of (SSI), Prevalent Gateway User interface (CGI) – File copy
– Sending junk email
COUNTERMEASURE (Figure your five. 5)
A procedure that acknowledges, reduces, or perhaps eliminates a threat 1 ) Intellectual property protection
2 . Client computer protection
– Privacy -- Cookie blockers; Anonymizer
– Digital license (Figure your five. 9)
– Browser safeguard
– Malware software
– Computer forensics expert
three or more. Communication funnel protection
2. Public-key security (asymmetric) versus Private-key encryption (symmetric) (Figure 5-6) * Encryption regular: Data Security Standard (DES), Advanced Security Standard (AES) – Process
* Safeguarded Sockets Coating (SSL) (Figure 5. 10)
* Protect HyperText Transfer Protocol (S-HTTP)
– Digital signature (Figure 5-7)
Hole the message originator together with the exact contents of the meaning –A hash function can be used to transform communications into a 128-bit digest (message digest). –The sender's private key is accustomed to encrypt the message digest (digital signature) –The meaning + signature are brought to the recipient
–The person uses the hash function to recalculate the message digest –The sender's public key is accustomed to decrypt the message digest –Check to verify that the recalculated message digest = decrypted message break down 4. Server protection
– Access control and authentication
* Digital signature from user
5. Username and password
* Access control list
– Firewalls (Figure 5. 11)
International Computer system Security Association's classification: · Packet filtration system firewall: investigations IP address of incoming bundle and rejects anything that would not match the list of trusted addresses (prone to IP spoofing) ·...