Submit Search
Upload
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio Traverbusiness. technology. society.Second Edition
•
0 likes
•
2 views
M
mohammedSALEH189
Follow
E-commerceKenneth C. LaudonCarol Guercio Traverbusiness. technology. society.Second Edition
Read less
Read more
Education
Report
Share
Report
Share
1 of 44
Download now
Download to read offline
Recommended
E-commerce security.ppt
E-commerce security.ppt
Susan130641
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
MohammedAliShakil
E commerce security
E commerce security
Shakti Singh
Unit 2aa
Unit 2aa
Sheetal Verma
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
PriyalPatel158383
Security in E-commerce
Security in E-commerce
m8817
Security for e commerce
Security for e commerce
Mohsin Ahmad
E comm jatin
E comm jatin
Jatin Mandhyan
Recommended
E-commerce security.ppt
E-commerce security.ppt
Susan130641
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
MohammedAliShakil
E commerce security
E commerce security
Shakti Singh
Unit 2aa
Unit 2aa
Sheetal Verma
laudon-traver_ec10_ppt_ch05.ppt
laudon-traver_ec10_ppt_ch05.ppt
PriyalPatel158383
Security in E-commerce
Security in E-commerce
m8817
Security for e commerce
Security for e commerce
Mohsin Ahmad
E comm jatin
E comm jatin
Jatin Mandhyan
Chapter 5
Chapter 5
Nada G.Youssef
04-1 E-commerce Security slides
04-1 E-commerce Security slides
monchai sopitka
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
Secure E-Commerce Protocol
Secure E-Commerce Protocol
CSCJournals
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
BookStoreLib
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
BookStoreLib
Security in it
Security in it
Yoshan madhumal
Cyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
Cyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
BookStoreLib
Security environment
Security environment
Jay Choudhary
Securing information systems
Securing information systems
Prof. Othman Alsalloum
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
Security&reliability
Security&reliability
caca1009
Ijnsa050215
Ijnsa050215
IJNSA Journal
unit-1-is1.pptx
unit-1-is1.pptx
sorabhsingh17
UNIT-3.docx
UNIT-3.docx
CSEA18Arun537
Cyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
More Related Content
Similar to Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio Traverbusiness. technology. society.Second Edition
Chapter 5
Chapter 5
Nada G.Youssef
04-1 E-commerce Security slides
04-1 E-commerce Security slides
monchai sopitka
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
GuardEra Access Solutions, Inc.
Secure E-Commerce Protocol
Secure E-Commerce Protocol
CSCJournals
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
BookStoreLib
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
BookStoreLib
Security in it
Security in it
Yoshan madhumal
Cyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
Cyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
BookStoreLib
Security environment
Security environment
Jay Choudhary
Securing information systems
Securing information systems
Prof. Othman Alsalloum
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
Security&reliability
Security&reliability
caca1009
Ijnsa050215
Ijnsa050215
IJNSA Journal
unit-1-is1.pptx
unit-1-is1.pptx
sorabhsingh17
UNIT-3.docx
UNIT-3.docx
CSEA18Arun537
Cyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
Similar to Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio Traverbusiness. technology. society.Second Edition
(20)
Chapter 5
Chapter 5
04-1 E-commerce Security slides
04-1 E-commerce Security slides
Guard Era Security Overview Preso (Draft)
Guard Era Security Overview Preso (Draft)
Secure E-Commerce Protocol
Secure E-Commerce Protocol
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
Security in it
Security in it
Cyber Privacy & Password Protection
Cyber Privacy & Password Protection
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
E-Commerce Privacy and Security System
Cyber Security PPT.pptx
Cyber Security PPT.pptx
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
Security environment
Security environment
Securing information systems
Securing information systems
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Security&reliability
Security&reliability
Ijnsa050215
Ijnsa050215
unit-1-is1.pptx
unit-1-is1.pptx
UNIT-3.docx
UNIT-3.docx
Cyber law and password protection
Cyber law and password protection
Recently uploaded
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
marlenawright1
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
Nguyen Thanh Tu Collection
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
VishalSingh1417
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
RamjanShidvankar
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
Dr. Ravikiran H M Gowda
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Amanpreet Kaur
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Jisc
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Pooja Bhuva
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Nguyen Thanh Tu Collection
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
Jisc
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
MaritesTamaniVerdade
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
Dr. Sarita Anand
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
Nirmal Dwivedi
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Celine George
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
Sherif Taha
Spatium Project Simulation student brief
Spatium Project Simulation student brief
Association for Project Management
Recently uploaded
(20)
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
Application orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
Spatium Project Simulation student brief
Spatium Project Simulation student brief
Laudon_Traver_3E_Chapter5_Final.pdf E-commerceKenneth C. LaudonCarol Guercio Traverbusiness. technology. society.Second Edition
1.
Copyright © 2007
Pearson Education, Inc. Slide 5-1 E-commerce Kenneth C. Laudon Carol Guercio Traver business. technology. society. Second Edition
2.
Copyright © 2007
Pearson Education, Inc. Slide 5-2 Chapter 5 Security and Encryption
3.
Copyright © 2007
Pearson Education, Inc. Slide 5-3 The Merchant Pays Class Discussion „ Why are offline credit card security procedures not applicable in online environment? „ What new techniques are available to merchants that would reduce credit card fraud? „ Why should the merchant bear the risk of online credit purchases? Why not the issuing banks? „ What other steps can merchants take to reduce credit card fraud at their sites? „ Why are merchants reluctant to add additional security measures?
4.
Copyright © 2007
Pearson Education, Inc. Slide 5-4 The E-commerce Security Environment: The Scope of the Problem „ Overall size of cybercrime unclear; amount of losses significant but stable; individuals face new risks of fraud that may involve substantial uninsured losses „ Symantec: Over 50 overall attacks a day against business firms between July 2004–June 2005 „ 2005 Computer Security Institute survey „ 56% of respondents had detected breaches of computer security within last 12 months and 91% of these suffered financial loss as a result „ Over 35% experienced denial of service attacks „ Over 75% detected virus attacks
5.
Copyright © 2007
Pearson Education, Inc. Slide 5-5 The E-commerce Security Environment Figure 5.4, Page 253
6.
Copyright © 2007
Pearson Education, Inc. Slide 5-6 Dimensions of E-commerce Security „ Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way by an unauthorized party „ Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions „ Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet „ Confidentiality: ability to ensure that messages and data are available only to those authorized to view them „ Privacy: ability to control use of information a customer provides about himself or herself to merchant „ Availability: ability to ensure that an e-commerce site continues to function as intended
7.
Copyright © 2007
Pearson Education, Inc. Slide 5-7 Customer and Merchant Perspectives on the Different Dimensions of E-commerce Security Table 5.1, Page 254
8.
Copyright © 2007
Pearson Education, Inc. Slide 5-8 The Tension Between Security and Other Values „ Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes „ Security vs. desire of individuals to act anonymously
9.
Copyright © 2007
Pearson Education, Inc. Slide 5-9 Security Threats in the E-commerce Environment „ Three key points of vulnerability: ƒ Client ƒ Server ƒ Communications channel
10.
Copyright © 2007
Pearson Education, Inc. Slide 5-10 Security Threats in the E-commerce Environment (cont’d) „ Most common threats: ƒ Malicious code ƒ Phishing ƒ Hacking and cybervandalism ƒ Credit card fraud/theft ƒ Spoofing (pharming) ƒ Denial of service attacks ƒ Sniffing ƒ Insider jobs ƒ Poorly designed server and client software
11.
Copyright © 2007
Pearson Education, Inc. Slide 5-11 A Typical E-commerce Transaction Figure 5.5, Page 257 SOURCE: Boncella, 2000.
12.
Copyright © 2007
Pearson Education, Inc. Slide 5-12 Vulnerable Points in an E-commerce Environment Figure 5.6, Page 258 SOURCE: Boncella, 2000.
13.
Copyright © 2007
Pearson Education, Inc. Slide 5-13 Malicious Code „ Viruses: computer program that has ability to replicate and spread to other files; most also deliver a “payload” of some sort (may be destructive or benign); include macro viruses, file-infecting viruses, and script viruses „ Worms: designed to spread from computer to computer „ Trojan horse: appears to be benign, but then does something other than expected „ Bots: can be covertly installed on computer; responds to external commands sent by the attacker
14.
Copyright © 2007
Pearson Education, Inc. Slide 5-14 Phishing „ Any deceptive, online attempt by a third party to obtain confidential information for financial gain „ Most popular type: e-mail scam letter „ One of fastest growing forms of e- commerce crime
15.
Copyright © 2007
Pearson Education, Inc. Slide 5-15 Hacking and Cybervandalism „ Hacker: Individual who intends to gain unauthorized access to computer systems „ Cracker: Used to denote hacker with criminal intent (two terms often used interchangeably) „ Cybervandalism: Intentionally disrupting, defacing or destroying a Web site „ Types of hackers include: ƒ White hats ƒ Black hats ƒ Grey hats
16.
Copyright © 2007
Pearson Education, Inc. Slide 5-16 Credit Card Fraud „ Fear that credit card information will be stolen deters online purchases „ Hackers target credit card files and other customer information files on merchant servers; use stolen data to establish credit under false identity „ One solution: New identity verification mechanisms
17.
Copyright © 2007
Pearson Education, Inc. Slide 5-17 Insight on Society: “Evil Twins” and “Pharming”: Keeping Up with the Hackers? Class Discussion „ What are “evil twins” and “pharming” „ What is meant by “social engineering techniques?” „ What is the security weakness in the domain name system that permits pharming? „ What steps can users take to verify they are communicating with authentic sites and networks?
18.
Copyright © 2007
Pearson Education, Inc. Slide 5-18 Spoofing (Pharming) „ Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else „ Threatens integrity of site; authenticity
19.
Copyright © 2007
Pearson Education, Inc. Slide 5-19 DoS and dDoS Attacks „ Denial of service (DoS) attack: Hackers flood Web site with useless traffic to inundate and overwhelm network „ Distributed denial of service (dDoS) attack: hackers use numerous computers to attack target network from numerous launch points
20.
Copyright © 2007
Pearson Education, Inc. Slide 5-20 Other Security Threats „ Sniffing: Type of eavesdropping program that monitors information traveling over a network; enables hackers to steal proprietary information from anywhere on a network „ Insider jobs: Single largest financial threat „ Poorly designed server and client software: Increase in complexity of software programs has contributed to an increase is vulnerabilities that hackers can exploit
21.
Copyright © 2007
Pearson Education, Inc. Slide 5-21 Technology Solutions „ Protecting Internet communications (encryption) „ Securing channels of communication (SSL, S-HTTP, VPNs) „ Protecting networks (firewalls) „ Protecting servers and clients
22.
Copyright © 2007
Pearson Education, Inc. Slide 5-22 Tools Available to Achieve Site Security Figure 5.7, Page 269
23.
Copyright © 2007
Pearson Education, Inc. Slide 5-23 Protecting Internet Communications: Encryption „ Encryption: The process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and receiver „ Purpose: Secure stored information and information transmission „ Provides: ƒ Message integrity ƒ Nonrepudiation ƒ Authentication ƒ Confidentiality
24.
Copyright © 2007
Pearson Education, Inc. Slide 5-24 Symmetric Key Encryption „ Also known as secret key encryption „ Both the sender and receiver use the same digital key to encrypt and decrypt message „ Requires a different set of keys for each transaction „ Data Encryption Standard (DES): Most widely used symmetric key encryption today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
25.
Copyright © 2007
Pearson Education, Inc. Slide 5-25 Public Key Encryption „ Public key cryptography solves symmetric key encryption problem of having to exchange secret key „ Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) „ Both keys are used to encrypt and decrypt message „ Once key is used to encrypt message, same key cannot be used to decrypt message „ For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it
26.
Copyright © 2007
Pearson Education, Inc. Slide 5-26 Public Key Cryptography – A Simple Case Figure 5.8, Page 272
27.
Copyright © 2007
Pearson Education, Inc. Slide 5-27 Public Key Encryption using Digital Signatures and Hash Digests „ Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data „ Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation
28.
Copyright © 2007
Pearson Education, Inc. Slide 5-28 Public Key Cryptography with Digital Signatures Figure 5.9, Page 274
29.
Copyright © 2007
Pearson Education, Inc. Slide 5-29 Digital Envelopes „ Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) „ Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key
30.
Copyright © 2007
Pearson Education, Inc. Slide 5-30 Public Key Cryptography: Creating a Digital Envelope Figure 5.10, Page 275
31.
Copyright © 2007
Pearson Education, Inc. Slide 5-31 Digital Certificates and Public Key Infrastructure (PKI) „ Digital certificate: Digital document that includes: ƒ Name of subject or company ƒ Subject’s public key ƒ Digital certificate serial number ƒ Expiration date ƒ Issuance date ƒ Digital signature of certification authority (trusted third party institution) that issues certificate ƒ Other identifying information „ Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties
32.
Copyright © 2007
Pearson Education, Inc. Slide 5-32 Digital Certificates and Certification Authorities Figure 5.11, Page 277
33.
Copyright © 2007
Pearson Education, Inc. Slide 5-33 Limits to Encryption Solutions „ PKI applies mainly to protecting messages in transit „ PKI is not effective against insiders „ Protection of private keys by individuals may be haphazard „ No guarantee that verifying computer of merchant is secure „ CAs are unregulated, self-selecting organizations
34.
Copyright © 2007
Pearson Education, Inc. Slide 5-34 Insight on Technology: Advances in Quantum Cryptography May Lead to the Unbreakable Key Class Discussion „ Why are existing encryption systems over time more vulnerable? „ What is quantum encryption? „ What is the weakness of a symmetric key system (even one based on quantum techniques)? „ Would quantum-encrypted messages be immune to the growth in computing power?
35.
Copyright © 2007
Pearson Education, Inc. Slide 5-35 Securing Channels of Communication „ Secure Sockets Layer (SSL): Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted) „ S-HTTP: Alternative method; provides a secure message-oriented communications protocol designed for use in conjunction with HTTP „ Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
36.
Copyright © 2007
Pearson Education, Inc. Slide 5-36 Secure Negotiated Sessions Using SSL Figure 5.12, Page 281
37.
Copyright © 2007
Pearson Education, Inc. Slide 5-37 Protecting Networks: Firewalls and Proxy Servers „ Firewall: Hardware or software filters communications packets and prevents some packets from entering the network based on a security policy „ Firewall methods include: ƒ Packet filters ƒ Application gateways „ Proxy servers: Software servers that handle all communications originating from or being sent to the Internet
38.
Copyright © 2007
Pearson Education, Inc. Slide 5-38 Firewalls and Proxy Servers Figure 5.13, Page 283
39.
Copyright © 2007
Pearson Education, Inc. Slide 5-39 Protecting Servers and Clients „ Operating system controls: Authentication and access control mechanisms „ Anti-virus software: Easiest and least expensive way to prevent threats to system integrity
40.
Copyright © 2007
Pearson Education, Inc. Slide 5-40 A Security Plan: Management Policies „ Steps in developing a security plan ƒ Perform risk assessment: assessment of risks and points of vulnerability ƒ Develop security policy: set of statements prioritizing information risks, identifying acceptable risk targets, and identifying mechanisms for achieving targets ƒ Develop implementation plan: action steps needed to achieve security plan goals ƒ Create security organization: in charge of security; educates and trains users, keeps management aware of security issues; administers access controls, authentication procedures and authorization policies ƒ Perform security audit: review of security practices and procedures
41.
Copyright © 2007
Pearson Education, Inc. Slide 5-41 Developing an E-commerce Security Plan Figure 5.14, Page 286
42.
Copyright © 2007
Pearson Education, Inc. Slide 5-42 Insight on Business: Hiring Hackers to Locate Threats: Penetration Testing Class Discussion „ Why would firms hire outsiders to crash its systems? „ What are “grey” and “black” hats and why do firms avoid them as security testers? „ Are penetration specialists like Johnny Long performing a public service or just making the situation worse?
43.
Copyright © 2007
Pearson Education, Inc. Slide 5-43 The Role of Laws and Public Policy „ New laws have granted local and national authorities new tools and mechanisms for identifying, tracing and prosecuting cybercriminals „ National Infrastructure Protection Center – unit within National Cyber Security Division of Department of Homeland Security whose mission is to identify and combat threats against U.S. technology and telecommunications infrastructure „ USA Patriot Act „ Homeland Security Act „ Government policies and controls on encryption software
44.
Copyright © 2007
Pearson Education, Inc. Slide 5-44 OECD Guidelines „ 2002 Organization for Economic Cooperation and Development (OECD) Guidelines for the Security of Information Systems and Networks has nine principles: ƒ Awareness ƒ Responsibility ƒ Response ƒ Ethics ƒ Democracy ƒ Risk assessment ƒ Security design and implementation ƒ Security management ƒ Reassessment
Download now