* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Ecommerce: Security and Control
Unix security wikipedia , lookup
Trusted Computing wikipedia , lookup
Quantum key distribution wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Information security wikipedia , lookup
Web of trust wikipedia , lookup
Information privacy law wikipedia , lookup
Cyberattack wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Digital signature wikipedia , lookup
Public-key cryptography wikipedia , lookup
Data remanence wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Security-focused operating system wikipedia , lookup
One-time pad wikipedia , lookup
Cryptanalysis wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Diffie–Hellman key exchange wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Cryptography wikipedia , lookup
Ecommerce: Security and Control James Vickers, Boston College http://www.jamesvickers.com/ [email protected] Overview Why are modern day information systems so vulnerable to destruction, error, abuse, and system quality problems? What types of controls are available for ecommerce systems? What special measures must be taken to ensure the reliability, availability and security of electronic commerce and digital business processes? Why are auditing ecommerce systems and safeguarding data quality so important? The business predicament Do we design systems that overcontrolled, and therefore not functional, or unrestricted and undercontrolled? How do we applying quality assurance standards in large ecommerce systems projects The business predicament The major concerns for businesses Disaster • The possible destruction of computer hardware, programs, data files, and other equipment Security • Preventing unauthorized access, alteration, theft, or physical damage to equipment Errors • Computer actions that may disrupt or destroy organization’s record-keeping and operations Bugs • Program code defects or errors Maintenance Nightmare • Maintenance costs high due to organizational change, software complexity, and faulty system analysis and design The general processing model Unfortunately, all of these stages can contain elements of failure, unless a strategy is implemented, and software quality assurance standards are implemented Figure 1 The cost of poor design Figure 2 The business predicament Control What is needed? • Methods, policies, and procedures Why is it needed? • Ecommerce systems may provide (limited) access to a business central infrastructure • Ensures protection of organization’s assets • Ensures accuracy and reliability of records, and operational adherence to management standards When should this occur? • From the ideas inception, to the completion of the ecommerce system Controlling our ecommerce plan At a business level: Market research into user needs, and identified areas for business expansion A business and financial plan for forecasting frequency of use, and suspected revenue turnover A strategy on how to implement this plan, alongside our current business plan (if we are expanding a “brick and mortar” business that is). A review of our internal technical skills – are our staff competent enough to implement this, or should we outsource. Controlling our ecommerce plan General controls Establish framework for controlling design, security, and use of computer programs Include software, hardware, computer operations, data security, implementation, and administrative controls. These may include: • Personnel controls: Ensuring that only authorised personal undertake elements of the project • Customer controls: Ensuring that protection is provided from the global customer layer of the ecommerce system, to the business infrastructure layer of business operations Controlling our ecommerce plan Protecting our company On-line transaction processing: Transactions entered online are immediately processed by computer, and recorded for audit Fault-tolerant computer systems: Contain extra hardware, software, and power supply components in case of element failure High-availability computing: Tools and technologies enabling system to recover from a crash, or power cut Disaster recovery plan: Plan of action in case of ecommerce system failure. Ask yourself the question, if we trade online and the “shop front” is gone, how do we trade? Load balancing: Heavy traffic will need distribution over a large servers Controlling our ecommerce plan Protecting our company Mirroring: Duplicating all processes and transactions of ecommerce on backup server to prevent any interruption Clustering: Linking two computers together so that a second computer can act as a backup to the primary computer or speed up processing Firewalls: For prevent unauthorised users from accessing a private internal network, or accessing private data. Don’t forget this covered under the data protection act. Intrusion Detection Systems or Personnel to monitor vulnerable points in the network to detect or deter unauthorized intruders Controlling our ecommerce plan How many of you have assumed that security of ecommerce systems is an Internet threat only? I would bet the majority of you….. Now we need to forget that we have planned for ecommerce systems, and consider in depth our security issues We shall look at security in terms of the whole networked community, not just ecommerce. Why? Because security is more often than not overlooked at a local level, never mind at a global level! Security is a major concern, not just at a global interface level, but at an internal business level too… Security This raises big questions….. What is security? What constitutes security? What examples can we provide of security? Security needs Who says we need security?: Data Protection Acts 1984 & 98 Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 • Allows employers to monitor or record communications without consent • to establish the existence of facts relevant to the business • to ascertain compliance with regulations • to ascertain standards which ought to be achieved by staff • to detect unauthorised use Information Security Reformed: Two major reforms over last several decades • Computer Security • Network Security Widespread use of data processing Security previously handled by: • Physical means: Filing cabinet and lock • Administrative means: Personnel Computers Introduction meant that new regulations had to be imposed by organisations to secure data Shared systems, were worse because of sending / retrieving data of numerous systems Information Security Routing Services Security Office Server Protection Why the reforms? Computer Security: Evolved with the need to protect data Needed to prevent hackers Needed to abide by data protection act Network Security: Heightened by the need for distributed systems Heightened by the need for secure networks and communications Need to protect data during transmission Ensure data is authentic Local Information Security Various methods available: DVD-RAM Drive SAN’s RAID Arrays Most efficient (and common) method: • DAT / DLT Data security is big business! • Storage “off-site” • Storage in safes • Fireproof! • Bombproof! Security Requirements Classified in three ways: Confidentiality: • Authorised parties can read the data • Disclosure of data to relevant source Integrity: • Authorised parties can modify the data • Changes status of the data by relevant source Availability: • Authorised parties can access the data What next? We have planned…. We have designed…. We have restricted access…. We have investigated our needs…. We then sit back and wait while our systems are attacked…. Network Attacks! Passive: “Eavesdropping” “Release of message contents”: • Extracting information from mail messages, telephone conversations etc “Traffic Analysis”: • Analysis of message lengths, Tx & Rx, to guess the types of information being Tx & Rx. Network Attacks Active Attacks: “Masquerade”: • One node pretends to be another node. • Tx is fooled into thinking that Rx has received message. “Replay”: • Captures data and then retransmits to fool Tx into thinking the message was unauthorised “Modification of Message”: • The Tx message is intercepted, and modified to the intruders benefit – e.g. Funds Balances etc. • Message is forwarded to intended Rx “Denial of Service” • Inhibits or hinders data communications traffic, but targeting the management and communications facilities Network Attacks Passive: Sniffers / Probes Difficult to detect Do not alter data Can prevent these attacks Prevention, rather than detection Active: Opposite to passive Difficult to prevent (Could be done by physical protection) Detect, and recover Detection can also be a prevention, as intruder is often found Network Attacks Passive Threats Release of message content Traffic analysis Active Threats Masquerade Replay Denial of service Modification of message contents Global Electronic SecurityEncryption Automation Automation of Tx and Rx is done through encryption This ensures authenticated and unique data Provides a security layer to the network Encryption: We shall look at encryption in two ways: • Symmetric Encryption • Public-key Encryption (Asymmetric) Well known examples • THWATE • Comodo • Both versions of Verisign SSL. Encryption Symmetric (Single Key): Pre-1970’s public key encryption standard Stallings (2000) says that the idea has been used by such adversaries as Julius Caesar and the German U-Boot commanders Requirements for symmetric encryption: • Strong algorithm to protect the key • Even if intruder access message, key should be protected • Tx & Rx must obtain the secret key in a secret fashion Encryption Symmetric (Single Key): Encryption is made up of 5 major areas: • Plaintext: Original method before encryption • Encryption algorithm: Transforms plain text • Secret Key: Provides extra substitutions and transformations to the Encryption Algorithm • Ciphertext: The new message that is created to be sent • Decryption algorithm: The encryption & secret key in reverse algorithm Encryption Symmetric: Secret Key Secret Key Ciphertext Plain Text Encryption Algorithm Adapted from Stallings (2000), Figure 18.2, page 653 Plain Text Decryption Algorithm Encryption Symmetric – Breaking the code: Cryptanalysis: • Utilise analysis of the ciphertext to attempt to produce a secret key. • Sometimes pairs two ciphertexts to attempt to deduce a common encoding • If key is found, all future messages using that key are compromised Brute-force: • Attempts to try every combination of secret keys on the ciphertext to deduce the plain text. Encryption Stallings (2000) quotes the times for breaking a secret key as follows: Key Size (bits) Number of alternative keys Time required to decode at 1 Encryption per uS Time required to decode at 1 million Encryption per uS 32 4.3 x 109 35.8 Minutes 2.15 milliseconds 56 7.2 x 1016 1142 years 10.01 hours 128 3.4 x 1038 5.4 x 1024 years 5.4 x 1018 years 168 3.7 x 1050 5.9 x 1036 years 5.9 x 1030 years Encryption Public Key: Biggest advancement in encryption in years – because it use Mathematics to calculate the key. Public key cryptography uses two keys, rather than one – hence, sometimes referred to asymmetric. Symmetric encryption is still in use, and will continue to be This is because of the computational overhead associated with public key encryption Encryption Asymmetric (Public Key): Encryption is made up of 5(6) major areas: • Plaintext: Original method before encryption • Encryption algorithm: Transforms plain text • Public and Private Key: Pair of keys that have been selected for encryption. One is used as encryption, one as decryption. • Ciphertext: The two new messages that are created to be sent, one by the public key, and one by the private key • Decryption algorithm: The encryption & secret key in reverse algorithm Encryption In English: 1. 2. 3. 4. Each user generates a pair of keys for encryption and decryption. Each user places the public key in an accessible file. The companion private key is kept private. If A wishes to send a message to B, A encrypts the message using B’s public key. When B receives the message, B decrypts the message using it’s own private key. No one else can, because no-one else uses B’s private key Digital Signatures Confirming the source: Used extensively now due to the Internet When a digital signature is sent to the receiver, the message is encoded using the senders private key At the receiving end, the message should be able to be decoded using the senders public key. If it can be decoded, it can be assumed that the sender must have made the message and it’s okay If it can’t be decoded, it can be assumed that the sender couldn’t have made the message, and should be disposed of. Protecting yourself Ports Open ports allow access to a variety of problems Port Scanner Nanoprobe Finding an open port tells you what services are available! Close down as many as necessary to make the system secure. Firewalls Firewalls: Firewalls are used to limit or allow connections through a network Firewalls are gateways that provide this They can limit or allow connections based on: • IP Address • Port Number If you like firewalls are watchdogs for your computer’s open doors. Firewall Sample: Firewall Sample: Security Challenges Figure 3 Overview of Electronic Security Methods Encryption: Encoding and scrambling of messages to prevent their access without specific authorization. Most commonly used when transferring sensitive data electronically across (e.g.) the Internet Authentication: Providing secure mechanisms for accessing specific elements of the ecommerce system. Most common method is registration with the ecommerce system, and using usernames and passwords. Digital signature: Digital code attached to electronically transmitted message to uniquely identify contents and sender. Implemented when receiver needs to be assured of author of message (adopted now in hardware and operating system drivers) Digital certificate: Attachment to electronic message to verify the sender and to provide receiver with means to encode reply Secure Electronic Transaction (SET): Standard for securing credit card transactions over Internet and other networks References Figures 1,2, 3 taken from Laudon.K., Laudon.P. 2002. Essentials of Management Information Systems. New Jersey: Prentice Hall. Stallings. W. 2000. Data and Computer Communications. New Jersey: Prentice Hall