* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download E-Commerce and Bank Security
Survey
Document related concepts
Next-Generation Secure Computing Base wikipedia , lookup
Cyberwarfare wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Cross-site scripting wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Information security wikipedia , lookup
Unix security wikipedia , lookup
Security printing wikipedia , lookup
Airport security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
E-Commerce & Bank Security By: Mark Reed COSC 480 Outline Introduction Definition Security Challenges Security Terms Common Threats Security Practices Protecting Yourself Introduction “Total eCommerce sales for 2006 were estimated at $108.7 billion. This represents an increase of 23.5% over 2005,” according to the U.S. Census Bureau’s E-Commerce Survey. What is Security? Dictionary Definition: Protection or defense against attack, interference, espionage, etc. Computer Science Classification: Confidentiality – protecting against unauthorized data disclosure Integrity – preventing unauthorized modification Availability – preventing data delays or denials Security Challenges Security Terms Authentication – originator can be verified Integrity – information has not been altered by an unauthorized person or process Non-repudiation – proof of participation by the sender and/or receiver of a transmission Privacy – individual rights to nondisclosure Threats Social Engineering – mislead the end user Man-in-the-middle – listen between client/sever Man-in-the-browser – redirect end-user to counterfeit sites to steal credentials Threats Cont. Malware – poison hosts file and/or DNS to redirect the user to counterfeit sites Trojan Proxy – http redirector that re-directs all traffic to a Proxy and sends to the attacker Malware/Phishing Attack Poisoning the hosts file to re-direct entries Spam “Spam accounts for 9 out of every 10 emails in the United States.” MessageLabs, Inc. Main source of phishing attacks Not a secure transmission method Ecommerce Architecture Support for peak access times Replication and mirroring to avoid denial of service attacks Security of web pages through certificates and network architecture to avoid spoofing attacks Security Challenges Client side security Sever-side security Prevent unauthorized access to stored information Prevent unauthorized access while allowing authorized user to connect Application and Database server security Use security layers between the servers Client Side Security Protect information stored on the client system Use of digital signatures and encryption can reduce non-repudiation security attacks Communication security such as secure HTTP Server-side Security Place application and database server behind a firewall in a demilitarized zone (DMZ) Do not store sensitive information such as credit card numbers and SSN on web servers Turn off all unnecessary services and block any unused ports Application & Database Security Application server should shield that database server from direct contact with web servers Database servers should be completely isolated from the internet and any other unsecure server User passwords when retrieving sensitive information from the database server Company Security Precautions Defense-in-depth strategies that use multiple, overlapping and mutually supportive systems Antivirus, firewall, and intrusion detection/prevention Update software patches on public systems Block possible harmful email attachment exts. Security Strengthening Multi-layer protection approaches Secret image authentication Using hardware authentication (serial number) Amazon PayPhrase Avoid Security Threats Do not provide passwords, account numbers, or other personal information through email Do not trust links in emails or on websites Check for the lock icon in the address bar of your browser Secure Your PC Maintain up-to-date antivirus, spyware and firewall protection Keep your operating system and applications up-to-date with security patches Avoid transaction at wireless hotspots Conclusion Introduction Definition Security Challenges Security Issues Security Practices Common Threats Protecting Yourself Sources Al-Slamy, Nada. "E-Commerce security." IJCSNS International Journal of Computer Science and Network Security 8.5 (2008): 5. Print. Browning, Bob. "Electronic Commerce Tutorial Part 1 - Web Developer's Journal." Web Developer's Journal - Tips on Web Page Design, HTML, Graphics and Development Tools. N.p., n.d. Web. 26 Feb. 2010. <http://webdevelopersjournal.com/columns/ecommerce1.html>. Ghosh, Anup K.. "Journal of Internet Banking and Commerce." ARRAY Development. N.p., n.d. Web. 26 Feb. 2010. <http://www.arraydev.com/commerce/JIBC/970404.htm>. "Computer Laboratory Security Group: Banking security." The Computer Laboratory. N.p., n.d. Web. 25 Feb. 2010. <http://www.cl.cam.ac.uk/research/security/banking/>.