Most Common Security Threats in The E-Commerce Environment
Most Common Security Threats in The E-Commerce Environment
Most Common Security Threats in The E-Commerce Environment
commerce Environment
• Malicious Code (malware): software which is specifically designed to
disrupt or damage a computer system. It includes variety of threats such
as:
Viruses
Worms
Trojan Horses
Bots
Virus
• A Computer program that has the ability to replicate or make copies of
itself, and spread to other files to infect.
• A logic Bomb is a virus whose attack is triggered by some event such as
the date on a computer’s system clock.
Worm
• Unlike viruses which spread from file to file, a Worm is designed to
spread from computer to computer. A worm does not need to be activated
by the user.
• Example: the slammer worm, which targeted Microsoft SQL Server
database software, infected more than 90% computers worldwide
specially banks database.
Trojan horse
• A Trojan horse appears to be an attractive, but then does something other
than expected. Often a way for viruses or other malicious code to be
introduced into a computer system.
• A Trojan horse may masquerade as a game, but actually hide a program to
steal your password and email them to other person.
• Difference
Bots and Botnets
• Bots are a type of malicious code that can be secretly installed on a
computer when attached to the internet. Once installed, the bot responds
to external commands sent by the attackers.
• In symmetric key encryption, both the sender and the receiver use the
same key to encrypt and decrypt the message.
• Modern encryption systems are digital. Computer stores data in binary
form (0,1). For example binary representation of “A” is 01000001.
One way in which digital strings can be transformed into chipper text
is by multiplying each letter by another binary number, say, an eight
bit key number 01010101.
• If we multiplied every digital character in our text messages by this
eight bit key, sent the encrypted message to a receiver along with the
secret eight bit key, the receiver can decode the message easily.
Public Key Encryption
• In this method, two mathematically related digital keys are used: a public
key and a private key. The private key is kept secret by the owner, and the
public key is widely disseminated. Both keys can be used to encrypt and
decrypt a message. However, once the keys are used to encrypt a message,
that same key cannot be used to unencrypt the message.
Encryption
Public Key Cryptography: A Simple Case
Digital Envelopes
• A technique that uses symmetric encryption for large documents, but
public key encryption to encrypt and send the symmetric key. So we have
a “key within a key” (a digital envelope).
• The recipient first uses private key to decrypt the symmetric key, and then
the recipient uses the symmetric key to decrypt the report. This method
saves time because both encryption and decryption are faster with
symmetric keys.
Creating a Digital Envelope
Securing Channels of Communication
• The Concept of public key encryption are used routinely for
securing channels of communication.
• Secure Socket Layer (SSL)
• The most common form of securing channels is using SSL to
establish a secure negotiated session.
• Secure Negotiated Session is a client server session in which
the URL of the requested document along with the content and
the cookies exchanged are encrypted. For instance, your credit
card number that you entered would be encrypted.
• Client generates session key, and uses server public key to
create digital envelope. Sends to server. Server decrypts using
private network. A session key is a unique symmetric
encryption key.
Protecting Network
• Firewall refers to either hardware or software that filters
communication packets and prevents some packets from
entering the network based on security policy.
• When a user on an internal network requests a Web page,
the request is routed first to the Firewall. The Firewall
validates the user and the nature of the request, and then
sends the request onto the Internet. Same is followed
while receiving back the requested page.
Protecting Servers and Clients
• Operating system features and anti – virus software can help further protect
servers and clients from certain types of attack.
• Operating System Security Enhancements
• The Companies like Microsoft and Apple are continuously being upgrading
their Server and client based operating systems to patch vulnerabilities
discovered by the hackers.
• The most common known worms and viruses can be prevented by simply
keeping your operating system up to date.
Anti Virus Software
• The easiest way to prevent threats to system integrity is to install an anti
virus software. Anti virus programs can be set up so that e-mail
attachments are inspected prior to you clicking on them, and the
attachments are eliminated if they contain a known virus or worm.
• Since new viruses are developed and released every day, daily routine
updates are needed in order to prevent new threats from being loaded.