Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery Chap-10-e-commerce-security

Chap-10-e-commerce-security

This mind map is about chap-10-e-commerce-security. Start to use a mind map to express and organize your ideas and knowledge right now.

Edited at 2020-10-09 02:46:06

Captain O Captain

Recent works View more works>>

Chap-10-e-commerce-security

Captain O Captain

Recent works View more works>>

Recommended to you
Outline

purchase ordering workflow
- 3.2k
- 25
Mind Trainer
lean innovation with kanban
- 700
- 10
- 1
Mind Trainer
Project Management Process
- 3.2k
- 95
- 15
Oliveettom
Drivers of Changes in Selling and Sales Management
- 527
- 13
- 1
Oliveettom
profit tree example
- 1.9k
- 32
- 3
Oliveettom
human resource management
- 1.0k
- 16
- 1
Oliveettom
External Environment influences on Apple
- 571
- 1
- 3
History Fanatic
1984 - George Orwell
- 8.4k
- 50
- 6
Lisa Anderson
How to Learn Things Effectively
- 5.2k
- 62
- 14
Fiona_
Building a StoryBrand - Clarify Your Message So Customers Will Listen
- 1.5k
- 28
- 1
Second Hand Poet

Chap. 10 E-commerceSecurity

Security for Server computers

Web server threats

Web servers can compromise secrecy if it allows automatic directory listings or by requiring users

to enter a user name and password.

Database threats

Ecom systems store user data and retrieve product info from databased connected to the web server.

Databases connected to the web contain valuable info that could damage a company if disclosed.

Firewalls

A firewall is a software or a hardware combination that is installed in a network to control the packet traffic that

moves through it. Companies will place a firewall at the internet entry point of their networks as it provides a

defense between a network and the internet.

All traffic from the inside to outside and from outside to inside the network must pass through it.

Only authorized traffic, as defined by the local security policy, is allowed to pass through it.

The firewall itself is immune to penetration.

Encryption Solutions

Encryption Algorithms

Logic that implements an encryption program. An encryption program being a program that transforms plain

text into cipher text. Once a message is sent over the network it gets encrypted and upon arrival at destin-

ation it is decoded by a decryption program. Someone can know the details of the algorithm and still not be

able to decipher the encrypted message without knowing the key that the algorithm used to encrypt the message.

Hash Coding

The process used to calcualte a number from a message. It is essentially a virtual fingerprint for the message. They are

designed so that the probability of two different messages resulting in the same hash value is extemely small. It is a way to

tell if a message has been altered in transit.

Asymmetric Encryption

Encodes messages by using two math related numeric keys.

Symmetric Encryption

Encodes a message with one of several available algorithms that use a single numeric key. Due to the fact

the same key is used, both the sender and receiver must know the key, however, the key must be guarded.

If the key is made public, all message previously sent are vulnerable.

Secure Sockets Layer

Protocol

Defined as a security handshake where the client and server sopmuter exchange a brief burst of messages. Each

computer identifies the other then SSL encrypts and decrypts info flowing between the two computers. SSL can

secure many different types of communication between computers in addition to HTTP. SSL allows the length of the

private session key generated by every encrypted transaction to be set at a variety of bit lengths

Key Definitions con'd

Key

long binary number used with encryption algorithm to &quot;lock&quot; the characters of the message

being protected so that they are undecipherable without the key.

Steganography

describes the process of hiding info. within another piece or medium of info.

Biometric security device

device that uses an element of a person's biological makeup to perform the identification.

Privacy

protection of individual rights to nondisclosure.

Sniffer programs

program that provides the mean to record info that passes through a computer or router that

handles internet traffic.

Cybervaldalism

electronic defecting of an existing web site's page.

Masquerading

pretending to be someone you are not, or representing a web site as an original when truely it

is fake.

Encryption

coding of info by using a math based program and a secret key to produce a string of characters

that is unintelligible.

Session Key

key used by an encryption algorithm to create cipher text from plain text during a single secure session.

Digital Signature

an encryption message digest.

Trusted

networks inside of a fire wall as opposed to untrusted which are networks outside the firewall.

Packet-filter firewall

examines all data flowing back and forth between the trusted network and the internet.

Proxy server firewall

firewalls that communicate with the internet on the private network's behalf.

Personal firewall

software-only firewalls on an individual client computer.

Communication Channel Security

The internet was not designed to be secure, it was truely

designed to provide redundancy one or more communication

lines were cut. Today, the internet remains relatively uncha-

nged from its original state. Therefore, any message being

transfered over the internet is subject to threats.

Secrecy Threats

Secrecy is the prevention of unauthorized info. disclosure. This is a technical

issue that requires complex physocal and logical mechanisms. Companies may

protect message against secrecy violations by using encryption. Moreover,

secrecy countermeasures protect outgoing messages.

Theft of sensitive

or personal info.

Protection of info. including credit cards, names, addresses. These threats can

occur any time someone submits info over the internet. Obviously this is a

serious problem.

Integrity Threats

An integrity threat happens when an unauthorized party alters a message stream

of info. They can cuase a change in the actions a person or copmany takes because

a mission-critical transmission has been altered. Examples of integrity threats include:

Cybervandalism and Masquerading

Necessity Threats

The act of disrupting normal computer processing, or denying process entry. A computer

that slows down to ultra slow speed may be experiencing a necessity threat. These sorts

of attacks will remove info altogether, or get rid of info from a transmission or file.

Wireless Network

Threats

Networks can use access points (WAPs) to provide network communications to computers. If

they are not protected, anyone within range can log in and get access to network resources.

The attackers that attack these networks are Wardrivers that practice the process of warchalking.

companies avoid becoming a target by turning on a security feature called WEP.

Security for Client Computers

Cookies allow Web servers to maintain continuing open sessions with Web clients. An open session is necessary

to do a number of things that are important in online business activity. Cookies were invented to solve the stateless

connection problem by saving info about a Web user from one set of server-client message exchanges to another.

Cookies can be categorized by: Time Duration and by Source.

Web Bugs

a tiny graphic that a 3rd party web site places on another site's Web page. When a site visitor loads the web page,

the web bug is delivered by the 3rd party site, which can then place a cookie on the visitor's computer.

Active Content

refers to programs that are embedded transparently in web pages and that cause action to occur. In ecom

active content is used to place items into a shopping cart and compute a total invoice amount, including tax,

handling, and shipping. It extends the functionality of HTML and moves some data processing chores from the

busy server machine to the user's client computer.

Java Applets

Java is a programming language developed by Sun that is used widely in web pages to provide active content.

Java adds functionality to business applications and can handle transactions and a wide variety of actions on the

client computer. That relieves an otherwise busy server-side program from handling lots of transactions at the same time.

Java Script

scripting language developed by Netscape to enable web page designers to build active content. JavaScript can be used

for attacks by executing cose that destroys a client's hard disk. It can also record the URLs of web pages a user visits and

capture info. Furthermore, a JavaScript program cannot start on its own, but all that it takes is clicking a button.

Active X control

is an object that contains programs and properties that web designers place on web pages to perform particular

tasks. Only runs on computers with windows operating systems. The security danger with Active X controls is the

once they are downloaded, they executelike anyother program on a client computer, they have full access to system's

resources.

Graphics and Plug-ins

Some graphic files formats have been designed to specifically contain instructions on how to render a graphic. Meaning any

page containing such a graphic could be a threat. Plug-ins are programs that enhance capabilities of browsers. They are

beneficial in performing tasks such as playing video clips and displaying movies. However, users download these plug-ins and

install them so their browsers can display content that is not included in the original HTML.

Viruses, Worms, and Anti-

virus software

A virus is a form of software that attaches itself to another program that can cause damage to a host system. A

worm is a kind of virus that reproduces itself on computers that it infects. Both of these annoyances moves rapidly

through the internet. Antivirus software can detect viruses and worms and can delete them or isolate them on the

host computer so they cannot run (ex: Norton, Symantec, McAfee).

Digital Certificates

is an attachment to an email or program embedded in a web page that varifies that the sender is who they claim to be. These

certificates contain a means to send an encrypted message which is encoded so others cannot read it. The encrypted message

identifies the software publisher. They are used for many types of online transactions including email and ecom. This certificate

is an assurance that the software was created by a specific company.

Contains 6 main elements:

Certificate owner's i.d.ing info, such as name, org., address

Certificate owner's public key

Date between which the certificate is valid

Serial number of certificate

Name of the certificate issuer

Digital signature of the certificate user

Types of Security

Physical Security

includes tangible protection devices, such as alarms, guards, fireproof doors,

security fences, safes or vaults, and bombproof buildings.

Logical Security

Protection of assets using nonphysical means.

Online Security Issues

Managing Risk

Rick management model applies to protecting ecom assets from all kinds of threats.

A threat is judged based on on the potential seriousness of its happening. Orgs must

identify risks, determine how to protect assets, and calculate how much to spend to

protect those assets.

Computer Security Class-

ifications

Secrecy

protecting against unauthorized data disclosure and ensuring the authenticity

of the data source.

Integrity

preventing unauthorized data modification.

Necessity

preventing data delays or denials (removal).

Security Policy and Integrated

Security

Any org. concerned about protecting ecom assets should have a security policy. This policy

must be continually upgraded. First step the company must take in creating a policy is to deter-

mine which assets to protect from which threats. The comprehensive plan for security should

protect a system's privacy, integrity, and availability, and authenticate users.

Elements of a security policy:

Authentication: who is trying to access the ecom site?

Access Control: Who is allowed to log on to and access the ecom site?

Secrecy: Who is permitted to view selected info?

Data integrity: Who is allowed to change data?

Audit: Who or what causes specific events to occur, and when?

Key Definitions

Computer Security

the protection of assets from unauthorized access, use, alteration, or destruction.

Threat

act or object that poses a danger to computer assets.

Eavesdropper

person or device that can listen in on and copy internet transmissions.

Cracker/Hacker

people who write programs or manipulate tech. to obtain unauthorized access to computers and

networks.

White hat hacker

hackers that use their skills for positive purposes.

Black hat hacker

hackers that use their skills for ill purposes.

Man-in-the-middle exploit

contents of an email that are often changed in a way that negates the message's original content.

Stateless Connection

connection between a client and server over internet where by each transmission of info is independent;

no continuous connection is maintained.

small text files that Web servers place on Web client computers to identify returning visitors.

Session cookies

cookie that exists only until you shut down your browser.

Persistent cookies

cookie that exists indefinitely.

1st party cookies

cookies placed on the client computer by the Web server site.

3rd party cookies

cookies that originates on a web site other than the site being visited.

Trojan Horse

program hidden inside another program of web page that masks its true purpose.

Zombie

is a trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers.

Java Sandbox

browser security feature that limits the actions that can be preformed by a Java applet that has been downloaded from web.

Certification authority

company that issues digital certificates to an org. or individuals.