E-commerce

Lecture 18
Slide 1-1
 The E-commerce Security
Environment: The Scope of the

Problem
2002 Computer Security Institute survey
results:

80% of respondents had detected breaches of

computer security within last 12 months and
suffered financial loss as a result
Only 44% were willing or able to quantify loss,
which totaled $456 million in aggregate
40% reported attacks from outside the
organization
40% experienced denial of service attacks
85% detected virus attacks
Dimensions of E-commerce Security

Integrity: ability to ensure that information being
displayed on a Web site or transmitted/received
over the Internet has not been altered in any way
by an unauthorized party.
Authenticity: ability to identify the identity of a
person or entity with whom you are dealing on
the Internet
Confidentiality: ability to ensure that messages
and data are available only to those authorized to
view them
Availability: ability to ensure that an e-commerce
site continues to function as intended
The Tension Between Security
and Other Values

Security vs. ease of use: the more security
measures that are added, the more difficult a
site is to use, and the slower it becomes.
 Security Threats in the E-commerce
Environment

Three key points of vulnerability:
Client
Server
Communications channel
A Typical E-commerce Transaction

Vulnerable Points in an E-commerce Environment

Slide 5-7
 Security Threats in the E-commerce
Environment

Most common threats:
Malicious code
Hacking & Cyber vandalism
Denial of service attacks & Unauthorized
Access
Credit card fraud/theft
Computer Virus (Malicious
code)
Virus: a program that attaches itself to
another program to make it harmful.

Worm: an independent program that

replicates its own program files until it
interrupts the operation of networks
and computer systems

Trojan horse: a program that appears

to be useful but actually masks a
destructive program
 Hacking and Cyber
destruction
Hacker: Individual who intends to gain
unauthorized access to a computer system.
Cyber destruction: Intentionally disrupting,
defacing or destroying a Web site
At first, hacker was a positive term for a
person with a mastery of computers who could
push programs beyond what they were
designed to do.
 Types of Hackers

Types of hackers include:
White hats Members of tiger teams used by
corporate security departments to test their
own security measures
Black hats Act with the intention of causing
harm
Grey hats Believe they are pursuing some
greater good by breaking in and revealing
system flaws
Unauthorized Access
Eavesdropping on a computer;
Listening to a specific port, snooping the IP
Address etc.

Denial of Service
Denying access to an authorized user;
Hackers flood Web site with useless traffic to
inundate and overwhelm network

Spoofing: Misrepresenting oneself by using

fake
 Credit Card Fraud

Fear that credit card information will be stolen
deters online purchases
Hackers target credit card files and other
customer information files on trader servers.