《电子商务英语》（英文版）Chapter 11 E-Commerce Security

Exhibit 11. 1 General Security Issues at EC Sites Web Browser CGI Programs (Forms Java Applets, Web Server-Side Scripts, Cold Fusion ActiveX Components Server Other Components Client-Side Scripts Database :一·3一 Authentication Privacy Authentication Privacy/ Integrity Authorization Integrity Audit Nonrepudiation Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 11 Exhibit 11.1 General Security Issues at EC Sites

Types of Threats and Attacks nontechnical attack An attack that uses chicanery to trick people into revealing sensitive information or performing actions that compromise the security of a network Electronic Commerc Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 12 Types of Threats and Attacks nontechnical attack An attack that uses chicanery to trick people into revealing sensitive information or performing actions that compromise the security of a network

Types of Threats and Attacks Nontechnical Attacks: Social Engineering social engineering a type of nontechnical attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access A multiprong approach should be used to combat socIal engineering Education and training Policies and procedures Penetration testing Electronic Comm Prentice Hall 2006 3

Electronic Commerce Prentice Hall © 2006 13 Types of Threats and Attacks • Nontechnical Attacks: Social Engineering social engineering A type of nontechnical attack that uses social pressures to trick computer users into compromising computer networks to which those individuals have access – A multiprong approach should be used to combat social engineering • Education and training • Policies and procedures • Penetration testing

Types of Threats and Attacks technical attack An attack perpetrated using software and systems knowledge or expertise common(security) vulnerabilities and exposures (CVEs) Publicly known computer security risks, which are collected, listed, and shared by a board of security related organizations (cve.mitre. org) National Infrastructure Protection Center(NIPC) A joint partnership under the auspices of the FBl between governmental and private industry; designed to prevent and protect the nations infrastructure Electronic Commerce Prentice Hall 2006

Electronic Commerce Prentice Hall © 2006 14 Types of Threats and Attacks technical attack An attack perpetrated using software and systems knowledge or expertise common (security) vulnerabilities and exposures (CVEs) Publicly known computer security risks, which are collected, listed, and shared by a board of security￾related organizations (cve.mitre.org) National Infrastructure Protection Center (NIPC) A joint partnership under the auspices of the FBI between governmental and private industry; designed to prevent and protect the nation’s infrastructure

Types of Threats and Attacks denial-of-service (Dos)attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources distributed denial-ofservice(DDos)attack a denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses the multiple computers to send a flood of data packets to the target computer Electronic Commerc Prentice Hall 2006 5

Electronic Commerce Prentice Hall © 2006 15 Types of Threats and Attacks denial-of-service (DoS) attack An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources distributed denial-ofservice (DDoS) attack A denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses the multiple computers to send a flood of data packets to the target computer