The Tension Between Security and other values ■ Ease of use The more security measures added, the more difficult a site is to use, and the slower it becomes Security costs money and too much of it can reduce profitability a Public safety and criminal uses of the Internet 6 Use of technology by criminals to plan crimes or threaten nation -state Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-7
The Tension Between Security and Other Values ◼ Ease of use ❖The more security measures added, the more difficult a site is to use, and the slower it becomes ❖Security costs money and too much of it can reduce profitability ◼ Public safety and criminal uses of the Internet ❖Use of technology by criminals to plan crimes or threaten nation-state Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-7
Security Threats in E-commerce Environment Three key points of vulnerability in e-commerce environmenta 1. Client 2. Server 3. Communications pipeline ( nternet communications channels) Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-8
Security Threats in E-commerce Environment ◼Three key points of vulnerability in e-commerce environment: 1. Client 2. Server 3. Communications pipeline (Internet communications channels) Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-8
A Typical E-commerce Transaction Customer Merchant credit card bank 血,,→·血 bank Intemet service provider Warehouse Online store Merchant Web servers Database serve Merchant Web site Shipping Online consumer Figure 5.2, page 256 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-9
A Typical E-commerce Transaction Figure 5.2, Page 256 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-9
Vulnerable points in an E-commerce Transaction Security breach Customer credit card 变 Merchant DOS attack Card theft Internet service provider Hacked SQL injection Customer list hack Online store Database server erchant Web servers Merchant Web site AWi-Fi listening wire tap Web beacons Online consumer Figure 5.3, Page 257 Copyright C 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide5-10
Vulnerable Points in an E-commerce Transaction Figure 5.3, Page 257 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall Slide 5-10
Most Common Security Threats in the E-commerce Environment Malicious code(malware, exploits) g drive-by downloads malware that comes with a downloaded file the user intentionally or unintentionallyrequest ☆ Viruses Worms spread from computer to comp without human intervention Ransomware(scareware]used to solicit money from users by locking up your browser or files and displaying fake notices from fbi or irs etc oo Trojan horses appear benign but is a way to introduce viruses into a computer system Threats at both client and server levels Slide 5-11
Most Common Security Threats in the E-commerce Environment ◼ Malicious code (malware, exploits) ❖ Drive-by downloads malware that comes with a downloaded file the user intentionally or unintentionally request ❖ Viruses ❖ Worms spread from computer to comp without human intervention ❖ Ransomware (scareware) used to solicit money from users by locking up your browser or files and displaying fake notices from FBI or IRS etc ❖ Trojan horses appear benign but is a way to introduce viruses into a computer system ❖ Threats at both client and server levels Slide 5-11