there are three major vulnerable points in e-commerce transactions: internet communications, servers and clients
e-commerce security is multi layered and must take into account new technology policies and procedures and laws and industry standards.
Encryption: the process of
transforming plain text or data
into ciphertext that cannot
be read by anyone other than
the sender and the receiver
NetworkSecurity
Protocols: network protocols
that ensure the integrity and
security of data transmitted
across network connections
SecureSocketsLayer (SSL)
and TransportLayerSecurity
(TLS)
* the URL is encrypted (HTTP
to HTTPS)
Virtual Private Networks
(VPN): allows remote users
to securely access a
corporation’s local area
network via the Internet,
using a variety of VPN
protocols
Firewalls: refers to either
hardware or software that
filters communication packets
and prevents some packets
from entering the network
based on a security policy
the primary function of a firewall is to deny access by remote client computers to local computers. the primary purpose of a proxysever is to provide controlled access from local computers to remote computers.
ProxyServers: software
server that handles all
communications originating
from or being sent to the
internet, acting as a
spokesperson or bodyguard
for the organization
Intrusion/Detection
Prevention: examines
network traffic, watching to
see if it matches certain
patterns or preconfigured
rules indicative of an attack
AutomatedSoftware
Updates: automatically
update software to the latest
version to patch
vulnerabilities discovered by
hackers
Anti-virusSoftware: provide
inexpensive tools to identify and
eradicate the most common types
of malicious code as well as
destroy those already lurking on a
hard drive
RiskAssessment: an
assessment of the risks and
points of vulnerability
Security Policy: a set of
statements prioritizing the
information risks, identifying
acceptable risk targets, and
identifying mechanisms for
achieving these targets
Implementation Plan: steps
you will take to achieve the
security plan goals
AccessControl: determine
which outsiders and insiders can
gain legitimate access to your
networks
AuthenticationProcedures:
include the use of digital
signatures, certificates of
authority, and PKI (publickey
infrastructure)
biometrics
security tokens
authorization policies
5. SecurityAudit: the routine
review of access logs both for
outsiders & insiders
InformationAssets:
customer information
2. proprietary designs
3. business activities
4. secret processes
5. price schedules
6. executive compensation
7. payroll
five steps involved in building an e-commerce security plan: perform a risk assessment, develop a security policy, develop an implementation plan, create a security organization, perform a security audit
Malicious code is any type of code that causes harm
to a computer system or network.
Trojan Horse - A decoy file that presents itself as
something else.
1.
Virus -Software that copies itself and spreads to
other computers. Spreads through connection
like a USB Port or Downloaded Files.
2.
Worms- Most Infectious. Can spread on its own
WITHOUT attaching itself to a program.
PotentiallyUnwantedPrograms
Definition:
Type of software that can get onto your device
without your knowledge.
Some PUPs can also slow down your device and
cause it to crash. Often bundled with free software,
downloaded unintentionally, or distributed
through deceptive advertising.
SPYWARE - software that tracks your online
activity without your knowledge or consent.
1.
ADWARE - a software that display excessive or
intrusive advertisements.
2.
BROWSER HIJACKERS - are malware, programs
that modify web browser settings without the
user's permission in order to redirect users to
websites they did not intend to visit.
3.
SYSTEM OPTOMIZERS - programs that claim to
improve system performance by cleaning up
unnecessary files but cause harm by deleting
important files
Phishing is a form of social engineering and scam
where attackers deceive people into revealing
sensitive information[1] or installing malware such as
ransomware.
Phishing is a type of online scam that targets
consumers by sending them an e-mail that appears to
be from a well-known source – an internet service
provider, a bank, or a mortgage company, for
example.
Smishing is an attack that uses text
messaging or short message service (SMS) to
execute the attack. A common smishing
technique is to deliver a message to a cell phone
through SMS that contains a clickable link or a
return phone number.
Vishing (Voice Phishing) - The attackers are still
after your sensitive personal or corporate
information. This attack is accomplished through a
voice call.
EmailPhishing - Emailphishing is the most
common type of phishing, and it has been in use
since the 1990s. Hackers send these emails to any
email addresses they can obtain.
Hacking is the act of identifying and then exploiting
weakness in a computer system or network, usually
to gain unauthorized access to personal or
organizational data.
Social Engineering - manipulating individual to
divulge personal information through deception,
often using phishing scams or fake websites.
b. PasswordHacking - includes using brute-force
attacks, where hackers systematically try different
combinations, and dictionary attacks which use
common words to crack passwords.
CyberVandalism is a form of cyber crime that
involves intentionally damaging or disrupting
websites or compute systems without seeking
financial gain, yet can lead to severe financial
repercussions for affected businesses, including
decreased client confidence and potential loss of
revenue.
CreditCardfraud in cybersecurity is when
cybercriminals steal credit card details online and use
them for unauthorized purchases or illegal activities,
often by hacking databases or tricking people into