Security Threat

avatar
Created by
argon strong

Cards (52)

  • Most Prevalent Types:
    1. Malicious insiders
    2. Viruses
    3. Worms
    4. Trojans
    5. Malware
    6. Web-based attacks
    7. Botnets
    8. Phishing and social engineering
    attacks
    9. Malicious code
  • Most High-Profile:
    1. Online Credit Card Fraud
  • Most Costly:
    1. Denial of service
    2. Malicious insiders
    3. Malicious code
  • Integrity: the ability to ensure
    that information being displayed
    on a website or
    transmitted/received over the
    internet has not been altered in
    any way by an unauthorized party
  • Nonrepudiation: the ability to
    ensure that e-commerce
    participants do not deny their
    online actions
  • Authenticity: the ability to
    identify the identity of a person or
    entity with whom you are dealing
    on the internet
  • Confidentiality: the ability to
    ensure that messages and data
    are available only to those who
    are authorized to view them
    Privacy: the ability to control the
    use of information a customer
    provides about himself or herself
    to an e-commerce merchant
    Availability: the ability to ensure
    that an e-commerce site
    continues to function as intended
  • there are three major vulnerable points in e-commerce transactions: internet communications, servers and clients
  • e-commerce security is multi layered and must take into account new technology policies and procedures and laws and industry standards.
  • Encryption: the process of
    transforming plain text or data
    into cipher text that cannot
    be read by anyone other than
    the sender and the receiver
  • Network Security
    Protocols: network protocols
    that ensure the integrity and
    security of data transmitted
    across network connections
    Secure Sockets Layer (SSL)
    and Transport Layer Security
    (TLS)
    * the URL is encrypted (HTTP
    to HTTPS)
  • Virtual Private Networks
    (VPN): allows remote users
    to securely access a
    corporation’s local area
    network via the Internet,
    using a variety of VPN
    protocols
  • Firewalls: refers to either
    hardware or software that
    filters communication packets
    and prevents some packets
    from entering the network
    based on a security policy
  • the primary function of a firewall is to deny access by remote client computers to local computers. the primary purpose of a proxy sever is to provide controlled access from local computers to remote computers.
  • Proxy Servers: software
    server that handles all
    communications originating
    from or being sent to the
    internet, acting as a
    spokesperson or bodyguard
    for the organization
  • Intrusion/Detection
    Prevention: examines
    network traffic, watching to
    see if it matches certain
    patterns or preconfigured
    rules indicative of an attack
  • Automated Software
    Updates: automatically
    update software to the latest
    version to patch
    vulnerabilities discovered by
    hackers
  • Anti-virus Software: provide
    inexpensive tools to identify and
    eradicate the most common types
    of malicious code as well as
    destroy those already lurking on a
    hard drive
  • Risk Assessment: an
    assessment of the risks and
    points of vulnerability
  • Security Policy: a set of
    statements prioritizing the
    information risks, identifying
    acceptable risk targets, and
    identifying mechanisms for
    achieving these targets
  • Implementation Plan: steps
    you will take to achieve the
    security plan goals
  • Access Control: determine
    which outsiders and insiders can
    gain legitimate access to your
    networks
  • Authentication Procedures:
    include the use of digital
    signatures, certificates of
    authority, and PKI (public key
    infrastructure)
    biometrics
    security tokens
    • authorization policies
  • 5. Security Audit: the routine
    review of access logs both for
    outsiders & insiders
  • Information Assets:
    1. customer information
    2. proprietary designs
    3. business activities
    4. secret processes
    5. price schedules
    6. executive compensation
    7. payroll
  • five steps involved in building an e-commerce security plan: perform a risk assessment, develop a security policy, develop an implementation plan, create a security organization, perform a security audit
  • Malicious code is any type of code that causes harm
    to a computer system or network.
  • Trojan Horse - A decoy file that presents itself as
    something else.
    1.
    Virus -Software that copies itself and spreads to
    other computers. Spreads through connection
    like a USB Port or Downloaded Files.
    2.
    Worms- Most Infectious. Can spread on its own
    WITHOUT attaching itself to a program.
  • Potentially Unwanted Programs
    Definition:
    Type of software that can get onto your device
    without your knowledge.
  • Some PUPs can also slow down your device and
    cause it to crash. Often bundled with free software,
    downloaded unintentionally, or distributed
    through deceptive advertising.
  • SPYWARE - software that tracks your online
    activity without your knowledge or consent.
    1.
    ADWARE - a software that display excessive or
    intrusive advertisements.
    2.
    BROWSER HIJACKERS - are malware, programs
    that modify web browser settings without the
    user's permission in order to redirect users to
    websites they did not intend to visit.
    3.
    SYSTEM OPTOMIZERS - programs that claim to
    improve system performance by cleaning up
    unnecessary files but cause harm by deleting
    important files
  • Phishing is a form of social engineering and scam
    where attackers deceive people into revealing
    sensitive information[1] or installing malware such as
    ransomware.
  • Phishing is a type of online scam that targets
    consumers by sending them an e-mail that appears to
    be from a well-known source – an internet service
    provider, a bank, or a mortgage company, for
    example.
  • Smishing is an attack that uses text
    messaging or short message service (SMS) to
    execute the attack. A common smishing
    technique is to deliver a message to a cell phone
    through SMS that contains a clickable link or a
    return phone number.
  •  Vishing (Voice Phishing) - The attackers are still
    after your sensitive personal or corporate
    information. This attack is accomplished through a
    voice call.
  •  Email Phishing - Email phishing is the most
    common type of phishing, and it has been in use
    since the 1990s. Hackers send these emails to any
    email addresses they can obtain.
  • Hacking is the act of identifying and then exploiting
    weakness in a computer system or network, usually
    to gain unauthorized access to personal or
    organizational data.
    1. Social Engineering - manipulating individual to
    divulge personal information through deception,
    often using phishing scams or fake websites.
    b. Password Hacking - includes using brute-force
    attacks, where hackers systematically try different
    combinations, and dictionary attacks which use
    common words to crack passwords.
  • Cyber Vandalism is a form of cyber crime that
    involves intentionally damaging or disrupting
    websites or compute systems without seeking
    financial gain, yet can lead to severe financial
    repercussions for affected businesses, including
    decreased client confidence and potential loss of
    revenue.
  • Credit Card fraud in cybersecurity is when
    cybercriminals steal credit card details online and use
    them for unauthorized purchases or illegal activities,
    often by hacking databases or tricking people into
    giving out their information.