informationsecurity.pptx

InformationsecurityforE-commerceWSCOursecuritycompanyistrustedbythousandsofresidential,businessandmajorpublicsectorcustomersincludinghospitals,schoolsandpolice.Wehavemodernandeffectiveelectronicsecuritysystems,basedonthelatesttechnology,withthemostreliable,comprehensivemonitoringfacilities,allbackedbyourspecialistserviceteam.Asasecuritycompanyourfocusisaverypersonalunderstandingyourneeds,advisingandrecommendationinstallingeverythingwithminimaldisruptiontoyourhomeoryourbusinessandprovidingthehighest-qualitymaintenance,supportandassistance.3.Threats for E-commerce4.Attack defensesOUTLINE1.Background of security2.What is information securityBackgroundofsecurityWorldWarIIbroughtaboutmanyadvancementsininformationsecurityandmarkedthebeginningoftheprofessionalfieldofinformationsecurity.About seventy years ago,fewpeoplehadaccesstoacomputersystemornetwork,companiesdidnotconductbusinessacrosstheInternet.Informationsecuritymeasures:ComputerswerekeptinlockedcentralroomsAccesswasgrantedonlytoselectindividualsNoonecouldremotelyaccessthemachine Now,personalcomputersareubiquitous.Millionsofpeopleperformonlinetransactioneveryday.CompaniesrelyontheInternettooperateandconductbusiness.Moderninformationsecuritymeasures:RemoteprocessingElectronictransmissionofinformationWidespreaduseoftheInternetWhat is information securityIngenerally，informationsecurityistheprotectionofassetsfromunauthorizedaccess,use,alteration,ordestruction.Itprotectsbusinessinformationoncomputer.Effectiveinformationsecuritysystemsincorporatearangeofpolicies,securityproducts,technologiesandprocedures.Softwareapplicationswhichprovidefirewallinformationsecurityandvirusscannersarenotenoughontheirowntoprotectinformation.Therearetwotypesofsecurity:Physical securityincludingsuchdevicesasalarms,fireproofdoors,securityfences.Logical securityconsistsofsoftwaresafeguardsforanorganizationssystems,includinguseridentificationandpasswordaccess,authentication,accessrightsandauthoritylevels.Threat for E-commerceThreatanalysisE-commercesecurityisbeginningwiththeconsumerandendingwiththecommerceserver.Thisanalysisproducesathreepartstructure:ClientCommunicationchannelServerThreatsMaliciousSoftwareAttacksCommunicationchannelServerVirusesWormsTrojan horsesLogic bombsBotnetsMaliciousSoftwareVirusesAcodethatinsertedinthecomputerprogramtodamageordestroythecomputerdataandfunctionFile-infecting virusInfectsexecutablefiles(.com,.exe,.drv,.dll)Spreadthroughe-mailandfiletransferScript virusesWritteninscriptinglanguages(VBScript,JavaScript)Activatedbyclickinga.vbsor.jsfileWormsVirusesareoftencombinedwithaworm.Awormisdesignedtospreadfromcomputertocomputerratherthanfromfiletofile.Awormdoesnotnecessarilyneedtobeactivatedbyauserorprogramforittoreplicate.TrojanhorseATrojan horseisaprogramhiddeninsideanotherprogramorWebpagethatmasksitstruepurpose.LogicBombsApieceofcodethatsitsdormantforaperiodoftimeuntilsomeeventinvokesitsmaliciouspayloadOfteninstalledbyauthorizedusersBotnetsHackerscreatearmiesofmachinesbyinstallingmalwareagentsonthemachines,andcontrolledinlargenetworks,calledbotnets.Usedtoconductotherattacks,spreadspamandothermalwareCDoSTCP/IP HijackingMan-in-the-Middle AttackAttacksDenial-of-service attacksAdenial-of-service attack(DoS attack)isanattempttomakeacomputerresourceunavailabletoitsintendedusers.ItpreventanInternetsiteorservicefromfunctioningefficientlyoratall,temporarilyorindefinitely.Lead to a server overloadMake the targete servers to reset,or consuming its resourcesZombieMan-in-the-middleAttacksIsaformofactiveeavesdroppinginwhichtheattackermakesindependentconnectionswiththevictimsandrelaysmessagesbetweenthem,makingthembelievethattheyaretalkingdirectlytoeachotheroveraprivateconnection,wheninfacttheentireconversationiscontrolledbytheattacker.ExampleTCP/IPHijackingAsecurityattackonausersessionoveraprotectednetwork.-BecometheMan-in-the-middle.-Whattheattackerneedtodoisfirsttoimpersonatethelegitimateclientandthendisconnectthelegitimateclient.-Iftheattackerhijackingthesessionoftheadministrator,hethendoesnotrequireanyauthenticationinformationtodowhathewantstodo.Attacks defenseMalwaredefensesMalwareinallformvirus,worm,spyware,botnetandsooncanbedefendedagainstinacoupleofsimplesteps:Use an antivirus program Keep your software up to dateDenial-of-serviceattacksDefenseTopreventaDDoSattack,wemusteitherbeabletointerceptorblocktheattackmessagesorkeeptheDDoSnetworkfrombeingestablishinginthefirstplace.AfinaloptionweshouldconsiderthatwilladdressseveralformsofDoSandDDoSattacksistoblockICMPpacketsatborder,sincemanyattackersrelyonICMP.CiphersystemsCryptosystemsaredigital;thealgorithmsarebasedontheindividualbitsofamessageratherthanlettersofthealphabet.Computerinformationisstoredasbinarystrings,sequencesof0sand1s.Encryptionanddecryptionkeysarebinarystringsofagivenkeylength.TypesofcryptosystemsTherearetwomaintypesofcryptosystems:Private-key cryptographyAlsoknownassymmetric or secret-keyencryption,itusesasinglekeytobothencryptanddecipherthemessage.Public-key cryptographyAlsoknownasasymmetricencryption,itusesapublickeytoencryptmessagesandaprivatekeytodeciphermessages.Public-keycryptographyPublic-keycryptographyusestworelatedkeys.Theprivate keyiskeptsecretbyitsowner.Thepublic keyisfreelydistributed.WhensomeonewishestocommunicatewithAlicetheyuseAlicespublickeytoencodetheirmessage.Alicethenusesherprivatekeytodecodethemessage.Private-keycryptographySupposethatAlicewishestosendBobamessage:Theyexchangeasecretkey.Aliceencodesthemessageusingthesecretkey.TheciphertextissenttotheBob.Bobdecodesthemessageusingthesecretkey.ConclusionThankyou!