informationsecurity.pptx

1、InformationsecurityforE-commerceWSCOursecuritycompanyistrustedbythousandsofresidential,businessandmajorpublicsectorcustomersincludinghospitals,schoolsandpolice.Wehavemodernandeffectiveelectronicsecuritysystems,basedonthelatesttechnology,withthemostreliable,comprehensivemonitoringfacilities,allbacked

2、byourspecialistserviceteam.Asasecuritycompanyourfocusisaverypersonalunderstandingyourneeds,advisingandrecommendationinstallingeverythingwithminimaldisruptiontoyourhomeoryourbusinessandprovidingthehighest-qualitymaintenance,supportandassistance.3.Threats for E-commerce4.Attack defensesOUTLINE1.Backgr

3、ound of security2.What is information securityBackgroundofsecurityWorldWarIIbroughtaboutmanyadvancementsininformationsecurityandmarkedthebeginningoftheprofessionalfieldofinformationsecurity.About seventy years ago,fewpeoplehadaccesstoacomputersystemornetwork,companiesdidnotconductbusinessacrosstheIn

4、ternet.Informationsecuritymeasures:ComputerswerekeptinlockedcentralroomsAccesswasgrantedonlytoselectindividualsNoonecouldremotelyaccessthemachine Now,personalcomputersareubiquitous.Millionsofpeopleperformonlinetransactioneveryday.CompaniesrelyontheInternettooperateandconductbusiness.Moderninformatio

5、nsecuritymeasures:RemoteprocessingElectronictransmissionofinformationWidespreaduseoftheInternetWhat is information securityIngenerally，informationsecurityistheprotectionofassetsfromunauthorizedaccess,use,alteration,ordestruction.Itprotectsbusinessinformationoncomputer.Effectiveinformationsecuritysys

6、temsincorporatearangeofpolicies,securityproducts,technologiesandprocedures.Softwareapplicationswhichprovidefirewallinformationsecurityandvirusscannersarenotenoughontheirowntoprotectinformation.Therearetwotypesofsecurity:Physical securityincludingsuchdevicesasalarms,fireproofdoors,securityfences.Logi

7、cal securityconsistsofsoftwaresafeguardsforanorganizationssystems,includinguseridentificationandpasswordaccess,authentication,accessrightsandauthoritylevels.Threat for E-commerceThreatanalysisE-commercesecurityisbeginningwiththeconsumerandendingwiththecommerceserver.Thisanalysisproducesathreepartstr

8、ucture:ClientCommunicationchannelServerThreatsMaliciousSoftwareAttacksCommunicationchannelServerVirusesWormsTrojan horsesLogic bombsBotnetsMaliciousSoftwareVirusesAcodethatinsertedinthecomputerprogramtodamageordestroythecomputerdataandfunctionFile-infecting virusInfectsexecutablefiles(.com,.exe,.drv

9、dll)Spreadthroughe-mailandfiletransferScript virusesWritteninscriptinglanguages(VBScript,JavaScript)Activatedbyclickinga.vbsor.jsfileWormsVirusesareoftencombinedwithaworm.Awormisdesignedtospreadfromcomputertocomputerratherthanfromfiletofile.Awormdoesnotnecessarilyneedtobeactivatedbyauserorprogramf

10、orittoreplicate.TrojanhorseATrojan horseisaprogramhiddeninsideanotherprogramorWebpagethatmasksitstruepurpose.LogicBombsApieceofcodethatsitsdormantforaperiodoftimeuntilsomeeventinvokesitsmaliciouspayloadOfteninstalledbyauthorizedusersBotnetsHackerscreatearmiesofmachinesbyinstallingmalwareagentsonthem

11、achines,andcontrolledinlargenetworks,calledbotnets.Usedtoconductotherattacks,spreadspamandothermalwareCDoSTCP/IP HijackingMan-in-the-Middle AttackAttacksDenial-of-service attacksAdenial-of-service attack(DoS attack)isanattempttomakeacomputerresourceunavailabletoitsintendedusers.ItpreventanInternetsi

12、teorservicefromfunctioningefficientlyoratall,temporarilyorindefinitely.Lead to a server overloadMake the targete servers to reset,or consuming its resourcesZombieMan-in-the-middleAttacksIsaformofactiveeavesdroppinginwhichtheattackermakesindependentconnectionswiththevictimsandrelaysmessagesbetweenthe

13、m,makingthembelievethattheyaretalkingdirectlytoeachotheroveraprivateconnection,wheninfacttheentireconversationiscontrolledbytheattacker.ExampleTCP/IPHijackingAsecurityattackonausersessionoveraprotectednetwork.-BecometheMan-in-the-middle.-Whattheattackerneedtodoisfirsttoimpersonatethelegitimateclient

14、andthendisconnectthelegitimateclient.-Iftheattackerhijackingthesessionoftheadministrator,hethendoesnotrequireanyauthenticationinformationtodowhathewantstodo.Attacks defenseMalwaredefensesMalwareinallformvirus,worm,spyware,botnetandsooncanbedefendedagainstinacoupleofsimplesteps:Use an antivirus progr

15、am Keep your software up to dateDenial-of-serviceattacksDefenseTopreventaDDoSattack,wemusteitherbeabletointerceptorblocktheattackmessagesorkeeptheDDoSnetworkfrombeingestablishinginthefirstplace.AfinaloptionweshouldconsiderthatwilladdressseveralformsofDoSandDDoSattacksistoblockICMPpacketsatborder,sin

16、cemanyattackersrelyonICMP.CiphersystemsCryptosystemsaredigital;thealgorithmsarebasedontheindividualbitsofamessageratherthanlettersofthealphabet.Computerinformationisstoredasbinarystrings,sequencesof0sand1s.Encryptionanddecryptionkeysarebinarystringsofagivenkeylength.TypesofcryptosystemsTherearetwoma

17、intypesofcryptosystems:Private-key cryptographyAlsoknownassymmetric or secret-keyencryption,itusesasinglekeytobothencryptanddecipherthemessage.Public-key cryptographyAlsoknownasasymmetricencryption,itusesapublickeytoencryptmessagesandaprivatekeytodeciphermessages.Public-keycryptographyPublic-keycryp

18、tographyusestworelatedkeys.Theprivate keyiskeptsecretbyitsowner.Thepublic keyisfreelydistributed.WhensomeonewishestocommunicatewithAlicetheyuseAlicespublickeytoencodetheirmessage.Alicethenusesherprivatekeytodecodethemessage.Private-keycryptographySupposethatAlicewishestosendBobamessage:Theyexchangeasecretkey.Aliceencodesthemessageusingthesecretkey.TheciphertextissenttotheBob.Bobdecodesthemessageusingthesecretkey.ConclusionThankyou!