Chapter 10: Class Notes

E-Commerce Security

SECURITY ISSUES:
Types of Security:
- Physical Security: protecting your assets with physical systems (firewalls)
- Logical Security: intangible - the router you use to access the internet,
Minimum Level of Requirement: elements of security plan
- Privacy/secrecy: no unathorized disclosure of info...if hosting a site, you need plans around these areas ie: privacy policy
- Data integrity: no unathorized modification
- Availability/necessity: making sure your system is alwasy accessible - no data or message delays
- Key Management: secure encryption keys; how you manage all passwords and code numbers you need to access information
- Nonrepudiation: you know who is on the other end of the computer; end-to-end proof of identity
- Authenticity: digital signatures and certificates
Security Policy
- addresses:
- physical security
- network security
- access authorizations: administrator who can change things, user can only look at things
- virus protection:
- disaster recovery: if something goes wrong
- example: network security library
Risk Management
- figure 10-1
- countermeasures: how to eliminate a threat after it has happened
- eavesdroppers: sniffing programs; on the internet everywhere
- crackers/hackers: crackers hack in to systems for illegal purposes; hacker hacks into systems and are usually paid by a company...white hat: good black hat: bad
- firewalls: trusted network: behind a firewall untrusted network: outside of the firewall

CLIENT-SIDE SECURITY: you with web browsers surfing to ecomm site
Cookies: little files that webserver stores on your hard disk w/out you knowing; cannot do anything, it is just a text file
Types: session (temporary): cookie that is stored in the temporary folder of your browser; persistent (permanent): always stored on harddrive and allows someone to have your info handy, negative is that they are also used by ad agencies and trackers (ppl trying to collect info about what sites you visited); web bugs: type of cookie that are left behind on your system, instead of using a text file these guys use a little invisible graphic
Uses:
- online ordering systems
- site personalization
- website tracking
- user IDs

Active content:
- activex controls
- java applets
- javascript
- trojan horse
- viruses: destroy your computer system, worms, & zombies: launches off your system to destroy others
- graphics and plug-ins

SAFE WEB SURFING
anonymity: allow user to be anonymous
anti-virus
spam
spyware
spyware
miscellaneous
ENCRYPTION
Types
- symmetric: you use the same password to encrypt and decrypt
- asymmetric: public key: published out to the world, private key: key you use to decode something, digital signature:
- figure 10.10 Encryption
Email: Pretty Good Privacy (PGP)
Digital Certificates: use the idea of keys, when you see the https it means that they have a SSL license
Disks and Folders: consumer software products to protect files, photos, folders.... Truecrypt: allows you to create a hidden disk on your harddrive
Voice-over IP: when you talk into your computer microphone it encrypts it, is done right away