Chapter 10: Key Concept

ELECTRONIC COMMERCE SECURITY

Online Security Issues:
Computer Security: protection of assets from unauthorized access, use, alteration, or destruction.
- physical security: tangible protection devices, alarms, guards, fireproof doors, security fences, safes or vaults, bombproof buildings
- logical security: protection of assets using nonphysical means
- threat: any act or object that poses danger to computer assets

Managing Risk
- Countermeasures: general name for procedure, physical or logical, that recognizes, reduces or eliminates threat Fig 10-1
- eavesdropper: person or device that can listen in on and copy internet transmissions
- crackers/hackers: people who write programs or manipulate technologies to obtain unauthorized access to computers and networks

Computer Security Classifications
- secrecy: protecing against unauthorized data disclosure and ensuring the authenticity of tha data source
- integrity: preventing unauthorized data modifidcation
- necessity: preventing data delays or denials

Security Policy and Integrated Security
- security policy: written statement describing which assets to protect and why they are being protected, who is responsible, which behvaiours are acceptable

Security for Client Computers
Cookies
- stateless connection: each transmission of info is independent
- small text files that web servers place on web client computers to identify returning visitors
- session cookies: exist until the web client ends the connection
- persistent cookies: remina on the client computerindefinitely
- cookie blockers: prevent cookie storage selectively
Web Bugs:
- tiny graphic that third-party web site places on another site's web page
Active Content:
- programs that are embedded transparently in web pages and cause action to occur
- zombie: trojon horse that tkaes over another computer for the purpose of launching attacks on other computers (MSN messages)
Java Script
- scripting language developed by netscape to enable web page designers to build active content
ActiveX Controls
- object that contains programs and properties that web designers place on web pages to perform particular tasks
Graphics and Plug-ins
- programs that enhance capabilities of browsers, handle content that crowser cannot handle
Viruses, Worms, and Antivirus software
- virus: software attaches itself to another program and causes damage when host program is activated
- worm: virus that replicates itself on the computers that it infects
- macro virus: coded as small program and embedded in a file
- antivirus software: detects viruses and worms and either deletes them or isolates them on client comp[ueter so they cannot run
Digital Certificates:
- attachment to an email msg or program embedded in web page that verifies that sender of web site is who or what it claims to be
- signed: DC is a signed message or code
- key: simple # that is used with the encryption algorithm to lock the characters of msg being protected so they are undecipherable without the key
Steganography:
- process of hiding info within another piece of info

Communication Channel Security
Secrecy Threats
- privacy: protection of inidivdual rights to nondisclosure
- sniffer programs: provide means to record info that passes through a compueter or router that is handling internet traffic
Integrity threats
- active wiretapping: when unauthorized party can alter msg stream of info
- masquerading/spoofing: pretending to be someone you are not, or representing a web site as original when it is fake
Necessity Threats:
- distrupt normal compueter processing, or deny processing entirely
Threats to wireless networks
- wardrivers: find an open network and may place a chalk mark on the building so that other attackers will know that an easily entered wirless network is nearby (warchalking)
Encryption Solution
- coding of info by using mathematically based program and a secret key to produce string of characters that is unintelligible (see class notes)