UNIT 10 (E-COMMERCE SECURITY)
1. Online Security Issues
= The protection of data from unauthorized access, use, alteration or destruction.
2. Types of security
• Physical Security – Tangible protection device such as alarms (can be seen).
• Logical Security – Non physical protection such as antivirus (cannot be seen
physically)
3. Computer Security Classifications
• Secrecy – Protecting against unauthorized data disclosure and ensuring the
authenticity of data source.
• Integrity – Preventing unauthorized data modification.
• Necessity – Refers to preventing data delays or removals.
4. Security For Client Computers
• Cookies – Embedded text files in Web pages into client computers from web servers
to identify returning visitors.
• Categories
− Time Duration
• Session Cookies (Transient Cookie) – Cookies that only exist
until PC disconnects the connection.
• Persistent Cookies (Permanent Cookie) – Remains on the clients
computer forever until being deleted.
• Their Source
o 1st Party Cookies – Place by the web server (owner of the
server).
o 3rd Party Cookies – Place by 3rd party advertising.
5. Virus
= A software that attaches itself to another program and cause damage when host program
is activated.
6. Worms
= Program that is designed to copy itself from one computer to another over a network. The
worm spreads itself to many computers over a network. A worm stands alone with no need
for a host.
�7. Digital Certificate
= Program embedded in a Web Page that verifies the sender or website who or what it
claims to be. DC is a signed messages which provide proof that the holder is the person
identified by the certificate.
8. Certification Authority (CA)
= Third parties that issues digital certificates. Such as Norton.
9. Communication Channel Security
• Secrecy threat – refers to any threat on secrecy.
− Remote Access Trojan (RAT) hide itself inside legitimate software and, once
installed, it gives hacker a complete control remotely of the victim’s system.
• Integrity threat – refers to any threat on integrity of data in EC.
− Happens when unauthorized data modification occurs.
• Necessity threat – refers to any threat on necessity.
− To protect data from necessity threat (need to prevent data delays or denial
of access).
− DoS attack is necessity threat (occur in server side).
10. Encryption Solutions
• Hash Coding – uses a hash algorithm to calculate a number from a message of any
length. It is to know that a message has been altered in transit by comparing the
original hash value and the computed has value when it arrives.
• Asymmetric Encryption (public-key encryption) – encodes messages using
public key (freely distributed to the public at large) and private key (belongs to
the key owner, who keeps the key secret).
• Symmetric Encryption (private-key encryption) – encodes message with one
of several available algorithms that use a single numeric key. Uses the same key to
encrypt and decrypt messages.
11. Security On Server Computer
• DoS/DDoS
− SYN Flood (based on TCP Protocol)
o Occur when attacker does not send ACK so server keep on waiting.
o Attacker sending hundreds of SYN but does not send ACK so server
keeps waiting for final ACK until timeout.
• Firewalls (most common protection tool)
− Is a software or hardware and software combination that is installed in a
network to control the packet traffic moving through.
− Provides a defense between a protected network and the Internet, or other
network that could pose a threat.
�12. Web Bugs
= Are graphics on web page that is designed to monitor who is reading the web. Often
invisible because they are very small.
13. Active Contents
= Refers to programs that are embedded transparently in web pages and that cause action
to occur. Such as JavaScript. Embedded malicious active content can be dangerous when it
is used in for the wrong purpose. Such as Trojan Horse.
