Please enable JavaScript.
Coggle requires JavaScript to display documents.
Online Security Issues - Coggle Diagram
Online Security Issues
Origins of Security
Early Internet days
Electronic mail
Today's higher stakes
Electronic mail
Shopping
Commons worry of Web shopper
Stolen credict card
Origins of Security on Interconnected Computer Systems
Data security measures taken by Roman Empire
Initially adopted millitiary's security methods
Requires comprehensive computer security plans
Computer Security and Risk Management
Computer Security
Physical Security
Logical Security
Countermeasure
Threat
A major concern for large computers that ran important business functions such as payroll or billing
Elements of Computer Security
Secrecy
Protecting against unauthorized data disclosure and ensuring the authenticity of the data source
Intergrity
Preventing unauthorized data modification
Risk Management Model
applicable for protecting Internet and Electronic Commerce assets from physical and electronic threats
Electronic Threat Examples
Impostors
Thieves
Eavesdroppers
Crackers or hackers
Four general organizational actions
Impact (cost)
Probability of physical threat
Establishing a Security Policy
Any organization concerned about protecting its electronic commerce assets should have a security policy in place
A security policy should address physical, network security, access authorizations, virus protection and disaster recovery
A good security policy should address the following
Authentication
: Who is trying to access the site?
Access control
: Who is allowed to log on to and access the site?
Secrecy
: Who is permitted to view selected information
Data Intergrity
: Who is allowed to change data?
Audit
: Who or what causes specific events to occur and when?
Four-steps Process when Creating a Security Policy
Determine when assets must be protecting from which threats
Company that stores customer credit card numbers
Determine who needs access to various parts of the system
Suppliers
Identify resources avaiable or needed to protect the information while ensuring access by those ho read it
Using the information gathered in the first three steps, the organization develops a written security policy
Secrecy
: Security threat
Privacy
: Protection of individual rights to nondisclosure
Intergrity
: Unprotected banking transactions
Necessity
: Disrupt normal computer processing or deny processing entirely
Security for Client Devices
Client Computers
Must be protected from threats
Threats
Originate in software and downloaded data
Cookies and Web Bugs
Internet connection between web clients and servers
Cookies
By Time
Durations
Session Cookies
Exist until the Web client ends the connection
Persistent Cookies
Which remain on the client computer
Source
First-Part Cookies
They can be placed by a different Web site
Third-Party Cookies
Origunates on a Web site itger than the site being visited
Disable Cookies Entirely
Fullsite resources not avaiable
Web Browser Cookie Management Functions
Refuse only third-party cookies review each cookie before accepted provided by most Web browsers
Web Bug
Tiny graphic that third-party Web site places on another site's Web page
Provide a way for a third-party to place cookie on visitor's computer
Graphics created in GIF format
Active Content
Programs embedded transparently in Web pages
Extends HTML functionality
Can damage client computer
Graphic and Plug-ins
Allow for the inclusion of instructions that tell a browser how to render a graphic
Small programs that enhance the capabilities of browsers
Helps a browser perform useful tasks
Viruses, Worms and Antivirus Software
That attaches itself to another program and can cause damage when the host program is activated
Type of a virus that replicates itself on the computers that it infects
Software detects viruses and worms and either deletes them or isolates them on the client computer so they cannot run
Digital Certificate
An attactment to an e-mail message or a program embedded in a web page
Signed code serves the same function as a photo on a driver's license or passport
To execute online transactions
Steganography
The process of hiding information
Client Security for Mobile Devices
Security issues related to mobile client devices can be simple such as the physical threat or losing a phone or tablet device
Security for Server Computer
Password Attack Threats
The passwords that users select can be the source of a threat
A password manager is software that stores securely all of a person's passwords
Database Threats
Databases connected to the web contain valuable and private information that could damage a company irreparably if disclosed or altered
If unauthorized users obtain user authentication information, the can masquerade as legitmate database users and reveal or download confidential and potentially valuable information
Other Software-Based Threats
Web server threats can arise from programs executed by the server
A buffer is an area of memory set aside to hold data read from a file or database
Mail bomb is the attack occurs when hundres or even thousand of people each send a message to a particular address
Threats to the Physical Security of Web Servers
Web servers and the computers that are networked closly to them. Such as the database servers and application servers used to supply content and transaction-processing capabilities to electronic comerce web sities, must be protected from physical harm
Acces Control and Authentication
Authentication is verfication or the identify of the entity requesting access to the computer
Access control and authentication refer to controlling who and what has access to the Web server
An access control list (ACL) is a list or database of files and other resources and the usernames of people who can access the files and other resources
Servers can Authnticate Users in Several Ways
If the server cannot decrypt the user's digital signature contained in the certificate using the user's pubic key
Servers can check the time stamp on the certificate to ensure that it has not expired
Protection
A firewall is software or a hardware software combination that is installed in a network to control the packet traffic moving through it