Professional Documents
Culture Documents
M07-EL-Sistem Keamanan Dan Pembayaan Pada E-Dagang
M07-EL-Sistem Keamanan Dan Pembayaan Pada E-Dagang
M07-EL-Sistem Keamanan Dan Pembayaan Pada E-Dagang
‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 1
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Objectives
Understand the scope of e-commerce crime and security problems,
the key dimensions of e-commerce security, and the tension
between security and other values.
Identify the key security threats in the e-commerce environment.
Describe how technology helps secure Internet communications
channels and protect networks, servers, and clients.
Appreciate the importance of policies, procedures, and laws in
creating security.
Identify the major e-commerce payment systems in use today.
Describe the features and functionality of electronic billing
presentment and payment systems.
S‐1 Sistem Informasi STMIK Mikroskil 2
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 3
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 4
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 5
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Vulnerable Points in an E-
commerce Transaction
S‐1 Sistem Informasi STMIK Mikroskil 6
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Malicious Code
• Exploits and exploit kits
• Maladvertising
• Drive-by downloads
• Viruses
• Worms
• Ransomware (scareware)
• Trojan horses
• Backdoors
• Bots, botnets
S‐1 Sistem Informasi STMIK Mikroskil 7
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Phishing
• Any deceptive, online attempt by a third party to
obtain confidential information for financial gain
• Tactics
• Social engineering
• E-mail scams
• Spear phishing
• Used for identity fraud and theft
S‐1 Sistem Informasi STMIK Mikroskil 8
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Data Breaches
• When organizations lose control over corporate
information to outsiders
• Nine mega-breaches in 2015
• Leading causes
• Hacking
• Employee error/negligence
• Accidental e-mail/Internet exposure
• Insider theft
S‐1 Sistem Informasi STMIK Mikroskil 9
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Identity Fraud/Theft
• Unauthorized use of another person’s personal
data for illegal financial benefit
• Social security number
• Driver’s license
• Credit card numbers
• Usernames/passwords
• 2015: 13 million U.S. consumers suffered identity
fraud
S‐1 Sistem Informasi STMIK Mikroskil 10
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 11
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Insider Attacks
• Largest threat to business institutions come from
insider embezzlement
• Employee access to privileged information
• Poor security procedures
• Insiders more likely to be source of cyberattacks
than outsiders
S‐1 Sistem Informasi STMIK Mikroskil 12
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 13
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 14
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 15
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Technology Solutions
• Protecting Internet communications
• Encryption
• Securing channels of communication
• SSL, TLS, VPNs, Wi-Fi
• Protecting networks
• Firewalls, proxy servers, IDS, IPS
• Protecting servers and clients
• OS security, anti-virus software
S‐1 Sistem Informasi STMIK Mikroskil 16
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Encryption
• Encryption
• Transforms data into cipher text readable only by sender and
receiver
• Secures stored information and information transmission
• Provides 4 of 6 key dimensions of e-commerce security:
• Message integrity
• Nonrepudiation
• Authentication
• Confidentiality
S‐1 Sistem Informasi STMIK Mikroskil 17
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 18
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 19
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Digital Envelopes
• Address weaknesses of:
• Public key cryptography
• Computationally slow, decreased transmission speed, increased processing time
• Symmetric key cryptography
• Insecure transmission lines
S‐1 Sistem Informasi STMIK Mikroskil 20
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 21
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Limitations of PKI
• Does not protect storage of private key
• PKI not effective against insiders, employees
• Protection of private keys by individuals may be haphazard
• No guarantee that verifying computer of
merchant is secure
• CAs are unregulated, self-selecting organizations
Securing Channels of
Communication
• Secure Sockets Layer (SSL)/Transport Layer
Security (TLS)
• Establishes secure, negotiated client–server session
• Virtual Private Network (VPN)
• Allows remote users to securely access internal network via the
Internet
• Wireless (Wi-Fi) networks
• WPA2
S‐1 Sistem Informasi STMIK Mikroskil 22
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Protecting Networks
• Firewall
• Hardware or software that uses security policy to filter packets
• Packet filters
• Application gateways
• Next-generation firewalls
• Proxy servers (proxies)
• Software servers that handle all communications from or sent to
the Internet
• Intrusion detection systems
• Intrusion prevention systems
S‐1 Sistem Informasi STMIK Mikroskil 23
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 24
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 25
SI0044 ‐ Perdagangan Elektronik 3/2/2019
Developing an E-commerce
Security Plan
S‐1 Sistem Informasi STMIK Mikroskil 26
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 27
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 28
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 29
SI0044 ‐ Perdagangan Elektronik 3/2/2019
S‐1 Sistem Informasi STMIK Mikroskil 30