E-Commerce (DCSE604)

Security Issues:

1. Cyber attacks

 Virus - a program fragment that is attached to a legitimate program

 Hidden, self replicating, requires host program

 Worm - same as virus but it is a complete program that can run independently

 Trojan - a computer program that appears to have a useful function but has hidden
and potentially malicious functions

 Can escape security mechanisms

 Spam - junk mails

 May be used to propagate viruses and worms

 Like promotional material, advertisements and catalogues

2. Hacking - enters into a system and steal valuable data

 Phishing - creation of e-mail referencing web pages that are replicas of existing
sites to make users believe as a authentic one

 Users data (personal, passwords etc.) get directed to fraudsters

 IP spoofing - used by intruders to gain unauthorized access to computers

 Messages are sent with a trusted IP of sender and appears as genuine

message for the receiver

Tools for security:

1. Antivirus - efficient in checking the data coming from external sources

2. Firewall - a system that enforces an access control policy

 Operate on set of user defined rules

3. Intrusion Detection Systems (IDS) - added to firewall to detect the need of

communicating channels

 Firewall only monitors traffic between internal and external network

 E-Commerce (DCSE604)
 IDS checks all the communication like within organization (internal)

 Two types : HIDS (Host IDS) and NIDS (Network IDS)

 HIDS -

i. Checks system log files and alerts if log activity matches pre-determined
attack signature

 NIDS -

i. Monitors real-time network traffic

4. Secure Sockets Layer (SSL) - client server authentication mechanism

 Mostly used for monetary transaction