Professional Documents
Culture Documents
Introduction & Security Issues IN E-Commerce: Presented By
Introduction & Security Issues IN E-Commerce: Presented By
IN
E-COMMERCE
Presented By:-
Amit Kumar Srivastava
2010IS09
M.Tech 1st year
Outline
• Introduction of E-commerce
– Definition of e-commerce
– History of E-Commerce
• Type of E-commerce
• Issues in developing e-commerce applications
• Security Issues
• Solution of Security Issues
Introduction of E-commerce
Electronic Commerce (E-Commerce)
Merchant
Customer
7. Merchant completes order
3. Merchant forwards
8. Merchant captures payment information
transaction to bank
6. Bank authorizes
payment
5. Issuer authorizes
payment
Customer’s bank
“Issuer” Merchant’s bank
For (1)(ii)……
Securing Private Networks
• Minimize external access to LAN
• Done by means of firewalls and proxy servers
• Firewalls provide a secure interface between an
“inner” trusted network and “outer” untrusted
network
• every packet to and from inner and outer
network is “processed”
• Firewalls require hardware and software to
implement
For (1) (ii)……
Securing Private Networks
• Software that is used are proxies and filters
that allow or deny network traffic access to
either network
• Proxy programs
– application-level
– circuit-level
• Filters
– packet filtering
Access Security Threats
• Access Control
– Threats
– Webjacking(Illegal access of server computing system)
– Countermeasures
• User Authentication
• User Authorization
• Denial of Service
– Threat
• Unable to user server resources
• Type of DOS Attacks
– Counter Measures (limited)
• Firewalls
• System Configuration
Solution For (2)
Access Control
• User authentication
– process used to identify user who accesses a web
server
– determines legitimate user
– Generally referred to as access control
• User authorization
– once user authenticated specifies what server
resources that user may access
– resources are: files, scripts, and directories
Solution For (2)………
User Authentication
• Several type of access control
– Based on IP address
• validates web browser based on its host’s IP address
– Based on Domain Name
• validates web browser based on its host’s domain name
– Based on user name and password
• User of browser is validated on basis of user ID and its associated
password
– Based on client certificates
• remote user is issued a secure certificate to use as a digital signature
– Based on network security protocols
• solves validation problems associated with accessing via LAN and
WAN
• e.g. Kerberos and DCE
Authentication based on host IP address and/or
DNS name
• Screen browsers based on their source IP
address, Domain Name, network, or subnetworks
• Advantages
– easy to set up
– not likely to be incorrectly configured
• Disadvantages
– difficult to grant access to users who migrate
– difficult hand DHCP protocol and Web proxies
– security issues of
• DNS spoofing
• IP spoofing
Authentication Based on User ID and Password