Académique Documents
Professionnel Documents
Culture Documents
Kenneth C. Laudon
Carol Guercio Traver
Copyright 2010
Chapter 5
Online Security and Payment
Systems
Copyright 2010
Slide 5-2
Copyright 2010
Slide 5-3
issues
Copyright 2010
Slide 5-4
Types of Attacks
Against
Computer
Systems
(Cybercrime)
Copyright 2010
Slide 5-5
New
technologies
Organizational
Industry
Other
factors
Time
value of money
Cost
Security
Copyright 2010
Slide 5-6
Copyright 2010
Slide 5-7
Copyright 2010
Slide 5-8
Copyright 2010
Slide 5-9
1.
Client
2.
Server
3.
Communications pipeline
Copyright 2010
Slide 5-10
A Typical
E-commerce
Transaction
Copyright 2010
Slide 5-11
Vulnerable Points in an
E-commerce Environment
Copyright 2010
Slide 5-12
Malicious code
Viruses
Worms
Trojan
horses
Bots, botnets
Unwanted programs
Browser
parasites
Adware
Spyware
Copyright 2010
Slide 5-13
Phishing
Copyright 2010
Slide 5-14
Splogs
Copyright 2010
Slide 5-15
Insider jobs
Sniffing
Copyright 2010
Slide 5-16
Technology Solutions
Protecting
Internet communications
(encryption)
Securing
channels of
communication (SSL, S-HTTP, VPNs)
Protecting
networks (firewalls)
Protecting
Copyright 2010
Slide 5-17
Tools
Available to
Achieve Site
Security
Copyright 2010
Slide 5-18
Encryption
Encryption
Transforms
Message integrity
Nonrepudiation
Authentication
Confidentiality
Copyright 2010
Slide 5-19
Strength of encryption
Length
Uses
Copyright 2010
Slide 5-20
1.
2.
Copyright 2010
Slide 5-21
Copyright 2010
Slide 5-22
Hash function:
Copyright 2010
Slide 5-23
Copyright 2010
Slide 5-24
Digital Envelopes
key encryption
Symmetric
key encryption
Copyright 2010
Slide 5-25
Copyright 2010
Slide 5-26
of subject/company
Subjects public key
Digital certificate serial number
Expiration date, issuance date
Digital signature of certification authority (trusted
third party institution) that issues certificate
Copyright 2010
Slide 5-27
Copyright 2010
Slide 5-28
Copyright 2010
Slide 5-29
Insight on Society
Copyright 2010
Slide 5-30
S-HTTP:
Provides
a secure message-oriented
communications protocol designed for use in
conjunction with HTTP
Slide 5-31
Copyright 2010
Slide 5-32
Protecting Networks
Firewall
Packet filters
2.
Application gateways
Copyright 2010
Slide 5-34
system security
enhancements
Upgrades,
Anti-virus
patches
software
Easiest
Requires
daily updates
Copyright 2010
Slide 5-35
management policies
Copyright 2010
Slide 5-36
Risk assessment
Security policy
Implementation plan
Security
Access
organization
controls
Authentication
Authorization
policies, authorization
management systems
Security audit
Copyright 2010
Slide 5-37
Copyright 2010
Slide 5-38
Insight on Technology
Copyright 2010
Slide 5-39
OECD guidelines
Copyright 2010
Slide 5-40
Cash
Most
Checking transfer
Second
Credit card
Credit
card associations
Issuing banks
Processing centers
Copyright 2010
Slide 5-41
Stored Value
Funds
Peer-to-peer
payment systems
Accumulating Balance
Accounts
E.g.,
Copyright 2010
Slide 5-42
Copyright 2010
Slide 5-43
Debit
28%
cards
cards
of online payments in 2009
Limitations
payment
Security
Cost
Social
equity
Copyright 2010
Slide 5-44
Copyright 2010
Slide 5-45
Digital wallets
Digital cash
Copyright 2010
Slide 5-46
Digital checking:
Extends
Slide 5-47
(stored value)
Mobile
debit cards
Mobile
credit cards
Copyright 2010
Slide 5-48
Insight on Business
Copyright 2010
Slide 5-49
Copyright 2010
Slide 5-50
Copyright 2010
Slide 5-51