CH.5 E-commerce Security Fundamentals

Questions and Answers

What is a major challenge in achieving good e-commerce security?

Balancing security with ease of use (correct)

Monitoring underground economy marketplaces

Implementing new technologies

Adhering to industry standards

Which of the following is NOT a key point of vulnerability in the e-commerce environment?

Database (correct)

Communications pipeline

Server

Client

What is the primary concern in the underground economy marketplace?

Malicious code distribution

Network security breaches

Fraudulent transactions

Stolen information storage (correct)

What is a major factor to consider when evaluating the cost of security measures?

Cost of potential loss

Which of the following is a type of malicious code?

Backdoor

What is the primary goal of security measures in e-commerce?

To achieve the highest degree of security

What is a major concern in the e-commerce environment?

Criminal use of the Internet

What is a key factor in the tension between security and ease of use?

The number of security measures added

What is the primary goal of hacktivism?

Political or social change

Which type of threat involves the theft of sensitive information to impersonate an individual?

Identity theft

What is the primary purpose of a firewall in network security?

To block unauthorized access

Which encryption method is commonly used to secure online transactions?

SSL

What type of attack involves tricking individuals into revealing sensitive information?

Social engineering

What is the primary goal of a denial-of-service (DoS) attack?

System disruption

Which type of malware is designed to monitor and capture sensitive information?

Spyware

What is the primary purpose of a VPN in network security?

To secure channels of communication

What is the primary function of a firewall in network security?

To filter packets based on a security policy

What is the main purpose of a proxy server in network security?

To handle all communications originating from or being sent to the Internet

What is the easiest and least expensive way to prevent threats to system integrity?

Installing antivirus software

What is a critical component of managing risk in network security?

All of the above

What is a key component of a security plan?

Risk assessment

What is the purpose of a security audit in network security?

To evaluate the effectiveness of a security plan

Study Notes

E-commerce Security Environment

• The size and losses of cybercrime are unclear due to reporting issues.
• In 2011, 46% of respondents in a CSI survey detected a breach in the last year.
• Stolen information is stored on underground economy servers.

What Is Good E-commerce Security?

• To achieve the highest degree of security, new technologies, organizational policies and procedures, and industry standards and government laws are necessary.
• Other factors to consider include the time value of money, the cost of security vs. potential loss, and the concept that security often breaks at the weakest link.

The Tension Between Security and Ease of Use

• The more security measures added, the more difficult a site is to use, and the slower it becomes.
• The use of technology by criminals to plan crimes or threaten nation-state security is a concern.

Security Threats in the E-commerce Environment

• Three key points of vulnerability in the e-commerce environment are: • Clients • Servers • Communications pipeline (Internet communications channels)

Most Common Security Threats

• Malicious code threats include: • Viruses • Worms • Trojan horses • Drive-by downloads • Backdoors • Bots and botnets
• Potentially unwanted programs (PUPs) include: • Browser parasites • Adware • Spyware
• Phishing threats include: • E-mail scams • Social engineering • Identity theft
• Hacking threats include: • Hackers vs. crackers • Types of hackers: White, black, and grey hats • Hacktivism
• Cybervandalism: Disrupting, defacing, or destroying a Web site
• Data breach: Losing control over corporate information to outsiders
• Credit card fraud/theft: Hackers targeting merchant servers to establish credit under false identity
• Spoofing (Pharming): Spam (junk) Web sites
• Denial of service (DoS) attack: Hackers flooding a site with useless traffic to overwhelm the network
• Distributed denial of service (DDoS) attack
• Sniffing: Eavesdropping programs that monitor information traveling over a network
• Insider attacks: Poorly designed server and client software
• Social network security issues: Mobile platform security issues
• Cloud security issues: Same risks as any Internet device

Technology Solutions

• Protecting Internet communications: • Encryption
• Securing channels of communication: • SSL • VPNs
• Protecting networks: • Firewalls
• Protecting servers and clients: • Hardware and software security measures

Protecting Networks

• Firewall: Hardware or software that uses security policy to filter packets • Two main methods: Packet filters and Application gateways
• Proxy servers (proxies): Software servers that handle all communications originating from or being sent to the Internet

Protecting Servers and Clients

• Operating system security enhancements: • Upgrades • Patches
• Anti-virus software: Easiest and least expensive way to prevent threats to system integrity • Requires daily updates

Management Policies, Business Procedures, and Public Laws

• Companies worldwide spend $60 billion on security hardware, software, and services
• Managing risk includes: • Technology • Effective management policies • Public laws and active enforcement

A Security Plan: Risk Management Policies

• Risk assessment
• Security policy
• Implementation plan: • Security organization • Access controls • Authentication procedures, including biometrics • Authorization policies, authorization management systems
• Security audit

Description

This quiz covers the basics of e-commerce security, including the size and losses of cybercrime, reporting issues, and the importance of new technologies and organization in achieving good e-commerce security.