E-commerce Security Issues

Questions and Answers

What is a major drawback of symmetric key encryption?

• It can be used without sharing keys.
• It relies on a single key for encryption and decryption. (correct)
• It requires a vast number of unique keys for all users. (correct)
• It is immune to computational attacks.

In public key encryption, how is a message encrypted?

• Utilizing the sender's public key.
• With the recipient's public key. (correct)
• Using the same private key that will later decrypt it.
• By a randomly generated encryption key.

What information is included in a digital certificate?

• Sender's personal address.
• Recipient's private key.
• Expiration date of the certificate. (correct)
• Sender's password.

What role do Certification Authorities (CAs) play in digital certificates?

They act as trusted third parties that issue digital certificates. (C)

Which statement correctly describes the relationship between public and private keys?

The public key is used to encrypt; the private key is used to decrypt. (C)

Why is it problematic to send a symmetric key over an insecure medium?

It could be intercepted, compromising security. (A)

What function do digital certificates serve?

They verify the identity and public key ownership of the user. (D)

What best describes public key infrastructure (PKI)?

A framework for managing digital certificates and public key encryption. (B)

What is meant by the term 'nonrepudiation' in e-commerce security?

Preventing a party from denying an agreement after it has been made (C)

Which of the following is NOT one of the six key issues of e-commerce security?

Responsibility (C)

Where can data be intercepted in e-commerce transactions?

In the browser, between the browser and the server, and at the server (D)

What is the first step in ensuring data security during transmission?

Encrypting the data (D)

What does confidentiality refer to in the context of e-commerce security?

Protection against unauthorized access to sensitive data (B)

What is encryption primarily used for in e-commerce?

To safeguard data being transmitted over the network (D)

How can a user's personal data be compromised when left unattended on a computer?

Anyone can access the computer and view sensitive data (B)

What is one major limitation of communicating credit card information via email?

Hacker access to the email system can lead to data breaches (A)

What is the primary function of HTTPS protocols?

To secure data transfer and improve search ranking (A)

What should be avoided regarding client credit card information in an e-commerce setting?

Storing credit card information in the database (A)

What is an effective measure to secure the Admin Panel?

Changing passwords frequently and restricting user access (A)

What type of software is primarily used to detect and remove malware?

Anti-Malware software (B)

Which of the following measures helps protect user data on e-commerce websites?

Implementing SSL certificates (A)

What is a benefit of using Anti-Virus software, aside from detecting viruses?

It prevents any malware infection (C)

What is a potential danger of clicking on infected links sent via communication platforms?

It could install malware on your device (D)

What security measures should be taken to protect a payment gateway?

Utilize secure handling of transactions (D)

What is the primary difference between symmetric key cryptography and public key cryptography?

Public key cryptography uses one public and one private key. (C)

What ensures the authenticity of information in digital communications?

Digital signature (B)

Which of the following best describes cyber vandalism?

Defacing websites and creating malware. (B)

What constitutes credit card fraud?

Unauthorized purchasing using someone else's credit card information. (C)

Which attack is characterized by an attempt to manipulate data by pretending to be a trusted source?

Spoofing (B)

What type of code is designed to cause harm to computer systems?

Malicious code (C)

What is the main effect of a Denial of Service (DoS) attack?

Restricting access to services for authorized users (C)

What technique involves listening in on other people's communications?

Packet sniffing (C)

What is a primary benefit of using third-party payment processors like PayPal and Stripe?

They ensure better safety for customer data. (A)

What role do effective firewalls play in e-commerce security?

They protect against XSS and SQL injection attacks. (D)

Which of the following is a necessary step in ensuring PCI-DSS compliance?

Store credit card data securely. (A)

Why is it important to educate staff and clients about security?

To prevent unauthorized access to sensitive information. (A)

What should a robust security policy include?

An outline of acceptable and unacceptable behaviors. (D)

What is a critical step following a risk assessment in security management?

Creating an implementation plan. (D)

What is one of the additional security implementations mentioned for e-commerce stores?

Scanning for malware and backing up data. (A)

What is the purpose of creating a security organization?

To administer the security policy. (A)

Flashcards are hidden until you start studying

Study Notes

E-commerce Security Issues

• Integrity: Safeguarding against unauthorized changes to data.
• Nonrepudiation: Ensuring parties cannot deny their actions after transactions.
• Authenticity: Verifying the source of data and identity.
• Confidentiality: Preventing unauthorized access to sensitive information.
• Privacy: Maintaining control over personal data and its disclosure.
• Availability: Ensuring data is accessible and not delayed or removed.

Data Interception Points

• Data can be intercepted in three main areas:
  • In the browser: Users input sensitive information which can be accessed if the device is left unattended.
  • Between the browser and the server: Data in transit may be intercepted, even if encrypted.
  • In the server: Vulnerable to external attacks and unauthorized access.

Security Measures

• Encryption: Converts plaintext to ciphertext, protecting data during transmission.

  • Symmetric key cryptography: Same key for encryption and decryption.
  • Public key cryptography: Different keys for encryption (public) and decryption (private).

• Digital Signature: E-signature that verifies the authenticity of information through encryption.

• Security Certificates: Unique digital IDs for website identity verification.

Common Security Threats

• Hacking and Cyber Vandalism: Includes website defacement and malware creation.
• Credit Card Fraud: Unauthorized use of credit card information for purchases.
• Spoofing: Impersonating trusted entities to steal sensitive data.
• Malicious Code: Includes viruses, worms, and Trojans that harm systems.
• Denial of Service Attack: Overloading systems to restrict access for authorized users.
• Sniffing: Eavesdropping on network traffic to capture sensitive information.

E-commerce Security Solutions

• Implement HTTPS and SSL Certificates: Encrypt data transfer, improving security and search ranking.
• Use Anti-Malware and Anti-Virus Software: Protect systems from various malware infections.
• Secure Admin Panel and Server: Use strong, frequently changed passwords and restrict access based on roles.
• Safeguard Payment Gateways: Avoid storing credit card data; use third-party processors.
• Deploy Firewalls: Block unauthorized access and mitigate cyber-attacks.
• Educate Employees and Clients: Provide training on secure data handling and update access rights for former employees.
• Perform Regular Security Scans: Identify malware and ensure data backups.
• Conduct Risk Assessments: Catalog information assets and their importance to the organization.
• Develop a Security Policy: Define protection protocols and roles.
• Create an Implementation Plan: Outline actionable steps for achieving security goals.
• Establish a Security Organization: Dedicated team to manage security policies and guidelines.

Drawbacks of Symmetric Key Encryption

• Vulnerability to Key Theft: Same key must be shared over potentially insecure channels.
• Management Complexity: Requires a vast number of keys for millions of users.

Public Key Encryption

• Utilizes a pair of keys for secure messaging: one public (shared) and one private (kept secret).
• Digital certificates link public keys to identities, authenticated by trusted Certification Authorities (CAs).
• Digital Certificate Details: Includes subject's name, public key, serial number, expiration date, issuing authority’s signature, and more.