Threats to E-Business

8/15/2019 Threats to E-Business

http://slidepdf.com/reader/full/threats-to-e-business 1/24

E-business - 6

Threats to e-Business



Intellectual Property Threats

Three problem related to intellectualproperty:

Cybersquatting Name changing

Name Stealing



Cyber squatting Is practice of registering a domain name that is the

trademar of another person or company in the hopesthat the o!ner !ill pay huge amount of money toacquire the "#$

The "%S anticybersquating Consumer protection &ct &lso no! as the trademar cyberpiracy Pre'ention &ct%

Protects the trademared names o!ned by corporationsform being registered as domain names by other parties

&ny parties found guilty of cybresquanting can be heldliable for damages of up to ()**+*** per trademar%



Name Changing

,ccurs !hen someone registers purposelymisspelled 'ariations of !ell-no!n domain name

These 'ariants sometime lure consumers !ho mae

typographical errors !hen entering "#$ There is no la! to go'ern this issue

& companys best defense is to register as many as'ariations in product and company spellings as

possible !ith &nticybersquatting ConsumerProtection &ct%



Name Stealing

,ccurs !hen someone posing as a sitesadministrator changes the o!nership of the sitesassigned domain name to another site and o!ner%

"sually happens only !hen safeguards are not inplace

The o!nership changes occur !ithout noticebecause it is automated

,ccur !hen domain names registrars securityprocedures can be faulty



Protecting Intellectual Property

" S .epartment of /ustice maintains thecybercrime site to pro'ide information and updateon

0acing Soft!are piracy

$atest security information

,n cyber crime

Protecting intellectual property right



.igital !atermar

1atermar is a digital code embedded in adigital image to protect content

2lue Spie produces a !atermaring system

called 3io'ani &uthenticates the copyright

Pro'ide copy control

Copy control electronic mechanism for limiting thenumber of copies that one can mae of a digital !or



Threats to the Security of Client

computer 1. Active Content

#efers to programs that are embedded in !eb

pages and that cause action to occur Cracer intent on doing mischief to client

computers by embedding malicious acti'econtent in !eb page

Called Tro/an 0orse Program hidden inside another program or !eb

page that mass its true propose



&cti'e Content Cont%%

& Tro/an horse can Send pri'ate information of the clients computer

Could alter or erase information on the clientscomputer

To a'oid Tro/an horses do not do!nload and installsoft!are from sources that you do not trust4 also

mae use of fire!alls to bloc illegitimateingoing5outgoing traffic



Cont%%

2. Cookies Cooies do not harm client machine directly

they can lead to security 'iolation

Either user can disable cooies entirely butthen user required to enter information eachtime they re'isit a !ebsite

&nd sometime to get full access of any !eb

site cooies are required That is !hy !e cannot disable cooies



Cooies cont%%

&nother approach is to use cooie blocer

1hich pre'ents cooies storage selecti'ely by &llo!ing user to bloc cooies from the !eb ser'ers

that load ad'ertising into !eb page

&llo!ing good7 cooies and denying all other



Cont%%

3. Steganography

Process of hiding information !ithin anotherpiece of information

This information resides in the bacground andis undetectable by anyone !ithout the correctdecoding soft!are

8any security analysts belie'e that the terroristorganisation &l 9aeda use steganography tohide information regarding their acti'ity inimages%



Client Computer Security

& virus is soft!are that attaches itself to anotherprogram

& worm is a type of 'irus that replicates itself on the

computer it affectsEmail attachments may include !ord processing

files+ spreadsheets+ databases+ images !hich maycontain 'iruses



Cont%%

To counteract 'iruses Ensure you ha'e installed the latest security

patches &lso ensure that you are running the latest &nti'irus soft!are !ith the latest 'irus updates



Protecting Client Computer

.igital certificate no!n as digital I.+ is an attachment to an

email message or program embedded in a !ebpage that 'erifies that sender or !ebsite is !hoor !hat it claim to be

Ser'e the same function as a photo on passport

Certificate authority issues a digital certificate

,ldest and famous C& is ;eriSign



Cont%%

A signature on a message is some data that 'alidates a message and 'erifies its origin a recei'er can eep as e'idence a third party can use to resol'e disputes

Si< main element of digital certificate Certificate o!ners identification information ,!ners public ey ;alidity date Serial number Name of issuer .igital signature of certificate issuer



Communication Channel Security

Confidentiality ensures that only o!ners of theshared ey can decrypt the message

Authentication ensures the identity of the person ateither end of a communication line are !ho they saythey are

Integrity ensures the message is not changedduring transit

Nonrepudiation ensures that the sender can notdeny sending the message



Cont%%

These assurances are pro'ided through thefollo!ing methods:

Public5Pri'ate eys ensure confidentiality

.igital signatures ensure nonrepudiation andauthentication

8essage authentication codes ensure data

integrity



Communication Channel Security

Communication channel threats come from'arious sources including: Sniffer Programs

2acdoors Cyber;andalism

8asquerading or Spoofing

.enial-of-Ser'ice



Cont%%

Sniffer !rograms These programs pro'ide a means of recording pacets

passing through a computer or router

It is similar to telephone line tappingSniffer programs can

#ead email messages

#ead user logins and pass!ords

#ead credit card numbers



Cont%%

"ackdoors Some e-commerce programs contain bacdoors

These bacdoors are left intentionally or

unintentionally by soft!are de'elopers 2acdoors pro'ide a !ay for an unauthorised user to

gain access to protected information including:Credit card information

Proprietary company information =!hich could be sold formillions to competitors>



Cont%%

Cy#er$andalism This is the electronic defacing of 1eb site pages

2y replacing regular content It is parallel to the spraying of graffiti on public

property



Cont%%

%as&uerading or Spoofing This is !hen a person impersonates someone else

E%g% pretending that a 1eb site belongs to someoneelse+ !hen it does not

&ny order entered on this ne! page could then bemodified =e%g% change the shipping address of thegoods> and sent to the original 1eb site%



Cont%%

'enialofService (hreat

This threat disrupts normal computerprocessing

?or e<ample a @ombie computer could be usedto flood a 1eb site !ith pacets

This pre'ented legitimate users from using the1eb site

This also may lead to a loss in business

Documents

Threats to E-Business