Chapter 10: E-commerce Security

Security Issues:

Types of security:
-Physical security
-logical security (routers etc.)

Minimum Level of Requirements:

-Privacy/secrecy - no unauthorized disclosure
-Data integrity - no unauthorized modification
-Availability/Necessity - No data or message delays
-Key Management - secure encription keys
-Nonrepudiation - end-to-end proof of identity
-Authentication - digital signitures and certificates

Security Policy:

-Physical Security
-Network security
-Access authorization
-Virus Protection
-Disaster Recovery

Risk Management:

1. Terminology
2. Action Model

Client-Side Security:

Cookies:

1. Session Cookie - is deleted whent the browser is exited.
2. Persistent Cookie - this is permanent, is always stored on the harddrive.
3. Web bugs - A little invisible graphic that tells something to store a cookie.

Uses of Cookies:

1. Personalize websites
2. Website tracking
3. User ID and Log-in

Active Content:

1. activeX controls
2. Java Applets
3. Javascript
4. Trojan Horse
5. Viruses, worms & zombies
6. Graphics and Plugins

Encryption:

1. Symmetric (shared key)
2. Asymmetric (public key, private key, digital signiture)
3. digital certificates - comodo, Entrust, Geotrust, Thawte, Verisign, Which SSL, SSL Shopper,

Uses:

1. email (pretty good privacy - pgp)
2. banks
3. accountants

Encryption of disks and folders:

1. Truecrypt
2. Encrypt my folders
3. Hide my folders
4. hide photos
5. VOIP can now be encrypted without slowing down.

Anonymity:

1. anonymizer
2. Operator
3. Onion Routing
4. TOR Project

antivirus:

1. AVG
2. F-Prot
3. McAfee - corp
4. Symantec Norton -corp
5. Microsoft Security Center

Spam:

1. CA Anti spam
2. Choice Mail One
3. Mailwasher
4. Spam Buster
5. Spam Eater
6. Spam Killer

Spyware:

1. Ad-Aware
2. CCleaner - best one
3. Spybot S&D - must be used in conjunction with ad aware
4. Webrobot spy sweeper - commercial spyware

Miscellaneous:

1. brave.net
2. free hostia
3. IPtect
4. Comodo personal firewall