Scribd
Upload
230 views17 pages

Security Threats To E-Commerce: BY Janani - SB

There are three main types of threats to e-commerce: client threats, communication channel threats, and server threats. Client threats include active content like Java applets, ActiveX controls, and malicious cookies that can damage files on user computers. Communication channel threats involve risks to secrecy, integrity, and availability of data transmitted over the internet. Server threats target vulnerabilities in web servers, databases, CGI scripts, and other server-side programs that could allow destruction of data or illegal access to information. Countermeasures like risk management models are needed to recognize, reduce, and eliminate security risks for e-commerce.

Uploaded by

vidhyaaravinthan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
230 views17 pages

Security Threats To E-Commerce: BY Janani - SB

There are three main types of threats to e-commerce: client threats, communication channel threats, and server threats. Client threats include active content like Java applets, ActiveX controls, and malicious cookies that can damage files on user computers. Communication channel threats involve risks to secrecy, integrity, and availability of data transmitted over the internet. Server threats target vulnerabilities in web servers, databases, CGI scripts, and other server-side programs that could allow destruction of data or illegal access to information. Countermeasures like risk management models are needed to recognize, reduce, and eliminate security risks for e-commerce.

Uploaded by

vidhyaaravinthan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

SECURITY THREATS TO E-COMMERCE

BY JANANI.SB
1

Implication of Threat
Any act or object that poses a danger to computer assets is known as a threat. Countermeasure is a procedure that recognizes, reduces, or eliminates a threat. The risk management model shows four general actions to take for the threat.

Electronic Commerce Threats


There are three types of electronic commerce threats:
Client threats Communication channel threats Server threats

Client Threats
Web pages were mainly static. The widespread use of active content has changed the function of Web pages. Sources of client threats:
Active content Java, Java Applets, and JavaScript ActiveX Controls Graphics, Plug-Ins, and E-mail Attachments
4

Active Content
Active content refers to programs that are embedded transparently in Web pages and that cause action to occur. The best-known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript. Also include graphics and Web browser plug-ins.

Active Content
A Trojan horse is a program hidden inside another program or Web page that masks its true purpose.

A zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computer. Malicious cookie can destroy files stored on client computers.
6

Virus
A virus is software that attaches itself to another program and can cause damage when the host program is activated. Worm viruses replicate themselves on other machines. A macro virus is coded as a small program and is embedded in a file. The term steganography describes information that is hidden within another piece of information.
7

Communication Channel Threats


The Internet is not at all secure. Messages on the Internet travel a random path from a source node to a destination node. Internet channel security threats include:
secrecy integrity necessity
8

Secrecy Threats
Secrecy is the prevention of unauthorized information disclosure. Privacy is the protection of individual rights to nondisclosure. Secrecy is a technical issue requiring sophisticated physical and logical mechanism. Privacy protection is a legal matter.

Integrity Threats
An integrity threat exists when an unauthorized party can alter a message stream of information. Cyber vandalism is an example of an integrity violation. Masquerading or spoofing is one means of creating havoc on Web sites.
10

Necessity Threats
The purpose of a necessity threat is to disrupt normal computer processing or to deny processing entirely. Necessity threat is also known as a delay, denial, or denial-of-service threat (DOS). eBay faced the denial-of-service attack in early 2000.
11

Server Threats
Servers have vulnerabilities that can be exploited to cause destruction or to acquire information illegally. Server threats include:
Web server threats Database threats Common gateway interface threats Other programming threats
12

Web Server Threats


Setting up a Web server to run in high-privilege status can lead to a Web server threat. The secrecy violation occurs when the contents of a servers folder names are revealed to a Web browser. The W3C Threat Document provides information about server security.

13

Database Threats
Databases connected to the Web could damage a company if it were disclosed or altered. Anyone obtains user authentication information can masquerade as a legitimate user. The Database threats resource center describes threats to database systems.

14

Common Gateway Interface Threats


Because CGIs are programs, they present a security threat if misused. CGI scripts can be set up to run with high privileges, which causes a threat. CGI programs or scripts can reside about anywhere on the Web server, they are hard to track down and manage.
15

Other Programming Threats


Another serious Web server attack can come from programs executed by the server. Buffer overflows can have moderate to very serious security consequences. A mail bomb is the attack when thousands of people send a message to a particular address.

16

THANK YOU

17

You might also like