e commerce security
TRANSCRIPT
1
Chapter 12
E-Commerce Security
12.1 Opening Case
12.2 The need for security
12.3 Why Now ?
12.4 Basic Security Issues
12.5 Types of Threats and Attacks
12.6 Security Risk Management
12.7 Security Technology
12.8 Managerial Issues
2
Brute Force Credit Card Attack Story
n The Problemn Spitfire Novelties usually
generates between 5 and 30 transactions per day
n On September 12, 2002 in a “brute force” credit card attack, Spitfire’s credit card transaction processor processed 140,000 fake credit card charges worth $5.07 each (62,000 were approved)
n The total value of the approved charges was around $300,000
n Spitfire found out about the transactions only when they were called by one of the credit card owners who had been checking his statement online and had noticed the $5.07 charge
n Brute force credit card attacks require minimal skill
n Hackers run thousands of small charges through merchant accounts, picking numbers at random
n When the perpetrator finds a valid credit card number it can then be sold on the black market
n Some modern-day black markets are actually member-only Web sites like carderplanet.com, shadowcrew.com, and counterfeitlibrary.com
3
nRelies on a perpetrator’s ability to pose as a merchant requesting authorization for a credit card purchase requiring
n A merchant ID
n A password
n Both nOnline Data’s credit card processing
services, all a perpetrator needed was a merchant’s password in order to request authorization
nOnline Data is a reseller of VeriSign Inc. credit card gateway services
n VeriSign blamed Online Data for the incident
n Online Data blamed Spitfire for not changing their initial starter password
n In April 2002 hackers got into the Authorize.Net card processing system (largest gateway payment system on the Internet)n Executed 13,000 credit card
transactions, of which 7,000 succeeded n Entry into the Authorize.Net system
required only a log-on name, not a password
4
Brute Force Solutionn Online Data should
assign strong passwords at the start
n Customers should modify those passwords frequently
n Authorization services such as VeriSign and Authorize.Net should have built-in safeguards that recognize brute force attacks
n Signals that something is amiss:
n A merchant issues an extraordinary number of requests
n Repeated requests for small amounts emanating from the same merchants
5
n The Resultsn VeriSign halted the transactions
before they were settled, saving Spitfire $316,000 in charges
n Authorize.Net merchants were charged $0.35 for each transaction
n The criminals acquired thousands of valid credit card numbers to sell on the black market
6
n What we can learn…n Any type of EC involves a number of
players who use a variety of network and application services that provide access to a variety of data sources
n A perpetrator needs only a single weakness in order to attack a system
n Some attacks require sophisticated techniques and technologies
n Most attacks are not sophisticated; standard security risk management procedures can be used to minimize their probability and impact
Home
7
12.2 The Need for Security
§ Data from Computer Security Institute and FBI indicate:§ Cyber attacks are on the
increase§ Internet connections are
increasingly a point of attack
§ The variety of attacks is on the rise
§ The reporting of serious crimes to law enforcement has declined
n According to the statistics reported to CERT/CC over the past year (CERT/CC 2002)n The number of cyber
attacks skyrocketed from approximately 22,000 in 2000 to over 82,000 in 2002
n First quarter of 2003 the number was already over 43,000
Home
8
12.3 Why Now ?
§ Security systems are only as strong as their weakest points
§ Security and ease of use (or implementation) are antithetical to one another
§ Security takes a back seat to market pressures
§ Security of an EC site depends on the security of the Internet as a whole
§ Security vulnerabilities are increasing faster than they can be combated
§ Security compromised by common applications
Home
9
12.4 Basic Security Issues
Issues at a simple marketing site:§ User’s perspective
§ Is Web server owned and operated by legitimate company?
§ Web page and form contain some malicious code content?
§ Will Web server distribute the user’s information to another party?
§ Company’s perspective§ Will the user attempt to break
into the Web server or alter the site?
§ Will the user try to disrupt the server so it isn’t available to others?
§ User and company perspective§ Is network connection free from
eavesdropping?§ Has information sent back and forth
between server and browser been altered?
10
13.4 Basic Security Issues(cont.)
Major security issues in EC
§ ConfidentialityMenimpan informasi pribadi dan sensitif dari pihak-pihak yang tidak berwenang
§ IntegrityMencegah dan melindungi data dari usaha merubah dan menghancurkan baik sengaja maupun tidak
§ Non-repudiationKemampuan untuk membatasi penyangkalan terhadap transaksi, biasanya dengan menggunakan signature
§ Authentication Proses dimana pihak yang satu mengkui keberadaan pihak yang lainnya
§ AuthorizationProses yang memastikan bahwa seseorang mempunyai hak akses
§ AuditingProses pencatatan informasi tentang aktivitas akses, penggunaan fasiltas, atau ancaman terhadap security
11
Home
12
12.5 Type of Threats and Attacks
Nontechnical attack:Serangan dengan cara menipu seseorang untuk memberikan informasi yang berhubungan dengan akses kedalam jaringan
Multiprong approach used to combat social engineering:
1. Education and training2. Policies and procedures3. Penetration testing
13
Technical attack:An attack perpetrated using software and systems knowledge or expertise
The players§ Hackers§ Crackers§ Script kiddies
§ Systems and software bugs and misconfigurations
§ Distributed Denial-of-service (DDoS) attacks
§ Malicious code§ Viruses§ Worms§ Macro viruses and macro
worms§ Trojan horses
12.5 Type of Threats and Attacks(Cont.)
14
Figure 12-1Using
Zombies in a Distributed
Denial of Service Attack
Home
15
13.6 Security Risk Management
n Common mistakes in managing their security risks (McConnell 2002):n Undervalued
informationn Narrowly defined
security boundariesn Reactive security
managementn Dated security
management processesn Lack of communication
about security responsibilities
n Security risk management:A systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks
16
§ Definitions involved in risk management§ Assets—anything of value
worth securing§ Threat—eventuality
representing danger to an asset
§ Vulnerability—weakness in a safeguard
§ Required to determine security needs§ 4 phases of risk
management§ Assessment§ Planning§ Implementation§ Monitoring
17
§ Assessment phase evaluation of assets, threats, vulnerabilities
§ Determine organizational objectives
§ Inventory assets§ Delineate threats§ Identify vulnerabilities§ Quantify the value of
each risk
§ Planning phase of risk management
arrive at a set of security policies
§ Define specific policies§ Establish processes for
audit and review§ Establish an incident
response team and contingency plan
13.6 Security Risk Management(cont.)
18
13.6 Security Risk Management(cont.)
§ Implementation phase of risk management
choose particular technologies to deal with high priority threats § Monitoring phase of
risk managementongoing processes used to determine which measures are successful, unsuccessful and need modification
Home
19
13.7 Security Technology
Securing EC Communication
n Authentication system:System that identifies the legitimate parties to a transaction, determines the actions they are allowed to perform, and limits their actions to only those that are necessary to initiate and complete the transaction
20
Biometric systems:Authentication systems that identify a person by measurement of a biological characteristic such as a fingerprint, iris (eye) pattern, facial features, or voice
Physiological biometric (fingerprint, iris, voice)Behavioral biometric (keystroke monitoring)
Encryption:The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it
Security Protocoln Secure Socket Layer (SSL):
Protocol that utilizes standard certificates for authentication and data encryption to ensure privacy or confidentiality
n Transport Layer Security (TLS):As of 1996, another name for the SSL protocol
n Secure Electronic Transaction (SET):A protocol designed to provide secure online credit card transactions for both consumers and merchants; developed jointly by Netscape, Visa, MasterCard, andothers
21
Securing EC Networksn Firewall: A network node consisting
of both hardware and software that isolates a private network from a public network
n Virtual private network (VPN): A network that uses the public Internet to carry information but remains private by using encryption to scramble the communications, authentication to ensure that information has not been tampered with, and access control to verify the identity of anyone using the network
n Intrusion detection systems (IDSs): A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees
22
Figure 13-6Application-Level Proxy (Bastion Gateway Host)
23
Figure 13-7Screen Host Firewall
24
Figure 13-8Screen Subnet Firewall (with DMZ)
Home
25
13.8 Managerial Issues
1. Have we budgeted enough for security?2. What are the business consequences of poor security?3. Which e-commerce sites are vulnerable to attack?4. What is the key to establishing strong e-commerce
security?5. What steps should businesses follow inestablishing a
security plan? 6. Should organizations be concerned with internal security
threats?
Home
26
27