E-Commerce Security Issues Threats and Challenges on the Internet Presented By Humayun Khalid
Oct 30, 2014
Presented By Humayun Khalid
E-Commerce
Security Issues
Threats and Challenges on the Internet
Presented By Humayun Khalid
Threats and Challenges
• There are many ways of attacking a website, online software applications, and any online system that is connected to internet.
• Four basic ways of threats– Loss of data integrity– Loss of data privacy– Loss of service– Loss of control
Presented By Humayun Khalid
Loss of data integrity• Information is created, modified, or deleted
• Example {HTML page coding changes}• Write the coding of html page
Loss of data privacy
• Information is made available to unauthorized persons. • Hacking
Presented By Humayun Khalid
Hacking
• Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer (claver programmer). In recent years though, with easier access to multiple systems, it now has negative implications.)
White Hat Hackers
Presented By Humayun Khalid
Hacking continue
• Sometime hacker gain full access of computer system and sometime don’t get full access but use DoS.
• Dos is denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users.
Presented By Humayun Khalid
DoS attack continue
• In DoS the hackers attacks the website and server components and damage the coding and access programming of the system due to this the program refuses to give access to authorized access.
• It creates financial loss and also system, softwares and databases loss for the organization
Presented By Humayun Khalid
Ways of attacking
• One way is to monitor the communication b/w two persons. It is unsecure because the communication is done through text format, when one enter communication, the hacker change the text and creates conflicts b/w parties
Presented By Humayun Khalid
Phishing • Phishing is a way of attempting to
acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Define phishing procedure
Hackers can change, delete and modified the information and the web server, owner and even the person or customer don’t know that which information is being changed.
Presented By Humayun Khalid
Software theft • A biggest problem that the hackers can damage the softwares
coding contains on the data of customers, personal information and user name, login details, passwords etc.
Sniffing• Sniffing is a possibility to intercept the traffic on a network. • Text log remain active on internet• Hackers damage the output device e.g. monitor that show the
results by using remote assistance that is done by using these text logs files
Presented By Humayun Khalid
Trojan Horse
• A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.
• Trojan horse transfer the information from one system to another system, by this the hacker can use system remotely without any problem.
Presented By Humayun Khalid
Spoofing Attack• In the context of network security,
a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
• The hacker can take the control of the network through hacking of one system.– Network configuration is badly
affected by hacking. – IP address spoofing (control of IP
addresses)• IP1,IP2, IP3, IP4• Hackers attacks on the 1 IP and by using
administrative controls all IP’s
Presented By Humayun Khalid
IP Spoofing
• Hacker destroy the information and also present false information to customers that create conflicts, problems for customers.
• Used by competitors to destroy the image and goodwill of the online business.
• So, keep you websites secure by purchasing the online security services such as VERISIGN, NORTON SYMANTEC,WATCHBOX, @SEC
Presented By Humayun Khalid
Floppy hacking
• An old and know way• Hacker is easily locate
Bribe the Programmers
by offering the amount to get required information
Fake Website PagesHacker create a new page of the index page of the website and the link it up with a wrong webpage address, that create the problem for customers. Customer don’t get their orders and in case the firm’s sales decreases day by day, when it comes in the knowledge of owner , he surely loose its many potential customers. It is called DNS hacking
Presented By Humayun Khalid
DNS hacking
• Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network.
• So just security provided systems should to be visible on the internet. (firewall)
Presented By Humayun Khalid
Thanks….!