Definition
- E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction.
1. Integrity: prevention against unauthorized data modification
2. Nonrepudiation: prevention against any one party from reneging on an
agreement after the fact
3. Authenticity: authentication of data source
4. Confidentiality: protection against unauthorized data disclosure
5. Privacy: provision of data control and disclosure
6. Availability: prevention against data delays or removal.
Threats
Anyone with the capability, technology, opportunity, and intent to do
harm.Potential threats can be foreign or domestic, internal or external,
state-sponsored or a single rogue element.Terrorists, insiders, disgruntled
employees, and hackers are included in this profile (President's Commission on
Critical Infrastructure Protection)
- Intellectual property threats -- use existing materials found on the Internet without the owner's permission, e.g., music downloading, domain name (cybersquatting), software pirating .
- Client computer threats
– Trojan horse
– Active contents
– Viruses
- Communication channel threats
– Sniffer program
– Backdoor
– Spoofing
– Denial-of-service
- Server threats
– Privilege setting
– Server Side Include (SSI), Common Gateway Interface (CGI)
– File transfer
No comments:
Post a Comment