Q

Transacting or facilitating business on
internet is called e-commerce, and its
revolve around buying and selling
The use of internet and web to transit the
business.
Digitally refers to commercial transactions
between organization and individual.

Most serious losses involved theft of
proprietary information or financial fraud
40% reported attacks from outside the
organization
38% experienced denial of service attacks
94% detected virus attacks

is any illegal act committed using a computer
network especially the Internet.
Cybercrime is a subset of computer crime.
Stealing and using or selling of data:
Company data
Personal information in company files

ability to ensure that information being displayed on a
Web site or transmitted/received over the Internet has
not been altered in any way by an unauthorized party
ability to ensure that e-commerce participants do not
deny (repudiate) online actions

I
ability to identify the identity of a person or entity with whom
you are dealing on the Internet
ability to ensure that messages and data are available only to
those authorized to view them
ability to control use of information a customer provides about
himself or herself to merchant
:
ability to ensure that an e-commerce site continues to function
as intended

• Designed to breach system security and threaten digital information
 Viruses
 Worms
 Trojan horses
 Bots, botnets
 Browser parasites
 Adware
 Spyware

 computer program that has ability to replicate and spread to
other files; most also deliver a “payload” of some sort (may
be destructive or benign)
 designed to spread from computer to computer rather than
from file to file
 Program that actively reproduces itself across a network
 appears to be benign, but then does something other than
expected (i.e., games that steal sign-ons and passwords)

Is a malware used by unauthorized person to make a
computer zombie for having access on computer
Includes adware parasites spyware or any other
programme application which is installed on
computer through internet traffic without informed
consent of a particular user
Installed in a computer from social networking
Purpose is to just annoying you
Not perform criminal activity

 Installed through click on some link
 Captured your activities and then send to unauthorized
person
 Transmit your activities
 Change your home page
Small programs install themselves surreptitiously on computers to
monitor user Web surfing activity and serve up advertising
 Captured our key strokes
 Steal our confidential or financial information Like our
login & password

Deceptive online attempt to obtain confidential
information
Social engineering, e-mail scams, spoofing legitimate
Web sites
Use information to commit fraudulent acts (access
checking accounts), steal identity
 Hackers vs. crackers
 Cyber vandalism: intentionally disrupting, defacing, destroying
Web site
 Types of hackers: white hats, black hats, grey hats

hacker is not cyber
criminal
know all about the
operating system
they always do
constructive work
 A person who breaks
security onSystem
intrusion
 System damage
 Cybervandalism
 cracker is cyber
criminal
 crackers creates nothing
& destroy much

Individual who intends to gain unauthorized access to
computer systems Types of hackers include :
 White hats
 Black hats
 Grey hats
 Professional Security Experts not perform criminal activity
 lack hat hackers break into secure networks to destroy data
or make the network unusable for those who are authorized
to use the network

A grey hat hacker is a combination of a
black hat and a white hat hacker A grey hat hacker
may surf the internet and hack into a computer
system for the sole purpose of notifying the
administrator that their system has a security
defect, for example. Then they may offer to correct
the defect for a fee

Used to denote hacker with criminal intent (two
terms often used interchangeably)
Intentionally disrupting, defacing or destroying a
Web site

Fear that credit card information will be stolen
deters online purchases
Hackers target credit card files and other customer
information files on merchant servers; use stolen
data to establish credit under false identity
One solution: New identity verification mechanisms

Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else
Often redirects users to another Web site
Threatens integrity of site; authenticity

Hackers flood Web site with useless traffic to
inundate and overwhelm network
hackers use numerous computers to attack target
network from numerous launch points

•
A generic term for malicious software
A number of factors have contributed to the overall increase in
malicious code. Among these factors, the following are
paramount:
Mixing data and executable instructions
Increasingly homogenous computing environments
Unprecedented connectivity
Larger clueless user base

 Type of eavesdropping program that monitors information
traveling over a network; enables hackers to steal
proprietary information from anywhere on a network
 Single largest financial threat
 Poorly designed server and client software: Increase in
complexity of software programs has contributed to an
increase is vulnerabilities that hackers can exploit

 The process of transforming plain text or data into cipher
text that cannot be read by anyone other than the sender and
receiver
Purpose: Secure stored information and information
transmission Provides:
Message integrity
Nonrepudiation
Authentication
Confidentiality

Also known as secret key encryption
Both the sender and receiver use the same
digital key to encrypt and decrypt message
Requires a different set of keys for each
transaction

 solves symmetric key encryption problem of having to
exchange secret key
 Uses two mathematically related digital keys – public key
(widely disseminated) and private key (kept secret by
owner)
 Both keys are used to encrypt and decrypt message
 Once key is used to encrypt message, same key cannot be
used to decrypt message
 For example, sender uses recipient’s public key to encrypt
message; recipient uses his/her private key to decrypt it

A public key encryption system can be viewed as a series of public and
private keys that lock data when they are transmitted and unlock the data
when they are received. The sender locates the recipient’s public key in a
directory and uses it to encrypt a message. The message is sent in
encrypted form over the Internet or a private network. When the
encrypted message arrives, the recipient uses his or her private key to
decrypt the data and read the message.

• Addresses weaknesses of public key encryption
(computationally slow, decreases transmission
speed, increases processing time) and symmetric
key encryption (faster, but more secure)
• Uses symmetric key encryption to encrypt document
but public key encryption to encrypt and send
symmetric key

 Most common form of securing channels of
communication; used to establish a secure negotiated
session (client-server session in which URL of requested
document, along with contents, is encrypted)
 Alternative method; provides a secure message-oriented
communications protocol designed for use in conjunction
with HTTP

• Hardware or software filters communications
packets and prevents some packets from entering the
network based on a security policy
• Software servers that handle all communications
originating from or being sent to the Internet (act as
“spokesperson” or “bodyguard” for the
organization)

Authentication and access control
mechanisms
Easiest and least expensive way to prevent
threats to system integrity

References
KENNETH C LOUDEN