Professional Documents
Culture Documents
Various Forms of Security Threats: Virus Worms Trojan Logic Bombs Zombie PC Spam
Damage caused by Phishing It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing. In 2007, phishing attacks escalated. 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007
What is Phishing
Sounds similar to fishing Denoting bates used to catch fish
What is Phishing
Phishing is typically carried out by email or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. In order to lure the victim into giving up sensitive information the message might include imperatives like "verify your account" or "confirm billing information".
What is Phishing Once the victim had revealed the password, the attacker could access and use the victim's account for fraudulent purposes or spamming. "no one working at AOL will ask for your password or billing information Targeted versions of phishing have been termed spear phishing.
What is Phishing
Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg
Link Manipulation
Misspelled URLs or the use of sub domains are common tricks used by phishers. For example URL, - http://www.sbi.benjamin.com/, it appears as though the URL will take you to the example section of the SBI website; actually this URL points to the sbi" (i.e. phishing) section of the benjamin website.
Spoofing
An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com
Website forgery
Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL
Evil Twins
Evil twins is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information
Certification Authority
Digital Certificate
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Digital Signature
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
Digital Signature
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
Public Key
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual
Digicert
DigiCert Inc is a privately held, US based X.509 SSL certificate provider. As a trusted third party, DigiCert verifies the authenticity of secure websites on behalf of a web browser for the purpose of preventing online phishing scams. Sites not secured in this manner by a trusted third party, or certificate authority, will display warning messages to users who try to access those sites.
Digicert
DigiCert was established in 2003 by Ken Bretschneider, CEO, and is currently the 5th largest public certificate authority in the world.
SSL
The Secure Sockets Layer (SSL) is a commonlyused protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL.
Threat To Ecommerce
Threat to Ecommerce
E-commerce tends to be at a higher echelon for risk and attacks. This is so because E-Commerce is the transaction of goods and services; and the payment for those goods and services over the Internet. Therefore, the physical place where all of these transactions occur is at the Server level. The server can be viewed as the central repository for your E-Commerce Place of Business*which consists of the actual website which displays your products and services, the customer database, and the payment mechanism
Threat to Ecommerce
If there are any attacks to this server, in one blow, there is the potential you could lose everything. Thus, being proactive about security takes on a much greater magnitude now Threats to E-Commerce servers fall into two general categories: (1) Threats from an actual attacker(s); and (2) Technological failure.
Threat to Ecommerce
In terms of the former, the motivation is primarily psychological. The intent is to garner personal information from people for the sheer purposes of exploitation (such obtaining Credit Card and Bank Account information; Phishing schemes, obtaining usernames and passwords, etc.). Technological Failure - This can be anything from a network not configured properly to data packets being lost, especially in a wireless access environment.
Threat to Ecommerce
Even poorly written programming code upon which your E-Commerce site was developed can be very susceptible to threats. Most E-Commerce Servers utilize a Windows Operating System (such as Windows 2000 and 2003 Server), a Web Server Software (Apache)to host the E-Commerce Site (such as Internet Information Services, or IIS), and a database (such as Access 2000 or SQL Server 2000) which contains your customer information and transaction history.
Threat to Ecommerce
These platforms have had various security flaws associated with them, which has made them wide open to threats and attacks. As a result, there has been a move in the business community to adopt more robust and secure platforms
Threat to Servers
The direct threats to E-Commerce servers can be classified as either (1) Malicious Code Threats; and (2) Transmission Threats. Malicious, or rogue programming code is introduced into the server in order to gain access to the system resources.
Very often, the intent of Malicious Code Attacks is to cause large scale damage to the E-Commerce server.
Threat to Servers
Transmission threat - the threats and risks can be classified as either as active or passive. With passive threats, the main goal is to listen (or eavesdrop) to transmissions to the server. With active threats, the intent is to alter the flow of data transmission or to create a rogue transmission aimed directly at the ECommerce server.
Malicious Code
Viruses and Worms The most common threat under this category are the worms and viruses. A virus needs a host of some sort in order to cause damage to the system. The exact definition is A virus attaches itself to executable code and is executed when the software program begins to run or an infected file is opened.
Virus
So for example, a virus needs a file in which to attach itself to. Once that file is opened, the virus can then cause the damage. This damage can range from the deletion of some files to the total reformatting of the hard drive. The key to thing to remember about viruses is that they cannot by themselves spread-they require a host file.
Worms
However, worms are very much different. A worm does not need a host to replicate. Rather, the worm replicates itself through the Internet, and can literally infect millions of computers on a global basis in just a matter of hours. A perfect example of this is once again the MS Blaster worm. Worms by themselves do not cause damage to a system like a virus does. However, worms can shut down parts of the Internet or E-Commerce servers, because they can use up valuable resources of the Internet, as well as the memory and processing power of servers and other computers.
Worms Vs Virus
A question that is often asked about worms and viruses is which of the two are worse. This is a difficult question to answer, as the criteria for which is worse depends upon the business environment. However, one thing is certain: in terms of the rate of propagation and multiplicity, worms are much worse than viruses.
Trojan Horse
A Trojan Horse is a piece of programming code that is layered behind another program, and can perform covert, malicious functions. For example, your E-Commerce server can display a cool-looking screen saver, but behind that could be a piece of hidden code, causing damage to your system.
Trojan Horse
Trojan Horse
One way to get a Trojan Horse attack is by downloading software from the Internet. This is where you need to be very careful. Make sure that whatever software is downloaded comes from an authentic and verified source, and that all defense mechanisms are activated on your server.
Logic Bombs
A Logic Bomb is a version of a Trojan Horse, however, it is event or time specific. For example, a logic bomb will release malicious or rogue code in an E-Commerce server after some specific time has elapsed or a particular event in application or processing has occurred.
Logic Bombs
Zombies - A soulless corpse said to be revived by witchcraft, esp. in certain African and Caribbean
Zombie
A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.
Zombies are used by malicious hackers to launch DoS attacks. The hacker sends commands to the zombie through an open port. On command, the zombie computer sends an enormous amount of packets of useless information to a targeted Web site in order to clog the site's routers and keep legitimate users from gaining access to the site.
Zombie
The traffic sent to the Web site is confusing and therefore the computer receiving the data spends time and resources trying to understand the influx of data that has been transmitted by the zombies. Compared to programs such as viruses or worms that can eradicate or steal information, zombies are relatively benign as they temporarily cripple Web sites by flooding them with information and do not compromise the site's data. Such prominent sites as Yahoo!, Amazon and CNN.com were brought down in 2000 by zombie DoS attacks.
Transmission Threat
Denial of Service Attacks With a Denial of Service Attack, the main intention is to deny your customers the services provided on your E-Commerce server. There is no actual intent to cause damage to files or to the system, but the goal is to literally shut the server down. This happens when a massive amount of invalid data is sent to the server. Because the server can handle and process so much information at any given time, it is unable to keep with the information and data overflow. As a result, the server becomes confused, and subsequently shuts down. Another type of Denial of Service Attack is called the Distributed Denial of Service Attack.
Ping of Death
When we surf the Web, or send E-Mail, the communications between our computer and the server takes place via the data packet. It is the data packet that contains the information and the request for information that is sent from our computer to other computers over the Internet. The communication protocol which is used to govern the flow of data packets is called Transmission Control Protocol/Internet Protocol, or TCP/IP for short.
Ping of Death
The TCP/IP protocol allows for data packets to be as large as 65,535 bytes. However, the data packet size that is transmitted across the Internet is about 1,500 bytes. With a Ping of Death Attack, a massive data packet is sent-65,536 bytes. As a result, the memory buffers of the E-Commerce Server are totally overloaded, thus causing it to crash.
SYN Flooding
When we open up a Web Browser and type in a Web address, or click Send to transmit that E-Mail from our own computer (referred to as the client computer), a set of messages is exchanged between the server and the client computer. These set of exchanges is what establishes the Internet connection from the client computer to the server, and vice versa. This is also known as a handshake.
SYN Flooding
To initiate this Internet connection, a SYN (or synchronization) message is sent from the client computer to the server, and the server replies back to the client computer with a SYN ACK (synchronization acknowledgement) message. To complete the Internet connection, the client computer sends back an ACK (or acknowledgement) message to the server.
SYN Flooding
At this point, since the E-Commerce server is awaiting to receive the ACK message from the client computer, this is considered to be a half-open connection. It is at this point in which the E-Commerce server becomes vulnerable to attacks Phony messages (which appear to be legitimate) could be sent to the E-Commerce server, thus overloading its memory and processing power, and causing it to crash
IP Spoofing
The Basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. With IP Spoofing, it is difficult to identify the real attacker, since all E-Commerce server logs will show connections from a legitimate source. IP Spoofing is typically used to start the launch of a Denial of Service Attack.
Encryption
Encryption is the conversion of data into a form, called a cipher text, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication.
Encryption
In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions. (Technically, a code is a means of representing a signal without the intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies.
Firewall
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
Firewall
firewall is a protective system that lies, in essence, between your computer network and the Internet. The job of a firewall is to carefully analyze data entering and exiting the network based on your configuration.
Firewall
The ideal firewall configuration will consist of both. In addition to limiting access to you computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins. While many people do not completely understand the importance and necessity of a firewall, or consider it to be a product for businesses only, if your network or computer has access to the outside world via the Internet then you need have a firewall to protect your network, individual computer and data therein.
Firewall
Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available.
Modem
Modem
Modulator-Demodulator.
A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog waves. A modem converts between these two forms.
Modem
Router
Modem - Router
Firewall Router
Firewall - Router
Software Firewalls
Protect a single computer Usually less expensive, easier to configure
Network Firewall
A network firewall protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two. Network firewalls guard an internal computer network (home, school, business intranet) against malicious access from the outside. Network firewalls may also be configured to limit access to the outside from internal users.
Software Firewall
For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms.
SSL Protocol
SSL Characteristics When SSL connection established browser-to-server and server-to-browser communications are encrypted. This includes: URL of requested document Contents of the document Contents of browser forms Cookies sent from browser to server Cookies sent from server to browser Contents of HTTP header
Optionally the server may request clients certificate If requested, client will send its certificate of authentication
if client has no certificate then connection failure
SSL Setup
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works. A browser requests a secure page (usually https://). The web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
SSL Setup
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data. The web server sends back the requested html document and http data encrypted with the symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.
Encryption
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
Credit Card
Credit Card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services Credit cards allow the consumers a continuing balance of debt, subject to interest being charged Merchants are charged several fees for the privilege of accepting credit cards. The merchant is usually charged a commission of around 1 to 3 per-cent of the value of each transaction paid for by credit card. The merchant may also pay a variable charge, called an interchange rate, for each transaction. In some instances of very low-value transactions, use of credit cards will significantly reduce the profit margin or cause the merchant to lose money on the transaction.
Credit Card
Merchants must accept these transactions as part of their costs to retain the right to accept credit card transactions. Merchants with very low average transaction prices or very high average transaction prices are more averse to accepting credit cards. In some cases merchants may charge users a "credit card supplement", either a fixed amount or a percentage, for payment by credit card.
This practice is prohibited by the credit card contracts in the United States, although the contracts allow the merchants to give discounts for cash payment.
Electronic Cheque
Smart Cards
A Smartcard is similar to a credit card; however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers card to the sellers device. A popular smartcard initiative is the VISA Smartcard. Using the VISA Smartcard you can transfer electronic cash to your card from your bank account, and you can then use your card at various retailers and on the internet. There are companies that enable financial transactions to transpire over the internet, such as PayPal. Many of the intermediaries permit consumers to establish an account quickly, and to transfer funds into their on-line accounts from a traditional bank account .
EBPPS
Electronic bill presentment and payment (EBPP) is a technique that allows consumers to view and pay bills electronically. There are a significant number of bills that consumers pay on a regular basis, which include: power bills, water, oil, internet, phone service, mortgages, car payments etc. EBPP systems send bills from service providers to individual consumers via the internet.
Models of EBPP
Consolidation - where numerous bills for any one recipient are made available t one Web site. The actual task of consolidation is sometimes performed by a third party and fed to the Web sites where consumers receive the bills. The principal attraction of consolidation is that consumers can receive and pay numerous bills at the one location Biller Direct - where the bills produced by an organization are made available through that organization's Web site. Direct email delivery - where the bills are emailed to the customer's inbox
SET
SET protocol supports all features of credit card system
1. 2. 3. 4. 5. 6. 7. 8. 9. Cardholder registration Merchant registration Purchase requests Payment authorizations Funds transfer (payment capture) Charge backs (refunds) Credits Credit reversals Debit card transactions
E-payment Method
EFT
Electronic bill payment in online banking, which may be delivered by EFT or paper check Transactions involving stored value of electronic money, possibly in a private currency Wire transfer via an international banking network (carries a higher fee) SWIFT Electronic Benefit Transfer
EFT
EFT
EFT is applicable to the following financial transactions: Payment made for certain goods and service via card (Debit or Credit). Refund of previous payments by a shopkeeper. Withdrawing money from an account via ATM. Depositing money in an account via ATM. Transferring funds between linked accounts. Making payment to a third party. Inquiring about various account details such as balance enquiry. Taking out mini statement via ATM. Request for PIN change at an ATM.