ECOMMERCE
Esecurity
LECTURER: OSMAN KANU
PHONE#: +23276141146 / +23280031888
EMAIL: okanu@ccmtsl.com

Learning Objectives
After studying this unit, students would be able to understand
 The concept of E-Security
 Dimensions of Security Design
 Firewalls and system integrity
 Virus protection
 Protection from intruders

INTRODUCTION
The term “e-security” is often interchangeable used with other terms such as “internet
security”, “cyber security”, and / or “IT Security”.
Broadly “e-security encompasses security aspects of the information economy, including
information systems and communications networks”.
E-Security is a branch of computer security specifically related to the Internet, often involving
browser security but also network security.
Its objective is to establish rules and measures to use against attacks over the Internet.

Pictorial concept of E-security

Importance of E-commerce security:
E-security addresses the security of a company, locates its vulnerabilities and supervises
the mechanisms implemented to protect the on-line services provided by the company, in order
to keep adversaries (hackers, malicious users and intruders) from getting into the company’s
networks, computers and services.
Thus, in order to protect the critical information in electronic form belonging to any private or
public sector organization, we need to employ the e-security measures.

Common e-commerce pitfalls
In an enterprise, a security exposure might result in possible damage in the organizations information and
communication systems. Example of exposure includes unauthorized disclosure of information,
modification of business or employer’s data and denial of legal access to the information system.
Hackers gain access to information
Inadequate security enables hackers to gain access to sensitive business data (price lists, catalogues, intellectual
property, etc).Hackers may also gain access to the information of your business or customers with a view to
committing fraud.
Loss of customer confidence
Security breaches can damage the confidence of customers in e-commerce service. A lack of customer confidence is
fatal to the success of online venture.
Denial-of-service attacks
Denial-of-service attacks prevent access to authorized users, so that the site is forced to offer a reduced level of
service or cease operation completely.

E-Security Tools
The tools which are used to secure e-commerce are:
 Firewalls-hardware and software
 Password Manager
 Authentication infrastructure
 Encryption Software
 Biometrics

Fundamentals of Computer Security
Computer security has several fundamental goals:
Confidential − Information should not be accessible to unauthorized person. It should not be intercepted during
transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever requirement within time limit specified.
Authenticity − There should be a mechanism to authenticate user before giving him/her access to required
information.
Non-Reputability − It is protection against denial of order or denial of payment. Once a sender sends a
message, the sender should not able to deny sending the message. Similarly the recipient of message should
not be able to deny receipt.
Encryption − Information should be encrypted and decrypted only by authorized user.
Auditable − Data should be recorded in such a way that it can be audited for integrity requirements.

Security Design
All security solutions need to begin with a policy. Some basic security policy questions that must be
answered are:
 What components are most critical but vulnerable?
 What information is confidential and needs to be protected?
 How will confidentiality be ensured?
 What authentication system should be used?
 What intrusion detection systems should be installed?
 Who has authority and responsibility for installing and configuring critical e-business infrastructure?
 What plans need to be in place to ensure continuity or minimum disruption of service?

Security Design
A viable security policy should have the following characteristics:
 The policy must be clear and concise
 Compliance must be verifiable and enforceable
 Systems must have good control for legitimate use: access, authentication, and authorization
 There must be regular backup of all critical data
 There must be a disaster recovery and business continuity plan

Measures to ensure Security
Major security measures are as follows:
 Encryption
 Authentication
 Firewall
 Authorization
 Security policies

E-Commerce Threats
Anything with the capability, technology, opportunity and intent to do harm is called threat. E-commerce
threats can be classified into the following categories;
1. Intellectual property threats -- use existing materials found on the Internet without the owner's permission,
e.g.,
 music downloading,
 domain name (cybersquatting),
 software pirating
2. Client computer threats
 Trojan horse
 Active contents
 Viruses

E-Commerce Threats
3. Server threats
 Privilege setting
 File transfer
 Spamming
4. Communication channel threats
 Sniffer program
 Spoofing
 Denial-of-service

A procedure that recognizes, reduces, or eliminates a
threat
1. Intellectual property protection
 Legislature
 Authentication
2. Client computer protection
 Browser protection
 Antivirus software
 Computer forensics expert

A procedure that recognizes, reduces, or eliminates a
threat
Server protection
– Access control and authentication
* Username and password
* Access control list
– Firewalls
Packet filter firewall: checks IP address of incoming packet and rejects anything that does not match the list
of trusted addresses (prone to IP spoofing)

Virus protection
A computer virus is a type of malware that is intentionally written to gain entry into your computer, without
your knowledge or permission. It has the capacity to modify or replicate itself, in which case it will continue
spreading.
Types of Computer Viruses
Macro Viruses
Macro viruses infect files that are created using certain applications or programs that contain macros, like
.doc, .xls, .pps, .mdb, etc.
Overwrite Viruses
These types of viruses delete any information in a file they infect, leaving them partially or completely
useless once they are infected.

Virus protection
Web Scripting Virus
Most web pages include some complex codes in order to create an interactive and interesting content. Such
a code is often exploited to cause certain undesirable actions.
Worm
This program is very similar to a virus and has the ability to self-replicate leading to negative effects on your
computer. But they can be detected and eliminated by an antivirus software.
Trojans
Trojans can illegally trace important login details of users online. For example E-Banking is very common
among users, therefore, vulnerability of tracing your login details whenever your PC is working without any
strong powerful antivirus installed.
Email Virus
This is a virus spread via an email. Such a virus will hide in an email and when the recipient opens the mail.

Virus protection
Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own
right, but rather camouflaged segments of other programs. They are only executed when a certain
predefined condition is met.
Virus Symptoms
The following points will highlight the ways in which virus can be detected:
If your computer starts performing differently for no apparent reason, it may be infected by a virus.
Antivirus software will give a warning of an infection. However, that may not happen if it is not updated or if
antivirus software stops functioning for some reason. (For example, some viruses attack antivirus software).

Q & A

Thank You