#5 E-business Network and Website Security

Question 1

E- business Security Risks

Answer 1

Physical
Internal
External
Transactional

Question 2

Physical Risks

Answer 2

Network Equipment and Physical Location

Electrical Power Backup

Internet Connectivity Redundancy

Outsourcing risks

Question 3

Network Equipment and Physical Location

Answer 3

• Equipment and rooms always locked, location annonymous
• Fire suppression systems, train employees
• Substantial construction and design of facilities

Question 4

Electrical Power Backup

Answer 4

• Batteries, Power Generators

Question 5

Internet Connectivity Redundancy

Answer 5

• To have more than 1 connection to the internet

Question 6

Internal Security Risks

Answer 6

Unhappy employees, poor secuirty awarenes and planning

Passwords
Biometrics
Smart Card (embedded memory chip with user ID for authentication of remote user)
Backup and Restore Policies
Disaster Recovery Planning

Question 7

Outsourcing risks

Answer 7

• Web hosting services
• fee for service arrangement for power, connectivity, security

Question 8

External Security

Answer 8

Bypass network defences
Hackers
Viruses

Counter by
Firewalls (packet fiiltering, circuit level, application level)

Question 9

Hackers

Answer 9

• intruders that deliberately gain unauthorized access
• most common=send confusing data
• Crashing a program= take control of computers
• Buffer overlow cause crashes
• White hat: good hackers
• Black hat: steal valuable information, disrupt service or damage

Question 10

Viruses (External Secuirty

Answer 10

Standard
Worms
Macro Virus
Trojan Horses
Virus Hoaxes

Counter measures
Antivirus software
Employee Education
Updates

Question 11

Standard

Answer 11

• small destructive programs inserted to other files
• erase files/hardrives, prevent from booting, saving, printing and send repetitive e-mail messages
• spread via email, attachments or when infected program executes

Question 12

Worms

Answer 12

• replicate itself in computer memory
• use resources, slowing and crashing

Question 13

Macro Virus

Answer 13

• Infect Macro (word/excel/removable drives)

Question 14

Virus Hoaxes

Answer 14

Faslse warnings

Question 15

Trojan Horses

Answer 15

• Maliciouse disguised as fun or useful
• Steal passwords, plant destructive programs

Question 16

Transactional Secuirty

Answer 16

Authentication
Integrity
Non repudiation
Confidentiaty

Security Protocols
Encryption
Public Keys
VPN
Tunneling
WTLS
WLANs
Secuirty audit
penetrative testing

Question 17

Secuirty Protocols

Answer 17

Secure Sockets Layer (SSL): public key encryption and digital certificates and included in web browsers/servers

Transport Layer Security (TLS): assure no third part access to internet
Record/Handshake

SET (Secure Electronic Transctions): presenting credit card transaction on internet

Question 18

Encryption

Answer 18

translaltion of data into a cipher text, where it is decrypted into plain text at the destination

Question 19

Public Keys

Answer 19

Public: posted into public directory
Private: given only to those requesting

Question 20

VPN

Answer 20

Private networks that use Internet to transmit data

Question 21

Tunneling

Answer 21

encapsulate on protocol witin another protocol

Question 22

WTLS

Answer 22

encryption and digital certificates

Question 23

WLANs

Answer 23

most vulnerable as hackers require few resoures

Question 24

Security audit

Answer 24

review policy, emplooyee training and physical secuirty

Question 25

penetrative testing

Answer 25

insurance, NDA, Scanning tools, Scope, Documentation