Revision Flashcards
Front end
diretly interact with user, have some control
presentation layer, prioritise user experience
Client side, same across different platforms
Integrate with back end (sending/receiving data)
eg. shopping cart interface on e-commerce website
Back end
does not directly interact with user, behind the scenes/ logic layer
Include hardware and software, accounting budgeting, manufacturing, marketing, inventory management, order tracking and distribution
Server
* process front end request and respond
Database
* store, retrieve, manage data
Serverside logic
* buisness logic on how data should be processed and actions to perform
API (Application Programming Interface)
* allow front end to communicate with it
* handle request and respond
Programming Languages
* Python, Java, JavaScript
Middlewear
* bridge between front and back end
* data exchange, authentication, integration
Security
* Encrypt, validate, authentication and authorization
Blockchain
digital records of transaction
records called blocks link together in a single list called chain
cryptographic hash links blocks, hence permanently records and hard to alter
each transaction validated by multiple computers
Peer to peer network, with no central authority.
Files shared directly without a central server
Only require internet and P2P Software= easy
record transaction made with cryptocurrencies
protect intellectual property, digital signature etc
Type of Block chain
Public
* Open to anyone
* fully decentralised
* Secure but slow
* Example: BTC
Private
* Restricted to specific participants
* decentralised to organisation
* Higher Speed
* Example: SCM
Consortium
* Industries that need collaboration
* Decentralised to multiple organisation
* Balanced decentralisation and speed
Hybrid
* Combined Public and Private
* Adjustable decentralisation and speed
Da
Data Mining
use mathemetical techniques to look for patterns or relationships in data
aid in decision making
Market Basket Analysis: those who bought that also bought this
Customer Relationship Management
help e-business manage customer base
match customer needs with products (personalisation
own inhouse personalization software or customised off the shelf software to meet information needs rather than just based on purchasing history
Operational CRM: Direct Customer interations
Analytical CRM; uses Operational CRM data to identify trends
Supply Chain Management
Supply Chain Planning (SCP)
* Predict inventory levels based on resources
Supply Chain Execution (SCE)
* automate different actions in the supply chain
Encryption
translaltion of data into a cipher text, where it is decrypted into plain text at the destination
require public key to encrypt, private key to decrypt
Public Key asymmetric and uses very large prime numbers
session keys are shorter
Data/Fund Transfer Safely
Encryption, Authentication, validation, blockchain, tunneling, SSL, vpn etc
Physical Risks
Network Equipment and Physical Location
* Equipment and rooms always locked, location annonymous
* Fire suppression systems, train employees
* Substantial construction and design of facilities
Electrical Power Backup
* Two level: Batteries, Power Generators
Internet Connectivity Redundancy
* To have more than 1 connection to the internet
* complete data-centre redundancy to continue operation from different location
Outsourcing risks
* Web hosting services
* fee for service arrangement for power, connectivity, security
Internal Security Risks
Unhappy employees, poor secuirty awarenes and planning
Passwords
Biometrics
Smart Card (embedded memory chip with user ID for authentication of remote user)
Backup and Restore Policies
Disaster Recovery Planning
External Security
Bypass network defences
Hackers
Viruses
Website Defacement
DDOS
Counter by
Firewalls (packet fiiltering, circuit level, application level)
Transactional Security
Authentication
Integrity
Non repudiation (authencity of signature)
Confidentiaty
Security Protocols
Encryption
Public Keys
VPN
Tunneling
WAP
WTLS
WLANs
Security audit
penetrative testing
Security Protocols
Secure Socket Layer (SSL) uses public key encryption and digital certificates
Transport Layer Security (TLS) assure no third party access to internet communications
Seure Electronic Transactions (SET) used for presenting credit card transaction on the internet
VPN
private networks that use internet to transmit data
firewalls, public key encryption, digital certificates
Tunneling
encapsulate one protocol witin another protocol
WAP
Wireless Application Protocol
wap server send digital certificate & public key, client generates encrypted session key
WTLS
Wireless Transport Layer Security
encryption and digital certificates
WLANs
most vulnerable as hackers require few resoures
Security audit
review policy, employee training and physical security
penetrative testing
insurance, NDA, Scanning tools, Scope, Documentation
Hackers
- intruders that deliberately gain unauthorized access
- most common=send confusing data
- Crashing a program= take control of computers
- Buffer overlow cause crashes
- White hat: good hackers
- Black hat: steal valuable information, disrupt service or damage
Malware
· A short for “malicious software,” refers to any software designed to harm, exploit, or compromise the integrity of computers, networks, or devices.
· It is also used to steal data or inflict damage to computer or software systems.
· This includes viruses, worms, Trojan horses, and ransomware.
Standard virus
- small destructive programs inserted to other files
- erase files/hardrives, prevent from booting, saving, printing and send repetitive e-mail messages
- spread via email, attachments or when infected program executes
- Melissa 1999
Macro Virus
- Infect Macro (word/excel/removable drives)
Trojan Horses
- Maliciouse disguised as fun or useful
- Steal passwords, plant destructive programs
- Zeus 2007
Ransomware
· Encrypts a victim’s files or locks them out of their system.
· A demand of a ransom from the hacker to the victim to restore access to the data or system.
· Can lead to financial and data loss if the ransom is not paid and backups are not available.
AI Hallucination
AI model generates outputs that are factually incorrect while presenting them with high confidence as if they were true
when user upload malware package into AI, and is social engineered to be used as part of training data-> when other users use a similar prompt, AI suggested that malware package as an answer, where innocent users would download such malware
Deepfake
face or body has been digitally altered so that they appear to be someone else, typically used maliciously or to spread false information
Denial of Service (DOS)
disable network using flood of useless traffic (Pings, email)
DDOSS -> multiple computers to attack network
Payment Cards
Credit Cards (present spending limit based on credit limit)
Debit Cards (removes charge from cardholder account to seller bank)
Charge Cards (no preset spending limit)
Adv & Disadv Payment Cards
Adv
fraud protection
worldwide acceptance
online transaction
Disadv
per transaction fee and monthly processing fee
Electronic Cash
companies attempt for a value storage and exchange system
Concerns
Privacy, Security, Independence, Portability, Convenience
Characteristics
Spend only once, Annonymous, Convenience
Online: online bank involved in all transfers
Offiline: virtual wallet
Adv & disadv of Electronic Cash
Adv
* more efficient
* less costly (distance and hardware no cost)
* no party require special authorization
Disadv
* No audit trail
* forgery
* “flop”
Providing Security for Electronic Cash
Threat of prosecution
two part lock for annonymous security that signals when someone is double spending
attach a serial number for each transaction for tracing
Electronic Wallets
Works like a charge card
Holds credit card, electronic cash, owner identification & contact
can be server side or client side
Stored Value Cards
Cash Card, Ezlink card, Flash Card
elaborate smart card or simple plastic card with magnetic strip
Smart Card
Ploastic card with embeded microcheap containing user information
100 times more info than magnetic strip
Using E-cash
- Customer select e-cash as payment method
- confirm payment using stored balance or bank account
- E-commnerce platform send transaction detail to payment gateway
- gateway connects with e-cash provider
- provider verifiy balance and ensure valid payment
- Fraud checks and security validation performed
- If approved, e-cash deduct fund from account and transferred to vendor account
- venor receive payment, confirm receipt, and process order
- Customer gets payment notfication
