Ecommerce Chapter 5

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

digital signature

"signed" cipher text that can be sent over the internet

Rootkits

A program whose aim is to subvert control of the computers operating system

Bot herder

An external third party that controls computers through a bot

Smishing

Attacks exploiting SMS messages

public key infastructure

CAs and digital certificate procedures that are accepted by all parties

potentially unwanted program

program that installs itself on a computer, typically without the users informed consent

firewall

refers to either hardware of software that filters communication packets and prevents some packets from entering the network based on a security policy

proxy server

software server that handles all communications originating from or being sent to the internet, acting as a spokesperson or body guard for the organization

zero-day vulnerability

software vulnerability that has been previously unreported and for which no patch yet exsists

cipher text

text that has been encrypted and thus cannot be read by anyone other than the sender and reciever

privacy

the ability to control the use of information about oneself

availability

the ability to ensure that an eCommerce site continues to function as intended

nonrepudiation

the ability to ensure that e-commerce participants do not deny their online actions

integrity

the ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in anyway by an unauthorized party

confidentiality

the ability to ensure that messages and data are available only to those who are authorized to view them

authenticity

the ability to identify the identity of a person or entity with whom you are dealing with on the internet

transposition cipher

the ordering of the letters in each words is changed in some systematic way

encryption

the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. Used to secure stored info and info transmission. Provides four of the six key ecomm security dimensions: integrity, nonrepudiation, authentication, and confidentiality

Virtual private networks

these allow remote users to securely access internal networks via the internet, using PPTP, an encoding mechanism that allows one local netowrk to connect to another using the internet as the conduit

public key cryptograph

two mathematically related digital keys are used: a public key and a private key. Both keys are used to encrypt and decrypt a message, once used the same key cannot be used to unencrypt the message

bot

type of malicious code that can be covertly installed on a computer when attached to the internet. Once installed, responds to external commands sent by the attacker

virtual currency

typically circulates within an internal virtual world community or is issued by a specific cooperate entity, and used to purchase virtual goods

Distrbuted Denial of Service attack

using numerous computers to attack the target network from numerous launch points (DDoS)

cracker

within the hacking community, a term typically used to denote a hacker with criminal intent

cybervandalism

intentionally disrupting, defacing, or destroying a site

browser parasite

a program that can monitor and change the settings of a users browser

spyware

a program used to obtain information such as users keystrokes, email, instant messages, and so on

near field communication

a set of short range wireless technologies used to share information among devices

certification authority

a trusted third party that issues digital certificates

sniffer

a type of eavesdropping program that monitors info traveling over a network

cipher key

any method for transforming plain text into cipher text

Trojan horse

appears to be benign, but then does something unexpected. Often a way for viruses or other malicious code to be introduced into a computer system

symmetric key encription

both the sender and the receiver use the same key to encrypt and decrypt the message Aka: secret key encryption

botnet

collection of captured bot computers; can be used for malicious activities such as sending spam, DDoS attacks, stealing information, and storing network traffic for later analysis

hacktivism

cybervandalism and data theft for political purposes

substitution cipher

every occurrence of a given letter is replaced systematically by another letter

social engineering

exploitation of human flexibility and gullibility to distribute malware

backdoor

feature of viruses, worms, and Trojans that allow an attacker to remotely access a compromised computer

Denial of Service attack

flooding the web site with useless traffic to inundate and overwhelm the network (DoS)

electronic billing presentment and payment system

form of online payment systems for monthly bills

malicious code

includes a variety of threats such as viruses, worms, Trojan horses, and bot.

six key dimensions to ecomm security

integrity, nonrepudiation, authenticity, confidentiality, privacy, availability

drive-by download

malware that comes with a downloaded file that a user requests

worm

malware that is designed to spread from computer to computer

spoofing

misrepresenting oneself by using fake email addresses or masquerading as someone else

SSL and TLS

most common form of securing channels, provides data encryption, server authentication, client authentcatin, and message integrity for TCP/IP connections

data breach

occurs when an organization loses control over its information to outsiders

one-way irreversible mathematical function

once the algorithm is applied the input cannot be subsequently derived form the output; like mixing and baking ingredients from a recipe cannot be reversed

online stored value payment system

permits consumers to make instant, online payments to merchants and other individuals based on value stored in an online account

session key

a unique symmetric encryption key chosen for a single secure session

visual private network

allows remote users to securely access internal networks via the internet, using the Point-to-Point Tunneling Protocol

hash function

an algorithm that produces a fixed length number called a hash or message digest, used between sender and reviever to verify the message has not been altered

digital cash

an alternative payment system in which unique, authenticated tokens, represent cash value

hacker

an individual who intends to gain unauthorized access to a computer system

phishing

and deceptive, online attempt by a third party to obtain confidential information for financial purposes

Internet crime complaint center

IC3 - A partnership between the national white collar crime centre and the Federal bureau of investigation

Madware

Innocent looking apps that contain adware that launches pop up ads and text messages on your mobile device

Exploit

Malicious code designed to take advantage of software vulnerabilities in a computers operating system, web browser, applications, or other software components

digital certificate

a digital document issued by a certification authority that contains the name of the subject or company, the sujbects public key, a digital certificate serial number, an expiration date, an issuance date, the digital signature of the certification authority, and other identifying info

trust

Many companies are hesitant to report cybercrime due to the fear of losing the ______ of their customers and the difficulty quantifying the actual dollar amount of the loss.

Pharming

Spoofing a website

Vishing

Targets gullible cell phone users with a verbal message to call a certain number

adware

a PUP that serves popup ads to your computer

merchant account

a bank account that allows companies to process credit card payments and receive funds from those transactions

secure negotiated session

a client server session in which the URL of the requested document, along with the contents, contents of forms, and the cookies exchanged, are encrypted.

virus

a computer program that has the ability to replicate or make copies of itself, may deliver a payload, and spreads from computer to computer

Client, server, and communications pipeline

Three key points of vulnerability when dealing with e-commerce


Set pelajaran terkait

Managing Creativity - Second Half

View Set

NCLEX-CARE OF THE PATIENT WITH A GASTROINTESTINAL DISORDER

View Set

brave new world chapter 14 vocabulary

View Set

Ch. 10 Translation of Foreign Currency F/S

View Set

Modules 6 - Group Life Insurance

View Set

"Strict Liability" Causes of Action

View Set

Accounting for Decision Making Test 3

View Set