Академический Документы
Профессиональный Документы
Культура Документы
Value interchange relies on the secure exchange of encrypted symbols discuss how this statement describes the financial flow of e-commerce Describe and discuss the need for encryption and look at PKI, SSL, man in the middle attacks, key loggers, shoulder surfing, social engineering and phishing. By Marelize Grobbelaar
This Assignment is submitted in partial fulfilment of the requirements of the Module: Logistics Decision Support Systems
In the
FACULTY OF MANAGEMENT
At the
UNIVERSITY OF JOHANNESBURG Place: Krugersdorp Month / Year: 15 April 2011 Student No.: 200703718 Current Contact Tel. No. (Work): 011 955 4489 (Cell No.): 083 379 1493 I HEREBY CERTIFY THAT THE ASSIGNMENT IS MY OWN ORIGINAL WORK.
_________________________ STUDENT SIGNATURE ___________________ DATE
Table of Contents
1. 2. Written Declaration................................................................................. 4 Introduction ............................................................................................. 5
3. The secure exchange of encrypted symbols in the Financial Flow of e-commerce ..................................................................................................... 5 4. 5. The need for Encryption ........................................................................ 6 Types of Data Encryption ...................................................................... 6
5.1 Public Key Infrastructure (PKI) .......................................................... 6 5.2 Secure Socket Layer (SSL)................................................................ 7 6. Types of Attacks to obtain information................................................. 7
6.1 Man in the Middle Attacks .................................................................. 7 6.2 Key Loggers ......................................................................................... 7 6.3 Shoulder Surfing .................................................................................. 8 6.4 Social Engineering .............................................................................. 8 6.5 Phishing ................................................................................................ 8 7. 8. Conclusion .............................................................................................. 8 Bibliography ............................................................................................ 9
2|Page
Table of Figures
Figure 1: Data encryption process................................................................. 6 Figure 2: Man in the Middle Attacks .............................................................. 7
3|Page
1.
Written Declaration
I understand that plagiarism means presenting the ideas and words of
someone else as my own, without appropriate recognition of that source;
I have fully acknowledged all words, ideas and results from other
sources that I have used in this assignment through a generally accepted style of quotes, references and bibliography:
Marelize Grobbelaar
_____________________
4|Page
2.
Introduction
We send data across various networks for business and personal purposes that carries valuable information, such as personal information, business contracts, sensitive financial details and so forth. Businesses use the internet as a channel to move goods, services and money in order to gain competitive advantage, achieve increased profits, reduce costs and increase the speed of transactions is by making use the internet and e-commerce. It is of utmost importance that all the transactions and communications through the internet have strong and extensive security that can provide individuals and companies the necessary confidence to do business online. This is achieved through the implementation of various security programs and relying on these programmes to exchange information in a secure manner by encryption the information. Within this thesis the following matters will be discussed: 1.1. The secure exchange of encrypted symbols in the financial flow of ecommerce and 1.2. The need for encryption with specific reference to Public Key Infrastructure (PKI), Secure Socket Layer (SSL), man in the middle attacks, key loggers, shoulder surfing, social engineering and phishing.
3.
5|Page
4.
Figure 1: Data encryption process (Source: Digital Signature and PKI Available at: http://www.scribd.com/doc/6928677/17-Digital-Signature-and-PKI (Accessed 12 April 2011)
5.
5.1
6|Page
5.2
6.
Figure 2: Man in the Middle Attacks (Source: Man-in-the-middle attack. Available at: (Accesed
6.2
Key Loggers
A Key logger is a type of Trojan virus that gets downloaded and installed to a users computer without noticing it. Once this virus is installed it picks up and records keystrokes, clicking patterns and then transfers the information a host computer. It can gather information
7|Page
such as personal information, credit card information, user names and passwords.
6.3
Shoulder Surfing
Shoulder surfing when someone is being secretively observed from behind while entering personal information such as passwords and PINs. For example attackers observe a person while drawing money from an ATM in order to obtain their PIN before they steal the bank card.
6.4
Social Engineering Social engineering is where information is obtained through the means of manipulation, thus convincing the targeted person to reveal their personal information.
6.5
Phishing Phishing is almost like social engineering where the attacker sends spam or uses malicious websites or pop ups within a website to obtain personal information from the user. E.g. an email is sent from the attacker claiming to be a financial institution that requires you
to change your account information.
7.
Conclusion
Given the fast growing rate of technology it is important for businesses to engage in e-commerce, however all of the above mentioned attack methods should be monitored closely and security methods should be upgraded frequently to ensure the secure flow of communication, data and finance across the internet. Companies and individuals should make sure that they have a secure and trusted infrastructure in place so that they do not become a victim of an attacker resulting in the loss of personal information. 8|Page
8.
Bibliography
Allen M. Social Engineering: A Means To Violate A Computer System.
[Online] Available at: http://www.sans.org/reading_room/whitepapers/ engineering/social-engineering-means-violate-computer-system_529
Binder JC. Introduction to PKI - Public Key Infrastructure. [Online] Available at: http://www.scribd.com/doc/40437802/PKI-V11 (Accessed 12 April 2011).
Johnson M. A new approach to Internet banking. [Online] Available at: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-731.pdf (Accessed 12 April 2011)
Phishing.
[Online]
Available
at:
Rajagopalan
R.
Digital
Signature
and
PKI.
[Online]
Available
at:
(Accessed
Schuldt
W.
What
Is
Keylogger
Virus?
[Online]
Available
at:
Understanding Public Key Infrastructure (PKI). [Online] Available at: http://www.scribd.com/doc/44602358/Understanding-Pki (Accessed 12 April 2011).
Walter C. What is the Point of Encription if you Dont Know Who For? [Online] Available at: http://www.securitydocs.com/library/3301 (Accessed 12 April 2011).
9|Page