Describe the followings:

1. Types of Threats and Attacks

i) Non-technical attack

• An attack that uses chicanery to trick people into revealing sensitive

information or performing actions that compromise the security of a
network.

• The social engineering also one of non-technical attack that uses social
pressures to trick computer user into compromising computer network to
which those individual have access. The education and training, policies
and procedures, and penetration testing should be used to combat social
engineering of multiprong appoach.

• Phishing Attacks

Phishing is the criminally fraudulent process of attempting to acquire

sensitive information such as usernames, passwords and credit card
details, by masquerading as a trustworthy entity in an electronic
communication. Phishing scams generally are carried out by emailing the
victim with a ‘fraudulent’ email from what purports to be a legitimate
organization requesting sensitive information. When the victim follows the
link embedded within the email they are brought to an elaborate and
sophisticated duplicate of the legitimate organizations website. Phishing
attacks generally target bank customers, online auction sites (such as
eBay), online retailers (such as amazon) and services providers (such as
PayPal). According to community banker (Swann, 2008), in more recent
times cybercriminals have got more sophisticated in the timing of their
attacks with them posing as charities in times of natural disaster.

• Social Engineering

Social engineering is the art of manipulating people into performing

actions or divulging confidential information. Social engineering
techniques include pretexting (where the fraudster creates an invented
scenario to get the victim to divulge information), Interactive voice
 recording (IVR) or phone phishing (where the fraudster gets the victim to
divulge sensitive information over the phone) and baiting with Trojans
horses (where the fraudster ‘baits’ the victim to load malware unto a
system). Social engineering has become a serious threat to e-commerce
security since it is difficult to detect and to combat as it involves ‘human’
factors which cannot be patched akin to hardware or software, albeit staff
training and education can somewhat thwart the attack

• Figure shows non technical attack :

ii) Technical Attacks

• Technical attack is an attack perpetrated using software and

systems knowledge or expertise

• In other words, it is also an attack computer network which is

carried out by avoiding the hardware and software protection
mechanisms of a computer system rather than by taking advantage
of system users, for instance by stealing a password from a diary.

• Publicly known computer security risks, which are collected, listed,

and shared by a board of security-related organizations.

• Figure shows technical attack :

 2. Securing E- Commerce Networks

i) Firewall

• Firewall is a network node consisting of both hardware and software that

isolates a private network from a public network

ii) Intrusion Detection System

• A special category of software that can monitor activity across a network

or on a host computer, watch for suspicious activity, and take automated
action based on what it sees.

iii) Encryptions

• The process of scrambling (encrypting) a message in such a way that it is

difficult, expensive, or time-consuming for an unauthorized person to
unscramble (decrypt) it.

iv) Others Securing E- commerce Networks

• Virtual private networks that is a network that uses the public Internet to
carry information but remains private by using encryption to scramble the
communications, authentication to ensure that information has not been
tampered with, and access control to verify the identity of anyone using
the network.

• Packet filter that is rules that can accept or reject incoming packets based
on source and destination addresses and the other identifying information.
 ASSIGNMENT 2
BUS 326
E- COMMERCE

NAME : AMALINA BINTI AB AZIZ

ID NUMBER : COV071111321
TITLE : CHAPTER 8 ( E- COMMERCE SECURITY)
SECTION : 1
LECTURER : MS ASLIMARIAH AHMAD