Digital Certificates and Public Key Infrastructure PKI Digital certificate

Digital Certificates and Public Key Infrastructure (PKI)  Digital certificate includes:  Name of subject/company  Subject’s public key  Digital certificate serial number  Expiration date, issuance date  Digital signature of CA  Public Key Infrastructure (PKI):  CAs and digital certificate procedures  PGP Slide 5-21

Digital Certificates and Certification Authorities Slide 5-22

Limits to Encryption Solutions  Doesn’t protect storage of private key  PKI not effective against insiders, employees  Protection of private keys by individuals may be haphazard  No guarantee that verifying computer of merchant is secure  CAs are unregulated, self-selecting organizations Slide 5-23

Securing Channels of Communication  Secure Sockets Layer (SSL)/Transport Layer Security (TLS)  Establishes secure, negotiated client–server session  Virtual Private Network (VPN)  Allows remote users to securely access internal network via the Internet  Wireless (Wi-Fi) networks  WPA2 Slide 5-24

Secure Negotiated Sessions Using SSL/TLS Slide 5-25

Protecting Networks  Firewall  Hardware or software  Uses security policy to filter packets  Two main methods:  Packet filters  Application gateways  Proxy servers (proxies)  Software servers that handle all communications from or sent to the Internet  Intrusion detection systems  Intrusion prevention systems Slide 5-26

Firewalls and Proxy Servers Slide 5-27

Protecting Servers and Clients  Operating system security enhancements  Upgrades, patches  Anti-virus sofware  Easiest and least expensive way to prevent threats to system integrity  Requires daily updates Slide 5-28

Developing an E-commerce Security Plan Slide 5-29

Types of Payment Systems  Cash  Most common form of payment  Instantly convertible into other forms of value  No float  Credit card  Credit card associations  Issuing banks  Processing centers Slide 5-30