Digital Certificates and Public Key Infrastructure Digital certificate includes

Digital certificates and public key infrastructure

This preview shows page 26 - 39 out of 47 pages.

Digital Certificates and Public Key Infrastructure Digital certificate includes: Name of subject/company Subject’s public key Digital certificate serial number Expiration date, issuance date Digital signature of CA Public Key Infrastructure (PKI): CAs and digital certificate procedures PGP Slide 5-26
Image of page 26
Digital Certificates and Certification Authorities Slide 5-27
Image of page 27
Limits to Encryption Solutions Doesn’t protect storage of private key PKI not effective against insiders, employees Protection of private keys by individuals may be haphazard No guarantee that verifying computer of merchant is secure CAs are unregulated, self-selecting organizations Slide 5-28
Image of page 28
Securing Channels of Communication Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Establishes secure, negotiated client–server session Virtual Private Network (VPN) Allows remote users to securely access internal network via the Internet Wireless (Wi-Fi) networks WPA2 Slide 5-29
Image of page 29
Secure Negotiated Sessions Using SSL/TLS Slide 5-30
Image of page 30
Protecting Networks Firewall Hardware or software Uses security policy to filter packets Two main methods: Packet filters Application gateways Proxy servers (proxies) Software servers that handle all communications from or sent to the Internet Intrusion detection systems Intrusion prevention systems Slide 5-31
Image of page 31
Firewalls and Proxy Servers Slide 5-32
Image of page 32
Protecting Servers and Clients Operating system security enhancements Upgrades, patches Anti-virus sofware Easiest and least expensive way to prevent threats to system integrity Requires daily updates Slide 5-33
Image of page 33
Management Policies, Business Procedures, and Public Laws Worldwide, companies spend more than $65 billion on security hardware, sofware, services Managing risk includes: Technology Effective management policies Public laws and active enforcement Slide 5-34
Image of page 34
A Security Plan: Management Policies Risk assessment Security policy Implementation plan Security organization Access controls Authentication procedures, including biometrics Authorization policies, authorization management systems Security audit Slide 5-35
Image of page 35
Developing an E-commerce Security Plan Slide 5-36
Image of page 36
The Role of Laws and Public Policy Laws that give authorities tools for identifying, tracing, prosecuting cybercriminals: National Information Infrastructure Protection Act of 1996 USA Patriot Act Homeland Security Act Private and private-public cooperation CERT Coordination Center US-CERT Government policies and controls on encryption sofware OECD, G7/G8, Council of Europe, Wassener Arrangement Slide 5-37
Image of page 37
Types of Payment Systems Cash Most common form of payment Instantly convertible into other forms of value No float Checking transfer Second most common payment form in United States Credit card Credit card associations Issuing banks Processing centers Slide 5-38
Image of page 38
Image of page 39

You've reached the end of your free preview.

Want to read all 47 pages?

  • Spring '16
  • Cryptography, Public-key cryptography, Certificate authority

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture