Chapter 10 Key Concepts

Chapter 10 - Electronic Commerce Security

• Biometric Security Device-is a device that uses an element of a person’s biological make up to perform the identification.
• Privacy-is the protection of individual rights to nondisclosure.
• Sniffer Programs-provide the means to record information that passes through a computer or router that is handling Internet traffic.
• Backdoors-electronic holes found by security experts.
• Active Wiretapping-exists when an unauthorized party can alter a message stream of information.
• Cybervandilism-is the electronic defacing of an existing Web site’s page.
• Masquerading or Spoofing-pretending to be someone you are not, or representing a web site as an original when it is a fake; it is a means of disrupting Web sites.
• Domain Name Servers (DNSs)-are the computers on the internet that maintain directories that link domain names to IP addresses.
• Phishing Expeditions-exploits that capture confidential customer information.
• Necessity Threat/Delay/Denial/Denial of Service (DoS)-used to disrupt normal computer processing, or deny processing entirely.
• Wardrivers-some cities have large concentrations of wireless networks, attackers drive around in cars using their wireless equipped laptop computers to search for open accessible networks, these attackers are called wardrivers.
• Warchalking-when wardrivers find an easily accessible network they mark the building to let other wardrivers know.
• Encryption Program-a program that transfers plaint text (normal text) into cipher text (the unintelligible string of characters).
• Cryptography-the science that studies encryption.
• Encryption Algorithm-the logic behind an encryption program that includes the mathematics used to do the transformation from plaint text to cipher text.
• Hash Coding-is a process that uses a hash algorithm to calculate a number, called a hash value, from a message of any length.
• Asymmetric Encryption or Public Key Encryption-encodes messages by using two mathematically related numeric keys.
• Symmetric Encryption or Private Key Encryption-encodes a message with one of several available algorithms that use a single numeric key, to encode and decode data.
• Pretty Good Privacy (PGP)-one of the most popular technologies used to implement public key encryption today.
• Data Encryption Standard (DES)-is a set of encryption algorithms adopted by the US government for encrypting sensitive or commercial information.
• Triple Data Encryption Standard (Triple DES or 3DES)-a stronger version of the DES used by the US government today. Can’t be cracked even with today’s supercomputers.
• Advanced Encryption Standard (AES)-the US governments National Institute of Standards and Technology (NIST) developed this latest encryption standard designed to keep government information secure.
• Secure Sockets Layer (SSL)-a system developed by Netscape Communications and the Secure Hypertext Transfer Protocol (S-HTTP) developed by CommerceNet are two protocols that provide secure information transfer through the internet.
• Session Key-is a key used by an encryption algorithm to create cipher text from plain text during a single secure session.
• Secure Envelope-encapsulates a message and provides secrecy, integrity, and client/server authentication.
• Integrity Violation-occurs whenever a message is altered while in transit between the sender and receiver.
• Message Digest-an encryption program converts text into a message digest; it is a small integer number that summarizes the encrypted information.
• Digital Signature-an encrypted message digest (message hash value).
• Dictionary Attack Programs-cycle through an electronic dictionary, trying every word in the book as a password.
• Buffer-is an area of memory set aside to hold data read from a file or database.
• Buffer Overflow/Overrun-programs that fill buffers can malfunction and overfill the buffer, spilling the excess data outside the designated buffer memory area.
• Mail Bomb-occurs when hundreds or thousands of people each send a message to a particular address.
• Access Control List (ACL)-is a list or database of files and other resources and the usernames of people who can access the files and other resources.
• Firewall-is software or a hardware and software combination that is installed in a network to control the packet traffic moving through it.
• Trusted-networks within the firewall.
• Untrusted-networks outside the firewall.
• Packet Filter Firewalls-examine all data flowing back and forth between the trusted network (within the firewall) and the Internet.
• Gateway Servers-are firewalls that filter traffic based on the application requested.
• Proxy Server Firewalls-are firewalls that communicate with the Internet on the private network’s behalf.
• Intrusion Detection Systems-are designed to monitor attempts to login to servers and analyze those attempts for patterns that might indicate a cracker’s attack is underway.