Cyber Security For E-commerce (Infrastructure) development
Download as PPTX, PDF0 likes59 views
The document provides an overview of e-commerce security, discussing threats and attacks, information security fundamentals like the CIA concept, and preventive measures across various components such as operating systems and databases. It details different types of cyber threats, including malware and social engineering, while outlining strategies for securing systems and preventing unauthorized access. Key topics include user management, encryption, and the importance of firewalls and secure coding practices.
Cyber Security For E-commerce (Infrastructure) development
- 1. E-Commerce Development Mohammad Ashfaqur Rahman ITIL-F, CPCISI, HP-CSA, NCDA, OCP-OSSA ashfaq.saphal@gmail.com
- 2. Introduction Threats and Attacks CIA Concept Securing the components Operating System Application Server Database Application Preventive Measures
- 3. The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Information Security is also known as Cyber Security
- 4. ● Old Caesar Cipher ● Invoked immediately after the first mainframes were developed ● Code-breaking computations during World War II ● WikiLeaks, Anonymous, Lulzsec – Bangladesh Cyber Army – Bangladesh Black Hat Hackers
- 5. ● Hacking ● Hacker ● White Hat ● Black Hat ● Gray Hat ● HackTivist ● Compromise ● Cyber Law
- 6. Malware : viruses, spyware, ransomware, etc Social Engineering Password Attack Man-in-the- middle attack Denial-of-service attack SQL injection Cross-site scripting
- 13. Introduction Threats and Attacks CIA Concept Securing the components Operating System Application Server Database Application Preventive Measures
- 14. • User disable • Password Expire User Management • FTP, TELNET, Mail • NFS/RPC/SAMBA Disable Service • X11 interface Remove S/W • Antivirus/Default Firewall • IPTables OS Firewall
- 15. • Schema Management • Grant Minimal Access Unauthorized access • Default port • Improper Procedure SQL injection • High cost query Overloads • DBA privilege Data corruption and/or loss • Encryption Disclosure from Backup
- 16. create profile developer_profile limit session_per_user 2 cpu_per_session 10000 idle_time 60 connect_time 480 failed_login_attemps 3 password_life_time 30 password_reuse_time 30 password_grace_time 5;
- 17. • Apache HTTPD • Apache TomCat Apache • Oracle Application Server • WebLogic Oracle • IBM WebSphere • IBM HTTP Server IBM • Jboss • GlashFish Others
- 18. • Reduce Module • Third Party CMS/Code Installation • Invalid SSL • Version • Default Password Web-Press • Sensitive Information File Listing
- 19. ● Apache – httpd.conf ServerSignature Off ServerTokens Prod Options -indexes # mod_imap # mod_include # mod_info # mod_userdir # mod_autoindex User Group Options -FollowSymLinks Options -ExecCGI Secure SSL certificate
- 20. ● Ensure network firewall ● Deny all ● Traffic Pattern ● Reverse Proxy ● Share Certification ● Single Sign On ● URL Redirection