haihongyuan.com
海量文库 文档专家
全站搜索:
您现在的位置:首页 > 幼儿教育 > 少儿英语少儿英语

PPT_09 Law,Ethics,and Cyber Crime(电子商务,英文版)

发布时间:2014-02-18 14:07:06  

Chapter 9
Law, Ethics, and Cyber Crime

Prentice Hall, 2003

1

Learning Objectives
Describe the difference between legal and ethical issues Understand the difficulties of protecting privacy in EC Discuss issues of intellectual property rights in EC Understand the conflict between free speech and censorship on the Internet
Prentice Hall, 2003 2

Learning Objectives (cont.)
Document the rapid rise in computer and network security attacks Understand the factors contributing to the rise of EC security breaches Describe the key security issues facing EC sites Discuss some of the major types of cyber attacks against EC sites Describe some of the technologies used to secure EC sites
Prentice Hall, 2003 3

MP3, Napster, and Intellectual Property Rights
The Problem
MP3.com enabled users to listen to music from any computer with an Internet connection without paying royalties Napster supported the free distribution of music and other digitized content among millions utilizing peer-to-peer (P2P) technology These services could not be ignored because they could result in the destruction of millions of jobs and revenue
Prentice Hall, 2003 4

MP3, Napster, and Intellectual Property Rights (cont.)
The Solution
Emusic.com filed a copyright infringement lawsuit against MP3.com Copyright laws and copyright cases have been in existence for years but:
Were not written for digital content Financial gain loophole was not closed

Prentice Hall, 2003

5

MP3, Napster, and Intellectual Property Rights (cont.)
The Results
All commerce involves a number of legal, ethical, and regulatory issues EC adds a number of questions about what constitutes illegal behavior versus unethical, intrusive, or undesirable behavior

Prentice Hall, 2003

6

Legal Issues vs. Ethical Issues
Ethics—the branch of philosophy that deals with what is considered to be right and wrong
Businesspeople engaging in e-commerce need guidelines as to what behaviors are reasonable under any given set of circumstances What is unethical in one culture may be perfectly acceptable in another

Prentice Hall, 2003

7

Privacy
Privacy—the right to be left alone and the right to be free of unreasonable personal intrusions
Two rules have been followed fairly closely in court decisions:
1. The right of privacy is not absolute. Privacy must be balanced against the needs of society 2. The public ’s right to know is superior to the individual’s right of privacy
Prentice Hall, 2003 8

Privacy Advocates Take On DoubleClick
DoubleClick is one of the leading providers of online advertising
DoubleClick uses cookies to personalize ads based on consumers’ interests In January 1999, DoubleClick bought catalog marketer Abacus Direct and announced plans to merge Abacus’s off-line database with their online data
Prentice Hall, 2003 9

Privacy Advocates Take On DoubleClick (cont.)
Several class action lawsuits were brought against DoubleClick, claiming that the company was “tracking Internet users and obtaini

ng personal and financial information with-out the individual’s knowledge
In violation of the state’s Consumer Protection Act and asked it to stop placing cookies on consumers’ computers without their permission In January 2001, the FTC ruled that DoubleClick had not violated FTC policies
Prentice Hall, 2003 10

Privacy Advocates Take On DoubleClick (cont.)
DoubleClick agreed to enhance its privacy measures and to pay legal fees and costs up to $18 million Key provision of the settlement requires DoubleClick to “obtain permission from consumers before combining any personally identifiable data with Web surfing history”

Prentice Hall, 2003

11

Web-Site Self-Registration

Registration questionnaires
50% disclose personal information on a Web site for the chance to win a sweepstakes

Uses of the private information collected:
For planning the business May be sold to a third party Must not be used in an inappropriate manner

Prentice Hall, 2003

12

Cookies
Cookie—a small piece of data that is passed back and forth between a Web site and an end user’s browser as the user navigates the site; enables sites to keep track of users’ activities without asking for identification
Cookies can be used to invade an individual ’s privacy Personal information collected via cookies has the potential to be used in illegal and unethical ways
Prentice Hall, 2003 13

Cookies (cont.)
Solutions to unwanted cookies
Users can delete cookie files stored in their computer Use of anti-cookie software Passport—a Microsoft component that lets consumers permanently enter a profile of information along with a password and use this information and password repeatedly to access services at multiple sites
Prentice Hall, 2003 14

Protection of Privacy
Notice/awareness Choice/consent Access/participation Integrity/security Enforcement/redress
Supported in the U.S. by the Federal Internet

Privacy Protection Act Protection Directive

Supported in the European Union by EU Data

Prentice Hall, 2003

15

Intellectual Property Rights
Intellectual property (IP)—creations of the mind, such as inventions, literary and artistic works, and symbols, names, images, and designs used in commerce

?
Prentice Hall, 2003

?
16

Intellectual Property Rights (cont.)
Copyright—an exclusive grant from the government that allows the owner to reproduce a work, in whole or in part, and to distribute, perform, or display it to the public in any form or manner, including the Internet
Digital watermarks—unique identifiers imbedded in digital content that make it possible to identify pirated works
Prentice Hall, 2003 17

Intellectual Property Rights (cont.)
Trademarks—a symbol used by businesses to identify their goods and services; government registration of the trademark confers exclusive legal right to its use Gives exclusive rights to: Use trademark on goods and services registered to that sign Take legal action to prevent anyone from using trademark without consent P

atent—a document that grants the holder exclusive rights on an invention for a fixed number of years
Prentice Hall, 2003 18

Free Speech and Censorship on the Internet
The issue of censorship is one of the most important to Web surfers
“Most citizens are implacably opposed to
censorship in any form — except censorship of whatever they personally happen to find offensive.” Citizen action groups desiring to protect every ounce of their freedom to speak

Children ’s Online Protection Act (COPA)
Governments protective of their role in society
Prentice Hall, 2003 19

Controlling Spamming
Spamming—the practice of indiscriminately broadcasting messages over the Internet (e.g., junk mail)
Spam comprised 25 to 50% of all e-mail Slows the internet in general; sometimes Shuts ISPs down completely Electronic Mailbox Protection Act ISPs are required to offer spam-blocking software Recipients of spam have the right to request termination of future spam from the same sender and to bring civil action if necessary
Prentice Hall, 2003 20

Cyber Crime
Fraud
Intentional deceit or trickery, often with the aim of financial gain

Cyber attack
An electronic attack, either criminal trespass over the Internet (cyber intrusion) or unauthorized access that results in damaged files, pro-grams, or hardware (cyber vandalism)

Prentice Hall, 2003

21

The Players: Hackers, Crackers, and Other Attackers
Hackers
Original hackers created the Unix operating system and helped build the Internet, Usenet, and World Wide Web; and, used their skills to test the strength and integrity of computer systems Over time, the term hacker came to be applied to rogue programmers who illegally break into computers and networks

Prentice Hall, 2003

22

The Players: Hackers, Crackers, and Other Attackers (cont.)
Crackers
People who engage in unlawful or damaging hacking short for “criminal hackers”

Other attackers
“Script kiddies” are ego-driven, unskilled crackers who use information and software (scripts) that they download from the Internet to inflict damage on targeted sites

Prentice Hall, 2003

23

Internet Security
Cyber attacks are on the rise Internet connections are increasingly a point of attack The variety of attacks is on the rise Why now?
Because that’s where the money and information is!
Prentice Hall, 2003 24

Internet Security (cont.)
Factors have contributed to the rise in cyber attacks:
Security and ease of use are antithetical to one another Security takes a back seat to market pressures Security of an EC site depends on the security of the Internet as a whole Security vulnerabilities are mushrooming Security is compromised by common applications
Prentice Hall, 2003 25

Basic Security Issues
From the user ’s perspective:
How can the user be sure that the Web server is owned and operated by a legitimate company? How does the user know that the Web page and form do not contain some malicious or dangerous code or content? How does the user know that

the Web server will not distribute the information the user provides to some other party?
Prentice Hall, 2003 26

Basic Security Issues (cont.)
From the company ’s perspective:
How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site? How does the company know that the user will not try to disrupt the server so that it is not available to others?

Prentice Hall, 2003

27

Basic Security Issues (cont.)
From both parties ’perspectives:
How do they know that the network connection is free from eavesdropping by a third party “listening in ”on the line? How do they know that the information sent back and forth between the server and the user ’s browser has not been altered?

Prentice Hall, 2003

28

Basic Security Issues (cont.)
Authorization
The process that ensures that a person has the right to access certain resources

Authentication
The process by which one entity verifies that another entity is who they claim to be by checking credentials of some sort

Prentice Hall, 2003

29

Basic Security Issues (cont.)
Auditing
The process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions

Confidentiality (privacy) Integrity
As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner
Prentice Hall, 2003 30

Basic Security Issues (cont.)
Integrity
As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner

Availability Nonrepudiation
The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature
Prentice Hall, 2003

31

Exhibit 9.2
General Security Issues at E-Commerce Sites

Prentice Hall, 2003

32

Types of Cyber Attacks
Technical attack
An attack perpetrated using software and systems knowledge or expertise

Nontechnical attack
An attack in which a perpetrator uses chicanery or other form of persuasion to trick people into revealing sensitive information or performing actions that compromise the security of a network
Prentice Hall, 2003

33

Types of Cyber Attacks (cont.)
Common vulnerabilities and exposures (CVEs)
Publicly known computer security risks or problems; these are collected, enumerated, and shared by a board of security-related organizations (cve.mitre.org)

Denial-of-service (DoS) attack
An attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
Prentice Hall, 2003 34

Types of Cyber Attacks (cont.)
Distributed denial of service (DDoS) attack
A denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer

Malware
A generic term for maliciou

s software
Prentice Hall, 2003 35

Exhibit 9.3 Using Zombies in a DDoS Attack

Prentice Hall, 2003

36

Types of Cyber Attacks (cont.)
Virus
A piece of software code that inserts itself into a host, including the operating systems, to propagate; it cannot run independently but requires that its host program be run to activate it

Worm
A software program that runs independently, consuming the resources of its host from within in order to maintain itself and propagating a complete working version of itself onto another machine
Prentice Hall, 2003 37

Types of Cyber Attacks (cont.)
Trojan horse
A program that appears to have a useful function but that contains a hidden function that presents a security risk

Two of the better-known Trojan horses “Back Orifice ”and “NetBus”
Self-contained and self-installing utilities that can be used to remotely control and monitor the victim ’s computer over a network (execute commands, list files, upload and download files on the victim’s computer)
Prentice Hall, 2003 38

Trojan Horse Attack on Bugtraq List
BugTraq—a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities:
What they are How to exploit them How to fix them
Prentice Hall, 2003

39

Trojan Horse Attack on Bugtraq List (cont.)
SecurityFocus.com experts have been fooled
Sent the code containing a Trojan horse to its 37,000 BugTrac subscribers Network Associates server found itself under attack The way the list is moderated did not change

Prentice Hall, 2003

40

Security Technologies
Internet and EC security is a thriving business
Firewalls and Access Control
One major impediments to EC is the concern about the security of internal networks Sidestep the issue by letting third parties host their Web sites Primary means of access control is password

Prentice Hall, 2003

41

Security Technologies (cont.)
Firewall
A network node consisting of both hardware and software that isolates a private network from a public network

Intrusion detection system (IDS)
A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees
Prentice Hall, 2003 42

Security Technologies (cont.)
Security risk management
A systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks
Assessment Planning Implementation Monitoring
Prentice Hall, 2003 43

Managerial Issues
How can the global nature of EC impact business operations? What sorts of legal and ethical issues should be of major concern to an EC enterprise? What are the business consequences of poor security?

Prentice Hall, 2003

44

Managerial Issues (cont.)
Are we safe if there are few visitors to our EC site? Is technology the key to EC security? Where are the security threats likely to come from?

Prentice Hall, 2003

45

Summary

Describe the differences between legal and ethical issues in EC Understand the difficulties of protecting privacy in EC Discuss the issues of intellectual property rights in EC.proven to be particularly Understand the conflict between free speech and censorship on the Internet
Prentice Hall, 2003

46

Summary (cont.)
Document the rapid rise in computer and network security attacks Understand the factors contributing to the rise of EC security breaches Describe the key security issues facing EC sites Discuss some of the major types of cyber attacks against EC sites Describe some of the technologies used to secure EC sites
Prentice Hall, 2003 47


网站首页网站地图 站长统计
All rights reserved Powered by 海文库
copyright ©right 2010-2011。
文档资料库内容来自网络,如有侵犯请联系客服。zhit326@126.com