23.09.2003/Andreas Steffen NDS_CRM_Security_1 Seite 1 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick NDS CRM.

Slides:



Advertisements
Ähnliche Präsentationen
Peter Marwedel TU Dortmund, Informatik 12
Advertisements

| DC-IAP/SVC3 | © Bosch Rexroth Pneumatics GmbH This document, as well as the data, specifications and other information set forth in.
You need to use your mouse to see this presentation © Heidi Behrens.
You need to use your mouse to see this presentation © Heidi Behrens.
You need to use your mouse to see this presentation © Heidi Behrens.
Universität StuttgartInstitut für Wasserbau, Lehrstuhl für Hydrologie und Geohydrologie Copulas (1) András Bárdossy IWS Universität Stuttgart.
Der formelle Imperativ – the Imperative
 Every part in a sentence has a grammatical function. Some common functions are: - Subject - Verb - Direct object / accusative object - Indirect object.
As of 1st July 2011 there will be no more "Wehrdienst" in Germany. It still has its place in the German constitution (Grundgesetz) but young men are no.
Institut für Angewandte Mikroelektronik und Datentechnik Phase 5 Architectural impact on ASIC and FPGA Nils Büscher Selected Topics in VLSI Design (Module.
Die Fragen Wörter Wer? Was? Wann?.
Synchronization: Multiversion Concurrency Control
SiPass standalone.
Stephanie Müller, Rechtswissenschaftliches Institut, Universität Zürich, Rämistrasse 74/17, 8001 Zürich, Criminal liability.
Ralf M. Schnell Technical Evangelist Microsoft Deutschland GmbH
Literary Machines, zusammengestellt für ::COLLABOR:: von H. Mittendorfer Literary MACHINES 1980 bis 1987, by Theodor Holm NELSON ISBN
Name: ___________________________________________ Hör verstehen: (______/10) Mark whether you hear a “du”, an “ihr” or a “Sie” command Wer sagt.
Welcome to Web Services & Grid Computing Jens Mache
3rd Review, Vienna, 16th of April 1999 SIT-MOON ESPRIT Project Nr Siemens AG Österreich Robotiker Technische Universität Wien Politecnico di Milano.
Physik multimedial Lehr- und Lernmodule für das Studium der Physik als Nebenfach Julika Mimkes: Links to e-learning content for.
Need: paper, coloured pens, glue, dwarf templates, dictionaries, adjective handout, judges hand out, blue tack For gallery – give students blue tack and.
The Journey to America… The Immigrant Experience.
COMMANDS imperative There are three command forms: formal familiar singular familiar plural.
COMMANDS imperative 1. you (formal): Sie 2. you (familiar plural): ihr
1 Konica Minolta IT Solutions Prinzip Partnerschaft MANAGED MONITORING ÜBERWACHJUNG DER SERVERINFRASTRUKTUR UND ANWENDUNGEN DIREKT AUS DER CLOUD.
Why Should You Choose ELeaP Learning Management System?
Gregor Graf Oracle Portal (Part of the Oracle Application Server 9i) Gregor Graf (2001,2002)
Rechtsanwältin Anneliese Büggel Tätigkeitsschwerpunkt Europäische Betriebsräte 1 THE EWC AND ITS RIGHTS International EWC-Workshop IG Metall February 2008.
EUROPÄISCHE GEMEINSCHAFT Europäischer Sozialfonds EUROPÄISCHE GEMEINSCHAFT Europäischer Fonds für Regionale Entwicklung Workpackage 5 – guidelines Tasks.
Kapitel 2 Grammar INDEX 1.Subjects & Verbs 2.Conjugation of Verbs 3.Subject Verb Agreement 4.Person and Number 5.Present Tense 6.Word Order: Position of.
Memorisation techniques
Company profile IME–GmbH Industrie Maschinen Ersatzteile Hohenheider Strasse 116, Wedemark GERMANY.
Here‘s what we‘ll do... Talk to the person sitting in front of you. Introduce each other, and ask each other questions concerning the information on your.
Der die das ein eine ein Wie sagt man “the” auf Deutsch? Wie sagt man “a” auf Deutsch?
Sven Koerber-Abe, 2015 Grammatik: können, wollen, möchten Grammatik: können, wollen, möchten.
Sven Koerber-Abe, 2015 Grammatik: müssen, dürfen Grammatik: müssen, dürfen.
Position Sven Koerber-Abe, 2015 ▪ ▪. in Der PC ist in ___ Box.
Die toten hosen German punk rock band since thirty years With many well known hits.
© 2012 IBM Corporation © 2013 IBM Corporation IBM Storage Germany Community Josef Weingand Infos / Find me on:
Standort assurance for companies Industrie- und Handelskammer Lippe zu Detmold 01. Juni 2010 Seite 1 What does the IHK do against the crisis?
Sven Koerber-Abe, 2016 Grammatik: Artikel (Zusammenfassung) Grammatik: Artikel (Zusammenfassung)
Essay structure Example: Die fetten Jahre sind vorbei: Was passiert auf der Almhütte? Welche Bedeutung hat sie für jede der vier Personen? Intro: One or.
LLP DE-COMENIUS-CMP Dieses Projekt wurde mit Unterstützung der Europäischen Kommission finanziert. Die Verantwortung für den Inhalt dieser.
Azure Countdown BSI Grundschutz und ISO27001: warum wir eigentlich kein Grundschutzzertifikat mehr brauchen.
Sentence Structure Questions
Premiere Conferencing GmbH
Freizeit Thema 5 Kapitel 1 (1)
you: ihr ( familiar plural ) you: du ( familiar singular)
Formation of Questions in German
Sentence Structure Connectives
Vorlesung Völkerrecht Diplomatischer Schutz
IETF 80 Prague DISPATCH WG
Grammatik: waren / hatten
Telling Time in German Deutsch 1 Part 1.
Get your Project started
Students have revised SEIN and HABEN for homework
Cluster Mapping A tool for regional and national policy makers
Welcome! Prepare for Day 1! Site Hamburg / Finkenwerder
Wie viel Uhr ist es? Telling Time.
ELECTR IC CARS Karim Aly University of Applied Sciences.
type / function / form type of words:
Official Statistics Web Cartography in Germany − Regional Statistics, Federal and European Elections, Future Activities − Joint Working Party meeting.
OFFICE 365 FOCUS SESSION SHAREPOINT ONLINE 101:LERNE DIE BASICS 19. März 2018 Höhr-Grenzhausen.
Integrating Knowledge Discovery into Knowledge Management
Quality assured by the ALL Connect project (2015)
Die tiere Share: Introduce the session and PDSA.
Grammatik: Position Sven Koerber-Abe, 2013.
Zhunussova G., AA 81. Linguistic communication, i.e. the use of language, is characteristically vocal and verbal behaviour, involving the use of discrete.
 Präsentation transkript:

/Andreas Steffen NDS_CRM_Security_1 Seite 1 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick NDS CRM Modul 3 Prof. Dr. Andreas Steffen © 2003 Zürcher Hochschule Winterthur E-Security und Datenschutz I Introduction

/Andreas Steffen NDS_CRM_Security_1 Seite 2 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Today's Agenda Security Goals Common Threats CRM and Privacy Security Policies

/Andreas Steffen NDS_CRM_Security_1 Seite 3 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I Security Goals

/Andreas Steffen NDS_CRM_Security_1 Seite 4 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Security Goals in e-Commerce: CIA + Privacy + Identity Confidentiality Sensitive company information and customer data must be protected from unauthorized access. Integrity Data must be protected from getting accidentally or mischievously changed either in its storage location or during transmission. Availability In a global business environment the server and communications infrastructure must be available on a 24/7 basis. Privacy The privacy rights of the customers must be protected. Collected personal data shall be used only for those purposes the customer agreed upon. Authentication In any electronic transaction the true identity of customers and company staff should be established. Non-Repudiation There should be a provable association between an electronic transaction and the person who initiated it.

/Andreas Steffen NDS_CRM_Security_1 Seite 5 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I Need for Confidentiality Threat by Foreign Governments

/Andreas Steffen NDS_CRM_Security_1 Seite 6 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Echelon – Global Eavesdropping Network Run by the National Security Agency (NSA) Monitoring of global satellite communications (phone, fax, ) Bad Aibling, Bavaria

/Andreas Steffen NDS_CRM_Security_1 Seite 7 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick

/Andreas Steffen NDS_CRM_Security_1 Seite 8 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Many Hops to traceroute to ( ) 1 is1-svn.zhwin.ch( ) Winterthur 2 intfw.zhwin.ch( ) ( ) ( ) 5 rtrZUSW1-A switch.ch( ) Zurich 6 swiEZ2-G6-1.switch.ch ( ) 7 swiIX1-G2-3.switch.ch ( ) 8 zch-b1-geth4-1.telia.net ( ) 9 ffm-bb2-pos0-3-1.telia.net ( ) Frankfurt 10 prs-bb2-pos0-2-0.telia.net ( ) Paris 11 ldn-bb2-pos0-2-0.telia.net ( ) London 12 nyk-bb2-pos6-0-0.telia.net ( ) New York 13 nyk-i1-pos2-0.telia.net ( ) 14 so edge1.NewYork1.Level3.net( ) 15 ge bbr2.NewYork1.level3.net( ) 16 unknown.Level3.net ( ) 17 gige7-0.ipcolo1.Washington1.Level3.net( ) Washington 18 unknown.Level3.net ( ) 19 gigabitethernet7-0.dca2c-fcor-rt2.netsrv.digex.net ( ) ( ) ( ) ( )

/Andreas Steffen NDS_CRM_Security_1 Seite 9 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Global Submarine Cable Map 2003 Cable tapping pod laid by US submarine off Khamchatka

/Andreas Steffen NDS_CRM_Security_1 Seite 10 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Known Cases of Industrial Espionage Airbus, 1994, fax and phone calls intercepted by NSA McDonnell-Douglas won 6 billion $US contract with Saudi Arabian national airline. Reason: Uncovering of bribes. ICE/TGV, 1993, phone and fax tapped in Siemens Seoul office Siemens lost contract for Korean high-speed train to GEC-Alsthom. Reason: Competitor knew cost calculations done by Siemens. Thomson-CSF, 1994, communications intercepted by NSA/CIA Thomson-CSF lost huge Brazilian rainforest radar contract to Raytheon. Reason: Uncovering of bribes. Estimated yearly damage due to industrial espionage 10 billion Euro p.a. for Germany alone Source: European Commission Final Report on ECHELON, July 2001

/Andreas Steffen NDS_CRM_Security_1 Seite 11 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I Need for Confidentiality Threat by Hackers

/Andreas Steffen NDS_CRM_Security_1 Seite 12 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick World Economic Forum 2001 in Davos Entire WEF database was stolen by hackers 161 Mbytes of data 27'000 names 1'400 credit card numbers phone numbers and home addresses

/Andreas Steffen NDS_CRM_Security_1 Seite 13 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Web Defacing

/Andreas Steffen NDS_CRM_Security_1 Seite 14 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Web Defacing Source: Ruben Kuswanto, "Web Defacing", February

/Andreas Steffen NDS_CRM_Security_1 Seite 15 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick WLAN War Driving

/Andreas Steffen NDS_CRM_Security_1 Seite 16 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick WLAN War Driving Map of Southern California mapped Access Points

/Andreas Steffen NDS_CRM_Security_1 Seite 17 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick WLAN War Driving Map of Zurich Source: Tages-Anzeiger, Oct >700 access points, a majority of them with disabled WEP encryption

/Andreas Steffen NDS_CRM_Security_1 Seite 18 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick WLAN War Driving using NetStumbler NetStumbler available from Laptop or PDA platform, optionally equipped with GPS device

/Andreas Steffen NDS_CRM_Security_1 Seite 19 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Cain Password Recovery Tool Cain available from ARP poisoning, SSH and HTTPS man-in-the-middle attacks

/Andreas Steffen NDS_CRM_Security_1 Seite 20 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Sniffing is easy!

/Andreas Steffen NDS_CRM_Security_1 Seite 21 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Network Setup default gateway :D0:03:22:7C:0A Target mobt6103e :C0:97:14:B8:71 Attacker usrw :02:B3:21:2C:8C Victim ZHW Netz Internet kermit :00:20:C3:CE:48 Destination EDU Netz Hostname IP network address MAC interface card address Switch

/Andreas Steffen NDS_CRM_Security_1 Seite 22 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I Need for Availability Threat by DoS Attacks

/Andreas Steffen NDS_CRM_Security_1 Seite 23 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Denial of Service (DoS) Attacks ping –c :36: pluto.zhwin.ch > : icmp: echo request 13:36: janus.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: labserver03.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: labserver01.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: is1-svn.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: notekgc.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: statler.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: andromeda.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: iplds2.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: milkyway.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: kermit.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: e520ks01.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: console.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: charly.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: > pluto.zhwin.ch: icmp: echo reply 13:36: splash.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: iplds1.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: twins.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: mac608.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: draco.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: inpc9.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: e321lj.zhwin.ch > pluto.zhwin.ch: icmp: echo reply 13:36: pmsrv.zhwin.ch > pluto.zhwin.ch: icmp: echo reply

/Andreas Steffen NDS_CRM_Security_1 Seite 24 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick DoS – Ping Attack with IP Spoofing Corporate Network Victim Internet Attacker pings to broadcast address of corporate network with spoofed source address of victim Firewall

/Andreas Steffen NDS_CRM_Security_1 Seite 25 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick State-of-the-Art Distributed DoS Attack Victim Internet Attacker Attacker feeds a virus e.g. via into the Internet Virus infects thousands of hosts and installs a Trojan horse On a given date all Trojans start flooding the Victim e.g. with HTTP requests

/Andreas Steffen NDS_CRM_Security_1 Seite 26 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I CRM and Privacy

/Andreas Steffen NDS_CRM_Security_1 Seite 27 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick CRM and Privacy Source: PriceWaterhouseCoopers, "Risks of Customer Relationship Management", ISACF, 2003 Trust A customer who trusts the organization to respect personal information is more likely to transact with the organization and to provide more information to allow the organization to service his/her need. Contrary Viewpoints: Marketers see enormous possibilities for targeted advertising and cross-selling. Privacy Advocates want organizations to collect minimal information, do as little as possible with that information, and ask for permission first. Regulators are looking at more effective enforcement. Lawyers juggle new compliance requirements and legal risks. Consumers are left wondering if they really have any privacy left at all.

/Andreas Steffen NDS_CRM_Security_1 Seite 28 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Risks jeopardizing Customer Privacy An organization risks violating the privacy of its customers in several of the following ways: Security Breaches Unintentional security breaches that allow unauthorized people to view personal information about customers. Faulty Authentication Failing to correctly authenticate customers before allowing them to access personal data. Missing or Unheeded Confidentiality Agreements Failing to secure confidentiality agreements with vendors that host parts of the system or have access to the data. Unsufficient Access Restrictions Failing to restrict employee access at the application or database level to prevent customer data being used in profiling or other marketing activities that breach the organization's privacy policy, e.g. failing to honor customer opt-outs. Source: PriceWaterhouseCoopers, "Risks of Customer Relationship Management", ISACF, 2003

/Andreas Steffen NDS_CRM_Security_1 Seite 29 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Conclusions Due to the large amount of personal data maintained by organizations implementing CRM strategies, the ease with which the data can be electronically transferred, and the threat to personal privacy if they are misused, … Source: PriceWaterhouseCoopers, "Risks of Customer Relationship Management", ISACF, 2003 … organizations must establish formal programs to address privacy in the context of CRM deployments. In order to be effective, these programs need executive support, appropriate resources and representation from a significant portion of the organization.

/Andreas Steffen NDS_CRM_Security_1 Seite 30 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick E-Security und Datenschutz I Security Policies

/Andreas Steffen NDS_CRM_Security_1 Seite 31 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Security Policies "There should be a commonly understood set of practices and procedures to define management's intentions for the security of e-Commerce." Deloitte&Touche, "E-Commerce Security – Enterprise Best Practices", ISACF, 2000

/Andreas Steffen NDS_CRM_Security_1 Seite 32 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Effectiveness of Security Policies Research has shown that there is only limited correlation between a written statement of policy and management's statisfaction with the attainment of its security objectives. The reason seems to be that so-called Internet time is too fast to merit taking the time to write down all the policies that have evolved. Overall information protection policies are required. Simply to address confidentiality, integrity and availablity (CIA) as they apply to e-Commerce is to miss the unique policy issues prescribed for doing business on the Internet. It appears that the highest level of satisfaction with security – policy, direction and enforcement – is achieved when many parties (e.g. sales, marketing, supply chain management, and information technology) are involved and responsible. Source: Deloitte&Touche, "E-Commerce Security – Enterprise Best Practices", ISACF, 2000, pp

/Andreas Steffen NDS_CRM_Security_1 Seite 33 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick The five Elements of Effective Security Policies Language Loosely constructed statements potentially lead to misinterpretations of the policies. The policies must be written such that expectations are clear. Feasability Policies must be reasonable and practical. If policies are not logical, or within reasonability, they may not be implemented. Responsibility Policies must clearly define who is responsible and to whom the policy applies. Consistency Inconsistent use of word and definitions can mislead the reader and potentially confuse the message of the policy. Examples include "data" vs. "information" and "approval" vs. "authorization". Comprehensive Gaps in the coverage of policies will discredit them. The policies must consider all aspects of information security and where possible, the policies should be linked to other corporate policies. Source: PriceWaterhouseCoopers, "Risks of Customer Relationship Management", ISACF, 2003

/Andreas Steffen NDS_CRM_Security_1 Seite 34 E-Security und Datenschutz Zürcher Hochschule Winterthur Modul 3 Technologie – Überblick Security Policies "Policies enable; they do not just deny." PriceWaterhouseCoopers, "Risks of Customer Relationship Management", ISACF, 2003

Feedback: Datenschutzbestimmungen Feedback
Über Projekt: SlidePlayer Nutzungsbedingungen

© 2024 SlidePlayer.org Inc. All rights reserved.