Network Security Seminar on e-commerce development and Countermeasures

Abstract: Economic globalization, e-commerce to become a major force in global Economic development. With the continuous development of computer networks, network security has become an important issue, but also seriously interfere with the development of electronic commerce, this paper analyzes the current security issues, and comprehensive set of e-commerce security issues to resolve various technical means.

Keywords: electronic commerce; network; security technology

In recent years, computer networks and Information technology is developing rapidly, driven e-commerce industry to promote e-commerce activities touch out into all areas of life, such as virtual enterprises, virtual banking, online shopping, online marketing, online payment and online advertising some new business and being recognized by people familiar with e-commerce has changed the traditional business mode of operation, as a new business application model, which greatly improves work efficiency while reducing transaction costs. However, the openness of the Internet and natural vulnerability, network security issues become a bottleneck restricting the development of electronic commerce, so to build a secure and reliable business platform, e-commerce development to become the key issue.

A, e-commerce security issues facing
E-commerce activities in large amounts of data transmission and storage, data transfer rely on Internet technology, the Internet is a natural weak and insecure networks, data loss and easily intercepted, while the data is stored mainly rely on database technology, database is illegal molecule is often the object of the invasion and destruction, so the network communication security and database security, e-commerce the main problems facing long-term.

1 database security. Enterprises in e-commerce activities generate large amounts of data in their important support for ongoing operations, product data, customer relationship management are related to the large data base. Using the popular relational database for data storage and management is necessary to choose e-commerce businesses, but hackers have never stopped the attack on the enterprise database, once they steal to the enterprise database access rights, management rights, they can get the data they want, or even tamper with or remove these For business-critical data.

(2) network communications security. Data transmission easily lost, damaged or hackers tampering, theft, so we must first ensure the safety and reliability of communication lines, using the stable performance of the equipment and more powerful software to ensure the stability of transmission, followed in order prevent hacker attacks, such as Trojans, viruses and other programs, again using data encryption during transmission and digital signature technology to protect data security.

Second, e-commerce security policy
1 Virtual Private Network (VPN)
Because TCP / IP protocol insecurity of e-commerce safe and effective authentication mechanism, authenticity is not guaranteed; lack of confidentiality mechanism, online data privacy can be protected; can not provide on-line data stream integrity protection and other issues Therefore, commonly used in e-commerce VPN technology, network traffic through encryption and authentication to protect the private Information transmitted over public networks, and will not be stolen or tampered with for users, as their own private network using the same .

(2) encryption (Encryption) technology

Encryption technology is a major e-commerce security measures taken, is the most common security tools, the use of technology to the important data into a garbled (encrypted) transmission, the destination and then use the same or different means of reduction (decryption) . encryption technology includes two elements: algorithms and key the algorithm is the plain text (or understandable Information) and a channeling number (key) combination to produce the ciphertext can not understand the steps, the key is to the data encoding and decoding of an algorithm in the security, the encryption key through the appropriate technology and management mechanisms to ensure Information and communication network security. Key encryption techniques are divided into symmetric key cryptography and asymmetric key system, system two. Accordingly, the data encryption technology is divided into two categories, namely symmetric encryption (private key encryption) and asymmetric encryption (public key encryption). Symmetric encryption to the data encryption standard (DES, Data Encryption Standard) algorithm is a typical representative, usually asymmetric encryption RSA (Rivest Shamir Ad1eman) algorithm is represented. Symmetric encryption the same encryption and decryption keys, the encryption key instead of symmetric encryption and decryption key is different encryption key can open and decrypt the keys to be kept confidential.

3 digital envelope technology
Digital envelope using a single key cryptosystem and public-key cryptosystem. Sender first use of randomly generated symmetric key encrypted Information, then the recipient's public key encryption using symmetric cryptography, public key encryption is called symmetric after digital envelope. the receiving party to decrypt the information, you must first use their own private key to decrypt the digital envelope, to be symmetric, and then use symmetric encryption to decrypt the information received, thus ensuring the authenticity and integrity of data transmission.

4 authentication technology
CA certificate it for e-commerce environment, digital certificates issued by various entities, to prove the authenticity of the entities, and is responsible for inspection and management in the transaction certificate is e-commerce and online banking operation, has the authority, may reliability and fairness of the third party, such as China Financial Certification Authority (CFCA).

Links to free download http://www.hi138.com related authentication technologies including digital signatures and digital certificates A digital signature is the private key of the user with their own summary of the original hash to encrypt the data from the data. Message recipient using the sender's public key to decrypt the digital signature to obtain the hash summary and will receive the raw data generated to obtain the hash with the hash summary Abstract contrast, can be sure that the original message has been tampered with , thus ensuring non-repudiation of data The digital certificate is all kinds of entities (the cardholder / personal, business / enterprise gateway / banks, etc.) on the Internet for information exchange and business activities, identification, electronic all aspects of the transaction, parties to the transaction are required to verify the validity of other certificates, mutual trust so as to solve the problem. certificate is a certificate by the certificate contains the public key digital signature and public key information about the owner of the file. 5 firewall technology
Firewall is installed in different networks (such as a trusted internal network and the untrusted public network) or a series of network security domains of the assembly of components which are different networks or network security information between domains only entrance , according to corporate security policy control (allow, deny, monitor) access to network information flow, and itself has a strong anti-attack capability. It is to provide information security services, network and information security infrastructure. Logically, a firewall is a separator, a limiter, but also a parser to effectively monitor the internal network and the Internet between any of the activities to ensure internal network security.

III Conclusion
Information security is the key to survival and development of e-commerce elements, with the continuous development of information technology, technology, e-commerce platform security and management strategy will continue to improve and perfect. The security of e-commerce activities carried out, just from a technical point of view prevention is not enough, you must complete e-commerce laws and policies to guide and promote the right e-commerce in China, rapid and healthy development of China's popular e-commerce at an early stage, requires the Government to strengthen e-commerce research, establish and regulate e-commerce legal framework to promote e-commerce to achieve open, rationalize, legitimize. The company must also all employees of its internal information security awareness education, to fully understand the information security activities on the importance of e-commerce business, professionals must also be the site safety analysis, risk assessment in operational efficiency based on the analysis to develop a comprehensive, rigorous security solutions. and for e-commerce activities in the presence of insecurity to take appropriate preventive measures, such as hardware, power failure can be resolved by setting the uninterruptible power supply, software vulnerabilities can be targeted set to close. With the invention of new technologies and applications, e-commerce security issues exist in the communication and data storage security issues will be resolved in the network, there is no absolute safety is only relative safety, as long as the company has to adopt new technologies, and active protection against the latest Internet threats and attacks, e-commerce will bring business benefits far beyond its risks.

Links to free download http://www.hi138.com