Explore the principles of technical analysis e-business security policies
Paper Keywords: e-commerce Information security, digital certificate protocol
Abstract: With the era of e-commerce, e-commerce security is a growing concern, especially the threat of network security incidents in recent years as a non-poor, become an obstacle to the development of e-commerce a big problem. Facing the security of e-commerce study of the threat analysis, the general principles of e-business security policies and use of the main techniques.
E-commerce security policy is the core asset of a comprehensive system of protection, constantly updated security of enterprise systems, enterprise systems to identify potential threats and vulnerabilities, identify, control and eliminate the activities of security risks of e-commerce security is relative, not absolute, can not believe that there is never compromised systems, of course, no matter what mode of e-commerce sites must take into account the safety of the system to pay for the costs and consumption costs. As a security system users must be taken into account all the factors the rational use of e-commerce Technology security policy, research and development as a system designer must also be designed taking into account the cost and price factors. Offensive and defensive counter-balance in the network era, it should be based on emerging safety issues to examine, evaluate and adjust the appropriate security policies, using current Technology appropriate means to achieve the purpose of enhancing the overall security of e-commerce brought hidden behind the huge business opportunities as an increasingly serious problem of e-commerce security, not only for the enterprise sector has brought huge economic losses, but also to social and economic security is threatened.
1 e-commerce security threats
In e-commerce environment in the operation, always faced with security threats, not only design, but more important is the management of vulnerability, but also people's behavior is inextricably linked to e-commerce is facing security threats can be divided into the following categories:
1.1 Information content is intercepted stolen
This type of threat occurs mainly due to the process of Information transmission encryption or security level is not enough, or through the Internet, telephone network and the flow of Information flow and other parameters of the analysis to steal useful Information.
1.2 way tamper with the information
Major damage to the integrity of information, through change, delete, insert and other means of information transmitted on the network way tampered with, and tampered false information sent to the receiving end.
1.3 impersonation
Establish and sellers of fake server names similar to the server, posing as sellers, to establish a false order transactions.
1.4 Transaction repudiation
Such as business-to-sell goods does not recognize the reasons for the original transaction price, the buyer signed the order because they later denied.
Competition in the industry by malicious 1.5
With industry buyers who use the name of commodity trading, secretly to understand trading processes, inventory, logistics situation.
1.6 e-commerce system security has been compromised
Criminals using illegal means to enter the system, change user information, the destruction of order information to generate false information.
2 e-commerce security policy principles
E-commerce security policy in current circumstances, the cost of inputs and efficiency to achieve the balance between reducing the e-commerce security threats, according to the different e-business network environment, using different security technologies to develop security policies in the development of security policy should follow the following general principles:
2.1 the principle of coexistence
Is a network security issue is affecting the entire life cycle of the operation of the network exist, so the security architecture design and network security needs should be considered consistent, if not in the beginning stages of website design to consider security measures, such as site and building after the change will spend more human and material resources.
2.2 The principle of flexibility
With the security policy to be able to network performance and security threats change, to adapt the system to timely and modify.
2.3 Risk analysis and the principle of balance between the cost
Any network, it is difficult to absolutely no security threat. On a network to conduct the actual analysis, and threats to the network and the possible risks to carry out a comprehensive quantitative and qualitative analysis of normative measures, and determine the system safety areas, so that the cost spent on network security and information security under the protection of the value of balance.
Principle and easy to use 2.4
Security policy implementation completed by hand, if the implementation process is too complicated, too much for the request, for their own safety is also a lower.
2.5 General principles
A good security policy is often used in the design of integrated application of the results of a variety of methods to systems engineering point of view, to analyze network security issues, it may be feasible and effective measures.
2.6 multi-layer protection principles
Any single security measures are not able to work independently, absolutely safe, there should be a complementary multi-system, then when the layer is broken, the other protective layer can still secure protection of information. Links to free download http : / / www.hi138.com 3 major e-commerce Technology security policy
3.1 firewall Technology
Firewall Technology is a protection of the local network and external network attacks against one of the important network security technology is to provide information security services, network information security infrastructure. In general can be divided into: a packet filtering firewall, application level gateway firewall, proxy-based firewalls and other types. firewalls have five basic functions:
(1 to resist external attacks,
(2 to prevent information leakage,
(3 network access and access control management,
(4VPN virtual private network capabilities,
(5 their resistance to attack.
Firewall security policy, there are two scenarios:
(1 contrary to allow access to services is prohibited,
(2 access services is not prohibited is allowed.
Most firewalls are a compromise between the two strategies to improve the security situation under the access efficiency.
3.2 Encryption
Encryption technology is the transmission of information in some way to disguise and hide its contents, but not a third party to obtain a method of its real content in e-commerce process, the use of encryption technology to hide information, and then hidden information transmission out, so even if the information transmission process in the theft, illegal interception were also unable to understand the information content, thereby ensuring the exchange of information in the course of security, authenticity, security policies can be effective for the help.
3.3 Digital Signature Technology
Refers to encrypt files on the basis, in order to prevent the transmission of files to change the course of destruction, and to determine the identity of the sender of the means adopted in e-commerce security occupies a particularly important role to solve the trade process authentication, content integrity, non-repudiation and other issues. digital signature process: the original sender first generates a summary by the Hash algorithm and the sender's private key encryption to generate digital signatures to send to the recipient, the recipient with the sender's public key to decrypt to get the sender's message digest, the final recipient will receive the original Hash algorithm used to generate the summary, with the sender of the summary for comparison.
3.4 Digital Certificate Technology
Digital certificates are a series of network user identity information data, issued by a third party impartial body to digital certificate-based encryption technology to ensure that information transmitted over the Internet of information confidentiality, integrity and authenticity of transactions, non-repudiation, provide security for e-commerce Standard digital certificate contains: the version number, signature algorithm, serial number, issuer name, effective date, subject public key information, issuer unique identifier, subject unique identifier and so on. a reasonable security policy without the support of digital certificates.
3.5 security protocol technology
Security protocol can transmit information in the transaction process to provide strong protection now common security policy for e-commerce agreement provided the main e-commerce payment security protocol, communication security protocol, three types of e-mail security protocol. For e-commerce The main security protocols, including: communication over a secure SSL protocol (Secure Socket Layer, credit card secure SET protocol (Secure Electronic Transaction, commerce and trade security Hypertext Transfer Protocol (S-HTTP, InternetEDI electronic data interchange protocols and e-mail security protocol S / MIME and PEM and so on.
4 Conclusion
In the process of rapid development of e-commerce, e-commerce security more important proportion. In e-commerce security policy, is intended to reduce security threats by the e-commerce transactions to bring the concerns of people in order to promote the advance of e-commerce . to lift the doubts of the method, dependent on the formulation of security policy and the main principles of continuous development and improvement of technology.
References
[1] Tian Pei. On the development of e-business security strategy [J]. The knowledge economy, 2010, (2.
[2] as the first charismatic • Abudu Abdurixit Computer network security countermeasures research [J]. Science and Technology Information (academic research, 2008, (10.
[3] Chen Wei E-commerce Security Strategies of [J]. Intelligence, 2009, (11.
[4] Cheng Xingguo. An effective e-business security policies [J]. Modern shopping malls, 2007, (2.
[5] square value. Analysis of e-business security policies [J]. Computer Knowledge and Technology (Academic Exchange, 2007, (10 Links to free download http://www.hi138.com
Newest Research Papers
- Newest
- E-commerce Papers
- The rise of the Internet era to create a large network of integrated marketing value
- 2011 inventory of Chinese high-end liquor fatal short board and coping strategies
- Three-step Internet marketing is vital to every detail
- Incentives for commercial banks to discuss the management
- EVA on the impact of financial ratios to write papers _ Network _ net _ to write thesis papers Network
- For a number of biological assets accounting seminar
- The complexity of the accounting system and analysis of ideas
- "West River Economic Belt" building system and practice of monetary policy mechanism analysis
- Comprehensive evaluation of the evidence of earnings management analysis
- After the financial crisis on the global convergence of accounting standards and Enlightenment
- Analysis of accounting earnings quality dimensions: a theoretical framework
- Our analysis of corporate accounting risk transfer mechanism
- Analysis of protection of water resources and promote sustainable use of water resources
- Discussion on the Guanzhong - Tianshui economic analysis of the integrated development of Tourism
- On strengthening and improving ideological and political education
MOST POPULAR E-commerce Papers
- 24Hours
- 7Days
- 30Days
- How to write a research paper?
- Hangzhou guide the work on the practice patterns of family education
- The quality of the military training of medical students
- "West River Economic Belt" building system and practice of monetary policy mechanism analysis
- Regarding the development of female entrepreneurship education students to write papers of significa
- The complexity of the accounting system and analysis of ideas
- Comprehensive evaluation of the evidence of earnings management analysis
- Liu Chang on: ordinary and great audio-visual pioneer
- Party Expo volunteer work during the student to write papers mechanism _ Network
- On the development of audio-visual promotion of school education reform _ paper to write network
- Discussion on the Guanzhong - Tianshui economic analysis of the integrated development of Tourism
- Stressors on ICU nurses and Countermeasures
- Students on full play the main role in the teaching of English
- About Vocational School of Health to develop education and training
- Amy Tan novel about mother-daughter relationship between culture _ paper to write network
- Hangzhou guide the work on the practice patterns of family education
- On the new curriculum of high school language teaching
- On Quju "lone elm house"
- On how sports psychology in the formation of child health
- Treatment of cervical scraping rubbing on back muscle strain of the clinical experience
- On the primary language curriculum reform humble opinion
- On the secondary school mathematics teaching poor students into thinking about the problem
- Stressors on ICU nurses and Countermeasures
- Students on full play the main role in the teaching of English
- About Vocational School of Health to develop education and training
- How mathematics teaching in primary schools to implement quality education
- Psychological Contract Perspective counselor burnout causes and Countermeasures
- Amy Tan novel about mother-daughter relationship between culture _ paper to write network
- On patients in rural junior high school chemistry experiment on the use of resources
- On the water project's construction cost control measures On the _ papers to write network
- Production of fine chemicals on vocational curriculum integration and reconstruction process