E-commerce refers to the government, businesses and individuals to use modern computer and network technology to achieve commercial exchange and administrative management of the entire process; it is an Internet-based, with both parties as the main bank electronic payment and settlement as a means to customers data as the basis of the new business model. Essence is to create a whole society "network computing environment," or "digital nervous system" in order to achieve the information resources in the national economy and public life in the full range of applications.
First, from a security point of view, the status of e-commerce
1 network and information security in the world has not yet formed a complete system, China is no exception.
电子商务是指政府、企业和个人利用现代电子计算机与网络技术实现商业交换和行政管理的全过程;它是一种基于互联网,以交易双方为主体,以银行电子支付和结算为手段,以客户数据为依托的全新商务模式。本质是建立一种全社会的“网络计算环境”或“数字化神经系统”,以实现信息资源在国民经济和大众生活中的全方位应用。
(2) the strength of security technology in general is not enough. Relevant foreign e-commerce security technology, although its structure or encryption technology so good, but by the foreign password policy restrictions, thus strength generally enough.
2.安全技术的强度普遍不够。国外有关电子商务的安全技术,虽然其结构或加密技术等都不错,但受到了外国密码政策的限制,因此强度普遍不够。
3 safe management of e-commerce sites there is a big risk, generally difficult to withstand hacker attacks.
电子商务网站的安全管理存在很大隐患,普遍难以经受黑客的攻击。
4 E-commerce confined to the field of business information and no real depth field of electronic commerce, the presence of these factors will affect the further development of electronic commerce.
Second, the e-commerce security requirements http://www.ukassignment.org/mgessaydx/
From the traditional business and e-commerce to the different characteristics of view, to meet the security requirements of e-commerce, at least the following issues need to be addressed:
1 parties to the transaction before the transaction identity authentication issues. E-commerce is built on the Internet platform virtual space business activities, transactions between the parties only through the data, signs, signals, etc. to judge and choose the specific business practices also rely on electronic signals and data exchange, trading parties Business can no longer use the traditional method to protect the security of transactions.
(2) the transaction legal effect of electronic contracts and the integrity of the confidentiality issues.
3 transactions evidential problems of electronic records. In common law, the hearsay rule limiting the probative value of electronic records. In China, the procedural law did not probative of electronic records make it clear that not even singled out as evidence of its kind.
Third, the network security technology and Solutions
Computer network security features for computer network security problems that may exist in itself, the implementation of enhanced network security solutions to ensure the security of computer networks as the goal itself. The problems are:
1 is not operating system-related security configuration. Regardless of what operating system is installed in the default condition will be some security issues, specifically for the operating system only for safety-related and strict security configuration, in order to achieve a certain degree of safety. Do not think that the default operating system installed, matched with a strong password system even as safe.
(2) have not been CGI program code auditing. If the problem is generic CGI, but also to prevent it a little bit easier, but for websites or software vendor specifically developed some of the CGI program, a lot of CGI serious problems for e-commerce sites, there will be a malicious attacker impersonation account for online shopping and other serious consequences.
3 Denial of Service (DoS, Denial of Service) attacks. With the emergence of electronic commerce, the site increasingly demanding real-time, DoS or DDoS growing threat of the site. Paralysis of network attacks targeted results than any conventional way of terrorism and war have to be more intense, more destructive, harmful faster, wider range, and the attackers own risk is very small, even before the start of the attacks could have disappeared without a trace, so that the other did not implement the possibility of retaliatory strikes.
4 safety products used improperly. Although many websites use some network security devices, but the product itself due to security issues or use of these products did not play its due role. Many security vendors for staffing technical background demanding than for ordinary network management personnel of the technical requirements, even in the first manufacturers to the user doing the right to install, configure, but once the system changes, the need to change-related security products When set, it is prone to many security problems.
5. Lack of strict network security management system. Network security The most important thing is to ideologically attached great importance to the internal LAN security website or need a complete security system to protect. Establish and implement strict security system and computer network strategy is truly the foundation of network security.
Analysis of computer network security problems I have put forward ideas to solve: 1. Strengthen the security of the host itself, good security configuration, timely install security patches, to reduce vulnerability.
(2) use a variety of system software vulnerability detection system periodically scans the network analysis to identify potential security risks, and promptly repaired.
3 users at all levels from the router to establish a perfect access control measures, install a firewall to strengthen authorization management and certification.
4 Use RAID5 data storage technologies such as data backup and recovery measures to strengthen.
5 to sensitive equipment and data to establish the necessary physical or logical isolation measures.
6 for the public network to be sensitive information transmitted data encryption strength.
7. Establish detailed security audit log, in order to detect and track intrusion attacks.
Fourth, the security problems facing e-commerce transactions and Solutions
General business security in the prevalence of the following security risks:
1 steal information. With no encryption, data on the network in clear text transmission, the intruder in the data packets through a gateway or router can intercept information transmitted. Through multiple theft and analysis can be found in the rules and format of the information, and then transfer the content of information obtained, resulting in leakage of information transmitted over the Internet.
2 tampered information. When an intruder mastered the format and rules of information, through a variety of technical means and methods, the information transmitted on the network to modify the data in the middle, and then sent to the destination. This approach is not new, the router or gateway can do this kind of work.
3 counterfeiting. Because master data format, and can be tampered with through the information, an attacker could impersonate legitimate users to send fake information, or take the initiative to obtain information, and the remote user is often difficult to distinguish.
4 vandalism. Since the attacker can access the network, you could modify the information in the network, the master online confidential information, or even sneak into the internal network, the consequences are very serious.
E-commerce transaction security problems facing the solution I propose ideas:
1 Some informed (Partial Order): namely online transactions will be the most critical data such as credit card numbers and transaction amounts, etc. omitted, then use the phone to tell, to prevent leaks.
2 separate confirmation (Order Confirmation): ie when transaction information transmitted over the Internet, then use e-mail confirmation of the transaction done only considered valid.
3 Establish effective security trading standards and technologies: such as now established the Secure Hypertext Transfer Protocol (S-HTTP), Secure Sockets Layer protocol (SSL), Secure Transaction Technology Agreement (STT, Secure Transaction Technology) and so on.
4 Digital Certification: digital authentication information available electronically certify the identity of the sender and recipient, file integrity, and even the validity of the data media.
5 encryption technology: to ensure the safety of e-commerce the most important point is the use of encryption technology to encrypt sensitive information.#p#分页标题#e#
6 Electronic Certification Authority (CA, Certificate Authority) is the smooth implementation of online e-commerce secure payment premise to establish a secure authentication center (CA) is the central link in e-commerce.
V. Conclusion
E-commerce has developed rapidly in recent years, our country, but the security has not been established. This has an impact on the development of electronic commerce as an obstacle. To this end, we must accelerate the construction of the e-commerce security system. This will be a comprehensive, systematic project involving the whole society. Specifically, we want legal recognition of electronic communications records the effectiveness of e-commerce in order to give legal protection; we need to strengthen the study of electronic signatures, e-commerce technology to protect; we need to build e-commerce certification system as soon as possible, to organize protection for e-commerce. Moreover, for the e-commerce features without borders, we should also strengthen international cooperation to make e-commerce really play its due role. Only by doing so can we adapt to the times, and promote China's economic development; also is the only way that we can in the economic globalization today, to participate in international competition, and thus gain a competitive advantage.
|