Information security related technologies

The safety products that are popular in the market and can represent the future development direction can be roughly divided into the following categories:

User identity authentication: it is the first door of security and the premise that all kinds of security measures can play a role. Identity authentication technology includes: static password, dynamic password (SMS password, dynamic password card, mobile phone token), USB KEY, ic card, digital certificate, fingerprint iris, etc.

◆ Firewall: A firewall can be said to be an access control product in a sense. It sets up a barrier between the internal network and the unsafe external network to prevent illegal access to internal resources from the outside and unsafe access from the inside to the outside. The main technologies are packet filtering technology, application gateway technology and proxy service technology. Firewall can effectively prevent hackers from using unsafe services to attack the intranet, and can realize the functions of monitoring, filtering, recording and reporting the data flow, and better cut off the connection between the intranet and the external network. But it may have its own security problems, or it may be a potential bottleneck.

◆ Network security isolation: There are two ways of network isolation, one is through isolation card, and the other is through network security isolation gateway. Isolation cards are mainly used to isolate single machines, and gateways are mainly used to isolate the whole network. The difference between the two can be found in resources. The difference between network security isolation and firewall can be found in resources.

◆ Secure router: Because WAN connection requires special router equipment, network transmission can be controlled through the router. Access control list technology is usually used to control network information flow.

◆ Virtual private network (VPN): Virtual private network (VPN) is to realize the interconnection between two or more trusted intranets by using data encryption technology and access control technology on the public data network. The construction of VPN usually needs to use a router or firewall with encryption function to realize the reliable transmission of data on public channels.

◆ Security server: The security server mainly aims at the security of information storage and transmission in a LAN, and its functions include the management and control of LAN resources, the management of users in the LAN, and the audit and tracking of all security-related events in the LAN.

Electronic Certification Authority-CA and PKI products: As the third party of communication, electronic certification authority (CA) provides reliable certification services for various services. CA can issue electronic visa certificates to users, and provide users with membership authentication, key management and other functions. PKI products can provide more functions and better services, and will become the core component of computing infrastructure for all applications.

◆ Security management center: Because there are many security products on the Internet and they are distributed in different places, it is necessary to establish a centralized management mechanism and equipment, namely the security management center. Used to distribute keys to network security devices, monitor the running status of network security devices and collect audit information of network security devices.

◆ Intrusion Detection System (IDS): As an effective supplement to traditional protection mechanisms (such as access control and identity identification), intrusion detection forms an indispensable feedback chain in information systems.

◆ Intrusion Prevention System (IPS): As a good supplement to IDS, intrusion prevention is a computer network hardware that plays an important role in the development of information security.

◆ Secure database: As a large amount of information is stored in the computer database, some information is valuable and sensitive and needs to be protected. A secure database can ensure the integrity, reliability, effectiveness, confidentiality, auditability, access control and user identification of the database.

◆ Secure operating system: provides a secure operating platform for key servers in the system, and constitutes a secure WWW service, a secure FTP service, a secure SMTP service, etc. , and as a solid foundation for various network security products to protect their own security.

◆DG figure document encryption: it can intelligently identify the confidential data running by the computer and automatically and forcibly encrypt all confidential data without manual participation. It embodies that everyone is equal before security. Solve the information leakage from the root

The mainstream technologies in the information security industry are as follows: 1, virus detection and removal technologies 2. Security protection technologies include network protection technologies (firewall, UTM, intrusion detection and defense, etc.). ); Application protection technology (such as application program interface security technology, etc.). ); System protection technologies (such as tamper prevention, system backup and recovery technologies, etc.). ), which is related to preventing external users from entering the internal network through illegal means, accessing internal resources and protecting the operating environment of the internal network. 3. Security audit technology includes log audit and behavior audit. Log audit helps administrators to check network logs after being attacked, so as to evaluate the rationality of network configuration and the effectiveness of security policies, trace and analyze the trajectory of security attacks, and provide means for real-time defense. By auditing the network behavior of employees or users, we can confirm the compliance of behavior and ensure the compliance of information and network use. 4. Security detection and monitoring technology can detect the traffic and application content in the information system from two to seven levels, and properly supervise and control it to avoid the abuse of network traffic, the spread of junk information and harmful information. 5. Decryption and encryption technology encrypts and decrypts information data in the process of transmission or storage of information system. 6. Identity authentication technology is used to determine the legitimacy of the identity of users or devices accessing or interfering with information systems. Typical means include user name and password, identification, PKI certificate and biometric authentication.

information security service

Information security service refers to the professional information technology services provided to ensure the integrity, confidentiality and availability of information and information systems, including consulting, integration, supervision, evaluation, certification, operation and maintenance, auditing, training and risk assessment, disaster recovery and backup, emergency response, etc. Information security can be established, and effective technology and management measures can be adopted to protect computer hardware, software, data and applications in computer information systems and networks from accidental or malicious reasons.

A safe and effective computer information system can support the four core security attributes of confidentiality, authenticity, controllability and availability at the same time, and the basic goal of providing information security service is to help the information system realize all or most of the above contents. E-commerce security can be divided into two parts as a whole: computer network security and business transaction security.

(1) The contents of computer network security include:

(1) Do not perform security configuration related to the operating system.

No matter what operating system is adopted, there will be some security problems under the default installation conditions. Only by carrying out relevant and strict security configuration for the security of the operating system can we achieve a certain degree of security. Don't think that it is safe to install the operating system by default with a strong password system. Vulnerabilities and "backdoors" of network software are the first choice targets of network attacks.

(2) No CGI program code audit.

If it is a general CGI problem, it is a little easier to prevent it. However, many websites or CGI programs specially developed by software vendors have serious CGI problems. For e-commerce websites, there will be serious consequences such as malicious attackers using other people's accounts for online shopping.

(3) Denial of service (DoS) attack.

With the rise of e-commerce, the real-time requirements of websites are getting higher and higher, and the threat of DoS or DDoS to websites is increasing. Attacks aimed at network paralysis are more effective, more destructive, faster and wider than any traditional means of terrorism and war, but the attacker's own risk is very small, and even disappears without a trace before the attack begins, making it impossible for the other party to retaliate.

(4) improper use of safety products

Although many websites have adopted some network security devices, these products have not played their due role due to their own problems or usage problems. Many security vendors' products require high technical background of configuration personnel, which exceeds the technical requirements of ordinary network management personnel. Even if the manufacturer initially installed and configured the users correctly, once the system changes, when the settings of related security products need to be changed, many security problems will easily occur.

(5) Lack of strict network security management system.

The most important thing about network security is to attach great importance to it ideologically. The internal security of a website or LAN needs a complete security system to guarantee it. Establishing and implementing a strict computer network security system and strategy is the basis for truly realizing network security.

(two) the contents of computer business transaction security include:

(1) Stealing information

Because no encryption measures are taken, data information is transmitted in clear text on the network, and intruders can intercept the transmitted information on the gateway or router where the data packet passes. Through stealing and analyzing for many times, we can find out the rules and formats of information, and then get the content of transmitted information, which leads to the leakage of information transmitted on the network.

(2) Tampering with information

After mastering the format and rules of information, intruders modify the information data transmitted on the network in the middle, and then send it to the destination through various technical means and methods. This method is not new, and this work can be done on the router or gateway.

(3) Forgery

Because of mastering the data format and tampering with the transmitted information, attackers can pretend to be legitimate users to send false information or take the initiative to obtain information, which is usually difficult for remote users to distinguish.

(4) Malicious destruction

Because the attacker can access the network, he may modify the information in the network, master the confidential information on the network, and even sneak into the network, with very serious consequences. An important technical feature of e-commerce is the use of computer technology to transmit and process business information. Therefore, the countermeasures of e-commerce security problems can be divided into two parts: computer network security measures and business transaction security measures.

1. Computer network security measures

Computer network security measures mainly include three aspects: protecting network security, protecting application service security and protecting system security. All aspects should be combined with physical security, firewall, information security, Web security, media security and so on.

(1) Protect network security.

Network security is to protect the security of communication process between network-side systems of all business parties. Ensuring confidentiality, integrity, authentication and access control is an important factor in network security. The main measures to protect network security are as follows:

(1) Overall plan the security strategy of the network platform.

(2) Formulate network security management measures.

(3) Use a firewall.

(4) Record all activities on the network as much as possible.

(5) Pay attention to the physical protection of network equipment.

(6) Test the vulnerability of the network platform system.

(7) Establish a reliable identification and discrimination mechanism.

(2) Protect application security.

Protecting application security mainly refers to the security protection measures established for specific applications (such as Web servers and online payment special software systems), which are independent of any other security protection measures of the network. Although some protection measures may be the substitution or overlap of network security services, such as the encryption of network payment and settlement packets by Web browsers and Web servers at application level, all of which are IP layer encryption, many applications have their own specific security requirements.

Because the application layer in e-commerce has the strictest and most complicated requirements for security, it is more inclined to take various security measures at the application layer than at the network layer.

Although the security of network layer still has its special position, people can't rely on it to solve the security problem of e-commerce application. Security services on the application layer can involve authentication, access control, confidentiality, data integrity, non-repudiation, Web security, EDI and network payment.

(3) Protect system security.

Protecting system security refers to security protection from the perspective of the overall e-commerce system or online payment system, which is interrelated with the hardware platform, operating system and various application software of the network system. System security involving online payment and settlement includes the following measures:

(1) Check and confirm unknown security vulnerabilities in installed software, such as browser software, e-wallet software, payment gateway software, etc.

(2) The combination of technology and management makes the system have the minimum penetration risk. If the connection is allowed after multiple authentications, all the access data must be audited and the system users must strictly manage it.

(3) Establish detailed security audit logs to detect and track intrusion attacks.

The security of business transactions closely revolves around various security issues arising from the application of traditional business on the Internet. On the basis of computer network security, how to ensure the smooth progress of e-commerce process.

All kinds of business transaction security services are realized through security technology, mainly including encryption technology, authentication technology and e-commerce security protocol.

(1) encryption technology.

Encryption technology is a basic security measure adopted in e-commerce, and both parties can use it in the information exchange stage as needed. Encryption technology is divided into two categories, namely symmetric encryption and asymmetric encryption.

(1) symmetric encryption.

Symmetric encryption is also called private key encryption, that is, the sender and receiver of information use the same key to encrypt and decrypt data. Its biggest advantage is its fast encryption/decryption speed, which is suitable for encrypting a large number of data, but the key management is difficult. If both parties can ensure that the private key is not leaked in the key exchange stage, then the confidentiality and message integrity can be realized by encrypting the confidential information by this encryption method and sending the message digest or message hash value with the message.

(2) Asymmetric encryption.

Asymmetric encryption, also known as public key encryption, uses a pair of keys to complete the encryption and decryption operations respectively, one of which is publicly released (that is, the public key) and the other is kept by the user himself in secret (that is, the private key). The process of information exchange is: Party A generates a pair of keys and discloses one of them to other parties as a public key. Party B who obtained the public key encrypts the information and sends it to Party A, and Party A decrypts the encrypted information with its own private key.

(2) Authentication technology.

Authentication technology is a technology to prove the identity and file integrity of the sender and receiver by electronic means, that is, to confirm that the identity information of both parties has not been tampered with during transmission or storage.

(1) digital signature.

Digital signature, also known as electronic signature, can play the role of authentication, approval and entry into force of electronic documents just like presenting handwritten signature. The realization method is to combine hash function with public key algorithm. The sender generates a hash value from the message body and encrypts the hash value with his own private key to form the sender's digital signature. Then, the digital signature is sent to the receiver of the message together with the message as an attachment of the message; The receiver of the message first calculates the hash value from the received original message, and then decrypts the digital signature attached to the message with the public key of the sender;

(2) Digital certificate.

A digital certificate is a file digitally signed by a certificate authority, which contains information about the owner of the public key and the public key. The main components of a digital certificate include the user's public key, the user identifier of the key owner and the trusted third-party signature. The third party is generally a certification authority (CA) trusted by users, such as government departments and financial institutions. The user submits his public key to the public key certificate authority in a secure way and obtains the certificate, and then the user can disclose the certificate. Anyone who needs the user's public key can get this certificate and verify the validity of the public key through the relevant trust signature. Digital certificate provides a way to verify the identity of the other party through a series of data that marks the identity information of each party in the transaction, and users can use it to identify the identity of the other party.

(3) the security protocol of e-commerce.

In addition to the various security technologies mentioned above, there is also a set of security protocols for e-commerce operation. The more mature protocols are SET, SSL and so on.

(1) Secure Sockets Layer Protocol SSL.

SSL protocol is located between the transport layer and the application layer, and consists of SSL recording protocol, SSL handshake protocol and SSL alarm protocol. SSL handshake protocol is used to establish security mechanism before client and server actually transmit application layer data. When the client communicates with the server for the first time, the two parties agree on version number, key exchange algorithm, data encryption algorithm and hash algorithm through handshake protocol, and then verify each other's identities. Finally, the negotiated key exchange algorithm is used to generate a secret information that only two parties know. According to this secret information, the client and the server generate data encryption algorithm and hash algorithm parameters respectively. SSL recording protocol encrypts and compresses the data sent by the application layer according to the parameters negotiated by SSL handshake protocol, calculates the message authentication code MAC, and then sends it to the other party through the network transport layer. SSL alert protocol is used to transmit SSL error information between client and server.

(2) Secure electronic transaction protocol set.

SET protocol is used to divide and define the rights and obligations among consumers, online merchants, banks and credit card organizations in e-commerce activities, and gives the standard of transaction information transmission process. SET mainly consists of three files, namely, SET business description, SET programmer's guide and SET protocol description. SET protocol ensures the confidentiality, data integrity and identity legitimacy of e-commerce system.

SET protocol is specially designed for e-commerce system. It is located in the application layer, and its authentication system is perfect, which can realize multi-party authentication. In the implementation of SET, consumer account information is confidential to the merchant. However, the SET protocol is very complicated, and the transaction data needs to be verified many times, using multiple keys and encrypting and decrypting many times. Besides consumers and merchants, there are other participants in the SET protocol, such as issuers, acquirers, authentication centers, payment gateways, etc. Information security engineering supervision is to provide information security service for the owner in the development and procurement stage and delivery and implementation stage of information security engineering. Mainly in the project preparation stage, project implementation stage and project acceptance stage, through quality control, schedule control, contract management, information management and coordination, within a certain cost range, according to the scientific and standardized process to complete the information security project, to achieve the expected information security objectives of the project.

The information security engineering supervision mode of information security engineering supervision consists of three parts, namely, the supporting elements of consulting supervision (organizational structure, facilities and equipment, safety knowledge and quality management), the process and control management measures of supervision consulting stage ("three controls, two pipes and one coordination", namely, quality control, schedule control, cost control, contract management, information management and organization and coordination).