Traditional Culture Encyclopedia - Traditional virtues - Security Countermeasures for Network Security Technology

Security Countermeasures for Network Security Technology

An important technical feature of e-commerce is the use of computer technology to transmit and process business information. Therefore, the countermeasures for e-commerce security issues can be divided into two major parts: computer network security measures and business transaction security measures.

1. Computer Network Security Measures

Computer network security measures mainly include the protection of network security, the protection of application service security and the protection of system security in three aspects, all aspects of the combination of the consideration of security protection of physical security, firewalls, information security, Web security, media security and so on.

(I) protect network security.

Network security is to protect the security of the communication process between the business parties network end system. Ensuring confidentiality, integrity, authentication and access control are important elements of network security. The main measures to protect network security are as follows:

(1) Comprehensive planning of security strategies for network platforms.

(2) Develop management measures for network security.

(3) Use of firewalls.

(4) Record all activity on the network whenever possible.

(5) Take care to physically protect network equipment.

(6) Examine the vulnerability of network platform systems.

(7) Establish reliable identification and authentication mechanisms.

(2) Protect application security.

Protection of application security, mainly for specific applications (such as Web servers, network payment specialized software systems) established security measures, it is independent of any other security measures for the network. While some of these protective measures may be an alternative or overlap to network security operations, such as Web browsers and Web servers encrypting network payment settlement information packets at the application layer, both through IP layer encryption, many applications also have their own specific security requirements.

Because the application layer in e-commerce has the most stringent and complex security requirements, there is a preference for a variety of security measures to be taken at the application layer rather than at the network layer.

While security on the network layer still has a specific place, one cannot rely on it exclusively to address the security of e-commerce applications. The business of security on the application layer can involve the security of applications such as authentication, access control, confidentiality, data integrity, non-repudiation, Web security, EDI and network payments.

(iii) Protecting system security.

Protecting system security refers to the overall e-commerce system or network payment system from the point of view of security protection, which is interrelated with the network system hardware platform, operating system, various application software. System security involving network payment and settlement includes some of the following measures:

(1) Checking and confirming unknown security vulnerabilities in the installed software, such as browser software, e-wallet software, payment gateway software, etc.

(2) A combination of technology and management to make the system minimize the risk of penetration. Such as through many authentication before being allowed to connect, all access data must be audited, and strict security management of system users.

(3) Create detailed security audit logs to detect and track intrusion attacks, etc.

2. Business Transaction Security Measures

Business transaction security is tightly focused on the traditional business in the application of the Internet in the application of a variety of security issues, on the basis of computer network security, how to ensure the smooth progress of the e-commerce process.

A variety of business transaction security services are realized through security technology, mainly including encryption technology, authentication technology and e-commerce security protocols.

(i) Encryption technology.

Encryption technology is a basic security measure taken by e-commerce, which can be used by both parties to the transaction according to the need at the stage of information exchange. Encryption technology is divided into two categories, namely, symmetric encryption and asymmetric encryption.

(1) Symmetric encryption.

Symmetric encryption, also known as private key encryption, means that the sender and receiver of a message use the same key to encrypt and decrypt data. Its biggest advantage is that it is fast in encryption/decryption and suitable for encrypting large amounts of data, but key management is difficult. Confidentiality and message integrity can be achieved by encrypting confidential information, sending a message digest or message hash with the message, if both parties communicating can ensure that the dedicated key has not been compromised during the key exchange phase.

(2) Asymmetric encryption.

Asymmetric encryption, also known as public key encryption, uses a pair of keys to complete the encryption and decryption operations respectively, one of which is publicly released (i.e., the public key), and the other is kept secretly by the user himself (i.e., the private key). The process of information exchange is as follows: Party A generates a pair of keys and discloses one of them as a public key to other trading parties, Party B, who gets the public key, encrypts the information using the key and sends it to Party A, which then decrypts the encrypted information using its own saved private key.

(ii) authentication technology.

Authentication technology is the use of electronic means to prove the identity of the sender and receiver and the integrity of their documents, that is, to confirm that the identity of both parties in the transmission or storage process has not been tampered with.

(1) Digital signature.

Digital signatures, also known as electronic signatures, as presenting a handwritten signature, can play the role of electronic document authentication, approval and validation. Its realization is the hash function and the public key algorithm combined, the sender from the text of the message to generate a hash value, and encrypt the hash value with its own private key, the formation of the sender's digital signature; and then, the digital signature as an attachment to the message and the message together with the message to send to the receiver of the message; the receiver of the message is the first from the original message received from the calculation of the hash value, and then the public key to the sender's public signature. The receiver of the message first calculates the hash value from the original message received, and then decrypts the digital signature attached to the message using the sender's public key; if the two hash values are the same, then the receiver can confirm that the digital signature is that of the sender. The digital signature mechanism provides a method of authentication to solve the problems of forgery, repudiation, impersonation, and tampering.

(2) Digital certificate.

Digital certificate is a digitally signed by the certificate authority center contains information about the owner of the public key as well as the public key of the document digital certificate of the most important components include a user's public key, plus the key owner's user identity identifier, and trusted third-party signatures third-party is generally the user's trust of the certificate authority (CA), such as government departments and financial institutions. The user submits his public key to the public key certificate authority in a secure manner and receives a certificate, which the user can then make public. Anyone who needs the user's public key can obtain this certificate and verify the validity of the public key through the associated trust signature. Digital certificates provide a way of verifying the respective identities of the parties to a transaction by marking a series of data that signifies the identity of the parties to the transaction, which the user can use to identify the other party.

(iii) Security protocols for electronic commerce.

In addition to the various security technologies mentioned above, there is a complete set of security protocols for the operation of electronic commerce. The more mature protocols are SET, SSL, etc.

(1) Secure Sockets Layer protocol SSL.

The SSL protocol is located between the transport layer and the application layer, and consists of the SSL logging protocol, the SSL handshake protocol, and the SSL alerting protocol.The SSL handshake protocol is used to establish a security mechanism before the client and the server actually transmit application layer data. When the client and the server communicate for the first time, both parties agree on the version number, key exchange algorithm, data encryption algorithm, and hash algorithm through the handshake protocol, and then verify each other's identity, and finally use the negotiated key exchange algorithm to generate a secret message known only to the two parties, and each of the client and the server generates the parameters of the data encryption algorithm and the hash algorithm based on this secret message. ssl The SSL logging protocol encrypts, compresses, and calculates the message authentication code MAC of the data sent by the application layer according to the parameters negotiated in the SSL handshake protocol, and then sends it to the other party via the network transport layer.The SSL alerting protocol is used to transmit SSL error messages between the client and the server.

(2) Secure Electronic Transaction Protocol SET.

SET protocol is used to delineate and define the rights and obligations between consumers, online merchants, banks and credit card organizations on both sides of the transaction in e-commerce activities, and to give standards for the process of transmitting information about the transaction.

The SET protocol is made up of three main documents, namely, the SET business description, SET programmer's guide, and the SET protocol description. The SET protocol guarantees the confidentiality, data integrity, and identity legitimacy of the e-commerce system.

The SET protocol is designed for e-commerce systems. It is located in the application layer, and its authentication system is so complete that it can realize multi-party authentication. In the SET implementation, consumer account information is confidential to the merchant. However, the SET protocol is very complex, the transaction data need to be verified several times, using multiple keys and encryption and decryption several times. Moreover, in addition to consumers and merchants, there are other participants in the SET protocol, such as card issuers, acquirers, authentication centers, and payment gateways.