电子商务的安全The security of EB中英对译.docx
《电子商务的安全The security of EB中英对译.docx》由会员分享,可在线阅读,更多相关《电子商务的安全The security of EB中英对译.docx(18页珍藏版)》请在冰豆网上搜索。
电子商务的安全ThesecurityofEB中英对译
ThesecurityofEB
SomethingworriedinEBapplication
Atthesametimethatinternetbringspeopleendlessconvenienceandopportunities,italsobringsriskstothem.sinceEBisconductedoninternetorWWW,andinternetandwebaresuchopensystems,sowhendatamustbeelectronicallyprocessed,transmittedandstoredinsomemodesomerisksoccurred.therisksassociatedwith…internetandEBapplicationsmayoccurinmanyinstancesdifferentways,forexample,datamaybestolen,corrupted,misusedalteredorfalselygenerated,computesystemorwebsitemaybeattackedandmakerendersystemsunabletooperateproperly,hardwareortheusers,ortheymaylosemoneyortheirbusinessescometoruin.
Let’slookattheFigureaboutperpetrationmadebyoutsideintrudersasreportedinal996surveyforfortune1000firmsinAmerica:
Activityperformedbyoutsideintruders
Probing/scanningofsystem14.6%
Compromisede-mail/documents12.6%
Introducedvirus10.6%
Compromisedtradesecrets9.8%
Downloaddata8.1%
Mainpulateddataintegrity6.8%
Installedasniffer6.6%
Denieduseofservices6.3%
Trojanlogons5.8%
Stolepasswordfiles5.6%
IPspoofing4.8%
Harassedpersonal4.5%
Other(specified)3.0%
Publicizedintrusion0.5%
Stole/divertedmoney0.3%
FormthefigureyoucanseethatthecostofdamagesorlostbroughtbyInternetattackersareveryserious,moreimportantthingis,theseattackingmayheavilyinfluenceyourbusiness,evenruinyourbusiness.
Whyaresomanyunhappythingshappened?
Therearetworeasons.OnereasonsisthatInternetisanewgenerationitself.itisdevelopingveryfast.
Itsattractiveperspective,multifunctionalserviceandexponentialgrowthrateofwebsitesopenedonitattractmoreandmorecompaniesandprivateuserstojoininjustliketojoinagoldrush.Butinmanyaspects,suchastheinformationtechnologies,theprotocols,thelanguages,thestandards,policesandlaws,whicharethepremiseofInternetoperations,arefarFromintegrity.John.R.PatruckthevicepresidentoftheIBM,Internettechnologist,describedthegrowinginformationsuperhighwayasarealhighwayunderconstruction.Hesaid:
”allthelaneshavenotyetbeenpaved,thereareafewexitrampsthatdonotgoanywhere,andyouwillencounteroccasionalaccidents“.
TheotherreasonisthatpeoplearesoeagertojoinInternetandEBapplicationsthattheyhaven’tenoughtimetofullythinkoverthedetailsthatmayinvolvein,sotheycan’tbereadyatanytimetodealtheInternetperpetratorsahead-onblows,fortheyhaven’tenoughknowledgeandexperiencesabouttheriskstheymayencounter,eventheydon’tknowhowtodetecttheattemptsoftheseperpetrators,so,theyhaven’tanadequatecontrolovertheseperpetrations.
TheheavylessonsofInternetperpetrationdrawpeople’sattentiontoimprovingthesituationofInternetandEBsecurity,fortheyexpecttoconducttheirelectronicbusinessinasecurecircumstance.Generally,thebasicrequirementforEBsecuritycanbeconcludelikethis:
1.Tosecuretheprivacyofelectronictransaction
Thismeansalltheelectronicdataareprotectedfromunauthorizeddisclosure.therearemanykindsoftransactiondata.Thefirstcategoryofthemispublicdata,suchasadvertisementsandproductlists,thiskindofdatacanbereadybyanyperson,butshouldbeproperlyprotectedfrombeingunauthorizeddisturbedoraltered.Thesecondcategoryiscopyrightdatathatarenotsecret,butcanonlybereadorusedafterthefeeispaid.Inordertomakeprofitfromcopyrightdata,thesecuritycontrolmustbestressed.Thethirdcategoryissecretdata,thesedata’snamesarenotsecret,butthecontentsaresecret,suchasconsumeracountsorpersonalfiles.Thelastcategoryisconfidentialdata.theexistenceandcontentsofthiskindofdataareallsecret.Nobodyshouldknowtheexistenceandcontentofthedataexcepttheauthorizedpersons.Theassessingandintendtoassestotheseconfidentialdatashouldbemonitoredstrictlyandrecordedintimemanner.so,weshouldtakedifferentmethodstosecuredifferentkindsofdata.
Theanothermeaningofprivacyisthattheelectronictransactionsandtheircontentsshouldandcouldnotbeknownbyanypersonexceptthetradingpartners,currently,thesecuritytechniques.usedforsecuretheprivacyareencryption,firewallandpasswords.
2.Tosecuretheintegrityofelectronictransactions.
Thismeanstosecureandverifythedataelementsanditscontentscapturedinanelectronictransactionbaseontheagreedelements,andmaintaintheintegrityofthedataelementsinprocessingandstorageproceduresanddonotbealteredinanyunauthorizedfashion.Butwhenamessageissentelectronically,howcanthereceiverensurethatthemessagereceivedisexactlythesameasthemessagetransmittedbythesender,aneffectivemeanscalled"hashing"canbeusedtoensuremessageintegrity.Ahashofthemessageiscomputedusinganalgorithmandthemessagecontentsthehashvalueissentalongwiththemessage,whenmessageisreceived,anotherhashiscalculatedbythereceiverusingthesamehashingalgorithm.Thetwohashvaluesarecomparedandamatchcanindicatethatthemessagereceivedisthesameasthesentone.Hashingissimilartotheuseofcheck-sumdigitsinaccounting.Hashingisnotencryption,butitcanbeusedinconjunctionwithencryptionforaddingsecurity.
3.Securityassurancesystems.
whentheuserreceivesthemessagesentelectronicallybyasender,boththeuserandsender‘sidentityneedtobeconformedinordertoverifywhetherthesenderorreceiverishe/sheclaimstobe.generally,theiridentitiescouldbeprovedthroughcheckingtheirpasswords,digitalsignaturesordigitalcertificatesissuedbytheauthorizedthirdparty.anotherthingneedtoassureiswhetherthetransactionexists,whichiscalled“Non–repudiation”.Thismeanstoensurethat
thesendercannotfalselydenysendingandthereceivercannotfalselydenyreceivingthatmessage.Thesecuritytechniquesusedforproofingoforigin,receiptandcontentsaretimestamps,digitalsignatures,bidirectionalhashingandconfirmationservices.Inconclusion,theEBsecurityrequirementisthatthecontentandprivacyofelectronictransactionmustbeprotectedfrombeingintercepted,abused,altered,deletedordisturbedduringtheelectronicdatainterchangeprocessing,transmittingandstoring.
Anestimateddatashowsthattheinformationsecuritybreachesarerising.WhoarethoseInternetperpetrators?
TheAmericaPresident‘scommissiononcriticalinfrastructureprotection,whichwasestablishedbyformerpresidentClintoninJuly1996,ischargedwith“recommendinganationalstrategyforprotectingandassuringcriticalinfrastructuresfromphysicalandcyberthreats.”Thecommissiondefinesathreatas:
”Anyonewiththecapability,technology,opportunityandintenttodoharm.Potentialthreatscanbeforeignordomestic,internalorexternal,state–sponsoredorasinglerogueelement,terrorists,insiders,disgruntledemployees,andhackersareallincludedinthisprofile.”
ThesebreachesarereallyathreatagainstInternetusers.SomanybusinessesandcustomersslowdownthepaceofadoptingEBapplicationsinalldirections,andevensomeneworpotentialInternetusersarereluctanttobeginwithanyEBapplicationsunlesstheyareensuredthattheirInternetandWeb–basedtransactionsaresafesecureandbackedupbyappropriatecontrols.
Generallyspeaking,thecompleteInternetsecuritysystemshouldincludecontrolsinthesefollowingaspects,andeveryoneofthemcouldbeindispensable:
ToemploythetechnologyfordetectingandresistingtheInternetperpetrationsuchasfire–wallsandcryptographyandauthenticationtechniquesandothernewinventionsinthisfield.
Tosetuptheriskscontrolpoliciesandsupervisorymethodsforsecuritysystemmanagement,suchas,whoisinchargeofmaintainingandmanagingofsecuritysystem?
Howdotheyconducttheirroutineworksandhowtoevaluatetheirworkingresults?
Toestablishtherelevantlaws,policiesandregulationsbyeverycountry,government,professionalinstitutionandagencytorestrainandpunishthoseInternetperpetrations.
Besides,anotherfactorshouldalsobetakenintoconsideration,thatis,althoughdetectingandresistingallthoseknownattacksisanimportantstepinprotectingafirm‘sassetsandcriticaldata,thecompaniesmustevaluatethecostfordoingthatandthebenefitgotfromdoingthatbeforetheytakeaction.
Firewall
Whatisthefirewall?
Actually,firewallisaspecialworldalwaysusedinconstructionfield.Itisakindofwallsthatismadeoffire-resistantmaterialandbuiltbetweenbuildings.Whenafirebreaksoutonneighborhoodbuilding;itcanretardthespreadofthefiretootherlocations.
ButthefirewallusedinInternetthatprovidessimilarcontrolsisnotarealwall.Itisacomponentsystemofthecomputerhardwareandsoftware,whichisusedastheprotectionsystemofacertainnetworktopreventunauthorizedusersfromaccessingthosenetworks.
Atypicalfirewallalwaysbe“built”onthegatewaypoint,whereistheaccessingpointbetweenIntranetandInternet,ortheaccessingpointbetweenadatabase(subnetinsidetheInternet)andIntranet.Itcontrolstheinformationservicesprovidedbythecertainsubnetordatabase.Forexample,someconfidentialdatabasescanonlybevisitedbytheuserswhoisspeciallyauthorizedtodoso.
Ofcourse,iftheIntranetorhostcomputeristotallyisolatedfromnetwork,thefirewallwillbenouse.Butinmanyinstancescircumstances,itisimpossibleforacompanyinvolvedinelectronicbusinesstotot
升级会员 