电子商务安全翻译Word下载.docx

1、So, how to ensure that e-commerce security?1 E-business Security IssuesE-business is a powerful tool for business transformation that allows companies to enhance their supply-chain operation, reach new markets, and improve services for customers as well as for suppliers and employees. However, imple

2、menting the e-business applications that provide these benefits may be impossible without a coherent, consistent approach to e-business security. Traditional network security has focused solely on keeping intruders out using tools such as firewalls. This is no longer adequate. E-business means letti

3、ng business partners and customers into the network, essentially through the firewall, but in a selective and controlled way, so that they access only the applications they need. To date, organizations have controlled and managed access to resources by building authorization and authentication into

4、each e-business application. This piecemeal approach is time-consuming error-prone, and expensive to build and maintain. Emerging technology provides a new role-based access control infrastructure for all of the enterprises e-business applications. For Example: E-business shopping cart softwares lik

5、e GoECart equipped with latest security featuresa are making online shopping experience safe and secure. With this infrastructure, developers no longer need to code security features into each application. This can greatly speed up and simplify the deployment of new applications, cut maintenance cos

6、ts, and give organizations a consistent security policy. This new access control infrastructure also lets organizations implement consistent privacy policies and ensures that authorized people are denied access to sensitive business information sources. In addition, a centralized security solution l

7、ends greater flexibility to supporting new technologies such as mobile Internet devices, which are expected to proliferate over the next few years. Besides controlling access, organizations also need to monitor security events across the enterprise so that suspicious activities can be quickly pinpoi

8、nted. This is becoming critical as enterprise networks grow rapidly in complexity and strategic importance. New monitoring technology lets organizations consolidate data from all their disparate security sensorsfirewalls, anti-virus software, host systems, and routers and provides a coordinated sing

9、le image of potential intrusions for effective incident response.2 Approach to E-business SecurityOnce the organization has defined a clear list of security requirements, it can begin to identify technology that meets its needs. By combining authentication and authorization with monitoring technolog

10、y a comprehensive e-business security solution can be built. First, authentication and authorization technology is used to control access to e-business applications. This technology is valuable for any organization building e-business applications. Businesses should evaluate the technologys capabili

11、ties in multiple areas: Core authentication and authorization functions, including single sign on The ability to set policies for security Support for existing enterprise software Manageability Scalability and reliability Privacy Software quality Second, monitoring technology minimizes the business

12、risk associated with potential network intrusions. This technology is particularly useful for organizations with large, complex networks. Key features to consider are the technologys ability to correlate information from a wide range of data sources; its ability to automate responses to routine prob

13、lems; and its manageability. 2.1 Authentication and Authorization Technology:To date, Web application developers have generally coded security logic into each of their applications. Each application had to maintain its own access control list of users, resources and the rights granted to each user.

14、As the e-business environment grows, this approach rapidly becomes problematic for several reasons: It is expensive because of the need to replicate development and maintenance work across multiple systems. It requires time-consuming development when there is often corporate pressure to get online a

15、s quickly as possible. Maintenance is time-consuming and error prone. Once the applications are online, it is vital to ensure that access control lists are kept up to date and in step across multiple applications, and to make sure that as security policies change, those changes are simultaneously re

16、flected across the whole e-business environment. Each of these steps is an opportunity for error, inconsistency or delay, and can result in security loopholes. An alternative approach is now possible. Technology is available that provides a security infrastructure for all of an enterprises Web-based

17、 applications , eliminating the need to code and maintain security logic for each application. This approach has been accepted as a standard method for developing mainframe applications for years, but the technique is only now being extended to Web applications. To be capable of managing access to t

18、he entire environment, this software should handle a broad range of functions. 2.2 Authentication and Authorization:The fundamental requirement is for technology that handles the authentication and authorization of all users （whether inside or outside the enterprise） accessing all e-business applica

19、tions. All user attempts to access an e-business system are handled by the security infrastructure technology, which authenticates the user and grants the appropriate access to the requested system or systems. Many authentication methods exist, ranging from simple usernames and passwords to stronger

20、 methods such as tokens or digital certificates. Different types of authentication methods may suit different organizations. Applications and access methods tend to become less convenient for users and become more expensive as they increase in security. Passwords and usernames encrypted on transmiss

21、ion may be adequate for some resources, and may be the most practical approach for access via mobile devices that have limited computing power. For access to sensitive business information, token-based products or digital certificates may be more appropriate. An additional factor is that organizatio

22、ns may have already installed one of these authentication technologies and want to extend use of the technology for new e- business applications as well. A solution should be able to support all of these techniques, which implies that it must be able to interface to the leading specialized authentic

23、ation technologies, such as Tokens from RSA, or PKI systems from Entrust or IBM. A major advantage of a security infrastructure is that organizations should not have to change their application logic in order to change or add new authentication technologies. Further, they should be able to implement

24、 changes at the security infrastructure level and have applications evolve transparently. In many cases, centralizing security into an infrastructure product has the additional security benefit that of removing the need to hold authorization information in multiple places, such as application server

25、s and desktops. Adopting a security infrastructure also means it should not be necessary to change the security logic in applications in order to take advantage of new devicesa major consideration when organizations are looking at supporting access from thousands of handheld wireless devices during

26、the next few years. The infrastructure should be able to handle access via wireless networks and handheld devices, so users can access applications whether at home, in the office, or on the road. This means that it must interface to the gateways that handle traffic from wireless networks. 2.3 Single

27、 Sign-On:A related and extremely useful benefit in some technology is the ability to provide single sign-on to all corporate applications. When security logic is coded into each application, the number of passwords and logins that users have to remember and enter grows along with the number of e-bus

28、iness applications. This also imposes a considerable management burden. Administrators have to add users to each system they will use, and delete them from each system if they no longer have access. Because the security infrastructure maintains authorization information for each user and resource, i

29、t is able to authenticate the user once, and then seamlessly provide access to each system the user is authorized to use. 2.4 Policy Setting:An infrastructure product provides a central point for implementing security policy across the organization. Ideally, a product will allow the establishment of

30、 security policies that reflect the structure of the organization, yet are flexible enough to fit the needs of specific groups or applications. The default policy for employees could be to provide access to human resources and other general corporate information. Specific needs of different groups c

31、an be met simply by creating new group profiles where needed. For instance, marketing people might get access to the default systems plus specific sales information. This approach avoids the need to define and maintain separate sets of access rights for each user.2.5 Support for existing Enterprise Software:The solution should integrat