电子商务的安全The security of EB中英对译.docx

1、电子商务的安全The security of EB中英对译The security of EBSomething worried in EB applicationAt the same time that internet brings people endless convenience and opportunities ,it also brings risks to them .since EB is conducted on internet or WWW, and internet and web are such open systems ,so when data must

2、be electronically processed, transmitted and stored in some mode some risks occurred .the risks associated with internet and EB applications may occur in many instances different ways ,for example ,data may be stolen ,corrupted ,misused altered or falsely generated ,compute system or website may be

3、attacked and make render systems unable to operate properly ,hardware or the users ,or they may lose money or their businesses come to ruin .Lets look at the Figure about perpetration made by outside intruders as reported in a l996 survey for fortune 1000 firms in America:Activity performed by outsi

4、de intruders Probing /scanning of system 14.6%Compromised e-mail /documents 12.6%Introduced virus 10.6% Compromised trade secrets 9.8% Download data 8.1%Mainpulated data integrity 6.8%Installed a sniffer 6.6%Denied use of services 6.3% Trojan logons 5.8%Stole password files 5.6%IP spoofing 4.8% Hara

5、ssed personal 4.5%Other (specified) 3.0%Publicized intrusion 0.5% Stole /diverted money 0.3%Form the figure you can see that the cost of damages or lost brought by Internet attackers are very serious, more important thing is, these attacking may heavily influence your business, even ruin your busine

6、ss.Why are so many unhappy things happened? There are two reasons .One reasons is that Internet is a new generation itself .it is developing very fast.Its attractive perspective ,multifunctional service and exponential growth rate of web sites opened on it attract more and more companies and private

7、 users to join in just like to join a gold rush .But in many aspects ,such as the information technologies ,the protocols ,the languages ,the standards ,polices and laws ,which are the premise of Internet operations ,are far From integrity .John .R .Patruck the vice president of the IBM ,Internet te

8、chnologist ,described the growing information superhighway as a real highway under construction .He said :”all the lanes have not yet been paved ,there are a few exit ramps that do not go anywhere ,and you will encounter occasional accidents “.The other reason is that people are so eager to join Int

9、ernet and EB applications that they havent enough time to fully think over the details that may involve in , so they cant be ready at any time to deal the Internet perpetrators a head-on blows , for they havent enough knowledge and experiences about the risks they may encounter ,even they dont know

10、how to detect the attempts of these perpetrators ,so ,they havent an adequate control over these perpetrations .The heavy lessons of Internet perpetration draw peoples attention to improving the situation of Internet and EB security, for they expect to conduct their electronic business in a secure c

11、ircumstance. Generally, the basic requirement for EB security can be conclude like this:1. To secure the privacy of electronic transaction This means all the electronic data are protected from unauthorized disclosure .there are many kinds of transaction data .The first category of them is public dat

12、a ,such as advertisements and product lists ,this kind of data can be ready by any person ,but should be properly protected from being unauthorized disturbed or altered .The second category is copyright data that are not secret ,but can only be read or used after the fee is paid . In order to make p

13、rofit from copyright data, the security control must be stressed. The third category is secret data ,these datas names are not secret ,but the contents are secret ,such as consumer a counts or personal files .The last category is confidential data .the existence and contents of this kind of data are

14、 all secret .Nobody should know the existence and content of the data except the authorized persons .The assessing and intend to asses to these confidential data should be monitored strictly and recorded in time manner .so ,we should take different methods to secure different kinds of data .The anot

15、her meaning of privacy is that the electronic transactions and their contents should and could not be known by any person except the trading partners, currently ,the security techniques. used for secure the privacy are encryption ,firewall and passwords .2. To secure the integrity of electronic tran

16、sactions.This means to secure and verify the data elements and its contents captured in an electronic transaction base on the agreed elements , and maintain the integrity of the data elements in processing and storage procedures and do not be altered in any unauthorized fashion . But when a message

17、is sent electronically, how can the receiver ensure that the message received is exactly the same as the message transmitted by the sender, an effective means called hashing can be used to ensure message integrity. A hash of the message is computed using an algorithm and the message contents the has

18、h value is sent along with the message , when message is received ,another hash is calculated by the receiver using the same hashing algorithm .The two hash values are compared and a match can indicate that the message received is the same as the sent one .Hashing is similar to the use of check-sum

19、digits in accounting .Hashing is not encryption ,but it can be used in conjunction with encryption for adding security.3. Security assurance systems.when the user receives the message sent electronically by a sender ,both the user and sender s identity need to be conformed in order to verify whether

20、 the sender or receiver is he /she claims to be .generally ,their identities could be proved through checking their passwords ,digital signatures or digital certificates issued by the authorized third party .another thing need to assure is whether the transaction exists ,which is called “Non repudia

21、tion ”. This means to ensure that the sender cannot falsely deny sending and the receiver cannot falsely deny receiving that message .The security techniques used for proofing of origin ,receipt and contents are time stamps ,digital signatures ,bidirectional hashing and confirmation services .In con

22、clusion ,the EB security requirement is that the content and privacy of electronic transaction must be protected from being intercepted ,abused ,altered ,deleted or disturbed during the electronic data interchange processing ,transmitting and storing .An estimated data shows that the information sec

23、urity breaches are rising .Who are those Internet perpetrators ?The America President s commission on critical infrastructure protection , which was established by former president Clinton in July 1996,is charged with “recommending a national strategy for protecting and assuring critical infrastruct

24、ures from physical and cyber threats.” The commission defines a threat as :”Anyone with the capability ,technology ,opportunity and intent to do harm .Potential threats can be foreign or domestic , internal or external ,state sponsored or a single rogue element ,terrorists ,insiders ,disgruntled emp

25、loyees ,and hackers are all included in this profile .”These breaches are really a threat against Internet users .So many businesses and customers slow down the pace of adopting EB applications in all directions, and even some new or potential Internet users are reluctant to begin with any EB applic

26、ations unless they are ensured that their Internet and Web based transactions are safe secure and backed up by appropriate controls. Generally speaking, the complete Internet security system should include controls in these following aspects, and every one of them could be indispensable:To employ th

27、e technology for detecting and resisting the Internet perpetration such as fire walls and cryptography and authentication techniques and other new inventions in this field.To set up the risks control policies and supervisory methods for security system management, such as, who is in charge of mainta

28、ining and managing of security system? How do they conduct their routine works and how to evaluate their working results?To establish the relevant laws, policies and regulations by every country, government, professional institution and agency to restrain and punish those Internet perpetrations.Besi

29、des, another factor should also be taken into consideration ,that is ,although detecting and resisting all those known attacks is an important step in protecting a firm s assets and critical data ,the companies must evaluate the cost for doing that and the benefit got from doing that before they tak

30、e action.FirewallWhat is the firewall? Actually, firewall is a special world always used in construction field .It is a kind of walls that is made of fire-resistant material and built between buildings .When a fire breaks out on neighborhood building; it can retard the spread of the fire to other lo

31、cations. But the firewall used in Internet that provides similar controls is not a real wall .It is a component system of the computer hardware and software, which is used as the protection system of a certain network to prevent unauthorized users from accessing those networks. A typical firewall al

32、ways be “built ” on the gateway point ,where is the accessing point between Intranet and Internet ,or the accessing point between a database (subnet inside the Internet )and Intranet .It controls the information services provided by the certain subnet or database .For example ,some confidential databases can only be visited by the users who is specially authorized to do so .Of course , if the Intranet or host computer is totally isolated from network ,the firewall will be no use .But in many instances circumstances ,it is impossible for a company involved in electronic business to tot