Current location - Education and Training Encyclopedia - Graduation thesis - Thesis Title: Problems in Internet Marketing —— Taking Taobao as an Example
Thesis Title: Problems in Internet Marketing —— Taking Taobao as an Example
1 Introduction

With the rapid development of the Internet, network security has gradually become a potentially huge problem. Network security is a wide-ranging issue, which also involves whether it constitutes a criminal act. In its simplest form, it is mainly concerned with ensuring that irrelevant people cannot read, let alone modify the information transmitted to other recipients. At this point, it pays attention to those who have no right to use it, but try to get remote services. Security also deals with the interception and replay of legitimate messages and whether the sender has ever sent the message.

Most security problems are deliberately caused by malicious people in order to gain some benefits or hurt some people. It can be seen that ensuring network security is not only to avoid programming errors. Including those who are smart, usually cunning, professional and rich in time and money. At the same time, we must be soberly aware that the methods that can stop the enemies who have done damage unintentionally have little effect on the veterans who are used to crime.

Network security can be roughly divided into four intertwined parts: confidentiality, authentication, rejection prevention and integrity control. Confidentiality is to protect information from unauthorized access, which is the most common content when people refer to network security. Authentication mainly refers to confirming the identity of the other party before revealing sensitive information or conducting transactions. Denial is mainly related to signature. Privacy and integrity are achieved by using registered mail and file locks.

2 planning objectives

This scheme mainly considers from the network level, and designs the network system as a secure network that supports users or user groups at all levels. The network not only ensures the internal network security of the system, but also realizes the secure interconnection with the Internet or other domestic networks. This scheme can ensure network security and meet the needs of various users, such as the privacy of personal calls and the security of enterprise client computer systems. The database will not be illegally accessed and destroyed, and the system will not be invaded by viruses. At the same time, it can also prevent harmful information such as reactionary obscenity from spreading on the Internet.

What needs to be clear is that security technology can't put an end to all the intrusions and damages to the network, and its function is only to prevent as much as possible and reduce losses as much as possible after the intrusions and damages occur. Specifically, the main functions of network security technology are as follows:

1. Take multi-layer defense measures to minimize the probability of being invaded and destroyed;

2. Provide means to quickly detect illegal use and illegal initial entry points, and check and track the activities of intruders;

3. Provide methods to recover damaged data and systems and minimize losses;

4. Provide methods to detect intruders.

Network security technology is the basis of security management. In recent years, network security technology has developed rapidly, which has produced very rich theoretical and practical content.

3 Safety requirements

Through the risk analysis of the network system and the security problems to be solved, it is necessary to formulate reasonable security policies and security schemes to ensure the confidentiality, integrity, availability, controllability and auditability of the network system. That is to say,

Availability: Authorized entities can access data.

Confidentiality: Information will not be exposed to unauthorized entities or processes.

Integrity: ensure that data will not be modified without authorization.

Controllability: control the information flow and operation mode within the scope of authorization.

Auditability: provide basis and means for security problems.

Access control: the internal network needs to be isolated from the external untrusted network through a firewall, and the internal network and the hosts that exchange data with the external network and the exchanged data should be strictly controlled. Similarly, for internal networks, due to different application services and different security levels, firewalls are also needed to isolate different local area networks or network segments to achieve mutual access control.

Data encryption: Data encryption is an effective means to prevent illegal stealing and tampering with information during data transmission and storage.

Security audit is one of the important means to identify and prevent network attacks and track network vulnerabilities. Specifically, it includes two aspects: first, it adopts network monitoring and intrusion prevention system to identify all kinds of illegal operations and attacks on the network, respond immediately (such as alarm) and block them; Second, the audit of information content can prevent illegal disclosure of internal confidential or sensitive information.

4 Risk analysis

Network security is the premise of the normal operation of the network. Network security is not only a single point security, but the security of the whole information network, which needs three-dimensional protection from the aspects of physics, network, system, application and management. To know how to protect, you first need to know where the security risks come from. Network security system must include technology and management, covering various risk categories of physical layer, system layer, network layer, application layer and management layer. No matter which level of security measures are not in place, there will be great security risks, which may cause network interruption. According to the network structure and application of domestic network system, this paper makes a comprehensive analysis from the aspects of network security, system security, application security and management security.

Risk analysis is an important function that network security technology needs to provide. It should continuously detect messages and events in the network, and analyze the risk of intrusion and destruction of the system. Risk analysis must include all relevant components in the network.

Five solutions

5. 1 design principle

In view of the actual situation of the network system, it is urgent to solve the network security problem. Considering the technical difficulties and funds, the design should follow the following ideas:

1. greatly improves the security and confidentiality of the system;

2. Keep the original performance characteristics of the network, that is, it has good transparency to the protocol and transmission of the network;

3. Easy to operate and maintain, convenient for automatic management, without adding or reducing additional operations;

4. Try not to affect the original network topology, and at the same time facilitate the expansion of the system and system functions;

5. The security system is cost-effective, and can be used for a long time with one-time investment;

6. The security and password products are legal and have been recognized or certified by the relevant state administrative departments;

7. Step-by-step implementation principle: step-by-step implementation of hierarchical management.

5.2 Security policy

In view of the above analysis, we adopt the following security policies:

1. Vulnerability scanning technology is used to assess the risk of important network equipment to ensure that the information system operates in the best possible state.

2. Adopt various security technologies to build a defense system, mainly including:

(1) firewall technology: at the external interface of the network, firewall technology is used to control access at the network layer.

(2) NAT technology: hiding internal network information.

(3) VPN: Virtual Private Network (VPN) is an extension of enterprise network on public * * * networks such as the Internet, and creates secure private connections on public * * * networks through private channels. It connects remote users, company branches, company business partners, etc. With the company's enterprise network through a secure data channel to form an extended company enterprise network. The hosts in this network will not be aware of the existence of the public network, just as if all the machines are in one network. The public network seems to be dedicated to this network, but it is not.

(4) Network encryption technology (Ipsec): The IP packets transmitted in the public network are encrypted and encapsulated by using network encryption technology to realize the confidentiality and integrity of data transmission. It can solve the security problem of network data transmission in public network and the security problem of remote users accessing intranet.

(5) Authentication: Provide identity-based authentication, which can be used in various authentication mechanisms.

(6) Multi-level and multi-level enterprise-level anti-virus system: Multi-level and multi-level enterprise-level anti-virus system is adopted to realize comprehensive virus protection.

(7) Real-time monitoring of the network: monitoring and early warning of the host and the network by using the intrusion detection system, so as to further improve the network's ability to resist external attacks.

3. Real-time response and recovery: formulate and improve the security management system to improve the real-time response and recovery ability to network attacks.

4. Establish hierarchical management and safety management centers at all levels.

5.3 defense system

We use firewall technology, NAT technology, VPN technology, network encryption technology (Ipsec), identity authentication technology, multi-level anti-virus system and intrusion detection technology to form a network security defense system.

5.3. 1 physical safety

Physical security is a process to protect computer network equipment, facilities and other media from environmental accidents such as earthquakes, floods and fires, as well as the damage caused by human errors or mistakes and various computer crimes.

In order to ensure the physical security of information network system, it is also necessary to prevent the spread of system information in space. Usually, some physical protection measures are taken to reduce or interfere with the propagation of space signals. This is the first condition for the government, military and financial institutions to set up information centers.

In order to ensure the normal operation of the network, the following measures should be taken in terms of physical security:

1. Product warranty: mainly refers to the safety measures in product procurement, transportation and installation.

2. Operational safety: The equipment in the network, especially the safety products, must be able to get the quick technical support services from the manufacturers or suppliers during the use. For some key equipment and systems, backup systems should be set up.

3. Anti-electromagnetic radiation: All important classified equipment needs to be equipped with anti-electromagnetic radiation products, such as radiation jammers.

4. Safety: mainly anti-theft and fire prevention. , including the security protection of all network devices, computers and security devices in the network system.

5.3.2 Firewall technology

Firewall is a kind of network security means and an access control measure implemented in the process of network communication. Its main goal is to prevent the network that needs to be protected from interference and destruction by external factors by controlling the access rights in and out of the network and forcing all connections to pass this inspection. Logically; Firewall is a separator; Limiter and analyzer; Which effectively monitors any activity between the internal network and the Internet and ensures the security of the internal network. In physical implementation, a firewall is a set of hardware devices ―― routers, computers or other special hardware devices, which are located in specific locations of the network. The firewall can be an independent system, or it can realize network interconnection on the router. To realize network security with firewall, we must consider the network topology structure of firewall;

(1) Shielded router: also known as packet filtering firewall.

(2) Dual-port host: Dual-port host is an alternative to packet filtering gateway.

(3) Host filtering structure: This structure is actually a combination of packet filtering and proxy.

(4) Shielded subnet structure: This kind of firewall is the deformation of dual-hole host and shielded host.

According to the different technologies adopted by firewalls, we can divide them into four basic types: packet filtering, network address translation-NAT, proxy and monitoring.

5.3.2. 1 packet filtering type

Packet filtering product is the primary product of firewall, and its technical basis is packet transmission technology in the network. The data on the network is transmitted in the form of packets. The data is divided into packets of a certain size, and each packet contains some specific information, such as the source address, destination address, TCP/UDP source port and destination port of the data. Firewall can judge whether these "data packets" come from trusted security sites by reading the address information in the data packets. Once packets from dangerous sites are found, the firewall will reject the data. System administrators can also flexibly formulate judgment rules according to the actual situation. The advantages of packet filtering technology are simple and practical, and low implementation cost. In the case of simple application environment, the security of the system can be guaranteed to a certain extent at a small cost. But the shortcomings of packet filtering technology are also obvious. Packet filtering technology is a security technology based entirely on the network layer, which can only be judged according to the network information such as the source, destination and port of the packet, and can not identify malicious intrusions based on the application layer, such as malicious Java applets and viruses attached to emails. Experienced hackers can easily forge IP addresses and fool the packet filtering firewall.

5.3.2.2 network address translation

Network address translation is a standard for converting IP addresses into temporary, external and registered IP addresses. It allows internal networks with private IP addresses to access the Internet. This also means that users are not allowed to obtain the registered IP address of every machine in their network. When the internal network accesses the external network through the security network card, a mapping record will be generated. The system maps the outgoing source address and source port to a disguised address and port, and connects the disguised address and port to the external network through an insecure network card, thus hiding the real internal network address. When an external network accesses an internal network through an insecure network card, it does not know the connection of the internal network, but only requests access through an open IP address and port. OLM firewall judges whether the access is secure according to the predefined mapping rules. When the rules are met, the firewall considers the access safe, and can accept the access request or map the connection request to different internal computers. When the rules are not met, the firewall considers the access unsafe and unacceptable, and the firewall will block the external connection request. The process of network address translation is transparent to users, and users do not need to set it, but only need to do routine operations.

5.3.2.3 agent type

Proxy firewall can also be called proxy server, which is more secure than packet filtering products and has begun to develop to the application layer. The proxy server is located between the client and the server, which completely blocks the data exchange between them. From the client's point of view, the proxy server is equivalent to a real server; From the server's point of view, the proxy server is a real client. When the client needs to use the data on the server, it first sends a data request to the proxy server, and then the proxy server requests the data from the server according to this request, and then the proxy server transmits the data to the client. Because there is no direct data channel between the external system and the internal server, it is difficult for external malicious infringement to harm the internal network system of the enterprise. The advantage of proxy firewall is high security, which can detect and scan the application layer, and it is very effective for applications-based intrusions and viruses. Its disadvantage is that it has a great influence on the overall performance of the system, and proxy servers must be set for all application types that may be generated by the client, which greatly increases the complexity of system management.

5.3.2.4 monitoring type

Monitoring firewall is a new generation product, and this technology has actually surpassed the original definition of firewall. The monitoring firewall can actively monitor the data at all levels in real time. Based on the analysis of these data, monitoring the firewall can effectively judge the illegal intrusion at all levels. At the same time, this kind of firewall products generally have distributed detectors installed in various application servers and other network nodes, which can not only detect attacks from outside the network, but also have a strong preventive effect on malicious damage from inside. According to the statistics of authoritative organizations, a considerable proportion of attacks against network systems come from within the network. Therefore, the monitoring firewall not only surpasses the definition of traditional firewall, but also surpasses the previous two generations of products in terms of security. Although the monitoring firewall has surpassed the packet filtering firewall and proxy server firewall in security, the monitoring firewall technology is still the second generation proxy product in actual use, but it has also begun to be used in some aspects. Based on the comprehensive consideration of system cost and security technology cost, users can selectively use some monitoring technologies. This can not only ensure the security requirements of the network system, but also effectively control the total cost of ownership of the security system. In fact, as the mainstream trend of firewall products, most proxy servers (also called application gateways) also integrate packet filtering technology, and the mixed application of these two technologies obviously has greater advantages than single use. Because the product is application-based, the application gateway can provide filtering for the protocol. For example, the PUT command in FTP connection can be filtered out, and the application gateway can effectively avoid the information leakage in the intranet through proxy application. It is precisely because of these characteristics of application gateway that the contradictions in the application process mainly focus on the effective support of various network application protocols and the impact on the overall performance of the network.

Relevance: graduation thesis, free graduation thesis, university graduation thesis, graduation thesis template

Virtual private network technology

The security of VPN is mainly realized by firewall technology, router with tunnel technology, encryption protocol and security key, which can ensure employees to access the company network safely.

There are three solutions for VPN:

(1) If employees in the enterprise flow or need to work remotely, or businesses want to provide B2C secure access services, you can consider using access VPN.

AccessVPN provides remote access to corporate intranet or external network through shared infrastructure, and its strategy is the same as that of private network. AccessVPN enables users to access enterprise resources whenever and wherever they want. It is most suitable for companies that often have mobile office workers working remotely. Employees traveling on business can use the VPN service provided by local ISP to establish a dedicated tunnel connection with the company's VPN gateway.

(2) If you want to interconnect branches within the enterprise, it is a good method to use intranet VPN. More and more enterprises need to establish various offices, branches and research institutes. In the whole country and the world. The traditional way of network connection between branches is to rent a dedicated line. Obviously, when the number of branches increases and the business scope becomes wider and wider, the network structure tends to be complex, so the cost is also increasing. Using VPN function, you can establish a global intranet VPN on the Internet. Internet lines are used to ensure the interconnection of networks, and the tunnel and encryption characteristics of VPN can ensure the safe transmission of information on the whole Internet VPN.

(3) If secure access service between B2B is provided, extranet VPN can be considered.

VPN technology can be used to build a secure extranet. It can not only provide effective information services for customers and partners, but also ensure its own internal network security. Extranet VPN connects customers, suppliers, partners or interest groups to intranet through private infrastructure. Enterprises have the same policies for private networks, including security, quality of service (QoS), manageability and reliability.

Network encryption technology (Ipsec)

IP layer is the most critical layer in TCP/IP network. As a network layer protocol, the security mechanism of IP can provide transparent coverage security protection for various application services in its upper layer. Therefore, IP security is the basis of the whole TCP/IP security and the core of network security. The security functions or services provided by IPSec mainly include:

1. Access control

2. No connection integrity

3. Data source authentication

4. Anti-replay attack

5. Confidentiality

6. Limited confidentiality of data flow

Information exchange encryption technology is divided into two categories: symmetric encryption and asymmetric encryption.

Symmetric encryption technology

In symmetric encryption technology, information encryption and decryption use the same key, that is, a key opens a lock. This encryption method can simplify the encryption process, and both sides of information exchange do not need to study and exchange special encryption algorithms with each other. If the private key is not leaked in the exchange phase, confidentiality and message integrity can be guaranteed. Symmetric encryption technology also has some disadvantages. If a party has n exchange objects, then he must maintain n private keys. Another problem of symmetric encryption is that both parties share a private key, and any information of both parties is encrypted with this key and transmitted to the other party. For example, triple DES is a variant of DES (Data Encryption Standard). This method uses two independent 56 keys to encrypt information for three times, so that the effective key length reaches 1 12 bits.

5.3.4.2 asymmetric encryption/public key encryption

In an asymmetric encryption system, the key is decomposed into a pair (that is, a public key and a private key). Any one of this pair of keys can be disclosed to others in a non-confidential way as a public key (encryption key), while the other key can be saved as a private key (decryption key). The public key is used for encryption and the private key is used for decryption. The private key can only be held by the exchanger who generated the key. The public key can be widely distributed, but it only corresponds to the exchange party that generates the key. Asymmetric encryption can establish secure communication without exchanging keys in advance, and is widely used in information exchange fields such as identity authentication and digital signature. Asymmetric encryption system is generally based on some known mathematical problems, which is the inevitable result of the development of computer complexity theory. The most representative is RSA public key cryptosystem.

5.3.4.3 RSA algorithm

RSA algorithm is the first perfect public key cryptosystem proposed by Rivest, Shamir and Adleman in 1977, and its security is based on the difficulty of large integer decomposition. In RSA system, the basic fact is used: up to now, no effective algorithm can be found to decompose the product of two prime numbers. The description of RSA algorithm is as follows: public key: n=pq(p and Q are two different big prime numbers, and P and Q must be kept secret) and private key: d = E- 1 (P- 1) are coprime. Decryption: m=cd(mod n) Using the knowledge and theory already mastered, the decomposition of 2048-bit integer has exceeded the computing power of 64-bit computer, so it is safe enough at present and in the foreseeable future.

authentication

In a more open environment, supporting the connection with other systems through the network requires "users to prove their identity when calling each service, and these servers also need to prove their identity to customers." Protect user information and resources located in the server.

5.3.5. 1 certification body

CA (Certified Author) is such an authoritative entity to ensure trust. Its main responsibility is to issue certificates and verify the authenticity of users' identities. Electronic identity certificate of network users issued by CA. Anyone who believes in CA, according to the principle of third-party trust, should also trust users with certificates. CA should also take a series of corresponding measures to prevent electronic certificates from being forged or tampered with. It is very important to establish a secure CA, which is not only related to cryptography, but also related to the framework and model of the whole PKI system. In addition, flexibility is also a key to whether CA can be recognized by the market. It does not need to support all kinds of common international standards, and can be well compatible with CA products from other manufacturers.

5.3.5.2 registered institution

RA (Registration Author) is the interface between users and CA, and the accuracy of user identification obtained by RA is the basis for CA to issue certificates. RA should not only support face-to-face registration, but also support remote registration. In order to ensure the security and flexibility of the whole PKI system, it is necessary to design and implement a networked, safe and easy-to-operate RA system.

5.3.5.3 strategic management

In PKI system, it is very important to formulate and realize scientific security policy management. These security policies must adapt to different requirements and can be integrated into the system implementation of CA and RA through CA and RA technologies. At the same time, these strategies should meet the requirements of cryptography and system security, scientifically apply the theories of cryptography and network security, and have good expansibility and interoperability.

5.3.5.4 key backup and recovery

In order to ensure the security of data, it is very important to update the key regularly and recover the accidentally damaged key. Designing and implementing a perfect key management scheme to ensure safe key backup, update and recovery is also an important factor related to the robustness, security and availability of the whole PKI system.

5.3.5.5 Certificate Management and Revocation System

A certificate is an electronic medium used to prove the identity of the certificate holder, which is used to bind the identity of the certificate holder and its corresponding public key. Usually, this binding is valid throughout the life cycle of the issued certificate. However, sometimes the issued certificate is no longer valid and needs to be revoked. There are various reasons for certificate revocation, which may include a series of reasons such as job change and key doubt. The realization of the certificate revocation system is to use the periodic release mechanism to revoke the certificate or the online query mechanism to query the revoked certificate at any time.

5.3.6 Multi-level and multi-level anti-virus system

Antivirus products can resist the invasion of viruses and malicious small programs at every entrance, and protect PCs, servers and Internet gateways in the network. It has powerful management tools, which can automatically update files, rationalize management and service operation, and can be used to manage enterprise-wide anti-virus security mechanism from the control center, optimize system performance, solve and prevent problems, and protect enterprises from virus attacks and harm.

Anti-virus system design principles

1. The implementation process of the whole system should be smooth and stable, so as not to affect the normal work of the existing network system as much as possible.

2. Anti-virus products installed on the original application system must ensure their stability and will not affect the functions of other applications. During installation, the whole system should be shut down and restarted as little as possible.

3. The management level and structure of the anti-virus system should conform to the management structure of the organization itself as far as possible.

4. The upgrade and deployment functions of the anti-virus system should be fully automated, and the whole system should have the ability to update daily.

5. Should be able to centralized management and monitoring of the whole system, and can? /cn & gt;