Principle analysis of e-commerce security decision-making technology
E-commerce security strategy is to comprehensively and systematically protect the core assets of enterprises, constantly update the security protection of enterprise systems, discover potential threats and loopholes of enterprise systems, and identify, control and eliminate activities with security risks. E-commerce security is relative, not absolute, and we can't think that a system will never be broken. Of course, no matter what mode of e-commerce website, price and cost should be considered for system security.
As a user of a security system, we must comprehensively consider various factors and rationally use e-commerce security strategy technology. As the designer of the system, we must also consider the factors of cost and expense when designing. In this changing era of network attack and defense, we should check, evaluate and adjust the corresponding security strategies according to the emerging security problems, and adopt technical means suitable for the current situation to achieve the purpose of improving the overall security. The huge business opportunities brought by e-commerce also hide the increasingly serious security problems of e-commerce, which not only brings huge economic losses to enterprises and institutions, but also threatens social and economic security.
1 security threats faced by e-commerce
In the environment of e-commerce operation, it is always faced with security threats, which is not only a design technical problem, but also a management loophole, which is closely related to human behavior patterns. The security threats faced by e-commerce can be divided into the following categories:
1. 1 information content was intercepted and stolen.
This threat is mainly caused by insufficient encryption measures or security level in the process of information transmission, or by stealing useful information by analyzing the information flow and direction parameters in the Internet and telephone networks.
1.2 tampering with information in the middle
It is mainly to destroy the integrity of information, tamper with the information transmitted by the network by changing, deleting and inserting, and send the tampered false information to the receiving end.
1.3 identity simulation
Set up a fake server with a name similar to that of the seller's server, impersonate the seller, and set up a fake order for trading.
1.4 transaction refused
For example, the merchant does not recognize the original transaction of the goods sold because of the price, and the buyer denies it after signing the bill.
1.5 malicious competition among peers
Peer traders use the name of the buyer to trade goods and secretly understand the trading process, inventory status and logistics status.
1.6 the security of the e-commerce system was destroyed.
Criminals use illegal means to enter the system, change user information, destroy order information and generate false information.
2 e-commerce security policy principles
E-commerce security strategy is to achieve the balance between investment cost and efficiency under the existing situation and reduce the threat to e-commerce security. According to the different network environment of e-commerce, different security technologies are adopted to formulate security strategies. When formulating security policies, the following general principles should be followed:
2.1* * existence principle
It means that the problems affecting network security exist at the same time as the whole network operation life cycle, so the design of security architecture should be consistent with the network security requirements. If security measures are not considered at the beginning of website design, it will take more manpower and material resources to modify the website after it is built.
2.2 the principle of flexibility
The security policy should be able to change with the changes of network performance and security threats, and adapt to the timely modification of the system.
2.3 Analysis principle of risk and cost balance
Any network, it is difficult to achieve absolutely no security threats. A network should make a practical analysis, and make a comprehensive quantitative and qualitative analysis of the threats and risks it faces, so as to formulate standardized measures and determine the security category of the system, so as to balance the cost of network security and the information value under security protection.
2.4 the principle of ease of use
The implementation of security policies is done manually. If the implementation process is too complicated and the requirements for people are too high, it will also reduce their sense of security.
2.5 Comprehensive principle
A good security strategy is often the result of comprehensive application of various methods in design. Only by analyzing the network security problem with the viewpoint and method of system engineering can we get effective and feasible measures.
2.6 multilayer protection principle
No single safety protection measure can be independent and absolutely safe. A multi-layer complementary system should be established, so that when one layer is breached, other protection layers can still protect information safely.
3 The main technology of e-commerce security strategy
3. 1 firewall technology
Firewall technology is one of the important network security technologies to protect local network and resist external network attacks. It is the infrastructure to provide information security service and realize network information security. Generally, it can be divided into: packet filtering firewall, application layer gateway firewall, proxy service firewall and so on. A firewall has five basic functions:
(1) against external attacks;
(2) prevent information leakage;
(3) Control and manage network access and access;
(4) Virtual private network function;
(5) their ability to resist attacks.
There are two kinds of firewall security policies:
(1) Prohibit access to services that violate permissions;
(2) Allow access to services that are not prohibited.
Most firewalls adopt a compromise strategy between the two to improve access efficiency under safe conditions.
3.2 Encryption technology
Encryption technology is a method to disguise the transmitted information and hide its content in some way so as not to be obtained by a third party. In the process of e-commerce, encryption technology is used to hide information, and then the hidden information is transmitted, so that even if the information is stolen in the transmission process, illegal interceptors cannot understand the information content, thus ensuring the security and authenticity of the information in the exchange process and effectively helping the security strategy.
3.3 Digital signature technology
It refers to the means to prevent someone from changing and destroying the file during transmission, and to determine the sender's identity on the basis of encrypting the file. It plays a particularly important role in e-commerce security, and can solve the problems of identity authentication, content integrity and non-repudiation in the transaction process. Digital signature process: the sender first generates the abstract of the original text with Hash algorithm, encrypts it with the sender's private key to generate a digital signature and sends it to the receiver, and the receiver decrypts it with the sender's public key to get the message abstract of the sender. Finally, the receiver generates a summary of the original text it receives through a hash algorithm, and compares it with the summary of the sender.
3.4 Digital Certificate Technology
Digital certificate is a series of data of network users' identity information, which is issued by a third-party impartial organization. Information encryption technology based on digital certificate can ensure the confidentiality and integrity of information transmitted on the Internet and the authenticity and non-repudiation of transactions, thus ensuring the security of e-commerce. Standard digital certificate includes: version number, signature algorithm, serial number, issuer name, effective date, subject public key information, issuer unique identifier, subject unique identifier, etc. A reasonable security strategy cannot be separated from the support of digital certificates.
3.5 Security Protocol Technology
Security protocol can provide a strong guarantee for information transmission in the transaction process. At present, the general protocols of e-commerce security strategy mainly include e-commerce payment security protocol, communication security protocol and e-mail security protocol. The main security protocols used in e-commerce include SSL protocol for communication security, SET protocol for credit card security, Hypertext Transfer Protocol (S-HTTP) for commercial trade security, InternetEDI protocol, and E-mail security protocols S/MIME and PEM.
4 conclusion
In the rapid development of e-commerce, the proportion of e-commerce security is more and more important. Studying the security strategy of e-commerce is intended to reduce people's doubts about e-commerce transactions due to the security threat of e-commerce, thus promoting the pace of e-commerce. The way to dispel this doubt depends on the formulation of safety policy principles and the continuous development and improvement of main technologies.
Guess you like:
1. E-commerce master thesis is about 5000 words.
2. E-commerce security paper model essay
3. E-commerce security research paper model essay
4. Talking about the technical papers on e-commerce security
5. E-commerce security technical papers
6. E-commerce security management papers