E-commerce security paper 5000 words (2)

E-commerce security paper 5000 words 2

A brief analysis of e-commerce security decision-making principles and technology

E-commerce security strategy is a comprehensive and systematic approach to the core assets of an enterprise protection, constantly update the security protection of enterprise systems, identify potential threats and vulnerabilities of enterprise systems, identify, control, and eliminate activities that pose security risks. E-commerce security is relative, not absolute. It cannot be assumed that there is a system that will never be breached. Of course, no matter what type of e-commerce website it is, the price and cost of system security must be taken into consideration.

As a user of a security system, you must comprehensively consider all factors to rationally use e-commerce security strategy technology. As a system R&D designer, you must also consider cost and price factors during design. . In this era of ebb and flow of network attacks and defenses, it is even more important to check, evaluate and adjust corresponding security strategies based on the continuous emergence of security issues, and adopt current technical means to achieve the purpose of improving overall security. Behind the huge business opportunities brought by e-commerce, there are also increasingly serious e-commerce security problems, which not only bring huge economic losses to corporate organizations, but also threaten the security of the social economy.

1 Security threats faced by e-commerce

In the environment where e-commerce operates, security threats are faced all the time. This is not only a design technical issue, but more importantly, a management issue. vulnerabilities, and are inextricably linked to people’s behavioral patterns. The security threats faced by e-commerce can be divided into the following categories:

1.1 Information content is intercepted and stolen

This type of threat occurs mainly due to the encryption measures or security levels during the information transmission process. Not enough, or useful information may be stolen by analyzing parameters such as information traffic and flow direction in the Internet and telephone networks.

1.2 Tampering with information midway

Mainly destroys the integrity of the information, tampering with the information transmitted over the network through changes, deletions, insertions, etc., and sending the tampered false information to the public. Toward the receiving end.

1.3 Identity impersonation

Create a fake server with a similar name to the seller's server, pretend to be the seller, and create fake orders for transactions.

1.4 Transaction denial

For example, a merchant does not recognize the original transaction due to price reasons for the goods sold, and the buyer later denies it after signing an order.

　1.5 Malicious competition among peers

Peers in the industry use the name of the buyer to conduct commodity transactions and secretly understand the buying and selling process, inventory status, and logistics status.

1.6 The security of the e-commerce system is destroyed

Criminals use illegal means to enter the system, change user information, destroy order information, generate false information, etc.

2 Principles of e-commerce security strategy

E-commerce security strategy is to achieve a balance between investment cost and efficiency under the existing situation, and to reduce the threats faced by e-commerce security. Depending on the e-commerce network environment, different security technologies are used to formulate security strategies. The following general principles should be followed when formulating security strategies:

2.1 ***Existence principle

It means that the issues affecting network security exist simultaneously with the operation life cycle of the entire network, so Consistency with network security needs should be considered when designing the security architecture. If security countermeasures are not considered at the beginning of website design, modifying them after the website is built will consume more manpower and material resources.

2.2 Principle of flexibility

Security policies must be able to change with changes in network performance and security threats, and must adapt to the system and modifications in a timely manner.

2.3 Analysis principle of balancing risks and costs

It is difficult for any network to achieve absolutely no security threats.

A network must be actually analyzed, and the threats faced by the network and the risks it may encounter must be comprehensively analyzed quantitatively and qualitatively, standardized measures must be formulated, and the security scope of the system must be determined, so that the cost spent on network security is consistent with The value balance of information under security protection.

　2.4 Principle of ease of use

The implementation of security policies is completed manually. If the implementation process is too complicated and the requirements for people are too high, it will also reduce its own security.

　2.5 Comprehensive Principle

A good security strategy is often the result of the comprehensive application of multiple methods when designing. Only by analyzing network security issues from a systems engineering perspective can we Effective and feasible measures may be obtained.

　2.6 Multi-layer protection principle

No single security protection measure can be absolutely safe on its own. A multi-layer complementary system should be established. Then when one layer is breached , other layers of protection can still safely protect information.

3 Main technologies of e-commerce security strategy

3.1 Firewall technology

Firewall technology is an important network that protects the local network and resists external network attacks. One of the security technologies is to provide information security services and realize the infrastructure of network information security. Generally speaking, it can be divided into several categories: packet filtering firewall, application-level gateway firewall, proxy service firewall, etc. A firewall has 5 basic functions:

(1) Resist external attacks;

(2) Prevent information leakage;

(3) Control and manage network access and access;

(4) Virtual private network function;

(5) Its own anti-attack ability.

There are two situations in the firewall security policy:

(1) Access to services that violates the permission is prohibited;

(2) Not prohibited Access to services is allowed.

Most firewalls adopt a compromise strategy between the two to improve access efficiency while ensuring security.

　3.2 Encryption Technology

Encryption technology is a method of disguising the transmitted information in some way and hiding its content so that the true content cannot be obtained by a third party. . In the process of e-commerce, encryption technology is used to hide information and then transmit the hidden information. In this way, even if the information is stolen during the transmission process, the illegal interceptor cannot understand the content of the information, thereby ensuring that the information is exchanged during the exchange process. Security, authenticity, and can effectively provide help for security strategies.

3.3 Digital signature technology

It refers to the method adopted to prevent someone from changing or destroying the file during transmission and to determine the identity of the sender on the basis of encrypting the file. means. It occupies a particularly important position in e-commerce security and can solve problems such as identity authentication, content integrity, and non-repudiation during the trade process. Digital signature process: The sender first generates a digest of the original text through the Hash algorithm, and encrypts it with the sender's private key to generate a digital signature and sends it to the recipient. The receiver uses the sender's public key to decrypt and obtain the sender's message digest. Finally, the receiver uses the Hash algorithm to generate a summary of the original text received, and compares it with the sender's summary.

3.4 Digital certificate technology

Digital certificates are a series of data about network user identity information, issued by a third-party impartial organization. Information encryption technology based on digital certificates can ensure online transmission. The confidentiality and integrity of information and the authenticity and non-repudiation of transactions provide guarantee for the security of e-commerce. A standard digital certificate contains: version number, signature algorithm, serial number, issuer name, validity date, subject public key information, issuer unique identifier, subject unique identifier, etc. A reasonable security strategy is inseparable from the support of digital certificates.

3.5 Security protocol technology

Security protocols can provide strong protection for information transmission during the transaction process.

Currently, the commonly used protocols provided for e-commerce security strategies mainly include e-commerce payment security protocols, communication security protocols, and email security protocols. The main security protocols used for e-commerce include: communication security SSL protocol (SecureSocketLayer), credit card security SET protocol (Secure Electronic Transaction), commercial trade security hypertext transfer protocol (S-HTTP), Internet EDI electronic data interchange protocol and email Security protocols S/MIME and PEM, etc.

4 Conclusion

In the process of rapid development of e-commerce, e-commerce security plays an increasingly important role. Studying e-commerce security strategies is intended to reduce people's doubts about e-commerce transactions caused by e-commerce security threats, so as to promote the progress of e-commerce. The method to relieve this doubt relies on the formulation of security policy principles and the continuous development and improvement of major technologies.