1. No security configuration related to the operating system has been performed

No matter what operating system is used, there will be some security issues under the default installation conditions. Only specific configuration for operating system security Only relevant and strict security configurations can achieve a certain level of security. Never think that after the operating system is installed by default and coupled with a strong password system, it is considered safe. Vulnerabilities and "backdoors" in network software are the preferred targets for network attacks.

2. No CGI program code audit was performed

If it is a general CGI problem, it is slightly easier to prevent, but for some CGI programs specially developed by websites or software vendors, Many have serious CGI problems. For e-commerce sites, there will be serious consequences such as malicious attackers pretending to use other people's accounts for online shopping.

3. Denial of Service (DoS, Denial of Service) attack

With the rise of e-commerce, the real-time requirements for websites are getting higher and higher. The threat is growing. The effect of attacks targeting network paralysis is stronger and more destructive than any traditional methods of terrorism and war, causing harm faster and wider, while the risk to the attackers themselves is very small, even It can disappear without a trace before the attack begins, leaving the other party with no possibility of retaliating.

4. Improper use of security products

Although many websites use some network security equipment, these products do not play their due role due to problems with the security products themselves or usage problems. role. The products of many security manufacturers have very high requirements for the technical background of configuration personnel, exceeding the technical requirements for ordinary network management personnel. Even if the manufacturers initially provide users with correct installation and configuration, once the system is changed, the related security products need to be modified. When setting up, it's easy to create many security issues.

5. Lack of strict network security management system

The most important thing about network security is to attach great importance to it ideologically. The security within the website or local area network needs to be guaranteed by a complete security system. Establishing and implementing strict computer network security systems and strategies is the basis for truly realizing network security.

6. Stealing information

Since no encryption measures are used, data information is transmitted in clear text on the network. Intruders can intercept the transmitted information at the gateway or router through which the data packet passes. . Through repeated theft and analysis, the patterns and formats of the information can be found, and then the content of the transmitted information can be obtained, causing the leakage of information transmitted online.

7. Tampering with information

After the intruder has mastered the format and rules of the information, he will use various technical means and methods to modify the information data transmitted on the network midway, and then Then send to destination. This method is not new and can be done on a router or gateway.

8. Impersonation

Because the attacker has mastered the format of the data and can tamper with the passed information, the attacker can pretend to be a legitimate user to send fake information or actively obtain information, while the remote user It's often hard to tell.

9. Malicious destruction

Since attackers can access the network, they may modify the information in the network, master confidential information on the Internet, and even sneak into the network. The consequences are very serious.

Security Countermeasures

1. Protect network security.

The main measures to protect network security are as follows: comprehensively plan the security strategy of the network platform, formulate network security management measures, use firewalls, record all activities on the network as much as possible, pay attention to the physical protection of network equipment, Test the vulnerability of the network platform system and establish a reliable identification and authentication mechanism.

2. Protect application security.

Security services at the application layer can involve the security of applications such as authentication, access control, confidentiality, data integrity, non-repudiation, Web security, EDI and online payment.

3. Protect system security.

In installed software, such as browser software, e-wallet software, payment gateway software, etc., check and confirm unknown security vulnerabilities. The combination of technology and management ensures that the system has minimal penetration risk. Connection is allowed only after passing multiple authentications, all access data must be audited, and system users must be strictly security managed. Establish detailed security audit logs to detect and track intrusion attacks, etc.

4. Encryption technology

Encryption technology is a basic security measure for e-commerce. Both parties to the transaction can use it during the information exchange stage as needed. Encryption technology is divided into two categories, namely symmetric encryption and asymmetric encryption.

5. Authentication technology.

Technology that uses electronic means to prove the identity of the sender and receiver and the integrity of their files, that is, to confirm that the identity information of both parties has not been tampered with during transmission or storage. Including digital signatures and digital certificates.

6. E-commerce security protocols.

The operation of e-commerce also requires a complete set of security protocols, including SET, SSL, etc.

Extended information

From the meaning and development history of e-commerce, we can see that e-commerce has the following basic characteristics:

1. Universality. As a new type of transaction, e-commerce brings production enterprises, circulation enterprises, consumers and governments into a new world of network economy and digital existence.

2. Convenience. In the e-commerce environment, people are no longer restricted by geography, and customers can complete business activities that were more complicated in the past in a very simple way. For example, through online banking, you can deposit and withdraw account funds, query information, etc. all day long, and at the same time, the service quality of enterprises to customers can be greatly improved. In e-commerce business activities, there is a lot of development and communication of human resources, flexible working hours, fulfilling company requirements, and having money and leisure.

3. Holisticness. E-commerce can standardize the workflow of transaction processing and integrate manual operations and electronic information processing into an inseparable whole. This can not only improve the utilization of manpower and material resources, but also improve the rigor of system operation.

4. Security. In e-commerce, security is a vital core issue, which requires the network to provide an end-to-end security solution, such as encryption mechanism, signature mechanism, security management, access control, firewall, anti-virus protection, etc. etc. This is very different from traditional business activities.

5. Coordination. Business activity itself is a coordination process, which requires coordination between customers and within the company, manufacturers, wholesalers, and retailers. In an e-commerce environment, it requires the full cooperation of multiple departments such as banks, distribution centers, communications departments, and technical services. The entire e-commerce process is often completed in one go.

Baidu Encyclopedia-E-Commerce

Baidu Encyclopedia-Information Security