NET silver really reached the international advanced level?

This week, ICBC network banking business of a succession of failures, industrial and Commercial Bank of China, 15th, after the failure to use or response to very slow events, ICBC again appeared unable to log in today. I 15th three o'clock in the afternoon landing net silver tried to recharge mobile phone charges, has been unable to enter. 16th three o'clock in the afternoon again landing, very smooth, but when landing system prompts, my account number in the July 15, 2007 afternoon a certain period of time has landed no exit, and now landing, the original landing failure tips. Today's ICBC Net Silver homepage can be opened normally and online banking is not available. The familiar session-based firewall code appears at the end of the address.

Although ICBC's official statement on 16th that ICBC is not a hacker attack, and apologized to users, the official explanation is due to the whole line of computer system upgrades, the same day there are new funds issued and split, as well as pensions and wages of the issuance of the daily transaction volume is too large, " ICBC Electronic Bank's security can have reached the international advanced level. The head of ICBC said. However, the problems of consecutive days can not help but a lot of questions, coupled with the frequent Internet bank accounts stolen and other news frequently reported, so that netizens have to start to suspect the security of the network banks.

The development of network information technology and the popularization of electronic commerce have a strong impact on the traditional management thought and mode of business. Online banking, which is the core of Internet technology, has also changed the banking business greatly. "Online Banking" in the development of financial enterprises to bring unprecedented opportunities, but also for many users to bring real convenience. As a brand new bank customer service delivery channel, customers can not go to the bank to transact business, as long as the Internet, whether in the home, office, or on the road, can be safe and convenient to manage their assets 24 hours a day, or to handle inquiries, transfers, fees and other banking business. The advantages of "online banking" are indeed obvious. But in the face of this emerging thing, people have one of the biggest doubts: "Online banking" security? It is not unreasonable to have such concerns. The connection between banking network and Internet makes it easy for Internet bank to become the object of illegal invasion and malicious attack, and the current network order is more chaotic, and the hacker attack events are endless, which also has a certain influence on people's psychology.

In general, the concerns of online banking security are mainly:

1, the bank transaction system was illegally invaded.

2, information transmission through the network is stolen or tampered with.

3, the identity of the parties to the transaction, the account is stolen by others.

From a bank's point of view, the development of online banking will bear more risk than the customer. Therefore, China has opened the "online banking" Business of Merchants Bank, Construction Bank, Bank of China, etc., have established a strict security system, including security policy, security management system and procedures, security technology measures, business security, internal security monitoring and security audits, to ensure the "online banking" safe operation.

security of the bank trading system

"Online Banking" system is the extension of banking services, customers can easily use the Internet Commercial Bank core business services to complete a variety of non-cash transactions. But on the other hand, the Internet is an open network, the bank Transaction Server is an online public site, the internet banking system has also made the bank intranet open the door to the Internet. Therefore, how to guarantee the security of the online banking transaction system is related to the security of the whole financial network, which is the most important problem in the construction of the online bank, and the most fundamental consideration for the Bank to guarantee the security of the clients ' funds.

In order to prevent the trading server from being attacked, the bank mainly adopts the following three technical measures:

1, the establishment of firewalls, isolation of related networks.

The general use of multiple firewall scheme. Its function is:

(1) Separating Internet and trading servers to prevent illegal intrusion by internet users.

(2) for the separation between the transaction Server and the bank intranet, effectively protects the bank intranet and prevents the internal network from invading the transaction server.

2, the High Security level Web application Server

The server uses a trusted, dedicated operating system with its unique architecture and security checks to ensure that only legitimate users ' transaction requests can be sent to the application server for subsequent processing through a specific agent.

3, 24-hour real-time security monitoring

For example, using the ISS network Dynamic Monitoring products, system vulnerability scanning and real-time intrusion detection. Web sites using ISS security products were spared in February 2000 when big websites such as Yahoo were hacked.

Identification and CA authentication

Online transactions are not face-to-face, customers can make requests at any time, any place, the traditional method of identification is usually relied on user name and login password to authenticate the identity of the user. However, the user's password in the form of plaintext in the network transmission, it is easy to be intercepted by attackers, and thus can impersonate the identity of the user, identity authentication mechanism will be breached.

In the online banking system, the user's identity authentication relies on the encryption mechanism of the RSA public key cryptosystem, the digital signature mechanism and the multiple guarantee of the user login password. The bank verifies the user's digital signature and login password before confirming the identity of the user. The user's unique identity is the "digital certificate" issued by the bank. The user's login password is transmitted in ciphertext mode to ensure the security and reliability of the identity authentication. The introduction of digital certificates, at the same time to achieve the user's identity certification of bank transactions, to ensure that the access to the real bank website, and also to ensure that the customer submitted transaction orders are undeniable. Because of the uniqueness and importance of digital certificates, banks have set up CA certification bodies to carry out online business, which is responsible for issuing and managing digital certificates and conducting online identity audits. June 2000, led by the People's Bank of China, 12 commercial banks jointly built the Chinese Financial Certification Center (CFCA) officially listed operation. This indicates that China's E-commerce has entered a new stage of bank security payments. As an authoritative, trustworthy and impartial third party trust organization, China Financial Certification Center provides the basis of identity authentication for the realization of trans-bank transactions in the future.

Security of network communication

Because the Internet is an open network, customers in the Internet transmission of sensitive information (such as passwords, trading instructions, etc.) in the communication process there are intercepted, deciphered, tampered with the possibility. In order to prevent such a situation, the online banking system is generally used to encrypt the transmission of transaction information measures, the most widely used is the SSL data encryption protocol.

The SSL protocol was first developed by Netscape, with the primary purpose of providing a secret and reliable connection between two communications, which is currently supported by most Web servers and browsers. After the user logs on and is authenticated, all data transmitted between the user and the server on the network is encrypted with the session key until the user exits the system. And the encryption keys used for each session are randomly generated. This makes it impossible for an attacker to get any useful information from the data stream on the network. At the same time, the digital certificate is introduced to sign the transmitted data, and if the data is tampered with, it must be inconsistent with the digital signature. The encryption key length of the SSL protocol is directly related to its encryption strength, and is generally 40~128 bit, which can be found in the "Help" "about" of IE browser. At present, the construction Bank has adopted effective key length of 128-bit high-strength encryption.