On security control and management strategy in e-commerce

E-commerce network security in essence is the information security on the network, refers to the electronic commerce network system hardware, software and its system data are protected from accidental or malicious reasons to be destroyed, changed, leaked, the system continuously reliable operation, network services uninterrupted. Network security is not only a technical problem, but also a management problem, so to solve the problem of network security, must have a comprehensive solution, in order to deal with a variety of different threats and attacks, so as to ensure the confidentiality, integrity and usability of the network information. Therefore, to strengthen the network security management, the establishment of relevant rules and regulations for ensuring the safe and reliable operation of the network, will play a very effective role.

Security control in e-commerce

The basic platform of e-commerce is the Internet, the core and key problem of the development of e-commerce is the security of the transaction, because of the openness of Internet itself, the Internet transaction faces various dangers, and the corresponding safety control requirements are put forward.

From the perspective of technical means, from the system security and data security in different levels to explore the network security problems appearing in E-commerce.

1. System security

In e-commerce, network security generally includes the following two aspects: for an enterprise, the first is the security of information and the identity of the trader, but the prerequisite for information security is the security of the system.

The technology and means of system security include redundancy technology, network isolation technology, access control technology, identity authentication technology, encryption technology, monitoring and auditing technology, security evaluation technology and so on.

(1) Network system

Network security is the open, borderless and free of the network, the key of the security solution is to make the protected network independent from the open, borderless and free environment, so that the network can be controlled and managed by the internal system, because

Network system is the foundation of application system, and network security becomes the first problem. The main ways to solve network security are:

Network redundancy--it is an important measure to solve single point fault of network system. For critical network lines, devices, typically dual or multiple backups. When the network running, the two sides automatically adjust the real-time monitoring well of the operation State, when the network has a fault or the network information flow is abrupt, it can switch the distribution in the effective time to ensure the normal operation of the network.

System isolation--divided into physical isolation and logical isolation, mainly from the network security level to consider the division of reasonable network security boundaries, so that different levels of security network or information media can not access each other, so as to achieve security purposes. The VLAN technology and communication protocol are applied to the Business Network or office network to classify different application subnets.

Access control--the principle of bidirectional control or limited access for different trusting domains of the network, so that the controlled subnet or host access rights and information flow can be effectively controlled. The specific relative network object needs to solve the network boundary control and network internal control, for network resources to maintain the principle of limited access, information flow can be implemented in accordance with the security requirements of one-way or two-way control. The most important device for access control is the firewall, it is generally placed in different points of the entrance to the network of IP packets filtering and according to the Enterprise security Policy for information flow control, at the same time to achieve network address translation, real-time information audit warnings and other functions, advanced firewall can also achieve fine-grained access control based on users.

Identity authentication-----------------------recognition of network visitor's rights one is the secret of the subject, such as user name password, secret key, and second, the subject carries items such as magnetic cards, IC card, dynamic password card and token card, etc. three is the main character or ability, such as fingerprint, sound, retina, signature and so on. Encryption is to prevent the network eavesdropping, leakage, tampering and destruction, to ensure the security of information transmission, online data use encryption means is the most effective way. At present, encryption can be implemented at three levels, that is, link layer encryption, network layer encryption and application layer encryption. Link encryption focuses on communication links without regard to the source and the host, which is transparent to the high level of the network. The network layer encryption uses the IPSec core protocol, has the encryption, the authentication dual function, is realizes in the IP layer the security standard. Through the network encryption can construct the internal enterprise to consider the private network, so that enterprises in less investment to get more secure returns, and ensure the user's application security.

Security monitoring--to take the way of information interception to find unauthorized network access attempts and irregularities, including scanning, warning, blocking, recording and tracking of network system, so as to find the attack damage of the system. Network Scanning Monitoring System

As the most effective technology means to deal with computer hackers, it has the characteristics of real-time, adaptive, active recognition and response, and is widely used in all walks of life. Network scanning is to detect and analyze the security vulnerabilities of network devices, including network communication services, routers, firewalls, mail, Web servers, etc., so as to identify the network vulnerabilities that can be exploited by intruders. The network Scan system forms a detailed report of the detected vulnerability information, including location, detailed description and proposed improvement scheme, so that the network can detect and answer the security risk information.