As we all know, the Internet is based on TCP/IP protocol, but the TCP/IP protocol in the original design and later application, did not take into account the security factors, also did not anticipate the application of the outbreak of growth. It was like opening a closed window in a confined room, fresh air coming in, but a lot of dust, flies and mosquitoes came along. The Internet world also, open, free information brings the convenience of communication, but the emergence of spam, internet viruses and hackers and other dark things, so that the network is experiencing unprecedented impact. Therefore, a variety of network security technology emerged. Network security is a comprehensive business area, including a lot of direction, summed up, there are three main directions: 1. Network Security protection: encryption, Web Access control, anti-virus, firewall/VPN, etc. 2. Security detection: Intrusion detection, vulnerability assessment, mail scanning; 3. Trustworthy Business/Business flow: Identity authentication, access management, data confidentiality, data integrity, transaction integrity. However, in all kinds of network security technology, encryption technology is the foundation. Only the recent frequent occurrence in the financial industry in the network attacks can be seen, identity authentication is the cornerstone of information security in various industries, and the core technology of identity authentication is encryption technology. The survey showed that internal insecurity accounted for 70% of all unsafe factors, and only internal employees (including the separation of employees) misuse, abuse and use of unsafe factors accounted for about 55%, that is, the network's most important or the first task is to the identity of visitors and their behavior to do effective management. This has two layers of meaning: First is the use of anti-theft, that is, log in the staff is true? This close to live, can effectively reject most malicious acts of vandalism; The second is to prevent abuse, even if the identity is true, the employee has no permissions, how much authority to access the resources. Imagine, in a virtual network society, if the identity of the visitors can not be protected and recognized, who dares to talk about business? Therefore, in the E-commerce business, the first problem is to determine the identity of the other party and the security of the transaction process, including confidentiality, integrity and undeniable. When it comes to cryptography, RSA information security is a must. The company, known for its RSA encryption algorithms, has launched a variety of cryptographic technologies that have been applied to most financial and e-commerce networks around the world. The following is an example of the company's E-commerce process, which illustrates the importance of encryption technology. First look at the traditional business processes: (1) Both parties to negotiate a good contract, the terms of the order → printed out, mutual audit → confirmed after the signature and seal, the formal entry into force → A and b each of the terms agreed to act → transactions or cooperation during the period of all normal, after the expiration or after the end of the transaction to continue the (2) factory see single production (Signed and stamped); The shipping department sees (signed and stamped) the invoice before arranging delivery and receiving. (3) A variety of plans, summaries and sales reports, etc. after the written signature, report, and then classified as the daily work and future assessment, reward and punishment basis. MobileOffice almost entirely by telephone, fax to solve the problem. (4) Accounting staff, complete a variety of reimbursement, payment, tax, payroll and other work; The audit department holds a thick ledger, a check. If two companies are in the same place, it is not complicated. If you are in an off-site or even foreign country, it will produce a large number of communications and mailing costs, because no, both sides must retain the original signed and sealed, it is possible to fully reduce the risk of the business. The same is true of the operating processes in the Web world, but everything is electronic, it must be combined with encryption technology: (1) The draft contract through the authenticated mail system issued to ensure that the unit is legitimate, as long as the correct e-mail address, the other party will be able to receive; , both sides of the order have done valid authentication to ensure the correctness and accuracy of the transaction data. (2) The whole company's business system is based on the unified application environment, there are many sub modules, such as in charge of production, sales, logistics, marketing, finance, taxation, audit and other modules, employees are certified in different modules to do their respective work, the use of access control technology to solve the misuse of information and resources, abuse and risk problems. These conveniences also include mobile office, only to the company firewall or VPN access devices to join the identity authentication function. (3) In the financial aspect, the loan between the enterprise and the Bank, the cooperation between the Enterprise and the partner is also based on the identity authentication and PKI system. In RSA's e-commerce model, the login authentication can adopt RSA SecurID, the electronic signature can adopt RSA Keon, and access control can use RSA Clear Trust, so the encryption technology runs through the process of e-commerce throughout. In addition, in other industries, such as accounting audit, law firms, securities, futures, funds and other trading activities, medical, scientific research and other research and development institutions, institutions, groups, government departments, can simply use identity authentication to protect themselves and the interests of the unit. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: Encryption is the basis of security return network security Home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.