电子商务网络安全毕业设计英文原文及翻译
电子商务网络安全毕业设计英文原文及翻译|计算机专业全套免费毕业设计论文网|任务书|本科毕业设计课题目作品下载
附录A---英文原文
Web Security Privacy & Commerce
The running battle between hackers and network security professionals has moved beyond the perimeter firewall to hand-to-hand combat at individual Web and corporate servers.
And new security weapons have emerged that use ingenious methods to protect Web sites and corporate networks from external and internal security threats.Here are some of the latest tools at your disposal.
No exit
Gillian G-Server doesn’t care how the hacker got in or what changes they may have made to your Web site.Gillian Exit Control technology prevents the world from seeing the consequences of a security breach.
Gillian G-Server sits between the Web server and the router or firewall that connects the Web server to the Internet, inspecting every piece of content that goes out. The Exit Control G-Server contains a collection of digital signatures made from authorized Web content during the publication process.
Each time the site content producers publish a new or revised object,the G-Server saves a digital backup of the object along with a digital signature.
Signatures that don match send up a red flag which triggers the G-Server to immediately replace a bogus page with a secure archived copy of the original,while simultaneously alerting appropriate personnel.
Tripwire,Inc. Tripwire for Servers is a similar data and network integrity product.However,Tripwire for Servers takes a different approach ——its software is loaded onto the server that you want to protect.It monitors all file changes,whether they originate from inside or outside the company,and reports back if a change violates predetermined policies.
Honeypots or decoys
Honeypots are designed to lure and contain an intruder on the network.Honeypots are decoy devices that can divert attacks from production systems and let security administrators study or understand what happening on the network.
ManTrap,from Recourse,is a powerful honeypot that deployed next to data servers,if it being used to deflect internal attacks,and located off the firewall in the demilitarized zone (DMZ) if it being used against external threats.The majority of users deploy it internally to get suspicious activity under control.
In that scenario,a ManTrap server would be set up to look like a file server that stores intellectual property or business plans.A successful deployment of ManTrap depends on a variety of factors including quality,naming scheme,placement and security policy.For example,deceptive defenses are most effective when deployed in quantities equal to or greater than that of the production system.Honeypots can get expensive which is why companies must pick and choose the critical servers they want to protect.
What attracts an attacker to ManTrap is configuring it to make it look more vulnerable than other servers.Once the hacker is on the decoy server,security managers can log the hacker activity and gain insight into what the intruder is trying to accomplish.
Fall into the gap
Air gap technology provides a physical gap between trusted and untrusted networks, creating an isolated path for moving files between an external server and a company internal network and systems. Vendors include RVT Technologies, Spearhead Technology and Whale Communications.
Whale e-Gap Web Shuttle is a nonprogrammable device that switches a memory bank between two computer hosts. The e-Gap Web Shuttle creates an air gap between the Internet and a company back-office systems. Companies might use e-Gap Web Shuttle between an external service running e-commerce applications, such as online banking, and internal databases that might be queried by external users.
The e-Gap system consists of the e-Gap appliance that is attached to two PC hosts, one internal and one external. The internal host connects to the company internal network and the external host sits in the DMZ in front of the firewall.
All URLs to Web pages are directed to a mock location on the external host. Pages do not actually reside on this host. The external host strips off the protocol headers, extracts only the content of the Secure Sockets Layer (SSL) traffic and passes it to the e-Gap Web Shuttle. The e-Gap Web Shuttle transports the encrypted data to the internal host using a toggling e-disk. The e-Gap internal host decrypts SSL traffic, authenticates the user and filters the URL content. It then passes the URL request to the company production Web server that resides on the back-office network.
The fix is in
Security and vulnerability assessment tools, designed to be used in-house, can detect weaknesses in an organization systems before problems occur and can fix those problems.
Retina 3.0, from eEye, scans, monitors, alerts and automatically fixes network security vulnerabilities. The product works on Windows NT 4.0 SP3 or higher and Windows 2000.
The software is installed on any machine within the network. The network administrator types in a range of IP addresses to scan and pushes a button. The product scans the network for vulnerabilities, software flaws and policy problems and reports any vulnerabilities.
The product “fix it” feature provides network administrator with a description of any found vulnerabilities, information on how to fix it, or access to a fix it button that can repair the vulnerability locally or remotely.
Demolishing DoS attacks
Perhaps one of the newest categories of security is products that target denial-of-service (DoS) attacks and more. By definition, DoS attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. The product category is so new that some products are still in beta test or on the cusp of entering the marketplace.
Going after one of the most malicious types of computer vandalism, the DoS attack, are Arbor Networks, of Waltham, Mass.; Mazu Networks, of Cambridge, Mass.; and Asta Networks in Seattle.
Mazu’s solution to distributed DoS attacks works via intelligent traffic analysis and filtering across the network. A monitoring device, such as a packet sniffer or packet analyzer, evaluates packets on the network at speeds up to 1G bit/sec. A monitoring device then determines which traffic needs to be filtered out.
The good, the bad and the ugly
The good news about all of these new security techniques is that they theoretically offer companies additional layers of security protection, providing better overall security. What this ultimately means to businesses is that additional security mechanisms can succeed where others have failed. Another plus about some of the new products is that they are optimized for a particular application, such as integrity of the Web servers.
However, as with any technology, there are pros and cons to consider. In fact, there are some downsides to implementing these new security products. For example:
They are all incremental solutions, not replacements.
They require a certain amount of expertise.
Many vendors are start-ups and there a risk as to how long theyl be around.
There a concern, in many IT shops, about adding preventive controls because of associated overhead——a concern that can be easily remedied by investing in additional horsepower.
What too much? When does a company run the risk because of having too many products to manage?
The bottom line is that security is never a done deal. It a continuing process that a new crop of innovative vendors are making more interesting.
Benevolent Worms
Although the prospect of using virus technology to simplify the task of delivering patches and software updates is tempting, the dangers can outweigh the benefits when the process is too automated. For example, the improved Windows Update feature in Windows XP now allows patches and updates to be downloaded automatically, although installation is still at the user’s discretion.
Trojan horses, worms, and other malicious code forms have proven to be incredibly successful at paralyzing e-mail systems and Internet providers. It is therefore only logical to conceive of ways to use them for productive purposes, much as the Bible exhorts its readers to beat their swords into plowshares and their spears into pruning hooks.
Granted, it would be wonderful if IT administrators could distribute patches and software updates to desktops and servers as quickly as an e-mail virus can spread from one machine to the next. But is such a magic wand really a good idea?
Web Security Privacy & Commerce
The running battle between hackers and network security professionals has moved beyond the perimeter firewall to hand-to-hand combat at individual Web and corporate servers.
And new security weapons have emerged that use ingenious methods to protect Web sites and corporate networks from external and internal security threats.Here are some of the latest tools at your disposal.
No exit
Gillian G-Server doesn’t care how the hacker got in or what changes they may have made to your Web site.Gillian Exit Control technology prevents the world from seeing the consequences of a security breach.
Gillian G-Server sits between the Web server and the router or firewall that connects the Web server to the Internet, inspecting every piece of content that goes out. The Exit Control G-Server contains a collection of digital signatures made from authorized Web content during the publication process.
Each time the site content producers publish a new or revised object,the G-Server saves a digital backup of the object along with a digital signature.
Signatures that don match send up a red flag which triggers the G-Server to immediately replace a bogus page with a secure archived copy of the original,while simultaneously alerting appropriate personnel.
Tripwire,Inc. Tripwire for Servers is a similar data and network integrity product.However,Tripwire for Servers takes a different approach ——its software is loaded onto the server that you want to protect.It monitors all file changes,whether they originate from inside or outside the company,and reports back if a change violates predetermined policies.
Honeypots or decoys
Honeypots are designed to lure and contain an intruder on the network.Honeypots are decoy devices that can divert attacks from production systems and let security administrators study or understand what happening on the network.
ManTrap,from Recourse,is a powerful honeypot that deployed next to data servers,if it being used to deflect internal attacks,and located off the firewall in the demilitarized zone (DMZ) if it being used against external threats.The majority of users deploy it internally to get suspicious activity under control.
In that scenario,a ManTrap server would be set up to look like a file server that stores intellectual property or business plans.A successful deployment of ManTrap depends on a variety of factors including quality,naming scheme,placement and security policy.For example,deceptive defenses are most effective when deployed in quantities equal to or greater than that of the production system.Honeypots can get expensive which is why companies must pick and choose the critical servers they want to protect.
What attracts an attacker to ManTrap is configuring it to make it look more vulnerable than other servers.Once the hacker is on the decoy server,security managers can log the hacker activity and gain insight into what the intruder is trying to accomplish.
Fall into the gap
Air gap technology provides a physical gap between trusted and untrusted networks, creating an isolated path for moving files between an external server and a company internal network and systems. Vendors include RVT Technologies, Spearhead Technology and Whale Communications.
Whale e-Gap Web Shuttle is a nonprogrammable device that switches a memory bank between two computer hosts. The e-Gap Web Shuttle creates an air gap between the Internet and a company back-office systems. Companies might use e-Gap Web Shuttle between an external service running e-commerce applications, such as online banking, and internal databases that might be queried by external users.
The e-Gap system consists of the e-Gap appliance that is attached to two PC hosts, one internal and one external. The internal host connects to the company internal network and the external host sits in the DMZ in front of the firewall.
All URLs to Web pages are directed to a mock location on the external host. Pages do not actually reside on this host. The external host strips off the protocol headers, extracts only the content of the Secure Sockets Layer (SSL) traffic and passes it to the e-Gap Web Shuttle. The e-Gap Web Shuttle transports the encrypted data to the internal host using a toggling e-disk. The e-Gap internal host decrypts SSL traffic, authenticates the user and filters the URL content. It then passes the URL request to the company production Web server that resides on the back-office network.
The fix is in
Security and vulnerability assessment tools, designed to be used in-house, can detect weaknesses in an organization systems before problems occur and can fix those problems.
Retina 3.0, from eEye, scans, monitors, alerts and automatically fixes network security vulnerabilities. The product works on Windows NT 4.0 SP3 or higher and Windows 2000.
The software is installed on any machine within the network. The network administrator types in a range of IP addresses to scan and pushes a button. The product scans the network for vulnerabilities, software flaws and policy problems and reports any vulnerabilities.
The product “fix it” feature provides network administrator with a description of any found vulnerabilities, information on how to fix it, or access to a fix it button that can repair the vulnerability locally or remotely.
Demolishing DoS attacks
Perhaps one of the newest categories of security is products that target denial-of-service (DoS) attacks and more. By definition, DoS attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. The product category is so new that some products are still in beta test or on the cusp of entering the marketplace.
Going after one of the most malicious types of computer vandalism, the DoS attack, are Arbor Networks, of Waltham, Mass.; Mazu Networks, of Cambridge, Mass.; and Asta Networks in Seattle.
Mazu’s solution to distributed DoS attacks works via intelligent traffic analysis and filtering across the network. A monitoring device, such as a packet sniffer or packet analyzer, evaluates packets on the network at speeds up to 1G bit/sec. A monitoring device then determines which traffic needs to be filtered out.
The good, the bad and the ugly
The good news about all of these new security techniques is that they theoretically offer companies additional layers of security protection, providing better overall security. What this ultimately means to businesses is that additional security mechanisms can succeed where others have failed. Another plus about some of the new products is that they are optimized for a particular application, such as integrity of the Web servers.
However, as with any technology, there are pros and cons to consider. In fact, there are some downsides to implementing these new security products. For example:
They are all incremental solutions, not replacements.
They require a certain amount of expertise.
Many vendors are start-ups and there a risk as to how long theyl be around.
There a concern, in many IT shops, about adding preventive controls because of associated overhead——a concern that can be easily remedied by investing in additional horsepower.
What too much? When does a company run the risk because of having too many products to manage?
The bottom line is that security is never a done deal. It a continuing process that a new crop of innovative vendors are making more interesting.
Benevolent Worms
Although the prospect of using virus technology to simplify the task of delivering patches and software updates is tempting, the dangers can outweigh the benefits when the process is too automated. For example, the improved Windows Update feature in Windows XP now allows patches and updates to be downloaded automatically, although installation is still at the user’s discretion.
Trojan horses, worms, and other malicious code forms have proven to be incredibly successful at paralyzing e-mail systems and Internet providers. It is therefore only logical to conceive of ways to use them for productive purposes, much as the Bible exhorts its readers to beat their swords into plowshares and their spears into pruning hooks.
Granted, it would be wonderful if IT administrators could distribute patches and software updates to desktops and servers as quickly as an e-mail virus can spread from one machine to the next. But is such a magic wand really a good idea?