《电子商务英语课件6.ppt》由会员分享,可在线阅读,更多相关《电子商务英语课件6.ppt(79页珍藏版)》请在课桌文档上搜索。
1、Unit 6 Security Issues of Electronic Commerce,学习指导:本章将介绍:电子商务中互联网的安全问题电子商务中客户机的安全电子商务中计算机网络通信信道的安全,6.1 the Internet Security of Electronic Commerce6.1.1 Network and Electronic Commerce,In the early days of the Internet,one of its most popular uses was electronic mail.Despite e-mail s popularity,peop
2、le have often worried that a business rival might intercept e-mail message for competitive again.,Another fear was that employees non-business correspondence might be read by their supervisors,with negative repercussions.These were significant and realistic concerns.,Today,the stakes are much higher
3、.The consequences of a competitor having unauthorized access to messages and digital intelligence are now far more serious than in the past Electronic commerce,in particular,makes security a concern for all users.,A typical worry of Web shoppers is that their credit card numbers might be exposed to
4、millions of people as the information travels across the Internet.,Recent surveys show that more than 80 percent of all Internet users have at least some concern about the security of their credit card numbers in electronic commerce transactions.This echoes the fear shoppers have expressed for many
5、years about credit card purchases over the phone.,6.1.2 Computer Security Classifications,Computer security is generally classified into three categories:secrecy,integrity,and necessity(also known as denial of service).,Secrecy refers to protecting against unauthorized data disclosure and ensuring t
6、he authenticity of the data source.Integrity refers to preventing unauthorized data modification.Necessity refers to preventing data delays or denials.,Secrecy is the best known of the computer security categories.Every month,newspapers report on break-ins to government computers or theft and use of
7、 stolen credit card numbers that are used to order goods and services.,Integrity threats are reported less frequently and,thus,may be less familiar to the public.,For example,an integrity violation occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwar
8、ded to its original destination.In this type of integrity violation,which is called a man-in-the-middle exploit,the contents of the e-mail are often changed in a way that negates the messages original meaning.,Necessity violations take several forms,and they occur relatively frequently.Delaying a me
9、ssage or completely destroying it can invite grave consequences.Suppose that a message sent at 10:00 a.m.to an online stockbroker includes an order to purchase 1000 shares of IBM at market price.,If the stockbroker does not receive the message(because an attacker delays it)until 2:30 p.m.and IBMs st
10、ock price has increased by$3,the buyer loses$3000.,6.1.3 Security Management,Computer security is the protection of assets from unauthorized access,use,alteration,or destruction.Any act or object that poses a danger to computer assets is known as a threat.,The risk management model applies to protec
11、ting Internet and electronic commerce assets from both physical and electronic threats.Examples of the latter include impostors,eavesdroppers,and thieves.An eavesdropper,in this context,is a person or device that can listen in on and copy Internet transmissions.,People who write programs or manipula
12、te technologies to obtain unauthorized access to computers and networks are called crackers or hackers.,To implement a good security scheme,organizations must identify risks,determine how to protect threatened assets,and calculate how much to spend on protecting those assets.,In this chapter,the pri
13、mary focus in risk management protection is on the central issues of identifying the threats and determining the ways to protect assets from those threats,rather than on the protection costs or value of assets.,6.2 Security for Client Computers,Client computers,usually PCs,must be protected from thr
14、eats that originate in software and data that are downloaded to the client computer from the Internet.In this section,you will learn that active content delivered over the Internet in dynamic Web pages can be harmful.,Another threat to client computers can arise when a malevolent server site masquer
15、ades as a legitimate Web site.Users and their client computers can be duped into revealing information to those Web sites.,This section explains these threats,describes how they work,and outlines some protection mechanisms that can prevent or reduce the threats they pose to client computers.,6.2.1 C
16、ookie,Cookies are some small text files that Web servers place on Web client computers to identify returning visitors.Cookies also allow Web servers to maintain continuing open sessions with Web clients.An open session is necessary to do a number of things that are important in online business activ
17、ity.,For example,shopping and payment processing software both need an open session to work properly.Early in the history of the Web,cookies were devised as a way to maintain an open session despite the stateless nature of Internet connections.,Thus,cookies were invented to solve the stateless conne
18、ction problem by saving information about a web user from one set of server-client message exchanges to another.,6.2.2 Active Content,Until the debut of executable Web content,Web pages could do little more than display content and provide links to related pages with additional information.The wides
19、pread use of active content has changed the situation.,Active content refers to programs that are embedded transparently in Web pages and that cause action to occur.For example,active content can display moving graphics,download and play audio,or implement Web-based spreadsheet programs.,Active cont
20、ent is used in electronic commerce to place items into a shopping cart and compute a total invoice amount,including sales tax,handling,and shipping costs.,Developers use active content because it extends the functionality of HTML and moves some data processing chores from the busy server machine to
21、the users client computer.,Unfortunately,because active content elements are programs that run on the client computer,active content can damage the client computer.Thus,active content can pose a threat to the security of client computers.,Active content is provided in several forms.,The best-known a
22、ctive content forms are cookies,Java applets,JavaScript,VBScript,and ActiveX controls.Other ways to provide Web active content include graphics,Web browser plug-ins,and e-mail attachments.,6.2.3 Java Applets,Java is a programming language developed by Sun Microsystems that is used widely in Web page
23、s to provide active content.The Web server sends the Java applets along with Web pages requested by the Web client.,In most cases,the Java applets operation will be visible to the site visitor;however,it is possible for a Java applet to perform functions that would not be noticed by the site visitor
24、.The client computer then runs the programs within its Web browser.,Java adds functionality to business applications and can handle transactions and a wide variety of actions on the client computer.That relieves an otherwise busy server-side program from handling thousands of transactions simultaneo
25、usly.Once downloaded,embedded Java code can run on a clients computer,which means that security violations can occur.,To counter this possibility,a security model called the Java sandbox has been developed.The Java sandbox confines Java applet actions to a set of rules defined by the security model.
26、These rules apply to all distrusted Java applets.,6.2.4 ActiveX Controls,The security danger with ActiveX controls is that once they are downloaded,they execute like any other program on a client computer.They have full access to all system resources,including operating system code.,An ill-intention
27、ed ActiveX control could reformat a users hard disk,rename or delete files,send e-mails to all the people listed in the users address book,or simply shut down the computer.,Because ActiveX controls have full access to client computers,they can cause secrecy,integrity,or necessity violations.,The act
28、ions of ActiveX controls cannot be halted once they begin execution.Most Web browsers can be configured to provide a notice when the user is about to download an ActiveX control.Figure 8-1 shows an example of the warning issued when Internet Explorer detects an ActiveX control.,Figure 8-1 Internet E
29、xplore ActiveX Control warning message,6.2.5 Graphics and Plug-Ins,Graphics,browser plug-ins,and e-mail attachments can harbor executable content.Some graphics file formats have been designed specifically to contain instructions on how to render a graphic.,That means that any Web page containing suc
30、h a graphic could be a threat because the code embedded in the graphic could cause harm to a client computer.,Plug-ins are normally beneficial and perform tasks for a browser,such as playing audio clips,displaying movies,or animating graphics.Apples QuickTime,for example,is a plug-in that downloads
31、and plays movies stored in a special format.,6.2.6 Viruses and Worms,A virus is the little program that attaches itself to another program and can cause damage when the host program is activated.A worm is a type of virus that replicates itself on the computers that it infects.,Worms can spread quick
32、ly through the Internet.A macro virus is a type of virus that is coded as a small program,called a macro,and is embedded in a file You have probably read about or have personally experienced recent examples of e-mail attachment-borne virus attacks.,6.2.7 Digital Certificates,One way to control threa
33、ts from active content is to use digital certificates.A digital certificate or digital ID is an attachment to an e-mail message or a program embedded in a web page that verifies that the sender or Web site is who or what it claims to be.,In addition,the digital certificate contains a means to send a
34、n encrypted message-encoded so others can not read it-to entity that set the original web page or e-mail message.,In the case of a downloaded program containing a digital certificate,the encrypted message identifies the software publisher(ensuring that the identity of the software publisher matches
35、the certificate)and indicates whether the certificate his expired or is still valid.,The digital certificate is a signed message or code.Signed code or messages serve the same emotion as a photo on a drivers license or passport.They provide proof that the holder is the person identified by the certi
36、ficate.,Just like a passport,a certificate does not imply anything about either the usefulness or quality of the downloaded program.The certificate only supplies a level of assurance that the software is genuine.,The idea behind certificate is that if the user trusts the software developer,signed so
37、ftware can be trusted because,as proven by the certificate,it came from that trusted developer.,Digital certificates are used for many different types of online transactions,including electronic commerce,electronic mail,and electronic fund transfers.A digital ID verifies a Web site to a shopper and,
38、optionally,identifies a shopper to a Web site.,Web browsers or e-mail programs exchange digital certificates automatically and invisibly when requested to validate the identity of each party involved in a transaction,6.3 Communication Channel Security,Today,the Internet remains largely unchanged fro
39、m its original,insecure state.Message packets on the Internet travel an unplanned path from a source node to a destination node.A packet passes through a number of intermediate computers on the network before reaching its final destination.,The path can vary each time a packet is sent between the sa
40、me source and destination points.Because users cannot control the path and do not know where their packets have been,it is possible that an intermediary can read the packets,alter them,or even delete them.That is,any message traveling on the Internet is subject to secrecy,integrity,and necessity thr
41、eats.,Vocabulary,rival/raivl/n.对手,竞争者;a.竞争的;vt.与相匹敌,比得上 intercept/.intsept/n.截取,妨碍,截距;v.拦截,阻止,截取;计算机 截断 correspondence/krispndns/n.相符,通信,信件 repercussion/ri:p(:)kn/n.弹回,反响,反射stake/steik/n.木柱,赌注,奖金,问题;v.打赌,下赌注,integrity/integriti/n.诚实,正直,完整,完善 disclosure/disklu/n.揭发,败露 authenticity n.确实性,真实性destinatio
42、n./destinein/n.目的地,终点 negate/nigeit/v.否定,否认,打消 grave/greiv/a.严肃的,庄重的,严重的;n.坟墓 asset/set/n.资产,有用的东西,优点,长处impostor/impst/n.冒充者,骗子,eavesdropper/i:vz.drp(r)/n.偷听者 malevolent/mlevlnt/a.有恶意的,恶毒的 masquerade/mskreid,m:s/n.化妆舞会;v.化装 session/sen/n.会议,开庭期,市盘,会话devise/divaiz/v.设计 filter/filt/n.筛选,滤波器,过滤器,滤色镜;v.
43、过滤,渗透,走漏;计算机 过滤,Transparently/trnsprntli/ad.透明地(某种辐射线可以透过的,明显的)applet n.JAVA的小应用程序 attachment/ttmnt/n.附件,附著,附属物,依恋 configure/knfig/v.配置 detect/detect/v.发现,计算机 检测 harbor/h:b/n.港,避难所;v.庇护,隐藏,藏匿,存储render/rend/vt.提供,报答,着色,致使,显示;vi.给予补偿n.交纳,粉刷,打底,infect/infekt/v.传染,感染license/laisns/n.执照,许可证,特许;vt.许可,特许 g
44、enuine/denjuin/a.真正的,真实的,诚恳的 node/nud/n.节,结节,瘤,计算机 节点 intermediate/intmi:djt/a.中级的,中间的;n.中间体,媒介物 encryption/inkripn/n.加密术,Phrases,man-in-the-middle exploit 两面欺诈risk management 风险管理JavaScript,Java脚本VBScript VB脚本ActiveX controls 网络化多媒体对象控件ill-intentioned 有恶意的Digital Certificate 数字证书message packet 数据包,
45、信息包macro virus 宏病毒,Abbreviations,ID Identification 身份,Notes to the Passage,1.The consequences of a competitor having unauthorized access to messages and digital intelligence are now far more serious than in the past.竞争者未经授权而访问到公司的信息和数字内容所带来的后果前所未有地严重。句子的中心部分为:The consequences are now far more seriou
46、s than in the past.,2.an integrity violation occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwarded to its original destination.假如一个电子邮件在发送到它的原始目的地之前被拦截,并修改了内容,我们就说发生了对完整性的破坏。1)句子的主句为:an integrity violation occurs.2)when 引导两个并列的时间状语从句A:an Internet e
47、-mail message is intercepted before it is forwarded to its original B:its contents are changed before it is forwarded to its original destination.,3.The risk management model applies to protecting Internet and electronic commerce assets from both physical and electronic threats.风险管理可应用在保护互联网或电子商务资产免
48、受物理或逻辑的安全威胁的领域。,4.The primary focus in risk management protection is on the central issues of identifying the threats and determining the ways to protect assets from those threats,rather than on the protection costs or value of assets.风险管理的重点不是保护资产的成本或价值,而是识别中心问题面临的安全威胁并确定保护资产免受这些安全威胁的方法。,5.Cookies
49、were invented to solve the stateless connection problem by saving information about a web user from one set of server-client message exchanges to another.Cookie通过保存用户从一组服务器-客户机到另一组服务器-客户机的信息交换,从而解决了无状态连接的问题。句子的中心部分为:Cookies were invented to solve the stateless connection problem.Cookie的研制解决了无状态连接的问题
50、。,6.Active content refers to programs that are embedded transparently in Web pages and that cause action to occur.活动内容是指在页面上嵌入的对用户透明的程序,它可完成一些动作。句子的主句为:Active content refers to programs.两个定语从句修饰programs:A:that are embedded transparently in Web pagesB:that cause action to occur.,7.Developers use acti