<vocabulary>
burglar: illegal intruder, often in order to steal something
besiege: surround with army
phishing target webstie: register www.ibn.com/shop against www.ibm.com/shop
</vocabulary>
<sentences>
Hence, security is not a number of features, but a system process.
Security has three main concepts: confidentiality, integrity, and availability.
A firewall is like the moat surrounding a castle.
An effective overall security strategy is to be prepared when vulnerabilities are detected.
It is up to the development team to be both proactive and reactive in handling security threats,
</sentences>
<knowledge>
.....................................................................................................................................................
Use this security checklist to protect yourself as a shopper:
* Whenever you logon, register, or enter private information, such as credit card data, ensure your browser is communicating with the server using SSL.
* Do not shop at a site when the browser does not recognize the server's SSL certificate. This check is done by your browser the first time your URL becomes HTTPS for the site. If the certificate is not recognized, then your browser presents a pop-up message to inform you.
* Use a password of at least 6 characters, and ensure that it contains some numeric and special characters (for example, c0113g3).
* Avoid reusing the same user ID and password at multiple Web sites.
* If you are authenticated (logged on) to a site, always logoff after you finish.
* Use a credit card for online purchases. Most credit card companies will help you with non-existent or damaged products.
* A bricks and mortar store with an online brand is most likely a legitimate site. However, the site may still have vulnerabilities.
....................................................................................................................................................
There are many established policies and standards for avoiding security issues. However, they are not required by law. Some basic rules include:
* Never store a user's password in plain text or encrypted text on the system. Instead, use a one-way hashing algorithm to prevent password extraction.
* Employ external security consultants (ethical hackers) to analyze your system.
* Standards, such as the Federal Information Processing Standard (FIPS), describe guidelines for implementing features. For example, FIPS makes recommendations on password policies.
* Ensure that a sufficiently robust encryption algorithm, such as triple DES or AES, is used to encrypt all confidential information stored on the system.
* When developing third-party software for e-Commerce applications, use external auditors to verify that appropriate processes and techniques are being followed.
* Recently, there has been an effort to consolidate these best practices as the Common Criteria for IT Security Evaluation (CC). CC seems to be gaining attraction. It is directly applicable to the development of specific e-Commerce sites and to the development of third party software used as an infrastructure in e-Commerce sites.
........................................................................
Ways to attack:
tricking the shopper
snooping the shooper's computer
sniffing the network
.........................................................................
While security features do not guarantee a secure system, they are necessary to build a secure system. Security features have four categories:
* Authentication: Verifies who you say you are. It enforces that you are the only one allowed to logon to your Internet banking account.
* Authorization: Allows only you to manipulate your resources in specific ways. This prevents you from increasing the balance of your account or deleting a bill.
* Encryption: Deals with information hiding. It ensures you cannot spy on others during Internet banking transactions.
* Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought a specific merchandise.
</knowledge>
Resources:
Resources:
扫一扫
2073
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
