A Security Plan for E-Business
A security plan—also called a security policy—grows and changes as new risks are identified,and old risks are removed by the development of new technology.Six steps that companies can take to develop a security plan are described in this article.
1.Erect Firewalls
A firewall is a set of related programs,located at a network gateway①server that protects the resources of a private network from users from other networks.An enterprise with an intranet that allows its workers to have access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.②Basically,a firewall,working closely with a router program,examines each network packet to determine whether to forward it toward its destination.A firewall also includes or works with a proxy server③that makes network requests on behalf of workstation users.A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.④
2.Employ Encryption Methods
Encryption is the process of scrambling information into an unreadable form.Companies can safeguard information outsiders should not see by encrypting that data before transmitting it over the Internet.For example,the plain text message“Meet me at 2 p.m.”is encrypted using a cipher that will add a specific number of characters to each letter.The key is the exact number of letters that will be added.Because the key is 3,the resulting cipher text is“phhw ph dw 5 sp”.⑤
An effective encryption method requires two keys—one key is used to encrypt the message from plain text into cipher text(called public key),and another key is used to decrypt the message from cipher text into plain text(called private key).Because two different keys are used,the encryption system is referred to as asymmetric encryption.When both keys are the same,the system is referred to as symmetric encryption⑥.An additional layer of security is added when the public key produces different cipher text every time it is applied—even when applied to the same message.
Only the holder of the private key can decode the message.The computer system keeps private keys secret,while public keys are widely available.Incoming messages are secure when the computer system controls the distribution of private keys.The complicated mathematical algorithms used to encrypt data mean that someone who just has access to the public key would not be able to figure out the private key required to decrypt the message—or at least not without considerable computing effort.
3.Issue and Monitor Passwords
Companies can establish procedures for developing a password system that cannot be easily violated by outsiders.
4.Develop Access Control Lists
The Access Control Lists(ACL)specifies which users are allowed to access which data to perform which functions.
5.Obtain Digital Signatures and Digital Certificates
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document,and possibly to ensure that the original content of the message or document that has been sent is unchanged.⑦Digital signatures are easily transportable,cannot be imitated by someone else,and can be automatically time-stamped.The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.⑧
A digital signature can be used with any kind of message,whether it is encrypted or not,simply so that the receiver can be sure of the sender's identity and that the message arrived intact.A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
6.Monitor Active Content
Companies can ensure that any active content downloaded from the Web sites comes from trusted sources.
Companies that use their computers to access the Internet and process orders must develop security procedures to prevent unauthorized access to their systems,to protect data transmitted over the Internet from loss or damage,and to safeguard customer information from unauthorized use.A company also must use the available technology to keep its system safe before competitors and others use that same technology to gain unlawful access.
New Words and Expressions
1.enterprise(n.)a business organization企业
2.intranet(n.)企业内部互联网
3.router(n.)路由器(读取每一个数据包中的地址然后决定如何传送的专用,智能性的网络设备)
4.packet(n.)a short block of data transmitted in a packet switching network信息包
5.forward(v.)to send on to a subsequent destination or address转寄
6.designated(a.)which is indicated or pointed out指定的,派定的
7.scramble(v.)to mix or throw together haphazardly搅乱
8.encrypt(v.)to scramble access codes(computerized information)so as to prevent unauthorized access加密,给…加密
9.mathematical algorithms数学运算法则
10.decrypt(v.)to decode破译(密码)
11.violate(v.)to break or disregard(a law,for example)违反
12.authenticate(v.)to establish the authenticity of...验证…
13.identity(n.)个人身份
14.digital signature数字签名
15.digital certificate数字证书
Notes
1.network gateway:a network point that acts as an entrance to another network.网关是进入其他网络的一个网点。
2.An enterprise with an intranet that allows its workers to have access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.本句中,“with an intranet”和“that allows its workers to have access to the wider Internet”作定语,修饰和限定主语“an enterprise”;“to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to”是目的状语,修饰谓语“installs”;“a firewall”是宾语。
3.proxy server:which intercepts and encrypts or scrambles all the data that a Web server sends to a computer.代理服务器。
4.A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.本句中,“separate from the rest of the network”是形容词短语作定语,修饰和限定“computer”;“so that no incoming request can get directly at private network resources”是一个状语从句,作目的状语。
5.four parts of cryptograph:plain text,cipher text,encryption and key.加密过程的四个方面:纯文本,加密文本,加密算法及密钥。
6.asymmetric encryption:also called public-key encryption.不对称密钥,也叫公钥。symmetric encryption:also called private-key encryption or single-key encryption.对称密钥,也叫密钥。
7.A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document,and possibly to ensure that the original content of the message or document that has been sent is unchanged.本句中,“a digital signature”是句子的主语,“is an electronic signature”是系表结构作谓语,“that...unchanged”是一个定语从句,修饰和限定“an electronic signature”。在该定语从句中,that作主语,“to authenticate the identity of the sender of a message or the signer of a document”和“possibly to ensure that the original content of the message or document that has been sent is unchanged”是动词不定式短语作目的状语;“and”是连词,连接两个动词不定式短语。在第二个动词不定式短语中,“that the original content of the message or document”是一个宾语从句,作“ensure”的宾语,“that has been sent”是一个定语从句,修饰和限定“the original content of the message or document”。
8.The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.本句中,“to ensure that the original signed message arrived”是动词不定式短语作定语,修饰和限定“the ability”。