Unit5 Security Issues of Electronic Commerce学习指导：本章将介绍：电子商务中互联网的安全问题电子商务中客户机的安全电子商务中计算机网络通信信道的安全5.1 the Internet Security of Electronic Commerce5.1.1 Network and Electronic CommerceIn the early days of the Internet, one of its most popular uses was electronic mail. Despite e-mails popularity, people have often worried that a business rival might intercept e-mail message for competitive again. Another fear was that employees non-business correspondence might be read by their supervisors, with negative repercussions. These were significant and realistic concerns.Today, the stakes are much higher. The consequences of a competitor having unauthorized access to messages and digital intelligence are now far more serious than in the past. Electronic Commerce, in particular, makes security a concern for all users. A typical worry of Web shoppers is that their credit card numbers might be exposed to millions of people as the information travels across the Internet. Recent surveys show that more than 80 percent of all Internet users have at least some concern about the security of their credit card numbers in electronic commerce transactions. This echoes the fear shoppers have expressed for many years about credit card purchases over the phone.5.1.2 Computer Security ClassificationsComputer security is the protection of assets front unauthorized access, use alteration, or destruction. There are two general types of security: physical and logical. Physical security includes tangible protection devices, such as alarms, guards, fireproof doors, security fences or vaults, and bombproof buildings. Protection of assets using nonphysical means is called logical security. Any act or object that poses a danger to computer assets is known as a threat.Computer security is generally considered to include three main elements: secrecy, integrity, and necessity (also known as denial of service). Secrecy refers to protecting against unauthorized date disclosure and ensuring the authenticity of the data source. Integrity refers to preventing unauthorized data modification. Necessity refers to preventing data delays or denials (removal).Secrecy is the best known of the computer security elements. Every month, newspapers report on break-ins to government computers or theft of stolen credit card numbers that are used to artier goods and services. Integrity threats are reported less frequently and, thus, may he less familiar to the public. For example, an integrity violation occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwarded to its original destination. In this type of integrity violation, which is called a man-in-the-middle exploit, the contents of the e-mail are often changed in a way that negates the messages original meaning. Necessity violations take several forms, and they occur relatively frequently. Delaying a message or completely destroying it can have grave consequences. Suppose that a massage sent at 10:00 am. to an online stockbroker includes an order to purchase 1000 shares of IBM at market price. If the stockbroker does not receive the message (because an attacker delays it) until 2:30 pm. and IBMs stock price has increased by $3, the buyer loses $3000.5.1.3 Managing RiskComputer security is the protection of assets from unauthorized access, use, alteration, or destruction. Any act or object that poses a danger to computer assets is known as a threat.The same sort of risk management model applies to protecting Internet and electronic commerce assets from both physical and electronic threats. Examples of the latter include impostors, eavesdroppers，and thieves. An eavesdroppers, is a person or device that can copy Internet transmissions. People who write programs or manipulate technologies to obtain unauthorized access to computers and networks are called crackers or hackers.To implement a good security scheme, organizations must identify risks, determine how to protect threatened assets, and calculate how much to spend to protect those assets. The primary focus in risk management protection is on the central issues of identifying the threats and determining the ways to protect assets from those threats, rather than on the protection costs or value of assets.5.2 Electronic Commerce SecurityElectronic commerce is vulnerable to a wide range of security threats. Attacks against electronic commerce systems can disclose or manipulate proprietary Information. The three general assets that companies engaging in electronic commerce must protect are client computers, computer communication channels, and Web servers. Key security provisions in each of these parts of the Web client-Internet-Web server linkage are secrecy, integrity, and available service. Threats to electronic commerce can occur anywhere in the commerce chain. 5.2.1 Security for Client Computers Client computers, usually PCs, must be protected from threats that