- Chic kfi so (Digital signature)
4.4.3. Giai pluip giiim rrii ro trong thuong mgi dien tie cua iPremier
Giai thieu ve iPremier
Do hai sinh vien tir tnrong UFT da c6 nhieu thanh cong lon trong thuong mai dien tir thanh lap nam 1994 vai ten goi iPremier. Den nay cong ty da la mOt trong hai nha ban le hang du ve nhcmg mat hang sang trong, quy him ten mang. Cong ty co tru se, tai Seattle, Washington. Cong ty c6 Vac dO tang tnrang rat nhanh khoang 50% moi nam, an nam 1999, lgi nhuan dat 2.1 trieu USD tren doanh so 32 trieu USD.
Tir khi co phan hod nam 1998, gid co phieu tang gan ba lan. Sau cuOc khung hoang nam 2000, iPremier la mOt trong so rat it cac ding ty thong mai dien tir B2C sang sot va tiep tuc phdt trien. Trong con mat cac nha phan tich, day la mOt mo hinh thanh cong dien hinh trong kinh doanh thucmg mai dien tir.
Hau het cac mat hang ding ty kinh doanh CO gid tir 50 den vai tram USD, tuy nhien mOt so"' CO gid hang nghin USD. Cong ty ap dung chinh sdch tra lai hang rat linh hoat theo do cho phdp khdch hang kiem tra ky luang hang hod tuft khi quyet dinh c6 nen mua hay khong. Ithdch hang dm ding ty thuenig co thu nhap rat cao va vi the van a ve gibi han tin dung duang nhu chua bao gier gap phai cho du doi voi nhimg mat hang co gia tri rat cao.
Ca cdu to chew Icy thuat
Cong ty thue ngoai cac dich vu Internet tir mOt nha cung cap nhieu kinh nghiem la Qdata. Qdata cung cap dich vu ve may chi', duong truyen internet, cac dich vu quan ly nhu theo doi website cho cac khdch hang thong qua Network Operations Center (NOC) va mot so dich vu bao mat khdc.
Tuy nhien, Qdata cham trong viec dau to vao cac he thong may chi' mad nhat cling nhu nang cao chit lugng dOi nga nhan vien.
iPremier da co ke hoach chuyen sang nha cling cap dich vu khac nhung có mOt se 15, do khien viec chuyen dei bi tre lai. Thu nhat, tec dO tang truing nhanh khien cong ty luon ban rOn va viec chuyen doei khong dugc coi la uu tien se mOt. Thir hai, chi phi cho mOt he thong hien dai hcm luon cif) chi phi cao gap hai den ba Fan he then hien tai. Thir ba, viec chuyen dei he thong co the gay gian (loan cong viec kinh doanh, dac biet anh huong den cac khach hang qua mang. Han naa, ke hoach trien khai lap dat moi tai nha cung cap khac cling chua bao gib dugc ban cu the. 14 do cu6i cling la mOt thanh vien trong ban lanh dao iPremier co quan he ca nhan mat thiet vii Qdata vi vay Qdata sin sang thucmg luong lai hop deng trong tiled gian tai.
CuOc kin cong vao iPremier
- 4:31 sang, ngay 12 thing 1 nam 2001
Giam dee iPremier dugc mOt nhan vien trong ding ty thong bao ve viec website cua ding ty da bi tan cong. Website ding ty da bi khod. Nhan vien ding ty da thir ba phan mem duyet web nhung khOng the ma no ra dugc. Khach hang dm ding ty cling khong the ma dugc. Dich vu he trg khach hang dang ngap tran trong dien thoai va mOi giay cong ty lai nhan dugc mOt e-mail vii nOi dung chi CO tir "Ha". Cac e-mail lien tiep tao thanh Ha ha ha... Hau het cac email bat nguen tir Chau A va Chau Au. Chinh vi vay de lan ra ai la nguai da tien hanh tAn cong vao website cua cong ty se phai mat rat nhieu than gian. Theo nhan dinh cua nhan vien cong ty co the mat khoang 18 thing mOi tim ra ngutri khOi tao email. Neu email dugc girl tir mOt ncri cong cong thi thai gian tim ra se con lau han naa.
Ngay sau khi vu tan cong dien ra nhan vien ky thu4t cua cong ty da ket hop yen Qdata de tim ra VI do sinh sOi cac email nay. Cuoi cong ho phat hien ra rang ke chit muu vu tan cong da sir dung virus zombies có ten "Binh minh cua cai chet" de tan cong vao 4 thong co ser da lieu dm cong ty. Mei lan cong ty c6 tat mOt IP truy cap vao thi virus se tier dOng tan cong tir hai IP khac. Tuy nhien vu tan cong bang virus nay van chua vugt qua birc tutmg lira do he thong ky thu'O xay len; chinh vi vay cuOc tan cong nhanh chong cham dirt vao 5:46 sang. Ke tan ding van chua hack dugc vao trong he thong cila cong ty.
Can hoi on tap
1. Hay cho biet mOt s6 rai ro thuemg gap trong thucmg mai dien tir 2. Hay cho biet mOt s6 van de ve an ninh ma cac doanh nghiep gap phai khi lien hanh hog d6ng thucmg mai dien tir.
3. Phishing la gi? Hay cho biet mOt vai vi du ve phishing ten the giai va tai Viet Nam
4. DDoS la gi? Hay cho Wet mOt vai vi du ve DDoS tren the giOi va tai Viet Nam trong mOt vai nam gan day.
5. Hay cho Wet mOt s6 bien phap doanh nghiep thuerng lien hthth de dam bao an town cho cac giao djch thtrang mai dien tir.
Thuat ngfr
Ni dung Ong (active content): nhang chuang trinh dugc gan lien vao
cac trang web va se hoat d6ng tit), theo hanh vi tac dOng tir ngued sir dung.
Tien chain ma h6a cap cao (advanced encryption standard): Ti6u
chan ma Ma mai thuOng dugc sir dung de bao mat cac thong tin cita chinh phit sir dung thuat town ma h6a cua Rijndael. Thuat town nay dugc Vien tieu chuan va cong nghe qu6c gia (NITS) gi6i thieu nam 2001.
PhAn mem chOng virus (antivirus software): nhfing phan mem giiip
ph& hien virus va sau do co the xoa hoac tach nhimg phan mem nguy hai nay khoi cac dir lieu khac de chimg khong the hog Ong gay hai dugc.
MA h6a khong dOi xung (asymmetric encryption): d6ng nglifa vai
ma hoa cong khai, day la cong nghe ma hem cac thong diep dit lieu, sir dung hai kh6a rieng biet nhung c6 quan he mot mot vai nhau.
Cfra halt (back door): nhang 18 h6ng tren cac phAn mem thucmg mai
dien tir dugc tao ra vo tinh hay c6 y.
Thiet bi an ninh sinh h9c (biometric security device): mOt thiet bi an
ninh sir dung cac dac diem sinh hoc. cita con ngued de xac thuc. Cac thiet bi nay c6 the la may kiem tra chit 14, may quet Ong mac, may doc van tay, doe chi tiet ban tay...
BO Om (buffer): mOt phan cua b0 nhO may tinh dugc danh rieng luu
trir cac dir lieu do may tinh doc tir cac file hay co so &I lieu.
Ca quan chfrng thuc (CA-certificate authority): mOt cong ty hay t6
chirc cung cap chit 14 dien tir va chimg th%rc dien to cho cac t6 chirc va ca nhan.
Ma h6a (Cryptography): ding nghe de giau cac thong tin a chi nhirng nguoi dugc phep mOi c6 the doc duoc.
Chuang trinh giai ma (Decrypted program): mOt ph'Ll m6rn giap dao ngugc qua trinh ma h6a, ket qua la khoi phuc lai thong diep ban &Au tir thong diep da dugc ma hoa.
Chung chi so (Digital certificate): phan gan kern theo mOt thong diep
dir lieu hoac tich hop trong trang web a xac thirc nguoi giri hay website.
Chu. ky so (Digital signature): thong diep dien tir dugc tao ra nher viec
sir dung phan mem 14 dien tir ma h6a phan rut g9n cua cac van ban dien tir.
May chi' quan IST ten mien (Domain name server): mOt may tinh teen
Internet luu tit cac danh ba cho phep lien ket ten mien vOi cac dia chi IP.
Thu'44 town ma h6a (Encryption algorithm): logic cho phep tien hanh
cac chucmg trinh ma h6a.
Chuang trinh ma hea (Encryption program): chucmg trinh cho phep
chuyen cac van ban sang clang ma h6a.
Tuirng lira (firewall): MOt may tinh cung cap hang rao bao ve gifra
mang ben trong twang lira vai cac mpg ben ngoai twang lira de tranh cac rai ro, nguy co cho mang ben trong. Tat ca cac lung thong tin den va di tir mang ben trong deu phai chay qua twang lira. Chi nhimg lung thong tin dugc phep theo quy dinh duoc dat ra cho twang lira mai dugc truyen qua.
Thu4t town "bam"ithu4t town rut g9n (hash function): mOt thuat
toan cho pile]) phi hop tat ca cac 14T to trong mOt van ban de tao ra mOt con s6 vOi dq dai c0 dinh (thuang la 128 bit) duoc coi la ban rut gon dai dien cho van ban g6c, ban rut gon nay quan he mOt mOt vOi ban g0c, tuang t%r nhu vai tr6 cua van tay vbi nguori c6 van tay do.
Virus macro (macro virus): virus duoc truyen tai hay giau trong cac
file dinh kern, c6 the lam h6ng cac chucmg trinh khac teen may tinh hoac lam 10 cac thong tin bi mat.
Boni thin (mail bomb): hanh Ong ten cong bang each giri hang lout
thu dien tir den met dia chi cu the, wort qua lcha nang tiep nhen cua dia chi do lam dia chi dO hoctoan be he thong ngimg hoat Ong.
Lira duo qua mang (phishing): gin hang boat thu dien tir gia danh tir
met dia chi (tang tin cey den cac khach hang dm dia chi de. Thu dien tir c6 duang link den met trang web di giao dien gieng het giao dien cua ding ty CO uy tin. Nun than dirge de nghi nhep vao ten, ma bi mat, thong tin the tin clung de dugc cep that va ngay lap tire nhung thong tin nay bi danh cap.
Khoa bi mat (private key): la met phan mem giiip ma hoa va giai ma
cac thong diep, chit so. huu giu bi met de sir dung xac thuc vao cac th8ng diep du lieu ho giri qua mang.
Khea cong khai (public key): la khoa co quan he met met vOikhoa bi
mat, dugc dimg a ma hoa va giai ma cac th8ng diep da dugc ma h6a bang khoa bi met, khoa nay dugc ding be cho moi ngtrei lien quan biet a sir dung nham xac thuc thong diep co dugc giri bbi ngueri nem gift khoa bi met hay khong.
Lirp kh6a an toan (Secure socket layer): met giao thirc cho phdp
truyen tai thong tin tren mang an toan.
MA hoa doi xung (Symmetric encryption): ding nghe ma hem sir dung met khoa trong Ca hai qua trinh ma hoa va giai ma.
Tien chitin ma h6a dir lieu 3 (Triple DES, 3 DES — triple data encryption standard): mgt tieu chart ma hoa do chinh phu My xay dung va cac may tinh manh nhat hien nay van chua the pha ma dugc.
Con ngva thanh trojan (Trojan horse) : met chuorng trinh nap ben trong met chuang trinh khac hay met trang web khac de the giau cac hanh vi cua no, thuemg la mang tinh pha hoai.
San (worm): met dung virus to nhan ban.
Zombie: met dung virus chiem guy& kiem soat cac may tinh vOi muc dich tan cong met may tinh that dinh. Tan ding theo kieu nay thuemg rat kho truy tim nguoi chit muu.