12.4 Secure Management Systems for Network Transactions Systems 2.4.1 Optimize Network Security Architectures 1. Traditional Firewalls Deploying the optimal security architecture, one that is effective and cost-efficient, requires three primary elements: maximum threat protection with minimum risk, high performance and ease of administration. Meeting all three requirements at the same time is a fairly straightforward ask these days, thanks to the advent of integrated virtual private network (VPNyfirewall Firewalls are the gatekeepers that work to control access both in and out of corporate networks. VPNs use encryption and tunneling to privately connect users over a public network. Both indispensable security mainstays, they coexisted quite well for a decade until their integration was prompted by one pesky problem: Firewalls cannot enforce access control of encrypted traffic This dilemma means that companies using stand-alone VPNs must think carefully about the placement of the VPn gateway in relation to the firewall. Certain placements will limit access control and present multiple authentication challenges. Others will affect routing prose thereby All placements, clearly, will require that the vPn remain separate from the firewal saddling security engineers with two devices to manage and maintain, each with its own policies and procedures. By opting to use integrated devices, however, companies can reduce the burden of security administration, while improving protection and performance 2. Integrated Firewalls Most corporate networks seek the same primary security objective: Keep threats to a minimum. An integrated VPN/firewall solution better meets this objective because the VPN gateway, and therefore VPN connectivity, receives protection from the firewall Since the devices share user information, access control keeps prohibited content and users from passing through the firewall, while remote users with permission to access specific resources behind the firewall are recognized and allowed to proceed Without firewall protection, however, a Vpn is vulnerable to a number of threats Stand-alone Vpn gateways only have rudimentary access control techniques--such as packet filtering-that apply solely to the data being transmitted and do not apply to remote users gaining appropriate access to corporate resources Integrated VPN/firewalls can potentially improve performance through the use of cryptographic acceleration cards, which offload processor-intensive cryptographic operations fron the host CPu to a dedicated processor on the card. Integrated bandwidth management addresses network congestion issues by prioritizing business-critical traffic over discretionary traffic to optimize available WAN links Conversely, the use of stand-alone VPNs can actually undermine the efficiency of the security architecture. VPNs placed in front or to the side of the firewall often do not share information with the firewall, posing a problem for traffic passing through from remote access users. The Vpn gateways decrypt traffic, but they do not control access. This means that decrypted connections must also pass through the firewall to obtain clearance, so a user may be forced to authenticate at the vpn gateway and again for every firewall rule requiring 12.5 Laws on E-Commerce Security 12.5.1 The Core legislative concern electronic and digital signatures 1. Definition of Digital signature Digital signature is simply a term for one techno type of electronic signat It involves the use of public key cryptography to""sign"a message, and is perhaps the one type of12.4 Secure Management Systems for Network Transactions Systems 12.4.1 Optimize Network Security Architectures 1. Traditional Firewalls Deploying the optimal security architecture, one that is effective and cost-efficient, requires three primary elements: maximum threat protection with minimum risk, high performance and ease of administration. Meeting all three requirements at the same time is a fairly straightforward task these days, thanks to the advent of integrated virtual private network (VPN)/firewall solutions. Firewalls are the gatekeepers that work to control access both in and out of corporate networks. VPNs use encryption and tunneling to privately connect users over a public network. Both indispensable security mainstays, they coexisted quite well for a decade until their integration was prompted by one pesky problem: Firewalls cannot enforce access control of encrypted traffic. This dilemma means that companies using stand-alone VPNs must think carefully about the placement of the VPN gateway in relation to the firewall. Certain placements will limit access control and present multiple authentication challenges. Others will affect routing processes. All placements, clearly, will require that the VPN remain separate from the firewall, thereby saddling security engineers with two devices to manage and maintain, each with its own policies and procedures. By opting to use integrated devices, however, companies can reduce the burden of security administration, while improving protection and performance. 2. Integrated Firewalls Most corporate networks seek the same primary security objective: Keep threats to a minimum. An integrated VPN/firewall solution better meets this objective because the VPN gateway, and therefore VPN connectivity, receives protection from the firewall. Since the devices share user information, access control keeps prohibited content and users from passing through the firewall, while remote users with permission to access specific resources behind the firewall are recognized and allowed to proceed. Without firewall protection, however, a VPN is vulnerable to a number of threats. Stand-alone VPN gateways only have rudimentary access control techniques--such as packet filtering--that apply solely to the data being transmitted and do not apply to remote users gaining appropriate access to corporate resources. Integrated VPN/firewalls can potentially improve performance through the use of cryptographic acceleration cards, which offload processor-intensive cryptographic operations from the host CPU to a dedicated processor on the card. Integrated bandwidth management addresses network congestion issues by prioritizing business-critical traffic over discretionary traffic to optimize available WAN links. Conversely, the use of stand-alone VPNs can actually undermine the efficiency of the security architecture. VPNs placed in front or to the side of the firewall often do not share information with the firewall, posing a problem for traffic passing through from remote access users. The VPN gateways decrypt traffic, but they do not control access. This means that decrypted connections must also pass through the firewall to obtain clearance, so a user may be forced to authenticate at the VPN gateway and again for every firewall rule requiring authentication. 12.5 Laws on E-Commerce Security 12.5.1 The Core Legislative Concern: Electronic and Digital Signatures 1. Definition of Digital signature Digital signature is simply a term for one technology-specific type of electronic signature. It involves the use of public key cryptography to “sign” a message, and is perhaps the one type of