We all agree that the security of online securities trading needs to be considered comprehensively, which means that most of the security issues are technical issues. If we think it is only a technical issue, it will confirm the famous statistical saying that small probability events will inevitably occur. However, any error may be very costly for financial industries such as securities, banking and insurance, because information technology is a strategic necessity for most financial enterprises and is indispensable, although it may not bring competitive advantages. Of course, even from the technical point of view, the security guarantee of online securities trading should be designed as a whole. Cui Gongying from Shanghai Fudan Kingstar Computer Co., Ltd. put forward a very good point of view, that is, as an open online trading platform, the security of online trading system plays an important role in the whole system, Therefore, the security system should be designed as a whole. The complete online transaction security facilities should consider three aspects: network security, communication security and application security.
Network security is the first problem to be solved, because the entire online trading system is based on Website construction And connected to the Internet. In order to ensure the network security of the online trading system and protect the intranet from illegal users, it is necessary to establish a security gateway between the Internet and the intranet using a firewall. The so-called firewall is a barrier that separates the Internet from the intranet. There are two types of firewalls: standard firewalls and dual gateways. The standard firewall system includes a U-NIX workstation, which is buffered by a router at both ends. One router's interface is the external world, that is, the public network, and the other is connected to the internal network. The standard firewall uses special software, requires a high level of management, and has a certain delay in information transmission. Dual home gateway is an extension of standard firewall. It is also called a bastion host or application layer gateway. It is a single system, but it can complete all the functions of a standard firewall at the same time. Its advantage is that it can run more complex applications, prevent any direct border between the Internet and the internal system, and ensure that data packets cannot reach the internal network directly from the external network, and vice versa.
With the progress of firewall technology, two firewall configurations have evolved on the basis of dual gateway: one is the hidden host gateway. The other is covert intelligent gateway (covert subnet). The hidden host gateway is a common firewall configuration at present. As the name implies, this configuration conceals the router on the one hand, and installs a fortress host between the Internet and the intranet on the other hand. The bastion host is installed on the intranet. The configuration of the router makes the bastion host the only way to communicate with the Internet. At present, the firewall with the most complex technology and the highest security level is the covert intelligent gateway, which hides the gateway behind the public system to avoid direct attacks. The covert intelligent gateway provides almost transparent access to Internet services, while preventing unauthorized external visitors from accessing the private network illegally. Generally speaking, this kind of firewall is the least vulnerable to destruction. In order to fully and effectively ensure the network security of the online trading system, Cui Gongying suggested that while using a hidden intelligent gateway firewall, the system should add a corresponding application gateway on the application layer to ensure system security.
Internet communication is based on the Internet, so it is necessary to ensure the security of communication data (not to be eavesdropped, counterfeited and modified) in the communication process. At present, TCP/IP protocol is a common way of data transmission on the Internet, and has also become the first choice of online trading systems. However, TCP/IP protocol does not provide communication security services. For this reason, we must use another technology and strategy to solve the communication security problem. This technology is the Secure Sockets Layer (SSL). SSL is an industrial standard that uses public key technology and is widely used in intranet and Internet. SSL provides three basic security services: information privacy, information integrity, and mutual authentication.
