摘要
随着互联网技术的发展,国内许多银行都开通了个人网银业务。目前国内所有银行的个人网银系统都已使用带安全机制的HTTPS协议,以保证网络中所传输数据的安全性。但有些银行在部署HTTPS协议的过程中,由于安全意识不足,没有严格遵守HTTPS协议的安全标准,如使用不安全的密码算法等,导致个人网银存在一定的安全隐患,如果不法分子据此发起攻击,将可能给银行和用户带来严重损失。文章根据银监会网站上提供的银行目录,通过分类的方式对国内银行个人网银使用HTTPS协议的状况进行分析,通过获取数字证书、协议版本和加密套件等方面的信息,对存在的安全隐患进行梳理。相关银行应该重视这些安全隐患,尽快消除隐患,将安全事故防范于未然。
With the development of Internet technology, many domestic banks have offered E-banking services. Now all of the E-banking systems use HTTPS to ensure data transferred online securely. But because of the weak awareness of network security and the non-compliance with the security standards of HTTPS, such as using the unsafe cryptography algorithm, some serious security vulnerabilities are created in E-banking system while HTTPS is deployed on it. If hackers successfully exploit these vulnerabilities, the banks and customers may suffer severe losses. According to the bank directory from the China Banking Regulatory Commission's website, this paper analyzes the HTTPS configurations of each E-banking system by way of classification, and sorts out the existing security vulnerabilities by acquiring information of certificate, protocol version, cipher suite, etc. In order to prevent safety incidents, banks should pay attention to these security vulnerabilities, and eliminate them as soon as possible.
出处
《信息网络安全》
CSCD
2017年第1期16-22,共7页
Netinfo Security
基金
广东省自然科学基金[S201204007370]
2016年广东省高等教育教学改革项目
