d) Server firewalls A firewall is like the moat surrounding a castle. It ensures that requests can only enter the system
from specified ports, and in some cases, ensures that all accesses are only from certain physical
machines.
A common technique is to setup a demilitarized zone (DMZ) using two firewalls. The outer
firewall has ports open that allow ingoing and outgoing HTTP requests. This allows the client
browser to communicate with the server. A second firewall sits behind the e-Commerce servers.
This firewall is heavily fortified, and only requests from trusted servers on specific ports are
allowed through. Both firewalls use intrusion detection software to detect any unauthorized
access attempts.
Another common technique used in conjunction with a DMZ is a honey pot server. A honey pot
is a resource (for example, a fake payment server) placed in the DMZ to fool the hacker into
thinking he has penetrated the inner wall. These servers are closely monitored, and any access by
an attacker is detected.
e) Password policies Ensure that password policies are enforced for consumer s and internal users.
f) Intrusion detection and audits of security logs One of the cornerstones of an effective security strategy is to prevent attacks and to detect
potential attackers. This helps understand the nature of the system's traffic, or as a starting point
for litigation against the attackers.
Suppose that you have implemented a password policy: If a consumer makes 6 failed logon
attempts, then his account is locked out. In this scenario, the company sends an email to the
customer, informing them that his account is locked. This event should also be logged in the
system, either by sending an email to the administrator, writing the event to a security log, or
both.
You should also log any attempted unauthorized access to the system. If a user logs on, and
attempts to access resources that he is not entitled to see, or performs actions that he is not
entitled to perform, then this indicates the account has been co-opted and should be locked out.
Analysis of the security logs can detect patterns of suspicious behavior, allowing the
administrator to take action.
In addition to security logs, use business auditing to monitor activities such as payment
processing. You can monitor and review these logs to detect patterns of inappropriate interaction
at the business process level.
The infrastructure for business auditing and security logging is complex, and most likely will
come as part of any middleware platform selected to host your site
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org
443
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.