Describe Security Measures needed to protect your ecommerce Website

A successful security system designed for an e-commerce site is a matrix, or a combination of individual methods, techniques, and subsystems. Whenever possible, you want to use as many security principles and techniques as possible to protect each resource. For instance, a network that relies solely on authentication is not nearly as secure as one that combines authentication, access control, and encryption. Access control occurs if you apply packet filtering to the router. A firewall provides more access control. In most e-commerce sites, a firewall is designed to provide access control more than anything else. If you supplement this with Secure Socket Layers (SSL) or Secure Electronic Transactions (SETs) at the Web server, you will be using encryption as well as authentication. Finally, an e-commerce site should always install intrusion detection software on mission-critical network segments and hosts.

1. Authentication: Establishes a person's identity.
2. Access control: Determines where a person or network host is allowed to enter a system.
3. Encryption: Encryption is the process of transforming a file using a mathematical function or technique so that the contents of the file are protected from unwanted viewing.
4. Packet filtering: The use of a type of firewall device that processes network traffic on a packet-by-packet basis. Packet filter devices allow or block packets, and are typically implemented through standard routers.
5. Firewall: A firewall is a series of applications and hardware that filters and audits outside network traffic as it passes into your network.

Intrusion detection involves detecting hackers after they have penetrated a firewall. Effective intrusion detection practice requires that you create an intrusion detection system, which is commonly referred to as an IDS. You can install IDS software directly on the Web server, then manage it remotely.
This particular form of intrusion detection is called a host-based IDS. A second type of intrusion detection system uses software that scans an entire subnet for problems. This type of IDS is called a network-based IDS. An IDS can also help you track down illicit activity conducted by company employees.
Detecting and responding to network attacks and malicious code is one of the principal responsibilities of information security professionals. Formal techniques and procedures have been developed by expert practitioners in the field to provide a structured approach to this difficult problem. This chapter discusses these techniques as well as the different types of attacks and response mechanisms .

• Malicious Code:
  Malicious code is intended to harm, disrupt, or circumvent computer and network functions. This code can be mobile, such as Java applets or code in the Active X environment. It can also attach itself to legitimate code and propagate; it can lurk in useful applications or replicate itself across the Internet. The following sections describe these different types of malware.
• Viruses: A virus is code that attaches to a host program and propagates when the infected program is executed. Thus, a virus is self-replicating and self-executing. Viruses are transmitted in a variety of ways, including as part of files downloaded from the Internet or as e-mail attachments.

Attacks against network resources are common in today's Internet-dependent world. Attacks are launched for a variety of reasons, including monetary gain, maliciousness (as a challenge), fraud, warfare, and to gain an economic advantage. Attacks are directed at compromising the confidentiality, integrity, and availability of networks and their resources and fall into the following four general categories:

1. Modification attack: Unauthorized alteration of information
2. Repudiation attack: Denial that an event or transaction ever occurred
3. Denial-of-service attack: Actions resulting in the unavailability of network resources and services, when required
4. Access attack: Unauthorized access to network resources and information Specific instantiations of these types of attacks are discussed in the following sections.

• Intrusion Detection Prevention System:
  In addition, organizations use Intrusion Detection Prevention Systems for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. Intrusion Detection Protocols have become a necessary addition to the security infrastructure of nearly every organization. Intrusion Detection Prevention System typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve
  1. the IDPS stopping the attack itself,
  2. changing the security environment or
  3. changing the content of the attack.

The key areas to secure are:

1. Local resources
2. Network resources
3. Server resources
4. Database and information resources

As shown in the diagram below, these key areas have particular risks associated with them.

1) Local resources	Protect your employee workstations by enabling password-protected screen savers to prevent snooping. Require that each employee use a virus checker and observe caution when downloading anything from the Internet.
2) Network resources	Physically secure your routers, switches, and patch panels. Ensure that your DNS servers are free from tampering. If you have WINS or SAMBA servers internal to your e-commerce company, make sure that they are properly configured and secure. These network resources are the primary communication medium for the entire company. If a hacker gains access to or control of these elements, he or she has access to all or most company data.
3) Database and information resources	A major asset of any company is the information it organizes and disseminates. A hacker's ultimate goal is to discover this information, as well as tamper with the networks and methods that help to create and communicate the information.
4) Server resources	Your World Wide Web, email, and FTP servers are vulnerable to several types of intrusions. Typically, servers provide storage for the network infrastructure and act as the hub. They also control overall system security. Hackers try to gain access to server resources because they can then access and control other resources.

The bullet points below summarize the most important attributes and goals of an effective security system for an e-commerce site.

• Highly Secure:
  1. Allows access only to legitimate, authenticated users.
  2. Implements strong encryption protocols to protect data in transit and at rest.
  3. Regularly updates and patches to mitigate security vulnerabilities.
  4. Utilizes multi-factor authentication to enhance security measures.
  5. Monitors and logs all access and activity to detect and respond to potential threats.
  6. Ensures compliance with industry standards and regulations for data protection.
• Easy to Use:
  1. Specific applications should employ an intuitive interface.
  2. Provide clear and concise documentation and tutorials for users.
  3. Offer user-friendly navigation and easily accessible features.
  4. Ensure a consistent and responsive user experience across all devices.
  5. Implement helpful tooltips and in-app guidance to assist users.
  6. Conduct regular usability testing to identify and address any user pain points.
• Flexible and Scalable:
  1. Allows business to be conducted as needed.
  2. Adapts easily to changing business requirements and market conditions.
  3. Supports seamless integration with other systems and platforms.
  4. Provides scalable infrastructure to handle growing amounts of data and users.
  5. Offers flexible deployment options, including on-premises, cloud, and hybrid models.
• Superior Alarming and Reporting
  1. Notifies the administrator quickly and in sufficient detail of a breach.
  2. These steps ensure that only legitimate, authenticated users can access the system while providing multiple layers of security to protect against unauthorized access.
• Appropriate Cost of Ownership:
  1. Planning includes initial purchase cost as well as costs for upgrades and service.
  2. Planning accounts for successful cost of implementation and maintenance.

Threat modeling will lead you to categories of issues that other tools will not find. Some of these issues will be errors of omission, such as a failure to authenticate a connection. That is not something that a code analysis tool will find. Other issues will be unique to your design. To the extent that you have a set of smart developers building something new, you might have new ways threats can manifest. Models of what goes wrong, by abstracting away details, will help you see analogies and similarities to problems that have been discovered in other systems. A corollary of this is that threat modeling should not focus on issues that your other safety and security engineering is likely to fi nd (except insofar as finding them early lets you avoid re-engineering). So if, for example, you are building a product with a database, threat modeling might touch quickly on SQL injection attacks, and the variety of trust boundaries that might be injectable. However, you may know that you will encounter those. Your threat modeling should focus on issues that other techniques cannot find.

• Spoofing: Someone might pretend to be another customer, so you will need a way to authenticate users. Someone might also pretend to be your website, so you should ensure that you have an SSL certificate and that you use a single domain for all your pages (to help that subset of customers who read URLs to see if they are in the right place). Someone might also place a deep link to one of your pages, such as logout.html or placeorder.aspx. You should be checking the Referrer field before taking action. That is not a complete solution to what are called CSRF (Cross Site Request Forgery) attacks, but it is a start.
  In the next lesson, you will learn more about operating system security.

Click the link below to review resources and security risks.
Resources Security Risks