If the server is used to accept credit card transactions the card numbers

If the server is used to accept credit card

This preview shows page 12 - 15 out of 28 pages.

If the server is used to accept credit card transactions, the card numbers should be immediately removed to the system that actually processes the transactions (and that is located in a more secure part of the network). No card numbers should be kept on the server. 414 Module 17: E-Commerce Security Needs 1. Authentication and confidentiality 2. Client comfort P:\010Comp\Begin8\957-8\ch17.vp Friday, May 09, 2003 9:24:53 AM Color profile: Generic CMYK printer profile Composite  Default screen
Image of page 12
Network Security: A Beginner’s Guide 415 Begin8 / Network Security: A Beginner’s Guide / Maiwald / 222957-8 / 17 Blind Folio 17:415 17 E-Commerce Security Needs If information must be kept on the e-commerce server, it should be protected from unauthorized access. The way to do this on the server is through the use of file access controls. In addition, if the sensitive files are not stored within the Web server or FTP server directory structure, they are much harder to access via a browser or FTP client. Protecting the Server from Attack The e-commerce server will likely be a Web server. As mentioned before, this server must be accessible from the Internet and therefore is open to attack. There are things that can be done to protect the server itself from successful penetration. These things fall into three categories: Server location Operating system configuration Web server configuration Let’s take a closer look at each of these. Server Location When we talk about the location of the server, we must talk about its physical location and its network location. Physically, this server is important to your organization. Therefore, it should be located within a protected area such as a data center. If your organization chooses to place the server at a co-location facility, the physical access to the server should be protected by a locked cage and separated from the other clients of the co-location facility. NOTE When choosing a co-location facility, it is good practice to review their security procedures. In performing this task for clients, my team and I have found that many sites do have good procedures but poor practice. While performing inspections at co-location facilities, we have been able to gain access to cages we were not authorized to enter. At times this access has been facilitated by the guard who was escorting us. The network location of the server is also important. Figure 17-2 shows the proper location of the server within the DMZ. The firewall should be configured to only allow access to the e-commerce server on ports 80 (for HTTP) and 443 (for HTTPS). No other services are necessary for the public to access the e-commerce server and therefore should be blocked at the firewall. P:\010Comp\Begin8\957-8\ch17.vp Friday, May 09, 2003 9:24:54 AM Color profile: Generic CMYK printer profile Composite  Default screen
Image of page 13
Begin8 / Network Security: A Beginner’s Guide / Maiwald / 222957-8 / 17 Blind Folio 17:416 416 Module 17: E-Commerce Security Needs If performance of the e-commerce server is extremely important and traffic to the server is expected to be very high, it may be appropriate to dual-home the server (see Figure 17-3). In this
Image of page 14
Image of page 15

You've reached the end of your free preview.

Want to read all 28 pages?

  • Fall '17

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes