Describe security measures needed to protect your e-commerce site.
Describe Security Measures needed to protect your ecommerce Website
A successful security system designed for an e-commerce site is a matrix, or a combination of individual methods, techniques, and subsystems. Whenever possible, you want to use as many security principles and techniques as possible to protect each resource.
For instance, a network that relies solely on authentication is not nearly as secure as one that combines authentication, access control, and encryption. Access control occurs if you apply packet filtering to the router.
A firewall provides more access control.
In most e-commerce sites, a firewall is designed to provide access control more than anything else.
If you supplement this with Secure Socket Layers (SSL) or Secure Electronic Transactions (SETs) at the Web server, you will be using encryption as well as authentication. Finally, an e-commerce site should always install intrusion detection software on mission-critical network segments and hosts.
Authentication: Establishes a person's identity.
Access control: Determines where a person or network host is allowed to enter a system.
Encryption: Encryption is the process of transforming a file using a mathematical function or technique so that the contents of the file are protected from unwanted viewing.
Packet filtering: The use of a type of firewall device that processes network traffic on a packet-by-packet basis. Packet filter devices allow or block packets, and are typically implemented through standard routers.
Firewall: A firewall is a series of applications and hardware that filters and audits outside network traffic as it passes into your network.
Use cryptographic methods to provide data confidentiality, data integrity, and authentication
Provide access control for all systems, servers, and files
Secure CGI and other executable scripts
Utilize virus scanning software and keep it up to date
Combine security techniques to provide the best possible security. For example, connect the Web server to the database using a different protocol than TCP/IP
Define a system security policy and security administration
Train all users on security policies that apply to their jobs
Build a firewall between your network and the Internet