You are in: ECommerce-Guide > News > Trends

ECommerce-Guide Essentials eBiz FAQ Everything you need to know to start your own successful e-business. Selling on eBay How to make money in the online marketplace. PayPal Payments and More What's new in secure payments for your online store. Shopping Cart Software Solutions to close, process and track your online sales.

E-Commerce Security Technologies - Part One
By Mark Merkow, CCP, CISSP
December 2, 1999

Corporate networks are built assuming certain levels of trust in how the information passing through them is accessed and used. When they''re hooked into public networks, like the Internet, a safer -- and more intelligent route -- leads security administrators to trust no one on the outside.

In our last segment here at EC Outlook, An Ounce Of Prevention, we examined the Common Vulnerabilities and Exposures (CVE) List that standardizes the naming of network and system vulnerabilities on systems attached to the Internet, as well as for private networks.

To help answer any questions you may have about where CVE is needed and used, this segment opens a four-part series on security technologies used to defend against attacks initiated from both within and without an organization. The series will examine the pieces of the security puzzle to see how to best fit them together for effective defenses and coverage. In the series, we''ll explore several security methods that are used wherever the Internet and corporate networks intersect. These include the uses of:

• Routers
• Firewalls
• Intrusion Detection Systems (IDSs)
• Vunerability Assessment Tools (Scanners, etc.)

Basic Security Infrastructures Figure 1 illustrates the basic design for a secure network infrastructure. As you see, the infrastructure relies upon layers of devices that serve specific purposes, and provide multiple barriers of security that protect, detect, and respond to network attacks, often in real time.

Figure 1
A Basic Network Security Model

Each segment of the series will focus on each of the building blocks that are needed to complete the network security picture. Thanks goes out 3Com and the Computer Emergency Response Team (CERT) for their insights and expertise on Internet security issues and approaches. In this segment, we''ll examine in some detail the uses of packet-filtering routers.

Routers
A router is a network traffic-managing device that sits in between sub-networks and routes traffic intended for, or emanating from, the segments to which it''s attached. Naturally, this makes them sensible places to implement packet filtering rules, based on your security polices that you''ve already developed for the routing of network traffic.

Packet Filtering

• A packet filter is a simple and effective form of protection.
• A packet filter matches all packets against a series of rules.
• If the packet matches a rule, then an action is performed (packet is accepted, rejected, logged, etc.).

Basic Packet Filtering
Straight Packet Filtering mechanisms allow communication originating from one side or the other. To enable two-way traffic, you must specify a rule for each direction. Packet filtering firewalls identify and control traffic by examining the source, destination, port number, and protocol types (UDP, TCP, or other).

Tools:

Add ecommerce-guide.com to your favorites Add ecommerce-guide.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed