 |
|
 |
|
 |
 |
||
|
|
|
|
|
|
||
www.ecommerce-guide.com/news/trends/article.php/124951
By Mark Merkow, CCP, CISSP November 20, 1998 Partitioning Your Data WiselyFor performance reasons and the lack of any need for specific protection, you might opt to keep your materials "intended for the public" directly within the file systems of the Web servers themselves. Normally, this will only include information that people could otherwise locate via your other advertising channels (catalogs, images, marketing brochures, etc.) Any dynamically generated data (stored billing and shipping information, etc.) should be kept as far out of reach from the Internet as possible. Furthermore, any data that your customers supply via Web-based forms should immediately be removed from the Web server through as many firewalls as needed to safely secure it. It''s this data that thieves want, so you must be extra careful with its handling. Your customers deserve no less! This is the most fundamental security precaution that you can take. Never store anything on the Web server itself because you can never really be sure the server will remain constantly in your control. Should a "man-in-the-middle" attack occur, perhaps a few Web pages will be spoofed, but your important assets will remain secure. Another sound measure you can take is to switch the protocols your network supports as you move backward. Because of inherent HTTP protocol vulnerabilities, you don''t want it running past the outer firewall. Permitting HTTP routing into the back office places you at risk of hackers tunneling through HTTP to try and take over another server. Cut them off right at the knees! Consider using protocols like CORBA/IIOP, socket connections via TCP, or DCOM on Microsoft NT to gain access to services residing on the Application tier. From the Application tier to the Database tier, switch the protocols on the firewalls again, only allowing Open Database Connectivity (OBDC) for SQL Server, native database clients (e.g. Sybase''s OpenClient), and message queuing protocols, like Microsoft''s MSMQ and IBM''s MQSeries. With the three-tier approach you can begin to see how to add still more layers of security both between and within each tier. Before the outer firewall, consider using intrusion detection systems to scan for known attack signatures and to automatically alert those in charge of the network -- in real time. The uses of cryptography for security both at the transport layer and the application layer are also possible without rewriting programs. Over time I''ve discussed Secure Electronic Transaction (SET) for credit card information, Secure Sockets Layer (SSL) for encrypted communications of information, and Open Buying on the Internet (OBI) to identify and authenticate people and their rights to access data. These and other protocols running atop the architecture described can help turn your E-commerce site into a veritable fortress. |
| Go to page: Prev 1 2 3 4 5 6 Next |
|
|
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
