Uploaded byphanleson
PDF, PPTX1,267 views

Ch19 E Commerce Security

This document discusses the security needs for e-commerce services. It covers understanding e-commerce services and the importance of availability. It also discusses implementing security at the client-side, server-side, application, and database levels. Finally, it discusses developing a high-availability e-commerce architecture with redundancy to ensure security and uptime.

Embed presentation

Download as PDF, PPTX
Lesson 19-E-Commerce Security Needs
Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security. Implement server-side security. Implement application security. Implement database server security. Develop an e-commerce architecture.
Understand E-Commerce Services Organizations perform e-commerce to make profit by providing goods and services at a lower cost. Providing electronic library functions for sensitive or confidential information has come with the advent of e- commerce over the Internet.
Understand E-Commerce Services E-commerce service is most commonly thought of as the purchasing of goods. Security to e-commerce services can be measured by its confidentiality, integrity, and accountability.
Understand E-Commerce Services E-Commerce Services and regular DMZ Services differ in their requirements. Requirement of verification and confidentiality differentiate the e-commerce services from regular DMZ services. Availability becomes a critical security issue for the e- commerce site.
Understand E-Commerce Services E-commerce services may involve selling goods, providing confidential information, or distribution of information. Security to e-commerce services can be measured in terms of confidentiality, integrity, and accountability.
Understand the Importance of Availability Availability is the key issue for e-commerce services. Availability of the site has a direct impact on the confidence a customer will have in using the service. Failure in availability is almost guaranteed to push a potential customer to a competitor.
Understand the Importance of Availability Business-to-consumer issues: The entire site along with payment processing must be up at all times. Problem of availability includes business issues such as ability of the organization to fulfill orders entered into the system. Size of the infrastructure must be built according to the expected load.
Understand the Importance of Availability Business-to-business issues: Business-to-business e-commerce is established between two organizations that have some type of relationship. Availability issues may be more stringent in Business-to- business e-commerce. When one organization needs to make an order, the other organization must be able to receive and process it.
Understand the Importance of Availability Global time: E-commerce availability is governed by the concept of global time. This concept identifies the global nature of the Internet and of e-commerce. An e-commerce site must be able to handle orders from unexpected locations.
Understand the Importance of Availability Client comfort: Client must feel comfortable with the ability of the organization to process orders and deliver goods. Customer comfort or discomfort can multiply quickly.
Understand the Importance of Availability Cost of downtime: The cost of downtime is high. It can be measured by taking the average number of transactions over a period of time and the revenue of the average transaction. An e-commerce site must not have single points of failure. The site should also have procedures for updating hardware and software.
Understand the Importance of Availability Solving the availability problem: Downtime can be reduced through redundancy. For sites that expect large amounts of traffic, load-balancing application layer switches can be used. Network infrastructure components must also be configured to fail-over if high availability is required.
Implement Client-Side Security Client-side security components
Implement Client-Side Security Client-side security deals with the security from the customer’s desktop system to the e-commerce server. A realistic solution to communications security is encryption of information.
Implement Client-Side Security A cookie is a small amount of information that is stored on the client system by the Web server in cleartext or encrypted. Organizations must ensure that a legitimate customer places the order to reduce possible repudiation.
Implement Server-Side Security Security of servers includes: Information stored on the server. Protecting the server from attack.
Information Stored on the Server An e-commerce server is a semi-trusted or untrusted system which should not store sensitive information. If information is kept on the e-commerce server, it should be protected from unauthorized access through file access controls.
Protecting the Server from Attack Three categories in protecting an e-commerce server from attack: Server location. Operating system configuration. Web server configuration.
Server Location Server should be located in a protected area such as a data center. If the server is placed at a co- location facility, physical access to it must be separated from other clients. Firewall should be configured to only allow access to e-commerce server on ports 80 (for HTTP) and 443 (for HTTPS).
Operating System Configuration The first step in configuring the server securely is to remove or turn off any unnecessary services. The latest patches must be checked and loaded for the chosen operating system. The system should meet the organization’s policy and vulnerability scan should be conducted.
Web Server Configuration Web server must not be run as root or administrator for security. CGI scripts on Web server that are not being used should be removed to prevent intruder attack. Web server should be scanned for known vulnerabilities.
Implement Application Security Security of e-commerce application as a whole is the most important part of e-commerce security. Security requirements should be included in the requirements definition phase of project. Security requirements include requirements pertaining to protection, authentication, audit, availability, and identifying sensitive information.
Implement Application Security All sensitive information needs to be protected. Programs are a major source of system vulnerabilities due to programming errors. Buffer overflows can be reduced by not making assumptions about the size of user input and not passing unchecked user input to shell commands. Peer review or code review can catch many programming errors before the server goes into production.
Implement Application Security Vulnerability scanners should detect buffer overflow problems before the site goes into production. The two parts of configuration management are control of authorized changes and identification of unauthorized changes. To prevent false alarms, checksum should be updated during configuration management procedure.
Implement Database Server Security The database server may contain sensitive and confidential information which should be protected. Organizations must examine database location, communication with e-commerce server, and internal access protection. Database servers must be kept in controlled areas. The e-commerce server should initiate SQL connection to the database server for processing transactions.
Implement Database Server Security The e-commerce server must have an ID and password to initiate an SQL connection to the database server. Employees of the organization have access to internal network and thus are able to directly attack it. Database server could be
Develop an E-Commerce Architecture A high-traffic and high-availability e-commerce site requires two ISPs with fail-over capability. Routers, switches, and firewalls should be cross-connected so that failure of any one component will not affect traffic. Redundant switches may be used to ensure availability of the site. Regular vulnerability scans and database auditing must be conducted.
Summary E-commerce service providers can increase revenue by providing information to customers at a lower cost. Security with respect to confidentiality, integrity, and accountability plays a major role in e-commerce. Availability is a key issue for e-commerce. Client-side security protects information in transit, information stored on customer’s computer, and prevents repudiation.
Summary Server-side security involves protection of information stored on the server and protection of the server itself. Security of the e-commerce application as a whole is probably the most important part of e-commerce security. Confidential and sensitive information present in the database server must be protected.

More Related Content

PPT
E commerce security
byShakti Singh
 
PPTX
Ecommerce security
bypolitegcuf
 
PPTX
Security in E-commerce
bym8817
 
PPTX
protection & security of e-commerce ...
byRishav Gupta
 
PPTX
Privacy and Security Issues in E-Commerce
byTitas Ahmed
 
PPT
Ec2009 ch10 e commerce security
byNuth Otanasap
 
PDF
E-Commerce Security: A Primer
byJohn ILIADIS
 
PDF
E Commerce security
byMayank Kashyap
 
E commerce security
byShakti Singh
 
Ecommerce security
bypolitegcuf
 
Security in E-commerce
bym8817
 
protection & security of e-commerce ...
byRishav Gupta
 
Privacy and Security Issues in E-Commerce
byTitas Ahmed
 
Ec2009 ch10 e commerce security
byNuth Otanasap
 
E-Commerce Security: A Primer
byJohn ILIADIS
 
E Commerce security
byMayank Kashyap
 

What's hot

PPT
Security@ecommerce
byOm Vikram Thapa
 
PPT
E business security
bySameer Sharma
 
PDF
e commerce security and fraud protection
bytumetr1
 
PPT
Security in e-commerce
bySensePost
 
PPTX
Security issues in E-commerce
bynikitaTahilyani1
 
PDF
E commerce Security
byWisnu Dewobroto
 
PPTX
Security issues in e business
byRahul Kumar
 
PPT
Eamonn O Raghallaigh The Major Security Issues In E Commerce
byEamonnORagh
 
PPT
6 e commerce security
byNaveed Ahmed Siddiqui
 
PPT
Ecommerce Security
byRebecca Jones
 
PDF
E-Commerce security
byTawhid Rahman
 
PDF
04-1 E-commerce Security slides
bymonchai sopitka
 
PPTX
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
byrausdeen anfas
 
PPTX
E-commerce Security and Payment
byLaguna State Polytechnic University
 
PDF
Security issue in e commerce
byBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
PPT
Security environment
byJay Choudhary
 
PPTX
Security in e commerce
byakhand Akhandenator
 
PPT
E-Commerce Security
bySyed Maniruzzaman Pabel
 
PPTX
Ecommerce security
byelmira282
 
DOC
E-commerce Security and Threats
byBPalmer13
 
Security@ecommerce
byOm Vikram Thapa
 
E business security
bySameer Sharma
 
e commerce security and fraud protection
bytumetr1
 
Security in e-commerce
bySensePost
 
Security issues in E-commerce
bynikitaTahilyani1
 
E commerce Security
byWisnu Dewobroto
 
Security issues in e business
byRahul Kumar
 
Eamonn O Raghallaigh The Major Security Issues In E Commerce
byEamonnORagh
 
6 e commerce security
byNaveed Ahmed Siddiqui
 
Ecommerce Security
byRebecca Jones
 
E-Commerce security
byTawhid Rahman
 
04-1 E-commerce Security slides
bymonchai sopitka
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
byrausdeen anfas
 
E-commerce Security and Payment
byLaguna State Polytechnic University
 
Security issue in e commerce
byBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
Security environment
byJay Choudhary
 
Security in e commerce
byakhand Akhandenator
 
E-Commerce Security
bySyed Maniruzzaman Pabel
 
Ecommerce security
byelmira282
 
E-commerce Security and Threats
byBPalmer13
 

Viewers also liked

PPTX
Security for e commerce
byMohsin Ahmad
 
PDF
Locking the Throne Room - How ES5+ might change views on XSS and Client Side ...
byMario Heiderich
 
PPT
Mobile Application Security – Effective methodology, efficient testing!
byespheresecurity
 
PPTX
Web semantique et e-commerce : la vague va déferler !
byAntidot
 
PPT
Sécurisation applicatives pour le e-commerce
byWoomeet
 
PDF
Vademecom presentation full_save
byWoomeet
 
PPS
Amazon & E Bay
bySabyasachi Dasgupta
 
PDF
Diagnostic des sites web e-commerce affiliés au seul prestataire de payement ...
byMade In Morocco
 
PDF
E-Commerce Security Workable Attacks Againest E-Commerce
byabe8512000
 
PPTX
E-commerce & Security
byNetstarterSL
 
PPT
E commerce en tunisie YES DE DO
byWissem OUESLATI
 
PDF
Luxe & e-Commerce quelle Expérience Utilisateur? par Frederic Veidig (UX Full...
byFullSIX Group
 
PDF
Le Commerce éLectronique
byguest204dc60
 
PDF
Network security for E-Commerce
byHem Pokhrel
 
PDF
Mémoire - E-commerce
bySebastien Dekkers
 
PPT
exposé de E- commerce
byAndery Ivan
 
PPTX
E business ,e-commerce, e-marketing (sadiq shariff10@hotmail.com)
bySadiq Shariff
 
PDF
Fiche e-commerce Frenchweb | mai 2016
byFrenchWeb.fr
 
PPTX
E commerce
byMarwoua Ben Salem
 
PPT
E commerce Security for end Users
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security for e commerce
byMohsin Ahmad
 
Locking the Throne Room - How ES5+ might change views on XSS and Client Side ...
byMario Heiderich
 
Mobile Application Security – Effective methodology, efficient testing!
byespheresecurity
 
Web semantique et e-commerce : la vague va déferler !
byAntidot
 
Sécurisation applicatives pour le e-commerce
byWoomeet
 
Vademecom presentation full_save
byWoomeet
 
Amazon & E Bay
bySabyasachi Dasgupta
 
Diagnostic des sites web e-commerce affiliés au seul prestataire de payement ...
byMade In Morocco
 
E-Commerce Security Workable Attacks Againest E-Commerce
byabe8512000
 
E-commerce & Security
byNetstarterSL
 
E commerce en tunisie YES DE DO
byWissem OUESLATI
 
Luxe & e-Commerce quelle Expérience Utilisateur? par Frederic Veidig (UX Full...
byFullSIX Group
 
Le Commerce éLectronique
byguest204dc60
 
Network security for E-Commerce
byHem Pokhrel
 
Mémoire - E-commerce
bySebastien Dekkers
 
exposé de E- commerce
byAndery Ivan
 
E business ,e-commerce, e-marketing (sadiq shariff10@hotmail.com)
bySadiq Shariff
 
Fiche e-commerce Frenchweb | mai 2016
byFrenchWeb.fr
 
E commerce
byMarwoua Ben Salem
 
E commerce Security for end Users
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Similar to Ch19 E Commerce Security

PDF
K018146372
byIOSR Journals
 
PDF
chapter 2.pdf
bySusan130641
 
PDF
e-marketing full notes for management students
byjiam1245
 
PDF
E commerce
byKavita Sharma
 
PPTX
E- Commerce presentation related with legal cases in industry
byMirelaBendo1
 
PPT
home.ubalt.edu
bywebhostingguy
 
DOCX
A case study of amazon
byrobinbarney
 
PDF
E commerce
byroselady18
 
PDF
Eamonn O Raghallaigh Major Security Issues In E Commerce
byEamonnORagh
 
PDF
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
byIJNSA Journal
 
PPT
Software Development Lifecycle
byNicholas Davis
 
PDF
Ecommerce by bhawani nandan prasad
byBhawani N Prasad
 
PPT
Maloney Slides
byecommerce
 
PPT
Introduction To E Commerce
byNicholas Davis
 
PPTX
E commerce papas
byAnn Papas
 
PPTX
E-Commerce (ITSP501 course)
byAdam Shippey
 
PDF
Ijnsa050215
byIJNSA Journal
 
DOCX
academic model.docx
byfreelancer
 
DOCX
E commerce security 4
byAnne ndolo
 
PDF
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
byLucy Zeniffer
 
K018146372
byIOSR Journals
 
chapter 2.pdf
bySusan130641
 
e-marketing full notes for management students
byjiam1245
 
E commerce
byKavita Sharma
 
E- Commerce presentation related with legal cases in industry
byMirelaBendo1
 
home.ubalt.edu
bywebhostingguy
 
A case study of amazon
byrobinbarney
 
E commerce
byroselady18
 
Eamonn O Raghallaigh Major Security Issues In E Commerce
byEamonnORagh
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
byIJNSA Journal
 
Software Development Lifecycle
byNicholas Davis
 
Ecommerce by bhawani nandan prasad
byBhawani N Prasad
 
Maloney Slides
byecommerce
 
Introduction To E Commerce
byNicholas Davis
 
E commerce papas
byAnn Papas
 
E-Commerce (ITSP501 course)
byAdam Shippey
 
Ijnsa050215
byIJNSA Journal
 
academic model.docx
byfreelancer
 
E commerce security 4
byAnne ndolo
 
What Strategies Are Crucial for Ensuring eCommerce Security in the Digital Era?
byLucy Zeniffer
 

More from phanleson

PDF
Learning spark ch01 - Introduction to Data Analysis with Spark
byphanleson
 
PPT
Firewall - Network Defense in Depth Firewalls
byphanleson
 
PPT
Mobile Security - Wireless hacking
byphanleson
 
PPT
Authentication in wireless - Security in Wireless Protocols
byphanleson
 
PPT
E-Commerce Security - Application attacks - Server Attacks
byphanleson
 
PPT
Hacking web applications
byphanleson
 
PPTX
HBase In Action - Chapter 04: HBase table design
byphanleson
 
PPT
HBase In Action - Chapter 10 - Operations
byphanleson
 
PPT
Hbase in action - Chapter 09: Deploying HBase
byphanleson
 
PPTX
Learning spark ch11 - Machine Learning with MLlib
byphanleson
 
PPTX
Learning spark ch10 - Spark Streaming
byphanleson
 
PPTX
Learning spark ch09 - Spark SQL
byphanleson
 
PPT
Learning spark ch07 - Running on a Cluster
byphanleson
 
PPTX
Learning spark ch06 - Advanced Spark Programming
byphanleson
 
PPTX
Learning spark ch05 - Loading and Saving Your Data
byphanleson
 
PPTX
Learning spark ch04 - Working with Key/Value Pairs
byphanleson
 
PPTX
Learning spark ch01 - Introduction to Data Analysis with Spark
byphanleson
 
PPT
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
byphanleson
 
PPT
Lecture 1 - Getting to know XML
byphanleson
 
PPTX
Lecture 4 - Adding XTHML for the Web
byphanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
byphanleson
 
Firewall - Network Defense in Depth Firewalls
byphanleson
 
Mobile Security - Wireless hacking
byphanleson
 
Authentication in wireless - Security in Wireless Protocols
byphanleson
 
E-Commerce Security - Application attacks - Server Attacks
byphanleson
 
Hacking web applications
byphanleson
 
HBase In Action - Chapter 04: HBase table design
byphanleson
 
HBase In Action - Chapter 10 - Operations
byphanleson
 
Hbase in action - Chapter 09: Deploying HBase
byphanleson
 
Learning spark ch11 - Machine Learning with MLlib
byphanleson
 
Learning spark ch10 - Spark Streaming
byphanleson
 
Learning spark ch09 - Spark SQL
byphanleson
 
Learning spark ch07 - Running on a Cluster
byphanleson
 
Learning spark ch06 - Advanced Spark Programming
byphanleson
 
Learning spark ch05 - Loading and Saving Your Data
byphanleson
 
Learning spark ch04 - Working with Key/Value Pairs
byphanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
byphanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
byphanleson
 
Lecture 1 - Getting to know XML
byphanleson
 
Lecture 4 - Adding XTHML for the Web
byphanleson
 

Recently uploaded

PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PDF
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
GenerationAI Paris 2025 | City of Light (COL)
byapidays
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Understanding Foldable 3-Wheel Electric Scooters for Everyday Use
byTopmate
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Dev Dives: Build and deploy agentic automations - the unified way
byUiPathCommunity
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Poročilo odbora CIS (CH08873) za leto 2025 na letni skupščini IEEE Slovenija ...
byUniversity of Maribor
 

Ch19 E Commerce Security

  • 1.
  • 2.
    Overview Understand e-commerce services. Understandthe importance of availability. Implement client-side security. Implement server-side security. Implement application security. Implement database server security. Develop an e-commerce architecture.
  • 3.
    Understand E-Commerce Services Organizations perform e-commerce to make profit by providing goods and services at a lower cost. Providing electronic library functions for sensitive or confidential information has come with the advent of e- commerce over the Internet.
  • 4.
    Understand E-Commerce Services E-commerce service is most commonly thought of as the purchasing of goods. Security to e-commerce services can be measured by its confidentiality, integrity, and accountability.
  • 5.
    Understand E-Commerce Services E-Commerce Services and regular DMZ Services differ in their requirements. Requirement of verification and confidentiality differentiate the e-commerce services from regular DMZ services. Availability becomes a critical security issue for the e- commerce site.
  • 6.
    Understand E-Commerce Services E-commerce services may involve selling goods, providing confidential information, or distribution of information. Security to e-commerce services can be measured in terms of confidentiality, integrity, and accountability.
  • 7.
    Understand the Importanceof Availability Availability is the key issue for e-commerce services. Availability of the site has a direct impact on the confidence a customer will have in using the service. Failure in availability is almost guaranteed to push a potential customer to a competitor.
  • 8.
    Understand the Importanceof Availability Business-to-consumer issues: The entire site along with payment processing must be up at all times. Problem of availability includes business issues such as ability of the organization to fulfill orders entered into the system. Size of the infrastructure must be built according to the expected load.
  • 9.
    Understand the Importanceof Availability Business-to-business issues: Business-to-business e-commerce is established between two organizations that have some type of relationship. Availability issues may be more stringent in Business-to- business e-commerce. When one organization needs to make an order, the other organization must be able to receive and process it.
  • 10.
    Understand the Importanceof Availability Global time: E-commerce availability is governed by the concept of global time. This concept identifies the global nature of the Internet and of e-commerce. An e-commerce site must be able to handle orders from unexpected locations.
  • 11.
    Understand the Importanceof Availability Client comfort: Client must feel comfortable with the ability of the organization to process orders and deliver goods. Customer comfort or discomfort can multiply quickly.
  • 12.
    Understand the Importanceof Availability Cost of downtime: The cost of downtime is high. It can be measured by taking the average number of transactions over a period of time and the revenue of the average transaction. An e-commerce site must not have single points of failure. The site should also have procedures for updating hardware and software.
  • 13.
    Understand the Importanceof Availability Solving the availability problem: Downtime can be reduced through redundancy. For sites that expect large amounts of traffic, load-balancing application layer switches can be used. Network infrastructure components must also be configured to fail-over if high availability is required.
  • 14.
    Implement Client-Side Security Client-side security components
  • 15.
    Implement Client-Side Security Client-side security deals with the security from the customer’s desktop system to the e-commerce server. A realistic solution to communications security is encryption of information.
  • 16.
    Implement Client-Side Security A cookie is a small amount of information that is stored on the client system by the Web server in cleartext or encrypted. Organizations must ensure that a legitimate customer places the order to reduce possible repudiation.
  • 17.
    Implement Server-Side Security Security of servers includes: Information stored on the server. Protecting the server from attack.
  • 18.
    Information Stored onthe Server An e-commerce server is a semi-trusted or untrusted system which should not store sensitive information. If information is kept on the e-commerce server, it should be protected from unauthorized access through file access controls.
  • 19.
    Protecting the Serverfrom Attack Three categories in protecting an e-commerce server from attack: Server location. Operating system configuration. Web server configuration.
  • 20.
    Server Location Servershould be located in a protected area such as a data center. If the server is placed at a co- location facility, physical access to it must be separated from other clients. Firewall should be configured to only allow access to e-commerce server on ports 80 (for HTTP) and 443 (for HTTPS).
  • 22.
    Operating System Configuration The first step in configuring the server securely is to remove or turn off any unnecessary services. The latest patches must be checked and loaded for the chosen operating system. The system should meet the organization’s policy and vulnerability scan should be conducted.
  • 23.
    Web Server Configuration Web server must not be run as root or administrator for security. CGI scripts on Web server that are not being used should be removed to prevent intruder attack. Web server should be scanned for known vulnerabilities.
  • 24.
    Implement Application Security Security of e-commerce application as a whole is the most important part of e-commerce security. Security requirements should be included in the requirements definition phase of project. Security requirements include requirements pertaining to protection, authentication, audit, availability, and identifying sensitive information.
  • 25.
    Implement Application Security All sensitive information needs to be protected. Programs are a major source of system vulnerabilities due to programming errors. Buffer overflows can be reduced by not making assumptions about the size of user input and not passing unchecked user input to shell commands. Peer review or code review can catch many programming errors before the server goes into production.
  • 26.
    Implement Application Security Vulnerability scanners should detect buffer overflow problems before the site goes into production. The two parts of configuration management are control of authorized changes and identification of unauthorized changes. To prevent false alarms, checksum should be updated during configuration management procedure.
  • 27.
    Implement Database Server Security The database server may contain sensitive and confidential information which should be protected. Organizations must examine database location, communication with e-commerce server, and internal access protection. Database servers must be kept in controlled areas. The e-commerce server should initiate SQL connection to the database server for processing transactions.
  • 28.
    Implement Database Server Security The e-commerce server must have an ID and password to initiate an SQL connection to the database server. Employees of the organization have access to internal network and thus are able to directly attack it. Database server could be
  • 29.
    Develop an E-Commerce Architecture A high-traffic and high-availability e-commerce site requires two ISPs with fail-over capability. Routers, switches, and firewalls should be cross-connected so that failure of any one component will not affect traffic. Redundant switches may be used to ensure availability of the site. Regular vulnerability scans and database auditing must be conducted.
  • 31.
    Summary E-commerce service providerscan increase revenue by providing information to customers at a lower cost. Security with respect to confidentiality, integrity, and accountability plays a major role in e-commerce. Availability is a key issue for e-commerce. Client-side security protects information in transit, information stored on customer’s computer, and prevents repudiation.
  • 32.
    Summary Server-side security involvesprotection of information stored on the server and protection of the server itself. Security of the e-commerce application as a whole is probably the most important part of e-commerce security. Confidential and sensitive information present in the database server must be protected.