2. • Firewalls
Securing E-commerce networks
• Virtual Private Networks
• Intrusion Detection System
(IDS)
• Intrusion Prevention System
(IPS)
3. E-Commerce Security
E-commerce security is the guideline that
ensures safe transactions through the
internet. It consists of protocols that
safeguard people who engage in online
selling and buying goods and services. You
need to gain your customers’ trust by
putting in place eCommerce security
basics.
4. Firewall
• A firewall is defined as a cybersecurity tool(hardware, software or
combination of both) that monitors incoming and outgoing network traffic
and permits or blocks data packets based on a set of cybersecurity rules.
• It is used to prevent unauthorized programs or Internet users from accessing
a private network and/or a single computer.
• There are two types of Firewall system:
One works by using filters at the network layer and the other works by
using proxy servers at the user, application, or network layer.
5.
6. Key Benefits of Firewalls
1. Block spyware: One of the most common ways unwanted people gain access is by employing spyware and
malware. These are software programs designed to infiltrate systems, control computers, and steal sensitive
or critical data. Firewalls serve as an important blockade against such malicious programs.
2. Direct virus attacks: One of the most visible benefits of firewalls is controlling the system’s entry points and
stopping virus attacks. The cost of damage from a virus attack on any system could be immeasurably high,
depending on the type of virus.
3. Maintain privacy: Another benefit of employing a firewall is the promotion of privacy. By proactively
working to keep your data and your customer’s data safe, you build an environment of privacy that your
clients can trust. No one likes their data stolen, especially when it is known that steps could have been
taken to prevent the intrusion.
4. Network traffic monitoring: By monitoring and analyzing network traffic, firewalls leverage pre-established
rules and filters to keep the systems protected.
5. Prevent hacking: With the rise of data theft and criminals holding systems hostage, firewalls have become
even more important, as they prevent hackers from gaining unauthorized access to data, emails, systems,
and more. A firewall can stop a hacker completely or deter them from choosing an easier target.
7. Key Applications of Firewall
1. Software-based applications: Software-based applications involve securing data by
using any type of firewall installed on a local device rather than a separate piece of
hardware (or a cloud server). The benefit of such a software-based firewall is that it’s
highly useful for creating defense in depth by isolating individual network endpoints from
one another.
2. Hardware-based applications: Hardware firewalls use a physical appliance that acts as
a traffic router to intercept data packets and traffic requests before they’re connected to
the network’s servers. Physical appliance-based firewalls like this excel at perimeter
security by making sure malicious traffic from outside the network is intercepted before
the company’s network endpoints are exposed to risk.
3. Cloud-based applications: Whenever a cloud solution is used to deliver a firewall, it can
be called a cloud firewall or firewall-as-a-service (FaaS). Cloud firewalls are analogous to
proxy firewalls, where a cloud server is often used in a proxy firewall setup.
8. Virtual Private Network (VPN)
• A virtual private network (VPN) is a technology that creates a safe and encrypted connection over a less
secure network, such as the internet.
• A VPN establishes a secure, encrypted connection between your computer and the internet, providing a
private tunnel for your data and communications while you use public networks.
• A Virtual Private Network is a way to extend a private network using a public network such as the
internet.
• VPNs can be used to hide a user's browser history, Internet Protocol (IP) address and geographical
location, web activity or devices being used.
9. How does a VPN work?
Connecting to a VPN is generally quite simple. After subscribing to a VPN provider, you download and install the VPN
software. You then select a server you want to connect to and the VPN will do the rest.
When the connection has been established, the following will happen to your data:
• The VPN software on your computer encrypts your data traffic and sends it to the VPN server through a secure
connection. The data also goes through your Internet Service Provider, but they can no longer snoop because of the
encryption.
• The encrypted data from your computer is decrypted by the VPN server.
• The VPN server will send your data on to the internet and receive a reply, which is meant for you, the user.
• The traffic is then encrypted again by the VPN-server and is sent back to you.
• The VPN-software on your device will decrypt the data so you can actually understand and use it.
10. benefits of a VPN connection
• You’ll be more anonymous on the internet: your real IP address and location will
be hidden.
• You’ll be safer on the internet: the encrypted tunnel will keep away hackers and
cybercriminals and your device won’t be as vulnerable to attacks.
• You’ll be freer on the internet: by using different IP addresses, you’ll be able to
access websites and online services that would otherwise be blocked.
11. Intrusion Detection System (IDS)
• An intrusion detection system (IDS) is an application that monitors network
traffic and searches for known threats and suspicious or malicious activity.
• The IDS sends alerts to IT and security teams when it detects any security risks
and threats.
• Most IDS solutions simply monitor and report suspicious activity and traffic
when they detect an anomaly. However, some can go a step further by taking
action when it detects anomalous activity, such as blocking malicious or
suspicious traffic.
• IDS tools typically are software applications that run on organizations’
hardware or as a network security solution.
• There are also cloud-based IDS solutions that protect organizations’ data,
resources, and systems in their cloud deployments and environments.
12. Intrusion Detection Systems (IDS) Types
IDS solutions come in a range of different types and varying capabilities. Common types of intrusion detection
systems (IDS) include:
1. Network intrusion detection system (NIDS): A NIDS solution is deployed at strategic points within an
organization’s network to monitor incoming and outgoing traffic. This IDS approach monitors and detects
malicious and suspicious traffic coming to and going from all devices connected to the network.
2. Host intrusion detection system (HIDS): A HIDS system is installed on individual devices that are connected
to the internet and an organization’s internal network. This solution can detect packets that come from
inside the business and additional malicious traffic that a NIDS solution cannot. It can also discover
malicious threats coming from the host, such as a host being infected with malware attempting to spread it
across the organization’s system.
3. Protocol-based IDS (PIDS) : Organizations set up a Protocol-based Intrusion Detection System at the front
end of the server. It interprets the protocols between the server and the user. PIDS monitors the HTTPS
server regularly to secure the web. Similarly, it allows the HTTP server which is related to the protocol.
4. Application Protocol-based IDS (APIDS): As we have seen that PIDS is set up at the front end of the server.
Similarly, APIDS is set up within a group of servers. It interprets communication with the applications within
the server to detect the intrusion.
13. Intrusion Detection Systems (IDS) Types
5. Hybrid Intrusion Detection System: As the name says Hybrid Intrusion Detection system is a mixture of
two different IDS. Hybrid System develops a network system by combining host agents with network
information. In conclusion, Hybrid System is more responsive and effective as compared to other IDS.
14. IDS vs. Firewalls
Firewalls and intrusion detection systems (IDS) are cybersecurity tools that can both safeguard a network or
endpoint. Their objectives, however, are very different from one another.
1. IDS: Intrusion detection systems are passive monitoring tools that identify possible threats and send out
notifications to analysts in security operations centers (SOCs). In this way, incident responders can promptly look
into and address the potential event.
2. Firewall: A firewall, on the other hand, analyzes the metadata contained in network packets and decides
whether to allow or prohibit traffic into or out of the network based on pre-established rules. A firewall
essentially creates a barrier that stops certain traffic from crossing through it.
An IDS is focused on detecting and generating alerts about threats, while a firewall inspects inbound and outbound
traffic, keeping all unauthorized traffic at bay.
15. Intrusion Prevention System (IPS)
• An intrusion prevention system (IPS) is a network security tool (which can be a hardware device or
software) that continuously monitors a network for malicious activity and takes action to prevent
it, including reporting, blocking, or dropping it, when it occurs.
• It is more advanced than an intrusion detection system (IDS), which simply detects malicious
activity but cannot take action against it beyond alerting an administrator.
• Intrusion prevention systems function by finding malicious activity, recording and reporting
information about the malicious activity, and trying to block/stop the activity from occurring.
• IPS are located in-line (directly in the path in which the source and destination communicate) and
have the capability to prevent or block the malicious activity that is occurring.
16. Types of IPS
There are several types of IPS, each with a slightly different purpose:
1. Network intrusion prevention system (NIPS): This type of IPS is installed only
at strategic points to monitor all network traffic and proactively scan for
threats.
2. Host intrusion prevention system (HIPS): In contrast to a NIPS, a HIPS is
installed on an endpoint (such as a PC) and looks at inbound and outbound
traffic from that machine only. It works best in combination with a NIPS, as it
serves as a last line of defense for threats that have made it past the NIPS.
3. Network behavior analysis (NBA): This analyzes network traffic to detect
unusual traffic flows, such as DDoS (Distributed Denial of Service) attacks.
4. Wireless intrusion prevention system (WIPS): This type of IPS simply scans a
Wi-Fi network for unauthorized access and kicks unauthorized devices off the
network.
17. How an IPS works
Intrusion prevention systems are usually located behind a firewall to function as another filter for malicious
activity. Since intrusion prevention systems are located in-line, IPS are capable of analyzing and taking
automated actions on all network traffic flows. Those actions can include alerting administrators, dropping
dangerous packets, halting traffic coming from the source address(es) of malicious activity, and restarting
connections. It is important to note that an effective intrusion prevention system must be efficient to avoid
hindering network performance. In addition, intrusion prevention systems must work quickly and accurately in
order to catch malicious activity in real time and avoid false positives.
Its action Includes :
• Sending an alarm to the administrator (as would be seen in an IDS)
• Dropping the malicious packets
• Blocking traffic from the source address
• Resetting the connection
• Configuring firewalls to prevent future attacks
18. IPS and IDS - What is the Difference?
The main difference between IPS and IDS is the action they take when a potential
incident has been detected.
• Intrusion prevention systems control the access to an IT network and protect it
from abuse and attack. These systems are designed to monitor intrusion data and
take the necessary action to prevent an attack from developing.
• Intrusion detection systems are not designed to block attacks and will simply
monitor the network and send alerts to systems administrators if a potential
threat is detected.