Implementing a Secure E-Commerce Web Site

Implementing a Secure E-Commerce Web Site

Kannan Balasubramanian (Mepco Schlenk Engineering College, India)
Copyright: © 2016 |Pages: 23
DOI: 10.4018/978-1-5225-0273-9.ch007
OnDemand PDF Download:
No Current Special Offers


The design of a secure e-commerce website, involves process of grouping your systems together in common areas as defined by their requirements for security. These groupings or security zones will be regulated by the control systems (such as firewalls and routers) that you deploy in your site. They will also be monitored against attack by intrusion detection systems (IDSs) and other tools deployed within your environment. The main steps in securing the E-commerce Web Site are: (i) implementing Security Zones, (2) Deploying Firewalls, (3) Deciding Where to place the Components (4) Implementing Intrusion Detection (5) Managing and Monitoring the Systems.
Chapter Preview

E-Commerce Site Components

An e-commerce site is usually made up of several integral components, including the normal network components such as routers, hubs, and switches. But you may not be as well-acquainted with some other components: firewalls, IDSs, Web servers, load balancers, database servers, and financial processing servers.

  • Firewall: A firewall is a device used to provide access controls for a network or segment. Think of this system as a network traffic cop, allowing or disallowing traffic into a network based on who the requestor is and the type of connection they are asking for.

  • Intrusion Detection Systems: An IDS can be network-based or hot-based, or both. These tools are very flexible; they can monitor and manage data and make content filtering decisions.

  • Web Servers: This is the most common server in an e-commerce site. This system’s job is to serve up the Web pages or content that the consumers using your site request.

  • Load Balancers: These specialized devices are used to regulate the traffic flow to the Web servers, ensuring that the work load is balanced between the multiple systems that perform the work of your site.

  • Database Servers: These systems are used to store the information your site depends on for business, including catalogs, product descriptions, consumer data, and all the other bits of information that you need to do business. If these servers have consumer information on them, they must be protected even more carefully than systems just serving your site’s data to the Web.

  • Financial Processing Servers: These servers are used to store and process customer and vendor financial information. They are often the end-line goal of most attackers, so they must be given the most care of any of the systems on your network. Losing the information in these servers could spell the doom of your business, so treat these systems with the utmost of respect. Your site may have additional components, or redundant sets of these types of devices, but these are the basic commonalities across the board.

Complete Chapter List

Search this Book: