Protecting E-Commerce server:- The physical place where all the e-commerce transactions occur is at the Server level. The server can be viewed as the central repository which consists of the actual website which displays your products and services, the customer database, and the payment mechanism. If there are any attacks on this server, there is the potential the e-commerce server.
There are two issues that relate to the security of servers:
Security of the information stored on the server and protection of the server itself.
There are three categories in protecting an e-commerce server from attack:
- The location of the server.
- The configuration of the operating system.
- The configuration of the web-server.
Web servers should be located in a controlled environment. Co-located servers should be in separate controlled areas to ensure physical security.
Firewalls should be configured to only allow access to e-commerce servers through ports 80 and 433. All other unnecessary services on the server should be shut down.
The performance of an e-commerce server is critical and needs to be robust enough to handle heavy traffic flow. During the planning and implementation of a web-server, the operating system must be kept in mind.
Steps for securing operating system are:
- Turn off all unnecessary services.
- Conduct a vulnerability scan before putting a server into production.
- Install all the latest updates available.
- Configure a system to comply with the organization’s policy.
Vulnerability scans should be conducted regularly in order to ensure server security. Never run a web server as root or administrator because if an intruder compromises the service, they will have root privileges.
Scripts should not be visible to the public to protect the code and pointers to other servers.
Protecting E-commerce Channels:-
Protecting e-commerce channels means protecting assets while they are in transit between client computers and remote servers.
Providing channel security includes channel secrecy, guaranteeing message integrity and ensuring channel availability. In addition, a complete security plan includes authentication or ensuring that those using a computer are who they say they are.
Channel secrecy can be ensured by the use of a secure channel. A secure channel will provide three things for the user:
The authentication of those involved in the communication, confidentiality of the information exchanged in the communication and integrity of the information exchanged in the communication.
Protocols can be used to establish and use a secure communication channel between two applications exchanging information.