IntruGuard Products
Products Overview
Key Capabilities
Benefits
Technical Specs
Product Datasheets
 

E-commerce Security - A White Paper from IntruGuard

5 Essential Components of E-Commerce Security

Contact IntruGuard

 

Containment

 Key E-commerce Security Components

Prevent proliferation of attacks

Compartmentalization

Prevent unauthorized access to systems. Avoid collateral damage when you are under attack.

Continuity

Ensure seamless operation even under DDoS attack or equipment failure

Recovery

Enable rapid recovery from external attack or malicious insider activity

Performance
Network performance should not be reduced by security measures
IntruGuard products help you contain the the attacks within 2 seconds. They let you segment your network logically into business functions or networks so that an attack on one network does not impact the other parts. With a hardware DDoS mitigation appliance from IntruGuard, your business continues - automatically. All attacks are instantaneously identified and blocked for a short duration (of less than 15 seconds) and re-evaluated. That helps in reducing false positives. The devices are tested for high performance - under the worst attacks, the performance remains wire-speed. Read a third party analysis here.

Growing Threats

Growing ecommerce activity has proliferated over the last few years. Today, almost everyone with an Internet connection has used the web to make a travel reservation, purchased a product or even sold an item. Businesses that have set up and operate these networks and web sites have taken several steps by adding security features to the service infrastructure, such as measures to prevent identity theft and fraud so that online commerce activity is not compromised and is a safe and secure experience. However, as more of your customers depend on a reliable online access, there are steps to take against new types of online threats.

One of the critical areas of vulnerability that needs to be addressed is to implement adequate safeguards for protecting the online system from being shut down with Denial of Service attacks. These types of attacks by Botnets and other sophisticated attacks bombard the site with bogus requests and overwhelm the network. They can stop all genuine activity for several hours or even many days thus depriving customer access to information or purchase. Moving from gambling sites and holding them for ransom, the criminal activity has now spread to other types of businesses, which have an online presence and it is their significant source of customer interaction.

Internet Service Providers and hosting providers who host such web sites face a difficult problem. They have to take steps to protect against such attacks. Quite often they are either unwilling or lack the expertise to implement such a solution. Many times their first option is to cut off the service to the attacked web site. The web site operator has now two emergencies to tackle and be back in business. There are a number of horror stories faced by online businesses, many that go unreported. Fortunately, there are affordable solutions that be implemented without disruption to normal operations.

Recently there was news about E-commerce firm 2Checkout, which processes credit card payments for online merchants. It was been hit with a distributed denial of service ((DDoS) attack after it rebuffed an extortion attempt. The 2Checkout site experienced rolling outages from the attack, which lasted over a week. 

There were similar attacks earlier on Authorize.net.

Costs to create Denial of Service attacks is low and the pay-back can be massive. These types of attacks by Botnets and other sophisticated attacks bombard the site with bogus requests and overwhelm the network. They can stop all genuine activity for several hours or even many days thus depriving customer access to banking. Moving from gambling sites and holding them for ransom, the criminal activity has now spread to other types of businesses, which have an online presence and it is their significant source of customer interaction. Online banks must protect the consumer and preserve trust and the integrity in the on-line marketplace.

Avoid The Reputation Risk

E-commerce IT and Security staff need to fully understand the organization’s risks and vulnerabilities. They must implement a strong Governance and Controls infrastructure and monitor and maintain the security and risk profile to meet new challenges.

Reputation risk associated with Denial of Service attacks can impact public opinion that results in a critical loss of funding or customers. Failure of Online banking platform to perform as promised, due to DoS and DDoS attacks, that prevents customers from accessing their accounts, could expose the banking institution to reputation risk

Why Others Cannot Help You?

Internet Service Providers and hosting providers who host online banking web sites face a difficult problem. They have to take steps to protect against such attacks. Quite often they are either unwilling or lack the expertise to implement such a solution. Many times their first option is to cut off the service to the attacked web site. The online banking operations have now two emergencies to tackle and be back in business. There are a number of horror stories faced by online businesses, many that go unreported. Fortunately, there are affordable solutions that be implemented without disruption to normal operations.

Define Denial of Service Attacks

Denial of service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are common techniques to bring down e-commerce with a malicious intent.

The attackers employ either a few machines spoofing as large number of machines or a large number of hacked machines with a robot software called bot simultaneously connecting to a website.

The number of simultaneous connections are so many that the e-commerce servers cannot handle the load and are knocked down.

How come the the attack in 2-Checkout could not be stopped by firewalls and the Internet Service Providers?

Denial of service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are very difficult to stop using firewalls because the content is legitimate and the intent is malicious.

Most ISPs for e-commerce do not have adequate tools and techniques required to stop the onslaught. They can simply take down the network - which furthers the purpose of the attackers.

What is the Solution?

The solution is in containing the attack and compartmentalizing the site, having a DDoS mitigation system which stops attacks by understanding that the behavior of the new visitors is different from the past normal visitors. The solution is in planning for the high performance required in the network security appliance that can handle such onslaught and still stop such attacks so that the business can continue.

 

5 Key Questions About e-commerce Security

  • Has your website been affected by a worm, DDoS attack, Botnet attack, or other security breach?
  • Have the attacks cost you business or productivity? What is the value of downtime of a few hours?
  • Do you have an incident response policy in place?
  • Does your company have a 24x7x365 Security Operations Center?
  • Is security important enough to distinguish you from your competition?

 

5 Steps to E-commerce Security

       

Pretty Secure

e-commerce

     

More Secure

e-commerce

 
    Secure e-commerce    
  Key Building Block of a Secure e-commerce      
Insecure Website

DDoS

Mitigation

Firewall

Content Based

Security (IPS)

Web Application Security
Remember that you cannot jump to application security without having a firewall/NAT protection in your network. Similarly you cannot have firewall/NAT with exposure to DoS/DDoS attacks. Under DDoS attacks, most firewalls crumble down under the pressure. So take your next step now. Read why other appliances or services cannot do DDoS mitigation as well as they promise.

 

Comprehensive E-commerce Site Protection

Feature DDoS Mitigation Firewall

Content Based Security

(IPS)

Web Application Security

(Application Firewall)

Floods

(SYN, TCP, UDP, ICMP, Fragment, Port, etc.)

Yes No No No
Botnet Attacks Yes No No No
Source Tracking, Source Limiting Yes No No No
Continuous Behavior Learning and Adaptive Control Yes No No No
Header and State Anomalies Yes No No No
Port Scans, Network Scans, Dark Address Scans Yes No No No
ACLs Yes Yes No No
NAT No Yes  No No
Stateful Inspection No Yes Yes No
Stateful Signatures No No Yes No
Traffic Signatures No No Yes No
Cross Site Scripting, Parameter Manipulation, Command Injection No No No Yes
Information Leakage No No No Yes

 

A comprehensive security plan for website security must include both network security and application security plan. Read frequently asked questions here.

Architecture of a Secure E-commerce Website

A secure e-commerce infrastructure depends on both cloud based DDoS mitigation and a data center based DDoS mitigation. No service-provider equipment can guarantee you a DDoS-free pipe. There will always be residual that you need to remove, especially if you have mutliple links to the Internet.

Following diagram shows a dual-link data center architecture that includes DDoS mitigation in data center in addition to the cloud-based DDoS mitigation. This is obviously for large-scale e-commerce. For smaller e-commerce operations, you don't need the cloud-based DDoS mitigation. Just the data-center DDoS security perimeter is sufficient.

Architecture of a Secure E-commerce Infrastructure

Customer Experiences

Read what our customers and world-renowned analysts have to say about us.

 

Want to know more

Sign up for our webinars.