|
Protecting E-Commerce From Distributed Denial of Service Attacks
5 Essential Components of E-Commerce Security
|
Containment |
 |
| Prevent proliferation of attacks |
Compartmentalization |
| Prevent unauthorized access to systems. Avoid collateral damage to other business segments when you are under attack. |
Continuity |
| Ensure seamless operation even under DDoS attack or equipment failure |
Recovery |
| Enable rapid recovery from external attack or malicious insider activity |
Performance |
| Network performance should not be reduced by security measures |
| IntruGuard products help you contain the DDoS attacks within 2 seconds. They let you segment your network logically into business functions or networks so that an attack on one business segment does not impact the others. With a hardware DDoS mitigation appliance from IntruGuard, your business continues - automatically. All attacks are instantaneously identified and blocked for a short duration (of less than 15 seconds) and re-evaluated. That helps in reducing false positives. The devices are tested for high performance - under the worst attacks, the performance remains wire-speed. Read a third party analysis here. |
Who Needs Operational Risks?
Today, all major commercial sites offer online purchase services to their customers. They also have taken many steps by adding security features to the service infrastructure, such as measures to prevent identity theft and fraud so that E-commerce is a safe and secure experience. However, as more customers depend on a reliable online access, there are steps to take against new types of online threats. Great disasters happen, not because people run risks, but because they don’t understand the risks.
Costs to create Denial of Service attacks is low and the pay-back can be massive. These types of attacks by Botnets and other sophisticated attacks bombard the site with bogus requests and overwhelm the network. They can stop all genuine activity for several hours or even many days thus depriving customer access to E-commerce. Moving from gambling sites and holding them for ransom, the criminal activity has now spread to other types of businesses, which have an online presence and it is their significant source of customer interaction. Online properties must protect the consumer and preserve trust and the integrity in the on-line marketplace.
Avoid The Reputation Risk
Bank IT and Security staff need to fully understand the organization’s risks and vulnerabilities.
Knowing the drivers for change, both the external & internal influences.
They must develop a corporate risk profile.
Implement a strong Governance and Controls infrastructure.
Monitor and maintain the security and risk profile to meet new challenges.
Reputation risk associated with Denial of Service attacks can impact public opinion that results in a critical loss of funding or customers. Failure of E-commerce platform to perform as promised, due to DoS and DDoS attacks, that prevents customers from accessing their accounts, could expose the institution to reputation risk
Why Others Cannot Help You?
Internet Service Providers and hosting providers who host E-commerce web sites face a difficult problem. They have to take steps to protect against such attacks. Quite often they are either unwilling or lack the expertise to implement such a solution. Many times their first option is to cut off the service to the attacked web site. The E-commerce operations have now two emergencies to tackle and be back in business. There are a number of horror stories faced by online businesses, many that go unreported. Fortunately, there are affordable solutions that can be implemented without disruption to normal operations.
Define Denial of Service Attacks
Denial of service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are common techniques to bring down e-commerce with a malicious intent.
The attackers employ either a few machines spoofing as large number of machines or a large number of hacked machines with a robot software called bot simultaneously connecting to a website.
The number of simultaneous connections are so many that the e-commerce servers cannot handle the load and are knocked down.
Denial of service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are very difficult to stop using firewalls because the content is legitimate and the intent is malicious.
Most ISPs for online E-commerce do not have adequate tools and techniques required to stop the onslaught. They can simply take down the network - which furthers the purpose of the attackers.
What is the Solution?
The solution is in containing the attack and compartmentalizing the site, having a DDoS mitigation system which stops attacks by understanding that the behavior of the new visitors is different from the past normal visitors. The solution is in planning for the high performance required in the network security appliance that can handle such onslaught and still stop such attacks so that the business can continue.
5 Key Questions About E-Commerce Security
- Has your website been affected by a worm, DDoS attack, Botnet attack, or other security breach?
- Have the attacks cost you business or productivity? What is the value of downtime of a few hours?
- Do you have an incident response policy in place?
- Does your company have a 24x7x365 Security Operations Center?
- Is security important enough to distinguish you from your competition?
5 Steps to E-Commerce Network Security
- Insecure E-commerce Network
- DDoS Mitigation: Key step for building a secure online E-commerce network
- Firewall : Next step in building a secure network
- Content Based Security (IPS): Further step towards a more secure network
- Application Security: Pretty secure online E-commerce network
5 Compliance Mandates for DDoS Attack Mitigation:
| Regulation |
Mandates |
| FFIEC |
• Availability security objectives |
| Gramm-Leach Bliley |
• Protect Security and Confidentiality of Customer’s Non-Public Personal Information
• Protect Against Anticipated Threats and Hazards to Information Security
• Establish Disaster Recovery and Business Continuity Program |
| Sarbanes Oxley |
• Secure Information Infrastructure
• Safeguard Information Assets |
| USA Patriot Act |
• Implement Risk Based Systems and Monitoring |
| Basel II |
• Monitoring of Risks
• Business Continuity Plans
• Implementation of Risk Mitigation |
Comprehensive E-Commerce Network Protection
| Feature |
DDoS Mitigation |
Firewall |
Content Based Security
(IPS)
|
Web Application Security
(Application Firewall)
|
Floods
(SYN, TCP, UDP, ICMP, Fragment, Port, etc.) |
Yes |
No |
No |
No |
| Botnet Attacks |
Yes |
No |
No |
No |
| Source Tracking, Source Limiting |
Yes |
No |
No |
No |
| Continuous Behavior Learning and Adaptive Control |
Yes |
No |
No |
No |
| Header and State Anomalies |
Yes |
No |
No |
No |
| Port Scans, Network Scans, Dark Address Scans |
Yes |
No |
No |
No |
| ACLs |
Yes |
Yes |
No |
No |
| NAT |
No |
Yes |
No |
No |
| Stateful Inspection |
No |
Yes |
Yes |
No |
| Stateful Signatures |
No |
No |
Yes |
No |
| Traffic Signatures |
No |
No |
Yes |
No |
| Cross Site Scripting, Parameter Manipulation, Command Injection |
No |
No |
No |
Yes |
| Information Leakage |
No |
No |
No |
Yes |
Architecture of a Secure Online E-Commerce Network
|
Customer Experiences
Read what our customers and world-renowned analysts have to say about us.
Read about Sarbanes Oxley and Denial of Service Attacks.
Read about Payment Card Industry (PCI) / Data Security Standard (DSS) and Denial of Service Attacks.
Want to know more
Sign up for our webinars.
|
