Information about http://www.macquarietelecom.com/whitepapers/Info%20Security%20Standards%20e-biz.pdf
INFORMATION SECURITY STANDARDS FOR E-BUSINESSES…
Tags: amazon, business internet service, business to customer, commerce experience, corporate telecommunications, e commerce services, electronics commerce, fixed cost, geelong vic, information security standards, internet service providers, nsw australia, satti, school of computing, security breaches, sydney 2000, university of western sydney, university of western sydney nepean, uws, western sydney nepean,Pages: 5
Language: english
Created: Mon Dec 9 12:27:13 2002
Display cached document
Page 1
Page 2
Page 3
Page 4
Page 5
INFORMATION SECURITY STANDARDS FOR E-BUSINESSES
1
Muhammad M. Satti
2
Brian J. Garner
3
Mahmood H. Nagrial
1
Macqaurie Corporate Telecommunications Pty, Sydney 2000 NSW Australia, msatti@macquarie.net.au
2
School of Computing and Mathematics Deakin University Geelong Vic. 3217 Australia, brian@deakin.edu.au
3
School of Electrical, University of Western Sydney Nepean 2747 NSW Australia, m.nagrial@uws.edu.au
ABSTRACT
The process of buying, selling or interacting with customers (B2B) or business to customer (B2C) e-commerce experience
via Internet, Tele-sale, Smart card or other computer network significantly higher rates of many such security breaches,
is referred to as Electronics Commerce. Whereas online trade incidents are recorded in ISP shared services, where multiple
has been touting its flexibility, convenience and cost savings, businesses are running by single hardware. Further, ISP's are
the newest entrant is wireless e-commerce. This form of not aware of most security tools and standard [1]. E-
business offers many attractions; including 24 hours seven Commerce is fundamentally World Wide Web based buying
days' open shopbusiness, vastly reduced fixed cost, and and selling of goods and services. Most people see it as the
increased profitability. Amazon.com is an example of a ultimate form of removing the Intermediary or go-between.
successful venture, in e-business. Internet Service providers Most E- Commerce services are delivered by ISP's. The
(ISP/ASP) have a significant influence on the feasibility, Internet service provider has a significant influence on the
security and cost competitiveness of an e-business venture. In feasibility and cost competitiveness of an e-business venture.
the ISP model of services, multiple users and their databases Large ISP's that provide business services claim to be security
are normally offered on a single hardware, platform sharing conscious, but in reality it may not be true. The Co-location
the same IP address and Domain name. Clients will require a hosting, in the ISP's environment, allowed users to come in
mechanism, which allows them to update their Web contents unencrypted. An ordinary hacker is easily able to hijack the
and databases frequently even many times daily without connection.
intervention of local system Administrator (ISP Admin). The Knowledge is power: It is the hacker's creed. If a company
paper overviews few steps to enable corporate clients to stores any valuable information on web server and those
update their web content more securely. servers are housed at an ISP's data center, one should pay
close attention to the ISP's security policy. Even if the
Keywords-E-Commerce, E-business, Information Security, information on a web server is of l ttle value, the customer
i
ISP/ASP, Satti, Nagrial, Garner, should worry about a deliberate denial of service (DoS) by
hacker's [2].
I. INTRODUCTION
II. COMMON ISSUES
With the technological development, Electronic Commerce
(E-Commerce) is becoming an important milestone in A growing number of companies are placing some or all of
Information Technology (IT) revolution. The technologies that their E-Commerce support needs into the hands of corporate
make the World Wide Web and e -commerce possible have service providers (ISP / ASP) or one-stop, no-hassled web
some potentially negative components. To make e-commerce hosting, dedicated hosting or share hosting services centers.
more cost effective by using e -cradle from Internet Service The server farms that sit inside the walls of web hosting
Providers and Applications Service Providers ( ISP's/ASPs) , services are among the most tempting targets for nosy hackers,
there has to be a security trade-off as defined above, that who might tap away until they find a crack, most commonly a
single hardware hosts multiple sites. The privacy issues are mis-configured firewalls or routers [3]. The most vulnerable
also of major concern for many users. There are means to arrangement is a server farm in which servers are shared by a
collect consumer information easily with digital tools but the number of companies, and each have their own File Transfer
security is equally imp ortant in a digital transaction. It is Protocol (FTP) account on the same server to update the web
revealed that companies conducting either business to business contents and database. FTP was written as a quick tool to
transfer files across a small network and security was not of traditional assets like physical stores and branches. Networks
that much importance at that time. The way most ISP's dissolve the boundaries within and between companies,
become economical by installing a quad processor with giga- countries, continents and time zones. It's not hyperbole to say
byte of RAM and allocating multiple customers on it. When a that the "Data Center" is quickly emerging as the largest, most
hacker breaks into one machine, he will breach the security of dynamic, restless, and sleepless marketplace of goods,
all those customers. The ISP's business is based on generally services and ideas the world has ever seen.
cheaper, switching infrastructure. The switches which offers
filtering (layer 3, 4 and layer 7), strict access controls between III. SYSTEM ARCHITECTURE
machines and connections are better and more secure, but at a
cost of US$20,000 to US$30,000 compared to normal non- The model data center is unique in design; where remote
filtering switches at about $1,000. Most ISP's have firewalls access, security, intruder detection system and other state-of-
but nothing else. Firewalls are further categorized using the IT the-art equipment is in place.
Security Evaluation Criteria (ITSEC) leading to an " level E"
of assurance. The ITSEC rates the correctness, effectiveness E-Clients
and strength as meeting the stated requirement for a level
between E0 and E6. Level E0 represents an inadequate level In the Internet, data center reference architecture, the clients
of assurance, while E6 products are the most trusted [4]. The issue requests to a service name, which represents the
information security laws are enforced in some countries application being delivered to the client. The end-user system
including Australia. These laws imposed restrictions on all and the client software have no knowledge about the inner
third party service providers to use at least E1 grade firewall working of the system that delivers the service. The end user
for general trading and E3 level for government web and data typically types in the URL, for example,
hosting, whereas for credit card information and financial http://www.itbutler.com.au, and then either clicks on
transaction, payment gateways must have E6 level firewall to hyperlinks or completes forms on Web pages to navigate
protect security domain. ISP's are vague about attacks they deeper into the site.
have experienced. In spite of this false sense of security, ISP's
customers do worry about more visible problems, such as Gateway Routers
malicious destruction of web pages or even web page content
being replaced with sexual, racist, or otherwise unpalatable Gateway routers connect the infrastructure to the data center
content. Regrettably, the triumph of the Internet design for (ISP) networks. For high-e n d E-business environments, full
global information access and sharing is at risk of being redundancy is considered in the proposed model. The full
tarnished as a ubiquitous open trading environment by redundancy requires at least two Gateway routers, with each
unscrupulous and vindictive attack [5]. Information security is router connected to a different back end carrier provider
thus the overarching concern of Internet businesses and users! commonly called Back End Service Provider (BSP). This
implementation provides fault tolerance and traffic-
Due to poor infrastructure design and hidden security holes, aggregation.
over the last two years hundreds of web pages were changed;
several of which resulted in embarrassing press reports. These The routers should run Border Gateway Protocol (BGP) to
stories led the E -businesses to earn a bad reputatio n and ensure proper and fast routing. Most routers are capable of
customers hesitating to buy commodities by credit card. Most enforcing traffic policies, which should be used to create a
of them thought that their credit credentials were not in safe security perimeter network (also known as, for demilitarized
hands, which put the E-Commerce business into decline. zone (DMZ, and Inside 100% screened sub-net) and additional
Internet security was one of the major factors of E-Commerce levels of security for the internal network.
failure in the USA and across the globe. In the year 2000,
hundreds of IT related companies have closing and e-economy Load Balancing
slumped to its lowest rate ever, since its inception. The
proposed work is "Secure data Center" to host web sites of Network Load Balancing can be successfully used to load
delivering e-commerce trading, which is most cost effective balance front-end web-tier systems and is used in the Internet
and more secure. This model will address the ISP's snags, data center reference architecture to provide both resilience
system weaknesses and fulfill the e-business needs. The and scalability in conjunction with Round Robin DNS
biggest challenge is in the fundamental transformation of the (RRDNS). It is strongly recommended to have three DNS,
way things get done in the world. That's because networks are (Primary, Secondary and External Secondary), where the
great levelers. They dissolve barriers to entry and neutralize external secondary must be placed at a different location.
Services Systems Middle-Tier Systems
This tier is used to host domain controllers running the
Services systems are the collection of servers that provide Windows 2000 operating system with Windows 2000 Active
the core Web services, Database services and E-Commerce DirectoryTM service and Domain Name Service (DNS).
solutions such as HTTP/HTTPS, LDAP, RADIUS and Depending on the application design, the middle tier can also
Secure Copy Protocol SCP to Web clients/systems. be used to host servers running components and business
Developers usually group these services systems into sets of objects (for example, Microsoft BizTalkTM S erver 2000 or
identical systems called clones. The clones run the same Message Queuing). If the application is designed to support
software and have access to the same Web content, HTML three tiers, the middle tier can host application logic and
files, ASPs, Java scripts, Cold Fusion and other middleware services. Most applications are designed logically as three-
and so forth, either through content replication or from a tier systems, but they can also perform if they are installed
readily available file share [6]. By load balancing the on two physical tiers. In this case, the middle tier can be
requests across a set of clones and by detecting and collapsed to a back-end tier and the business objects run on
separating a failed clone from the other working clones, you the front-end systems.
can achieve high degrees of scalability and availability.
For E-Business, both scalability and availability is a critical Back End Systems
success factor (CSF) to consider in architecture design.
Back-end systems are the data stores that maintain the
Intelligent Switches application data or enable connectivity to other systems,
which maintain data resources. Data could be stored in flat
The design can be implemented with multiple physical files or in database systems such as Microsoft SQL ServerTM
devices or only two large multi-layer switches. The reference 2000, Oracle, DB2 and MYSQL back-end systems. The
architecture configuration uses two large, multi-layer database systems are more challenging to scale and make
switches to maintain simplicity, manageability, and low cost. highly available, primarily due to the data and state they
The switches are partitioned as multiple logical Layer 3 must maintain [8].
devices. The Virtual Local Area Networks (VLANs) are If a system cannot be scaled further, it is necessary to
created and spanned over both switches to provide hardware partition the data and use multiple servers. Continuous
fault tolerance. This has extended capability to isolate scalability is, therefore, achieved through data partitioning
corporate customers from each other on the same switch but and a data-dependent routing layer or a stateful load-
with explicit ACL to each VLAN. This also minimizes the balancing system, which maps the logical data onto the
eavesdropping across the neighboring VLAN customer. The correct physical partition. For increased availability, a cluster
servers are configured with t o-teamed network adapters
w supports each partition. These clusters typically consist of
and connected to the same VLAN on each physical switch. two nodes with access to common, replicated, or protected
The traffic between VLANs is routed using the internal Redundant Array of Independent Disks (RAID) storage.
router and controlled using access-control lists ACLs[7]. When the service on one node fails, the other node takes
over the partition and offers the service. Another feature of
Firewalls backend is very important in data center design is swift and
safe mechanism to update database servers.
A firewall is a mechanism for controlling the f low of data
between two parts of a network that are at different levels of Intrusion Detection Systems
trust. The firewall inspects traffic between the front-end
(Web tier) system and middle and back-end systems. Intrusion detection is defined as the problem of identifying
Different firewall policies are implemented to control traffic individuals who are using a computer system without
between the tiers. The firewall often becomes a single point authorization and those who have legitimate access to the
of failure and a traffic bottleneck. To avoid these limitations, system but are abusing their privilege. In this paper the term
the reference architecture implements two fast, reliable intrusion means both external and internal intrusions. The
firewalls in a fail-over configuration. The last rule-set is recommended system for the corporate environment is
always set DENY ALL if not permitted. For E-Commerce "Enterprise Managed Intrusion Detection System" where
cradle, generally E3 and higher grade of firewall are multi sensor IDS systems allow pickup of traffic from all
recommend, however, for general Web hosting E1 to E3 ingress communication tracks and analysis locally and report
firewalls can be used [4].
to central management servers for further analysis and option is to implement a secure communication path by
display on network operator consoles. using a Virtual Private Network (VPN) between the e-
IDS Intrusion detection systems are the burglar alarms (or
rather intrusion alarm) of the computer security systems. The business network and the corporate network connecting both
aim is to defend a system by using a combination of an LANs. The connection between the two VPN servers
alarm that sounds whenever the site's security has been provides end-to-end security over the Internet by
compromised. The security staff and incident response team encapsulating and encrypting traffic between two sites. IPSec
respond to the alarm and take the appropriate action for
over L2TP is the preferred way of connecting to the
instance by ousting the intruder, calling on the proper
external authorities and so on [5]. reference architecture infrastructure. In this scenario, a
certificate authority server is installed for issuing certificates
Remote Access Connection to the servers to ensure that the identities of the VPN servers
do not change [10].
An e-business network can be created as an extension of an
existing corporate network or it can be a completely separate Remote access management is a paramount factor in Data
physical network and system Center security, since hosting private E -Businesses, where
Infrastructure, located at a carrier collocation facility. In a daily updates, or even many times in day updates of web
case where the new e-business infrastructure is created as an Contents and database is needed. Without secure remote
extension within an existing corporate network, the simple access, one cannot achieve the level of security, when many
and secure way to connect the corporate network and e - privileged users log in to a production server, serving web
business system is to build a dedicated VLAN on the core pages. The external and internal intrusion can only be
e-business infrastructure switch and restrict traffic by detected, if the user login credential are in centrally
applying ACLs on the router and Switch (Layer 3), where all controlled and managed enterprise-wide. The best choice
servers are connected. For more secure scenarios, it should will be the LDAP running on Unix server.
be considered by putting a firewall between the Data Center Radius is an Internet protocol that Lucent Technologies
Network and the Corp VLAN e-business infrastructure, as it proposed in 1996. RADIUS contains three-user management
is called "backdoor" protection [7-9]. pieces- Authentication Authorization and Accounting that
referred to as AAA. RADIUS server on Unix is again the
best choice and I would like to utilize all of these
engineering features in this design.
IV. PKI KEY MANAGEMENT
This model is incorporated with digital certificate along with
Key management. If an enterprise offers on-line business
and remote users are using their login for financial
transactions, or dealing with critical database, highly
protected (HP) infrastructure is recommended.
However if the users are just a corporate users and dealing
with business not required high level of protection than a
Figure 1: Remote Access Infrastructure diagram digital certificate can be taken off from the above model but
Key management will remain as in protected security zone.
In an e-business implementation where the supporting
In order to provide a uniform framework for key distribution
infrastructure is co-located at a remote facility there are two and to manage key groups reflecting need-to-know
options for connecting to the corporate environment. The categories, it is recommended to implement PKI (Public Key
first option is to install a dedicated, private, point-to-point Infrastructure) style key generation and authorization as a
connection between the two sites. This alternative should be centralized function.
The basic structure of any PKI requires at least 2 functional
considered in scenarios where large amounts of data are blocks. Firstly, certificates must be created and destroyed
expected to be transferred between the two sites. Redundant (revoked) somewhere within the system, and secondly,
links should also be installed for resilience. The second certificates must be stored and made available to the clients
[9]. The Certification Authority (CA) provides all the
required services of the former, and the Certificate Server its economical potential. Based on best method principles in
(CS) the latter. conjunction with independent auditing can bring back the
confidence of customers of E-Trading. Computer based
Since trust in a PKI system resides within the certificates crimes are on the increase; in the past few years the Federal
themselves, the CA must be a trusted entity, but no such Bureau of Investigation (FBI) in the USA has recorded an
requirement need be placed on the CS. The CS receives increase of over 25% in computer crimes. In one case, an
Certificates and CRLs from the CA and stores these items in intruder was able to break into an Internet Service Provider's
the corresponding database. The database server should be in network, connect a sniffer and collect numerous ID's and
highly protected portal. The CS provides several other passwords. When this intruder was finally apprehended, the
interfaces to clients within the local domain as well as an FBI retrieved 86,270 credit card numbers from 1,217
inter-domain interface. Clients may contact the CS different financial institutions [3].
requesting certificates by subject name or serial number;
they may also request CRLS from the CRS interface. Inter- The Internet and the World Wide Web offer enormous
domain clients may access the same facilities through the potential but measures need to be developed now to prevent
local CS. The CS may reside in corporate zone; need not be abuse from occurring in this environment. These issues need
trusted as it merely stores certificates in which the trust is swift resolution now in a co-operative climate between
inherent. industry and government working together. If action is
postponed, both the industry and consumers will have to deal
Desirable Characteristics with consequences of reactionary regulation in the very near
future. This study unveiled some common weaknesses of an
Ideally, following are the characteristics needed to be ISP / ASP services and suggested better design to overcome
included in the Data Centre design and in proposal for the issues. This paper would be helpful to professional
infrastructure, engineers and researchers equally.
i. Access Control List (ACL) on (Fire-walling)
gateway router VI. REFERENCES
ii. ACL on switching networks
[1]. Yasin, R. " Security breaches surge over past two years
iii. Firewalls at front and backdoor Multiple Sensor
IDS system FBI report " (1998).
iv. Anomaly detection system (for internal audit)
[2]. Radcliff, D, " IS your ISP's Secure", March (1998)
v. Radius server, for all remote dialup for web content.
LDAP authentication for all users and remote
access accounts [3]. Crume, J. "Inside Internet Security" (1999)
vi. DMZ and inside security zones rule sets on
firewalls [4]. Directorate of defense signal Australia "Gateway
vii. Enterprise Managed backup system Certification Guide" (1999)
viii. Redundant power supplies (UPSs, Diesel
Generators) [5]. Satti .M " Enterprise Managed IDS system" IEEE
ix. State-of-arts environmental sensors (Surveillance INMIC 2001 Lahore.
cameras, humidity, fire, water leakage, moisture,
Temperature sensors) [6]. Et .B "Analyzing E Commerce on Internet" 2000
[7]. Wilson,T. "Profit Embolden Hackers " (2000)
x. Strong air-conditioning systems Physical,
Electronic Security appliances (Security [8]. Lewis, J." Data warehouse E Commerce (1999)
Guard, Bio- metric hand scanners).
[9]. Graff,.CJ. "Cryptography and E-Commerce" (2000)
V.CONCLUSION [10]. Jannathan, L " E-Commerce metrics models
(1999)
The issue of trust in e-commerce is fundamental to its
eventual success. If consumers cannot trust that personal
information is safe and secure, the Internet will never reach