How to Start an Ecommerce Business
Redundancy can be added to the design in Figure 13-13 with the same caveats already discussed in the high-end resilient edge design. It is also beneficial to use dedicated Internet bandwidth for your ecommerce traffic to allow for specific filtering as discussed in the E-commerce Specific Filtering section of Chapter 6.
Data traverses an IP-based network in the form of packets, where each packet consists of a header that specifies the source, the destination, and the message itself. The IP addressing scheme uses either IPv4 or IPv6 to address computers on the Internet. IPv4 uses 32 bits for addressing, whereas IPv6 has a 128-bit source and destination address scheme that provides more addresses than IPv4. IP permits connectivity via a variety of physical media and provides a best-effort datagram service. Therefore, no hard packet delivery guarantees exist. TCP is often used where reliability is a concern because it guarantees the delivery and ordering of transmitted data. IP provides any-to-any connectivity, as demonstrated by the Internet. Common applications that are used today by companies include e-mail, web hosting, electronic commerce, corporate intranets and extranets, and emerging VoIP. Moreover, enterprise applications, such as enterprise resource planning (ERP) and supply chain management...
Extranets and Electronic Commerce Electronic commerce is the act of purchasing goods and services online and requires the electronic exchange of funds, usually by credit card. E-commerce can build customer satisfaction by receiving orders and fulfilling them more quickly, with less hassle and greater accuracy. E-commerce applications require a commerce application deployed on a Web site, an access router, a firewall, and a full-time Internet connection.
Because your extranet environment generally connects to other organizations by way of the Internet, a private IP network, or leased lines, the other parties in this communication have increased access to your organization by default. It is important to ensure that this access does not allow a less scrupulous party to access your network in ways you do not intend. In fact, some extranets, like the ANX, directly connect competitors in the same industry, increasing the possibility of directed attacks. Just like ecommerce, separating the network infrastructure, hosts, and applications from the rest of your edge allows for tight controls from the network where needed. Separate Internet connections can be considered for the same reasons as given previously for e-commerce designs.
Server load balancing (SLB) is the traditional load-balancing application. Very common in large ecommerce applications, server load balancing allows two or more devices to distribute the load delivered to a single IP address from the outside. In the past, low-tech solutions such as DNS round robin were used for this function. Today, many organizations use dedicated load-balancing hardware to determine which physical server is best able to serve the client request at the time the request is submitted.
Could use FTP to damage a company's web pages, thus damaging the company's image and possibly compromising web-based electronic commerce and other applications. Security experts recommend never allowing Internet access to Trivial File Transfer Protocol (TFTP) servers, because TFTP offers no authentication features.
The distributed denial of service (DDoS) attacks that occurred in 2000 are examples of policy vulnerabilities. Clearly, changes could have been made to IP to reduce the chances of these attacks succeeding, but at the time most organizations had not planned for such attacks or even considered the remote possibility of them. As such, organizational security policies had not defined standards for how systems should deal with DDoS attacks. Today, if you look at the security policy of any large ecommerce organization, you will probably find standards and guidelines around protecting systems from DDoS.
Under normal circumstances, the chances of an attacker gaining access to communications between two parties on the Internet is so small that it can almost be considered impossible. For example, your credit card numbers are in much more danger of attack by being stored on many different ecommerce sites than they are when sent from your PC to the server. Trying to access data in transit is like trying to photograph a running jaguar. It is much easier to wait for it to stop (though the results are less exciting).
Developing security strategies that can protect all parts of a complicated network while having a limited effect on ease of use and performance is one of the most important and difficult tasks related to network design. Security design is challenged by the complexity and porous nature of modern networks that include public servers for electronic commerce, extranet connections for business partners, and remoteaccess services for users reaching the network from home, customer sites, hotel rooms, Internet cafes, and so on. To help you handle the difficulties inherent in designing network security for complex networks, this chapter teaches a systematic, top-down approach that focuses on planning and policy development before the selection of security products.
In an application-based extranet, the network infrastructure doesn't take part in the security except as is done in traditional e-commerce environments. Transport can be over the Internet at large or over another IP network. Any security is provided by the application hosts using something like SSH or SSL. In this respect, the design is identical to an e-commerce design. Like e-commerce, it can be insourced or outsourced, hosted locally or at a collocation facility. Depending on the sensitivity of the data accessed, sometimes an extranet connection has at least as many security requirements as ecommerce, oftentimes more. For the ANX, as an example, automakers make purchases of large quantities of parts from suppliers. The amount of the transactions can exceed your average retail consumer e-commerce transactions. Application-based extranets are also called business-to-business (B2B) e-commerce.
Securing all aspects of your network can be a daunting task. For an organization with ecommerce, intranet, and extranet sites, as well as e-mail, this only adds to the complexity of the task. Of course, there are costs to providing a high level of security, in terms of both staff and equipment needed to implement a network security policy. These costs must be weighed against the possibility of network security breaches.
The DSCP marking of EF results in expedited forwarding with minimal delay and low loss. These packets are prioritized for delivery over others. The EF PHB in the DiffServ model provides for low packet loss, low latency, low jitter, and guaranteed bandwidth service. Applications such as VoIP, video, and online ecommerce require such guarantees. EF can be implemented using priority queuing, along with rate limiting on the class. Although EF PHB when implemented in a DiffServ network provides a premium service, it should be specifically targeted toward the most critical applications, because if congestion exists, it is not possible to treat all or most traffic as high-priority. According to RFC 2474, the recommended DSCP value for EF is 101110.
Several types of DoS attacks exist, including Teardrop attacks and the Ping of Death, which send handcrafted network packets that are different from those the application expects and may provoke the application and server to crash. These DoS attacks on an unprotected server, such as an ecommerce server, can cause the server to crash and prevent users from adding items to their shopping cart.
Phishing is a type of network attack that typically starts by sending an e-mail to an unsuspecting user. The phishing e-mail attempts to look like a legitimate e-mail from a known and trusted institution such as a bank or ecommerce site. This false e-mail attempts to convince users that something has happened, such as suspicious activity on their account, and that the user must follow the link in the e-mail and logon to the site to view their user information. The link in this e-mail is often a false copy of the real bank or ecommerce site and features a similar look-and-feel to the real site. The phishing attack is designed to trick users into providing valuable information such as their username and password.
After completing the PPM exercise, you now have a list of potential projects, each of which will improve the delivery of value to customers and each of which is acceptable to key stakeholders. How do you decide which ones to do Generally, projects that can be delivered quickly with measurable benefits provide faster results and lower risk. Because some important projects might also be large and complex, consider breaking these projects into phases that can be delivered rapidly. Figure 6-14 maps the smaller components of a large ECommerce Initiative against business value and ease of implementation.
Common forms of DDoS attacks are ICMP floods, TCP SYN floods, or UDP floods. In an ecommerce environment, this type of traffic is fairly easy to categorize. Only when limiting a TCP SYN attack on port 80 (Hypertext Transfer Protocol HTTP ) does an administrator run the risk of locking out legitimate users during an attack. Even then, it is better to lock out new legitimate users temporarily and retain routing and management connections than to have the router overrun and lose all connectivity.
A second option is to merge the functionality of the VPN and remote-access module with the corporate Internet module. Their structure is very similar, with a pair of firewalls at the heart of the module surrounded by NIDS appliances. This may be possible without loss of functionality if the performance of the components matches the combined traffic requirements of the modules, and if the firewall has enough interfaces to accommodate the different services. Keep in mind that as functions are aggregated to single devices, the potential for human error increases. Some organizations go even further and include the e-commerce functions in the corporate Internet VPN module. The authors feel that the risk of doing this far outweighs any cost savings unless the e-commerce needs are minimal. Separation of the ecommerce traffic from general Internet traffic allows the e-commerce bandwidth to be better optimized by allowing the ISP to place more restrictive filtering and rate-limiting technology...
There are several types of network attacks. Some of the most popular network attacks include viruses, worms, Trojans, DoS, DDoS, spyware, and phishing. Viruses are executable software that attack a host by attaching to a program or file such as an e-mail or spreadsheet. Viruses can wreak havoc on the target PC if the virus executes on the user's machine. Worms are more network-centric than viruses and do not require a host to replicate. Worms look for vulnerabilities to attack and initiate other network connections. Trojans attack by attempting to masquerade as something innocuous, such as a screen-saver or game. DoS attacks prevent legitimate network activity by attacking a vulnerability such as an expected packet size or buffer size for an application. A DDoS attack prevents legitimate network traffic by flooding the network with traffic from multiple or distributed sources, such as from zombies or botnets. Spyware is a network attack that monitors or spies on a user's activity,...
Download Instructions for Starting From Zero
The best part is you do not have to wait for Starting From Zero to come in the mail, or drive to a store to get it. You can download it to your computer right now for only $1.99.