Threats to E-Commerce Servers-Part II

By Ravi Das, HTG Solutions

Our last article was the first in this E-Commerce Security track series !n the last article, we e"amine# the #ominant
role E-Commerce has an# will $lay into the near term an# the future % formal #efinition of E-Commerce was
$rovi#e#, as well as the im$ortance of takin& a $roactive stance on security issues The s$ecific threats a&ainst E-
Commerce Servers were also e"amine#, which inclu#e#'
( The Human Element)
( *iruses an# +orms)
( Tro,an Horses)
( -o&ic Bom.s)
( Denial Of Service %ttacks)
( /in& Of Death)
( S01 2loo#in&)
( /hishin& %ttacks)
( Data /acket Sniffin&)
( !/ S$oofin&)
( /ort Scannin&)
( Tra$#oors an# Back#oors
This article, /art !!, will e"amine the various tools an# metho#s that are availa.le to $rotect your E-Commerce Server
from the a.ove mentione# threats as well as other threats
This article is #ivi#e# into the followin& sections'
345 Solutions To Threats 2rom % +ireless /ers$ective'
6% Technical Discussion Of The Data /acket
6 Threats from +ireless' Social En&ineerin& an# 7an !n the 7i##le %ttacks
6% Solution' %uthentication-The 8se of Secure Sockets -ayer
6% Solution' Encry$tion-The 8se of Secure Shell
6% Solution' Tunnelin&-The 8se of *irtual /rivate 1etworks
395 Solutions To Threats 2rom % Har# +ire# /ers$ective'
6% Solution' The 8se of 2irewalls
6% Solution' The 8se of Routers
6% Solution' The 8se of 1etwork !ntrusion Devices
Solutions To Threats From A Wireless
Perspective
The threats to E-Commerce Servers #escri.e# in the last article can .e initiate# from .oth a har# wire# source as well
as a wireless source %lthou&h wireless security will .e covere# in much more #etail in a su.se:uent article, this section
will #escri.e in some #etail the im$lications of threats to E-Commerce Servers from wireless, an# solutions to those
threats +ireless a$$lications are certainly makin& their mark in to#ay;s E-Commerce worl# !n fact, these a$$lications
even has its own term, known as <7o.ility Commerce= or sim$ly, <7-commerce= 7-Commerce is e"$ecte# to make
a .i& s$lash, es$ecially in wireless entertainment services, &eneratin& more than >9? .illion an# havin& a customer .ase
of 9@ .illion .y 9AAB 3Source' 45 But, 7-Commerce $oses one of the &reatest threats to E-Commerce Servers to#ay
This is so .ecause when your customer connects to your we.site to $lace an or#er, for e"am$le, at a <+i-2i= or <Hot
S$ot=, from a Star.uck;s cafC, the #ata $ackets are leavin& the confines of your customer;s la$to$ com$uter to the $oint
of !nternet access Since this is a wireless connection, the #ata $ackets are literally flyin& in the air 3as o$$ose# to a
har# wire# connection, where the #ata $ackets travel in the confines of the network ca.le5 !t is at this $oint a hacker
can interce$t the #ata $ackets an# cause havoc to your E-Commerce Server %s an E-Commerce .usiness owner, you
nee# to consi#er the risks $ose# .y wireless
However, .efore we &o any further, a #etaile# an# technical #iscussion of what a #ata $acket is warrante# at this $oint
The #ata $acket will .e a central core in su.se:uent E-Commerce articles, therefore an un#erstan#in& of what it really
is is im$ortant
The Data Packet
%ll of the information we sen# over the !nternet, whether it is e-mail or transferrin& files from one com$uter to the
other, ten# to .e very lar&e chunks of #ata These lar&e chunks of #ata are .roken #own into much smaller chunks,
known as <#ata $ackets= So for e"am$le, the e-mail you sen# is actually .roken #own into much smaller chunks,
which are the #ata $ackets 0ou may .e askin& at this $oint, <+hy is my e-mail .ein& .roken #own into so many
smaller chunks of #ataD= +ell, it is these small chunks of #ata that allow for the instantaneous sen#in& of e-mail to your
reci$ient, such as your .i& E-Commerce customer !f you were to have sent this e-mail as one massive chunk, it woul#
take a very lon& time for your customer to receive your e-mail %n# as .usiness owners, we are all very familiar with
the a#a&e <time is money=
% #ata $acket 3the small chunks of #ata5 consist of $rimarily three thin&s'
%5 % Hea#er section)
B5 % Data section)
C5 % Trailer section
The Hea#er section consists of the source a##ress, an# the #estination a##ress The source a##ress i#entifies your
com$uter as the sen#er, an# the #estination a##ress i#entifies the com$uter where the #ata is su$$ose# to &o 3the
reci$ient5 !n this case of sen#in& e-mail, the #estination a##ress is the com$uter of your E-Commerce customer The
Hea#er also contains clock information, in or#er to synchroniEe the e"act transmission times
The Data section consists of the actual #ata-for e"am$le, the content of the messa&e of the e-mail you are sen#in& to
your E-Commerce customer
The Trailer section consists of a mathematical al&orithm, s$ecifically calle# the Cyclical Re#un#ancy Check, or CRC
The CRC hel$s to make sure that the #ata sent in the #ata $acket remains intact So, when your .i& E-Commerce
customer receives your e-mail, it is the CRC which has insure# that the messa&e remaine# intact when you sent it
Essentially, the CRC &enerates a num.er a num.er on the #ata $acket when it leaves the source com$uter +hen the
#ata $acket reaches the #estination com$uter, which is your E-Commerce customer, this num.er is calculate# a&ain .y
the CRC !f the num.er remains the same, it means the #ata has arrive# in a sta.le state, an# intact However, if the
results are #ifferent, it means that the #ata was altere# or chan&e# in some manner #urin& transmission !n this case, the
altere# #ata $acket is then sent .ack to the source com$uter for retransmission % #ata $acket is #ia&ramme# in
Dia&ram F4
DIAGRAM
Threats !rom Wireless-Social En"ineerin" an# Man In the Mi##le
Attacks
/rotection from wireless threats #e$en#s a lot u$on the $lace which $rovi#es the wireless connection, in the e"am$le
we have .een usin&, Star.uck;s !t woul# $rimarily .e the res$onsi.ility of each cafC to make sure that they have
im$lemente# reasona.le security