E-commerce network setup
Results 1 to 4 of 4

Thread: E-commerce network setup

  1. #1
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424

    E-commerce network setup

    Hey all,

    I'm working on a network architecture setup for an e-commerce provider; I've been Googling and reading up for days, but I can't seem to find a general "secure" network setup for an e-commerce environment (I've seen every network diagram from the first 15 Google and Yahoo image pages using the terms "network", "diagram", "e-commerce", "secure", "setup" and a bunch of other terms in all possible combinations, and I didn't get any further...). It's for a school project, so I'm not limited by money or anything else (only by time)

    Here are some things that I came up with - with a bunch of questions attached...

    Does an e-commerce server go in the DMZ along with the web server? How does the interaction between the e-commerce server and the web server take place? How does the interaction between the customer and the e-commerce server take place (just SSL, or is there more to it)? How is the e-commerce server firewalled? What if you want to do your own credit card processing - do you connect a database server to the e-commerce server? How does that database server communicate with the credit card issuer? How do you implement three-tier security in this set-up? Where does an IDS fit in in this scheme?

    Anyone have some pointers to guide me in the right direction?

    Thanks!

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Quote Originally Posted by Negative
    Hey all,

    I'm working on a network architecture setup for an e-commerce provider; I've been Googling and reading up for days, but I can't seem to find a general "secure" network setup for an e-commerce environment (I've seen every network diagram from the first 15 Google and Yahoo image pages using the terms "network", "diagram", "e-commerce", "secure", "setup" and a bunch of other terms in all possible combinations, and I didn't get any further...). It's for a school project, so I'm not limited by money or anything else (only by time)

    Here are some things that I came up with - with a bunch of questions attached...

    Does an e-commerce server go in the DMZ along with the web server? How does the interaction between the e-commerce server and the web server take place? How does the interaction between the customer and the e-commerce server take place (just SSL, or is there more to it)? How is the e-commerce server firewalled? What if you want to do your own credit card processing - do you connect a database server to the e-commerce server? How does that database server communicate with the credit card issuer? How do you implement three-tier security in this set-up? Where does an IDS fit in in this scheme?

    Anyone have some pointers to guide me in the right direction?

    Thanks!
    Hi Neg, seems like you are getting very little action on this topic so I'll give it a shot.

    Does an e-commerce server go in the DMZ along with the web server?
    Answer) We here really don't have an "E-commerce" server. We have a server that vendors can connect to to retrieve order information an costing. Our server for that purpose does reside in the DMZ.

    How does the interaction between the e-commerce server and the web server take place?
    Answer) Not really sure what your asking here but with our set-up, the e-commerce server is it's own web server. It has all its own web services running.

    How does the interaction between the customer and the e-commerce server take place (just SSL, or is there more to it)?
    Answer) In our set-up we just rely of SSL. No real confidential information is being passed.

    How is the e-commerce server firewalled?
    Answer) Our's sits behind a Checkpoint firewall. Specific rules are applied to control Who connects and on which ports they connect. (eg. only allow SSL connections)

    What if you want to do your own credit card processing - do you connect a database server to the e-commerce server?
    Answer) Can't help you here, we don't pass Credit Card info through this, or any server.

    How does that database server communicate with the credit card issuer?
    Answer) See above.

    How do you implement three-tier security in this set-up?
    Answer) We didn't go that deep as the information being passed is not that confidential.

    Where does an IDS fit in in this scheme?
    Answer) We have (currently) 2 IDS Sensors. One in the DMZ (which covers this and all other servers in the DMZ) and one connected to our main switch which covers all other traffic on our LAN

    Now, I don't know how much this helped you but maybe it will spur additional conversation on the topic.

    Cheers:
    Last edited by DjM; November 23rd, 2007 at 11:01 PM.
    DjM

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I was on SANS the other day and remeber seeing an ecommerce section in the reading room...so I did some basic browsing.

    The paper is a little dated...but I think the basic architecture concept is there...

    Abstract
    This document gives an overview of some common methods that can be employed to build defense-in-depth into your eCommerce solution. Defense-in-depth can be defined as implementing multiple layers of defense in order to mitigate the risks associated with attacks.
    http://www.sans.org/reading_room/whi...9569087e855daf

    More here

    http://www.sans.org/reading_room/whi...352c0fc0db51c1

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Hi DjM,

    I really appreciate the time you took to do that little write-up - nothing like a "real life" set-up to point me in the right direction!

    Thanks, MLF - the diagrams in those papers are going to be a good help!

Similar Threads

  1. Trojans - Ports
    By GbinaryR in forum AntiVirus Discussions
    Replies: 11
    Last Post: October 30th, 2008, 10:33 AM
  2. AltaVista Traversal?
    By Carla in forum Web Security
    Replies: 41
    Last Post: October 31st, 2004, 09:17 AM
  3. Network Management
    By FanacooL in forum Other Tutorials Forum
    Replies: 2
    Last Post: October 29th, 2004, 05:24 AM
  4. Windows 2000 Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 06:13 PM
  5. mini-tutorial on network topologies
    By cwk9 in forum Other Tutorials Forum
    Replies: 6
    Last Post: June 3rd, 2002, 07:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •