Securing an e-Commerce Webserver in DMZ
The e-commerce is experiencing an exponential growth and so are the incidents of hacking and data breaches. Previous studies suggest that about fifty percent of enterprises do not use an additional firewall above the default configuration hence are highly exposed to attacks. In 2012, about one hundred and seventy-four data records were compromised, of which the largest share occurred in the online shopping and retail(Kumar and Joshi 27). Notably, application and server firewalls play a crucial role in securing confidential information from Trojans and viruses, as well as other sources of attacks, hence they need to be appropriately implemented and maintained. Creating a DMZ (demilitarized Zone), for computers that require direct communication with the internet, is one of the techniques that is used to reduce the magnitude of cyberattacks. However, placing a server in a DMZ increases the risk of cyber-attacks from the internet computers hence robust security mechanism, such as deploying the best server OS, must be properly implemented and maintained.
Security for e-commerce web servers on DMZ is an area that requires immense focus for an online retail and shopping corporation because e-commerce websites require anonymous or unauthenticated access to increase the number of visitors and potential buyers. Notably, servers placed on DMZ are at an increased risk of attacks because of the complexity of controlling unauthorized access. However, the security of webservers can be enhanced, without negatively affecting the traffic by creating a DMZ Honeynet, which is a network comprising of ‘honeypot’computers. The ‘Honeypot’ computers are designed to lure hackers to track or catch them, or to ensure they do not identify the real network resources. In most cases, the honeynet includes virtual machines installed on one physical computer, and implementation of monitoring and intrusion detection systems to collect information concerning tactics, techniques, and identities of hackers. Thus, hackers’access to the e commerce web server or potential source of threats can be minimized or eliminated, without affecting the traffic.
Host security improvement is another technique of reducing attacks, which is achieved by hardening the server on the demilitarized zone, because DMZ is more unsecure than the internal network. Securityof the server can be enhanced, without reducing accessibility, by disabling all unnecessary activities and running the required ones with the lowest possible privileges, to ensure that strange activities can be detected(Kumar and Joshi 27). In addition, unrequired user accounts should be disabled or deleted and default accounts renamed or allocated different descriptions to disguise them, while robust passphrases and passwords should be implemented on the system to reduce or eliminate unauthorized access. Furthermore, latest security patches and updates should be deployed and security logging enabled to ensure continuous improved protection. Strange activity detection, reduced or no unauthorized access, and continuous improved security can immensely harden the server in DMZ hence lead to few attack incidences, without compromising accessibility.
Security and accessibility of the server in DMZ heavily rely on its operating system. For instance, some server OSs support the use of honeypots to lure hackers, while others do not offer such features (Wassom). Microsoft server 2008 is one of the OSs that enable running of N-tier applications in more than one region to improve availability, as well as enhance a strong infrastructure for disaster recovery. The OS improves availability during a disaster by using Azure Traffic Manager service, which routes incoming traffic to a single primary region during the regular operations but routes requests to a secondary region in case of failure or unavailability. In addition, the Virtual machines on the OS can be used as honeypots to ensure that attackers and hackers cannot easily identify the actual webserver or to enhance their detection or identification. The availability of SQL Server Always On the availability group,a feature for disaster recovery, is a big boost to an e commerce website availability because it provides data backups that are secured by the vendor. Thus, Windows Server 2008 is the best OS system to deploy on a server in a DMZ because it immensely improves security using features, such as VM, and promotes availability by providing the necessary routing and backup infrastructure. The E-commerce
The current increase in e-commerce popularity includes an upsurgeofcyberattacks cases from hackers, as well as a challenge in availability and accessibility of web hosted resources. Implementing a DMZ for the webserver is one of the strategies that are being adopted to ensure that chances of the entire network being compromised are reduced or eliminated. However, placing an e commerce in a DMZ leads to a substantial increase in risk considering the sensitivity of data and large amounts of money involved. Therefore, robust security measures must be adopted without affecting the functionality of the website. An Operating System, such as Microsoft Server 2008, which offers increased number of features, for instance, the availability of multiple Virtual Machine to support the implementation of honeynets, is the best solution to improve website availability and security.
Kumar, Umesh, and Chanchala Joshi. “Quantifying Security Risk By Critical Network Vulnerabilities Assessment.” International Journal Of Computer Applications, vol 156, no. 13, 2016, pp. 26-33. Foundation Of Computer Science, doi:10.5120/ijca2016912426.
Wasson, Mike. “Run Windows VMs in Multiple Azure Regions for High Availability.” Technical Documentation, API, and Code Examples | Microsoft Docs, 22 Nov. 2016, docs.microsoft.com/en-us/azure/architecture/reference-architectures/virtual-machines-windows/multi-region-application.